Guard against deleted project feature entry
In https://gitlab.com/gitlab-org/gitlab-ce/issues/66482, we see that a project's `project_feature` association may be lazily loaded and hence return `nil` if the entry is deleted if the `Project` is already loaded in memory. To ensure we don't fail hard when this happens, assume all features are disabled. We can fix this issue by eager loading the `project_feature` in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/32169, but we shouldn't have to depend on that. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66482
This commit is contained in:
parent
fc08d48cf0
commit
6fa5f510e8
|
@ -502,6 +502,8 @@ class ProjectPolicy < BasePolicy
|
||||||
end
|
end
|
||||||
|
|
||||||
def feature_available?(feature)
|
def feature_available?(feature)
|
||||||
|
return false unless project.project_feature
|
||||||
|
|
||||||
case project.project_feature.access_level(feature)
|
case project.project_feature.access_level(feature)
|
||||||
when ProjectFeature::DISABLED
|
when ProjectFeature::DISABLED
|
||||||
false
|
false
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
title: Guard against deleted project feature entry in project permissions
|
||||||
|
merge_request: 32187
|
||||||
|
author:
|
||||||
|
type: fixed
|
|
@ -94,6 +94,19 @@ describe ProjectPolicy do
|
||||||
permissions.each { |p| is_expected.not_to be_allowed(p) }
|
permissions.each { |p| is_expected.not_to be_allowed(p) }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'with no project feature' do
|
||||||
|
subject { described_class.new(owner, project) }
|
||||||
|
|
||||||
|
before do
|
||||||
|
project.project_feature.destroy
|
||||||
|
project.reload
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns false' do
|
||||||
|
is_expected.to be_disallowed(:read_build)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
it 'does not include the read_issue permission when the issue author is not a member of the private project' do
|
it 'does not include the read_issue permission when the issue author is not a member of the private project' do
|
||||||
project = create(:project, :private)
|
project = create(:project, :private)
|
||||||
issue = create(:issue, project: project, author: create(:user))
|
issue = create(:issue, project: project, author: create(:user))
|
||||||
|
|
Loading…
Reference in New Issue