diff --git a/app/models/project.rb b/app/models/project.rb index 7c10ab35431..3352959a53d 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -969,8 +969,9 @@ class Project < ActiveRecord::Base end def visibility_level_allowed?(level = self.visibility_level) - allowed_by_forks = if forked? - Gitlab::VisibilityLevel.allowed_fork_levels(forked_from_project.visibility_level).include?(level) + allowed_by_forks = if forked? && forked_project_link.forked_from_project_id.present? + from_project = eager_load_forked_from_project + Gitlab::VisibilityLevel.allowed_fork_levels(from_project.visibility_level).include?(level) else true end @@ -980,6 +981,11 @@ class Project < ActiveRecord::Base allowed_by_forks && allowed_by_groups end + #Necessary to retrieve many-to-many associations on new forks before validating visibility level + def eager_load_forked_from_project + Project.find(forked_project_link.forked_from_project_id) + end + def runners_token ensure_runners_token! end diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb index cebfc432002..c4b8420f9f2 100644 --- a/app/services/projects/create_service.rb +++ b/app/services/projects/create_service.rb @@ -10,7 +10,10 @@ module Projects @project = Project.new(params) # Make sure that the user is allowed to use the specified visibility level - return @project unless visibility_level_allowed? + unless visibility_level_allowed? + deny_visibility_level(@project) + return @project + end # Set project name from path if @project.name.present? && @project.path.present? diff --git a/features/steps/shared/group.rb b/features/steps/shared/group.rb index fe6736dacd4..ca32faa3159 100644 --- a/features/steps/shared/group.rb +++ b/features/steps/shared/group.rb @@ -38,7 +38,7 @@ module SharedGroup def is_member_of(username, groupname, role) @project_count ||= 0 user = User.find_by(name: username) || create(:user, name: username) - group = Group.find_by(name: groupname) || create(:group, name: groupname) + group = Group.find_by(name: groupname) || create(:group, name: groupname, visibility_level: Gitlab::VisibilityLevel::PUBLIC) group.add_user(user, role) project ||= create(:project, namespace: group, path: "project#{@project_count}") create(:closed_issue_event, project: project) @@ -47,6 +47,6 @@ module SharedGroup end def owned_group - @owned_group ||= Group.find_by(name: "Owned") + @owned_group ||= Group.find_by(name: "Owned", visibility_level: Gitlab::VisibilityLevel::PUBLIC) end end diff --git a/spec/controllers/namespaces_controller_spec.rb b/spec/controllers/namespaces_controller_spec.rb index 77436958711..6350c9c6e48 100644 --- a/spec/controllers/namespaces_controller_spec.rb +++ b/spec/controllers/namespaces_controller_spec.rb @@ -15,7 +15,7 @@ describe NamespacesController do end context "when the namespace belongs to a group" do - let!(:group) { create(:group) } + let!(:group) { create(:group, visibility_level: Gitlab::VisibilityLevel::PUBLIC) } let!(:project) { create(:project, namespace: group) } context "when the group has public projects" do diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb index af5d043cf02..bf5b13f2645 100644 --- a/spec/controllers/uploads_controller_spec.rb +++ b/spec/controllers/uploads_controller_spec.rb @@ -30,7 +30,7 @@ describe UploadsController do end end end - + context "when not signed in" do it "responds with status 200" do get :show, model: "user", mounted_as: "avatar", id: user.id, filename: "image.png" @@ -126,11 +126,12 @@ describe UploadsController do end context "when viewing a group avatar" do - let!(:group) { create(:group, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) } + let!(:group) { create(:group, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) } let!(:project) { create(:project, namespace: group) } context "when the group has public projects" do before do + group.update_attribute(:visibility_level, Gitlab::VisibilityLevel::PUBLIC) project.update_attribute(:visibility_level, Project::PUBLIC) end diff --git a/spec/features/projects_spec.rb b/spec/features/projects_spec.rb index ed97b6cb577..e54a5a0b72a 100644 --- a/spec/features/projects_spec.rb +++ b/spec/features/projects_spec.rb @@ -12,25 +12,25 @@ feature 'Project', feature: true do it 'parses Markdown' do project.update_attribute(:description, 'This is **my** project') visit path - expect(page).to have_css('.project-home-desc > p > strong') + expect(page).to have_css('.cover-title > p > strong') end it 'passes through html-pipeline' do project.update_attribute(:description, 'This project is the :poop:') visit path - expect(page).to have_css('.project-home-desc > p > img') + expect(page).to have_css('.cover-title > p > img') end it 'sanitizes unwanted tags' do project.update_attribute(:description, "```\ncode\n```") visit path - expect(page).not_to have_css('.project-home-desc code') + expect(page).not_to have_css('.cover-title code') end it 'permits `rel` attribute on links' do project.update_attribute(:description, 'https://google.com/') visit path - expect(page).to have_css('.project-home-desc a[rel]') + expect(page).to have_css('.cover-title a[rel]') end end diff --git a/spec/features/security/group_access_spec.rb b/spec/features/security/group_access_spec.rb index 0194581dfd1..55bbeafba33 100644 --- a/spec/features/security/group_access_spec.rb +++ b/spec/features/security/group_access_spec.rb @@ -4,7 +4,7 @@ describe 'Group access', feature: true do include AccessMatchers def group - @group ||= create(:group) + @group ||= create(:group, visibility_level: Gitlab::VisibilityLevel::PUBLIC) end def create_project(access_level) diff --git a/spec/finders/projects_finder_spec.rb b/spec/finders/projects_finder_spec.rb index fae0da9d898..194c9543772 100644 --- a/spec/finders/projects_finder_spec.rb +++ b/spec/finders/projects_finder_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' describe ProjectsFinder do describe '#execute' do let(:user) { create(:user) } - let(:group) { create(:group) } + let(:group) { create(:group, visibility_level: Gitlab::VisibilityLevel::PUBLIC) } let!(:private_project) do create(:project, :private, name: 'A', path: 'A') diff --git a/spec/finders/snippets_finder_spec.rb b/spec/finders/snippets_finder_spec.rb index 7fdc5e5d7aa..b8940483dfb 100644 --- a/spec/finders/snippets_finder_spec.rb +++ b/spec/finders/snippets_finder_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' describe SnippetsFinder do let(:user) { create :user } let(:user1) { create :user } - let(:group) { create :group } + let(:group) { create :group, visibility_level: Gitlab::VisibilityLevel::PUBLIC } let(:project1) { create(:empty_project, :public, group: group) } let(:project2) { create(:empty_project, :private, group: group) } diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index 74383204250..dba7ffc8565 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -442,7 +442,7 @@ describe Project, models: true do end describe '.trending' do - let(:group) { create(:group) } + let(:group) { create(:group, :public) } let(:project1) { create(:empty_project, :public, group: group) } let(:project2) { create(:empty_project, :public, group: group) } diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index a6699cdc81c..a5d4985dc78 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -275,6 +275,7 @@ describe API::API, api: true do it 'should not allow a non-admin to use a restricted visibility level' do post api('/projects', user), @project + expect(response.status).to eq(400) expect(json_response['message']['visibility_level'].first).to( match('restricted by your GitLab administrator')