gitlab-org--gitlab-foss/app/services/groups/nested_create_service.rb
James Lopez 68e31c098e Merge branch 'fix/gh-namespace-issue' into 'security-10-4'
[10.4] Fix GH namespace security issue
2018-02-09 12:16:28 -06:00

53 lines
1.3 KiB
Ruby

module Groups
class NestedCreateService < Groups::BaseService
attr_reader :group_path
def initialize(user, params)
@current_user, @params = user, params.dup
@group_path = @params.delete(:group_path)
end
def execute
return nil unless group_path
if namespace = namespace_or_group(group_path)
return namespace
end
if group_path.include?('/') && !Group.supports_nested_groups?
raise 'Nested groups are not supported on MySQL'
end
create_group_path
end
private
def create_group_path
group_path_segments = group_path.split('/')
last_group = nil
partial_path_segments = []
while subgroup_name = group_path_segments.shift
partial_path_segments << subgroup_name
partial_path = partial_path_segments.join('/')
new_params = params.reverse_merge(
path: subgroup_name,
name: subgroup_name,
parent: last_group
)
new_params[:visibility_level] ||= Gitlab::CurrentSettings.current_application_settings.default_group_visibility
last_group = namespace_or_group(partial_path) || Groups::CreateService.new(current_user, new_params).execute
end
last_group
end
def namespace_or_group(group_path)
Namespace.find_by_full_path(group_path)
end
end
end