From 7c3c836d3b62c72d1adf5431c0fedc91d92a8907 Mon Sep 17 00:00:00 2001
From: Vinnie Okada <vincent@gitlab.com>
Date: Mon, 16 Mar 2015 13:29:27 -0600
Subject: [PATCH 1/2] Handle null restricted_visibility_levels setting

Fix a 500 error when the `restricted_visibility_levels` setting is null
in the database.
---
 app/helpers/visibility_level_helper.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/helpers/visibility_level_helper.rb b/app/helpers/visibility_level_helper.rb
index 7c090dc594c..0d573e72a80 100644
--- a/app/helpers/visibility_level_helper.rb
+++ b/app/helpers/visibility_level_helper.rb
@@ -62,6 +62,6 @@ module VisibilityLevelHelper
 
   def restricted_visibility_levels(show_all = false)
     return [] if current_user.is_admin? && !show_all
-    current_application_settings.restricted_visibility_levels
+    current_application_settings.restricted_visibility_levels || []
   end
 end

From 2e672c39a09577a0a16e75a10a249c923d8ee863 Mon Sep 17 00:00:00 2001
From: Vinnie Okada <vincent@gitlab.com>
Date: Mon, 16 Mar 2015 13:59:50 -0600
Subject: [PATCH 2/2] Fix restricted visibility bugs

Check for nil values in the restricted_visibility_level validation
method, and set the restricted visibility request parameter to `[]` when
it's missing from the request.
---
 app/controllers/admin/application_settings_controller.rb | 4 +++-
 app/models/application_setting.rb                        | 8 +++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index 8f7d5e8006f..9a5685877f8 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -21,7 +21,9 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
 
   def application_setting_params
     restricted_levels = params[:application_setting][:restricted_visibility_levels]
-    unless restricted_levels.nil?
+    if restricted_levels.nil?
+      params[:application_setting][:restricted_visibility_levels] = []
+    else
       restricted_levels.map! do |level|
         level.to_i
       end
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 6abdf0c755a..1c87db613ae 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -27,9 +27,11 @@ class ApplicationSetting < ActiveRecord::Base
     if: :home_page_url_column_exist
 
   validates_each :restricted_visibility_levels do |record, attr, value|
-    value.each do |level|
-      unless Gitlab::VisibilityLevel.options.has_value?(level)
-        record.errors.add(attr, "'#{level}' is not a valid visibility level")
+    unless value.nil?
+      value.each do |level|
+        unless Gitlab::VisibilityLevel.options.has_value?(level)
+          record.errors.add(attr, "'#{level}' is not a valid visibility level")
+        end
       end
     end
   end