diff --git a/app/models/project.rb b/app/models/project.rb index 56bc77a96865dc0227609e62fe771476701b3a93..29ce2b74ade968971cfec6bafced5cd67bb78617 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -335,8 +335,8 @@ class Project < ActiveRecord::Base validates :star_count, numericality: { greater_than_or_equal_to: 0 } validate :check_personal_projects_limit, on: :create validate :check_repository_path_availability, on: :update, if: ->(project) { project.renamed? } - validate :visibility_level_allowed_by_group, if: -> { changes.has_key?(:visibility_level) } - validate :visibility_level_allowed_as_fork, if: -> { changes.has_key?(:visibility_level) } + validate :visibility_level_allowed_by_group, if: :should_validate_visibility_level? + validate :visibility_level_allowed_as_fork, if: :should_validate_visibility_level? validate :check_wiki_path_conflict validate :validate_pages_https_only, if: -> { changes.has_key?(:pages_https_only) } validates :repository_storage, @@ -870,6 +870,10 @@ class Project < ActiveRecord::Base self.errors.add(:limit_reached, error % { limit: limit }) end + def should_validate_visibility_level? + new_record? || changes.has_key?(:visibility_level) + end + def visibility_level_allowed_by_group return if visibility_level_allowed_by_group? diff --git a/changelogs/unreleased/fix-project-visibility-level-validation.yml b/changelogs/unreleased/fix-project-visibility-level-validation.yml new file mode 100644 index 0000000000000000000000000000000000000000..c58d3fc73118e2ad9798f11980eba36855d8f741 --- /dev/null +++ b/changelogs/unreleased/fix-project-visibility-level-validation.yml @@ -0,0 +1,5 @@ +--- +title: Fix project visibility level validation +merge_request: +author: Peter Marko +type: security diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index b09ea108e81bfe9265ea40f078e2b2d256a6f1ce..43134511aff1fb1347a532ee2bdb2b6872a649a6 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -220,6 +220,13 @@ describe Project do expect(project2).not_to be_valid end + it 'validates the visibility' do + expect_any_instance_of(described_class).to receive(:visibility_level_allowed_as_fork).and_call_original + expect_any_instance_of(described_class).to receive(:visibility_level_allowed_by_group).and_call_original + + create(:project) + end + describe 'wiki path conflict' do context "when the new path has been used by the wiki of other Project" do it 'has an error on the name attribute' do