diff --git a/estela-api/api/views/project.py b/estela-api/api/views/project.py
index 7c61edfe..5b42b812 100644
--- a/estela-api/api/views/project.py
+++ b/estela-api/api/views/project.py
@@ -152,12 +152,17 @@ def update(self, request, *args, **kwargs):
                 description = f"removed user {user_email}."
             elif action == "update":
                 if permission == Permission.OWNER_PERMISSION:
+                    if not is_superuser:
+                        raise PermissionDenied(
+                            {"permission": "You do not have permission to do this."}
+                        )
                     old_owner = instance.users.filter(
                         permission__permission=Permission.OWNER_PERMISSION
                     ).get()
                     instance.users.remove(old_owner)
                     instance.users.add(
-                        old_owner, through_defaults={"permission": Permission.ADMIN_PERMISSION}
+                        old_owner,
+                        through_defaults={"permission": Permission.ADMIN_PERMISSION},
                     )
                 instance.users.remove(affected_user)
                 instance.users.add(