diff --git a/app/controllers/import/bitbucket_controller.rb b/app/controllers/import/bitbucket_controller.rb index 8e42cdf415f..5ad1e116e4e 100644 --- a/app/controllers/import/bitbucket_controller.rb +++ b/app/controllers/import/bitbucket_controller.rb @@ -44,15 +44,15 @@ class Import::BitbucketController < Import::BaseController repo_owner = repo.owner repo_owner = current_user.username if repo_owner == bitbucket_client.user.username - @target_namespace = params[:new_namespace].presence || repo_owner + namespace_path = params[:new_namespace].presence || repo_owner - namespace = find_or_create_namespace(@target_namespace, current_user) + @target_namespace = find_or_create_namespace(namespace_path, current_user) - if current_user.can?(:create_projects, namespace) + if current_user.can?(:create_projects, @target_namespace) # The token in a session can be expired, we need to get most recent one because # Bitbucket::Connection class refreshes it. session[:bitbucket_token] = bitbucket_client.connection.token - @project = Gitlab::BitbucketImport::ProjectCreator.new(repo, @project_name, namespace, current_user, credentials).execute + @project = Gitlab::BitbucketImport::ProjectCreator.new(repo, @project_name, @target_namespace, current_user, credentials).execute else render 'unauthorized' end diff --git a/spec/controllers/import/bitbucket_controller_spec.rb b/spec/controllers/import/bitbucket_controller_spec.rb index fa4cc0ebbe0..51f23e4eeb9 100644 --- a/spec/controllers/import/bitbucket_controller_spec.rb +++ b/spec/controllers/import/bitbucket_controller_spec.rb @@ -112,6 +112,17 @@ describe Import::BitbucketController do post :create, format: :js end end + + context 'when the Bitbucket user is unauthorized' do + render_views + + it 'returns unauthorized' do + allow(controller).to receive(:current_user).and_return(user) + allow(user).to receive(:can?).and_return(false) + + post :create, format: :js + end + end end context "when the repository owner is not the Bitbucket user" do