...@@ -334,8 +334,8 @@ class Project < ApplicationRecord ...@@ -334,8 +334,8 @@ class Project < ApplicationRecord
validates :star_count, numericality: { greater_than_or_equal_to: 0 } validates :star_count, numericality: { greater_than_or_equal_to: 0 }
validate :check_personal_projects_limit, on: :create validate :check_personal_projects_limit, on: :create
validate :check_repository_path_availability, on: :update, if: ->(project) { project.renamed? } validate :check_repository_path_availability, on: :update, if: ->(project) { project.renamed? }
validate :visibility_level_allowed_by_group, if: -> { changes.has_key?(:visibility_level) } validate :visibility_level_allowed_by_group, if: :should_validate_visibility_level?
validate :visibility_level_allowed_as_fork, if: -> { changes.has_key?(:visibility_level) } validate :visibility_level_allowed_as_fork, if: :should_validate_visibility_level?
validate :check_wiki_path_conflict validate :check_wiki_path_conflict
validate :validate_pages_https_only, if: -> { changes.has_key?(:pages_https_only) } validate :validate_pages_https_only, if: -> { changes.has_key?(:pages_https_only) }
validates :repository_storage, validates :repository_storage,
...@@ -878,6 +878,10 @@ class Project < ApplicationRecord ...@@ -878,6 +878,10 @@ class Project < ApplicationRecord
self.errors.add(:limit_reached, error % { limit: limit }) self.errors.add(:limit_reached, error % { limit: limit })
end end
def should_validate_visibility_level?
new_record? || changes.has_key?(:visibility_level)
end
def visibility_level_allowed_by_group def visibility_level_allowed_by_group
return if visibility_level_allowed_by_group? return if visibility_level_allowed_by_group?
... ...
......
---
title: Fix project visibility level validation
merge_request:
author: Peter Marko
type: security
...@@ -214,6 +214,13 @@ describe Project do ...@@ -214,6 +214,13 @@ describe Project do
expect(project2).not_to be_valid expect(project2).not_to be_valid
end end
it 'validates the visibility' do
expect_any_instance_of(described_class).to receive(:visibility_level_allowed_as_fork).and_call_original
expect_any_instance_of(described_class).to receive(:visibility_level_allowed_by_group).and_call_original
create(:project)
end
describe 'wiki path conflict' do describe 'wiki path conflict' do
context "when the new path has been used by the wiki of other Project" do context "when the new path has been used by the wiki of other Project" do
it 'has an error on the name attribute' do it 'has an error on the name attribute' do
... ...
......