From 4b4b0777947d6bb1e9ad354039cec55935960029 Mon Sep 17 00:00:00 2001 From: Peter Marko Date: Tue, 14 May 2019 08:45:08 +0200 Subject: [PATCH] Fix project visibility level validation --- app/models/project.rb | 8 ++++++-- .../fix-project-visibility-level-validation.yml | 5 +++++ spec/models/project_spec.rb | 7 +++++++ 3 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 changelogs/unreleased/fix-project-visibility-level-validation.yml diff --git a/app/models/project.rb b/app/models/project.rb index 56bc77a9686..29ce2b74ade 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -335,8 +335,8 @@ class Project < ActiveRecord::Base validates :star_count, numericality: { greater_than_or_equal_to: 0 } validate :check_personal_projects_limit, on: :create validate :check_repository_path_availability, on: :update, if: ->(project) { project.renamed? } - validate :visibility_level_allowed_by_group, if: -> { changes.has_key?(:visibility_level) } - validate :visibility_level_allowed_as_fork, if: -> { changes.has_key?(:visibility_level) } + validate :visibility_level_allowed_by_group, if: :should_validate_visibility_level? + validate :visibility_level_allowed_as_fork, if: :should_validate_visibility_level? validate :check_wiki_path_conflict validate :validate_pages_https_only, if: -> { changes.has_key?(:pages_https_only) } validates :repository_storage, @@ -870,6 +870,10 @@ class Project < ActiveRecord::Base self.errors.add(:limit_reached, error % { limit: limit }) end + def should_validate_visibility_level? + new_record? || changes.has_key?(:visibility_level) + end + def visibility_level_allowed_by_group return if visibility_level_allowed_by_group? diff --git a/changelogs/unreleased/fix-project-visibility-level-validation.yml b/changelogs/unreleased/fix-project-visibility-level-validation.yml new file mode 100644 index 00000000000..c58d3fc7311 --- /dev/null +++ b/changelogs/unreleased/fix-project-visibility-level-validation.yml @@ -0,0 +1,5 @@ +--- +title: Fix project visibility level validation +merge_request: +author: Peter Marko +type: security diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index b09ea108e81..43134511aff 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -220,6 +220,13 @@ describe Project do expect(project2).not_to be_valid end + it 'validates the visibility' do + expect_any_instance_of(described_class).to receive(:visibility_level_allowed_as_fork).and_call_original + expect_any_instance_of(described_class).to receive(:visibility_level_allowed_by_group).and_call_original + + create(:project) + end + describe 'wiki path conflict' do context "when the new path has been used by the wiki of other Project" do it 'has an error on the name attribute' do -- GitLab