diff --git a/app/models/project.rb b/app/models/project.rb index c9f3cb7062f9bd3ca504ae9419ab9f9c8d4f1dbe..bd5ec87bc1943ed103facc429ff3cbb9384185e7 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -334,8 +334,8 @@ class Project < ApplicationRecord validates :star_count, numericality: { greater_than_or_equal_to: 0 } validate :check_personal_projects_limit, on: :create validate :check_repository_path_availability, on: :update, if: ->(project) { project.renamed? } - validate :visibility_level_allowed_by_group, if: -> { changes.has_key?(:visibility_level) } - validate :visibility_level_allowed_as_fork, if: -> { changes.has_key?(:visibility_level) } + validate :visibility_level_allowed_by_group, if: :should_validate_visibility_level? + validate :visibility_level_allowed_as_fork, if: :should_validate_visibility_level? validate :check_wiki_path_conflict validate :validate_pages_https_only, if: -> { changes.has_key?(:pages_https_only) } validates :repository_storage, @@ -878,6 +878,10 @@ class Project < ApplicationRecord self.errors.add(:limit_reached, error % { limit: limit }) end + def should_validate_visibility_level? + new_record? || changes.has_key?(:visibility_level) + end + def visibility_level_allowed_by_group return if visibility_level_allowed_by_group? diff --git a/changelogs/unreleased/fix-project-visibility-level-validation.yml b/changelogs/unreleased/fix-project-visibility-level-validation.yml new file mode 100644 index 0000000000000000000000000000000000000000..c58d3fc73118e2ad9798f11980eba36855d8f741 --- /dev/null +++ b/changelogs/unreleased/fix-project-visibility-level-validation.yml @@ -0,0 +1,5 @@ +--- +title: Fix project visibility level validation +merge_request: +author: Peter Marko +type: security diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index 9f6a0b53281e413f1504825a4eb0d78d16f66326..69032f51ac79c56af93ea44fcde56de01f23b320 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -214,6 +214,13 @@ describe Project do expect(project2).not_to be_valid end + it 'validates the visibility' do + expect_any_instance_of(described_class).to receive(:visibility_level_allowed_as_fork).and_call_original + expect_any_instance_of(described_class).to receive(:visibility_level_allowed_by_group).and_call_original + + create(:project) + end + describe 'wiki path conflict' do context "when the new path has been used by the wiki of other Project" do it 'has an error on the name attribute' do