Correct permissions for creating merge requests from issues
This could only be possible for users that can create merge requests within a project. So they need to be a allowed to create a branch and create a merge request.
This commit is contained in:
parent
083b0a9b03
commit
71ccfde322
|
@ -20,7 +20,7 @@ class Projects::IssuesController < Projects::ApplicationController
|
|||
before_action :authorize_update_issuable!, only: [:edit, :update, :move]
|
||||
|
||||
# Allow create a new branch and empty WIP merge request from current issue
|
||||
before_action :authorize_create_merge_request_in!, only: [:create_merge_request]
|
||||
before_action :authorize_create_merge_request_from!, only: [:create_merge_request]
|
||||
|
||||
respond_to :html
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
#{time_ago_with_tooltip(event.created_at)}
|
||||
|
||||
.flex-right
|
||||
- if can?(current_user, :create_merge_request_in, @project)
|
||||
- if can?(current_user, :create_merge_request_in, event.project.default_merge_request_target)
|
||||
.flex-right
|
||||
= link_to new_mr_path_from_push_event(event), title: _("New merge request"), class: "btn btn-info btn-sm qa-create-merge-request" do
|
||||
#{ _('Create merge request') }
|
||||
|
|
|
@ -189,7 +189,7 @@ module API
|
|||
post ":id/merge_requests" do
|
||||
Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42316')
|
||||
|
||||
authorize! :create_merge_request, user_project
|
||||
authorize! :create_merge_request_from, user_project
|
||||
|
||||
mr_params = declared_params(include_missing: false)
|
||||
mr_params[:force_remove_source_branch] = mr_params.delete(:remove_source_branch)
|
||||
|
|
|
@ -93,7 +93,7 @@ module API
|
|||
post ":id/merge_requests" do
|
||||
Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42126')
|
||||
|
||||
authorize! :create_merge_request, user_project
|
||||
authorize! :create_merge_request_from, user_project
|
||||
|
||||
mr_params = declared_params(include_missing: false)
|
||||
mr_params[:force_remove_source_branch] = mr_params.delete(:remove_source_branch) if mr_params[:remove_source_branch].present?
|
||||
|
|
|
@ -23,7 +23,8 @@ module Gitlab
|
|||
def execute
|
||||
raise ProjectNotFound unless project
|
||||
|
||||
validate_permission!(:create_merge_request)
|
||||
validate_permission!(:create_merge_request_in)
|
||||
validate_permission!(:create_merge_request_from)
|
||||
|
||||
verify_record!(
|
||||
record: create_merge_request,
|
||||
|
|
|
@ -938,7 +938,7 @@ describe Projects::IssuesController do
|
|||
end
|
||||
|
||||
describe 'POST create_merge_request' do
|
||||
let(:project) { create(:project, :repository) }
|
||||
let(:project) { create(:project, :repository, :public) }
|
||||
|
||||
before do
|
||||
project.add_developer(user)
|
||||
|
@ -955,6 +955,22 @@ describe Projects::IssuesController do
|
|||
expect(response).to match_response_schema('merge_request')
|
||||
end
|
||||
|
||||
it 'is not available when the project is archived' do
|
||||
project.update(archived: true)
|
||||
|
||||
create_merge_request
|
||||
|
||||
expect(response).to have_gitlab_http_status(404)
|
||||
end
|
||||
|
||||
it 'is not available for users who cannot create merge requests' do
|
||||
sign_in(create(:user))
|
||||
|
||||
create_merge_request
|
||||
|
||||
expect(response).to have_gitlab_http_status(404)
|
||||
end
|
||||
|
||||
def create_merge_request
|
||||
post :create_merge_request, namespace_id: project.namespace.to_param,
|
||||
project_id: project.to_param,
|
||||
|
|
|
@ -861,7 +861,7 @@ describe API::MergeRequests do
|
|||
expect(json_response['title']).to eq('Test merge_request')
|
||||
end
|
||||
|
||||
it 'returns 422 when target project has disabled merge requests' do
|
||||
it 'returns 403 when target project has disabled merge requests' do
|
||||
project.project_feature.update(merge_requests_access_level: 0)
|
||||
|
||||
post api("/projects/#{forked_project.id}/merge_requests", user2),
|
||||
|
@ -871,7 +871,7 @@ describe API::MergeRequests do
|
|||
author: user2,
|
||||
target_project_id: project.id
|
||||
|
||||
expect(response).to have_gitlab_http_status(422)
|
||||
expect(response).to have_gitlab_http_status(403)
|
||||
end
|
||||
|
||||
it "returns 400 when source_branch is missing" do
|
||||
|
|
|
@ -340,7 +340,7 @@ describe API::MergeRequests do
|
|||
expect(json_response['title']).to eq('Test merge_request')
|
||||
end
|
||||
|
||||
it "returns 422 when target project has disabled merge requests" do
|
||||
it "returns 403 when target project has disabled merge requests" do
|
||||
project.project_feature.update(merge_requests_access_level: 0)
|
||||
|
||||
post v3_api("/projects/#{forked_project.id}/merge_requests", user2),
|
||||
|
@ -350,7 +350,7 @@ describe API::MergeRequests do
|
|||
author: user2,
|
||||
target_project_id: project.id
|
||||
|
||||
expect(response).to have_gitlab_http_status(422)
|
||||
expect(response).to have_gitlab_http_status(403)
|
||||
end
|
||||
|
||||
it "returns 400 when source_branch is missing" do
|
||||
|
|
Loading…
Reference in New Issue