API: Return 404 when trying to fork to unaccessible namespace
Signed-off-by: Rémy Coutable <remy@rymai.me>
This commit is contained in:
parent
2fea80d55b
commit
7458126111
|
@ -207,7 +207,9 @@ module API
|
|||
if namespace_id.present?
|
||||
namespace = Namespace.find_by(id: namespace_id) || Namespace.find_by_path_or_name(namespace_id)
|
||||
|
||||
not_found!('Target Namespace') unless namespace
|
||||
unless namespace && can?(current_user, :create_projects, namespace)
|
||||
not_found!('Target Namespace')
|
||||
end
|
||||
|
||||
attrs[:namespace] = namespace
|
||||
end
|
||||
|
|
|
@ -94,7 +94,7 @@ describe API::API, api: true do
|
|||
it 'fails if trying to fork to another user when not admin' do
|
||||
post api("/projects/fork/#{project.id}", user2), namespace: admin.namespace.id
|
||||
|
||||
expect(response).to have_http_status(409)
|
||||
expect(response).to have_http_status(404)
|
||||
end
|
||||
|
||||
it 'fails if trying to fork to non-existent namespace' do
|
||||
|
@ -114,7 +114,7 @@ describe API::API, api: true do
|
|||
it 'fails to fork to not owned group' do
|
||||
post api("/projects/fork/#{project.id}", user2), namespace: group.name
|
||||
|
||||
expect(response).to have_http_status(409)
|
||||
expect(response).to have_http_status(404)
|
||||
end
|
||||
|
||||
it 'forks to not owned group when admin' do
|
||||
|
|
Loading…
Reference in New Issue