From 7cb442eed4f488e378b3f20008ebe6ed3b53d31d Mon Sep 17 00:00:00 2001
From: Tomasz Maczukin <tomasz@maczukin.pl>
Date: Tue, 3 Nov 2015 18:23:48 +0100
Subject: [PATCH] Fix Project update service

When project is updated and it is a fork, then visibility_level
should not be less restrictive than in its parent project.
---
 app/models/project.rb                   | 2 +-
 app/services/projects/update_service.rb | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/app/models/project.rb b/app/models/project.rb
index a4c634bdb5c..7f2dd37a3cc 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -786,6 +786,6 @@ class Project < ActiveRecord::Base
 
   def visibility_level_allowed?(level)
     return true unless forked?
-    Gitlab::VisibilityLevel.allowed_fork_levels(forked_from_project.visibility_level).include?(level)
+    Gitlab::VisibilityLevel.allowed_fork_levels(forked_from_project.visibility_level).include?(level.to_i)
   end
 end
diff --git a/app/services/projects/update_service.rb b/app/services/projects/update_service.rb
index 69bdd045ddf..0a42f3e02aa 100644
--- a/app/services/projects/update_service.rb
+++ b/app/services/projects/update_service.rb
@@ -11,6 +11,15 @@ module Projects
         end
       end
 
+      unless project.visibility_level_allowed?(new_visibility)
+        level_name = Gitlab::VisibilityLevel.level_name(new_visibility)
+        project.errors.add(
+          :visibility_level,
+          "#{level_name} could not be set as visibility level of this project - parent project settings are more restrictive"
+        )
+        return false
+      end
+
       new_branch = params[:default_branch]
 
       if project.repository.exists? && new_branch && new_branch != project.default_branch
-- 
GitLab