diff --git a/app/controllers/folder_apps_controller.rb b/app/controllers/folder_apps_controller.rb
index 19dab9cca2..ec599f06d1 100644
--- a/app/controllers/folder_apps_controller.rb
+++ b/app/controllers/folder_apps_controller.rb
@@ -4,6 +4,12 @@ class FolderAppsController < ApplicationController
         app_id = params[:app_id]
         folder_id = params[:folder_id]
 
+        @app = App.find app_id
+
+        unless AppPolicy.new(@current_user, @app).update?
+            render json: { message: 'Could not add app to folder due to insufficient permissions' }, status: 500
+        end
+
         folder_app = FolderApp.new(app_id: app_id, folder_id: folder_id)
 
         if folder_app.save