diff --git a/CHANGELOG-EE b/CHANGELOG-EE index 459e07352e672861cf296a8238de777912bd9fa2..e494253fa54c410c50a5dd5c3ea5fa3f97764101 100644 --- a/CHANGELOG-EE +++ b/CHANGELOG-EE @@ -1,6 +1,12 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.12.0 (Unreleased) +v 8.11.5 + - API: Restore backward-compatibility for POST /projects/:id/members when membership is locked + +v 8.11.4 + - No EE-specific changes + v 8.11.3 - [ES] Add logging to indexer - Fix missing EE-specific service parameters for Jenkins CI diff --git a/lib/api/members.rb b/lib/api/members.rb index 94c16710d9a5b5cf0fa1ef89c90836ba1a11ebc9..ffb8aa94b314408298913199f58fca266ffac044 100644 --- a/lib/api/members.rb +++ b/lib/api/members.rb @@ -59,6 +59,12 @@ class Members < Grape::API authorize_admin_source!(source_type, source) required_attributes! [:user_id, :access_level] + ## EE specific + if source_type == 'project' && source.group && source.group.membership_lock + not_allowed! + end + ## EE specific + access_requester = source.requesters.find_by(user_id: params[:user_id]) if access_requester # We pass current_user = access_requester so that the requester doesn't diff --git a/spec/requests/api/members_spec.rb b/spec/requests/api/members_spec.rb index 1e365bf353a9e133de342456237ef9a65e379021..0163743df8da6786df33131204310d0937a0f854 100644 --- a/spec/requests/api/members_spec.rb +++ b/spec/requests/api/members_spec.rb @@ -162,6 +162,23 @@ end end + ## EE specific + shared_examples 'POST /projects/:id/members with the project group membership locked' do + context 'project in a group' do + it 'returns a 405 method not allowed error when group membership lock is enabled' do + group_with_membership_locked = create(:group, membership_lock: true) + project = create(:project, group: group_with_membership_locked) + project.group.add_owner(master) + + post api("/projects/#{project.id}/members", master), + user_id: developer.id, access_level: Member::MASTER + + expect(response.status).to eq 405 + end + end + end + ## EE specific + shared_examples 'PUT /:sources/:id/members/:user_id' do |source_type| context "with :sources == #{source_type.pluralize}" do it_behaves_like 'a 404 response when source is private' do @@ -292,6 +309,10 @@ let(:source) { project } end + ## EE specific + it_behaves_like 'POST /projects/:id/members with the project group membership locked' + ## EE specific + it_behaves_like 'POST /:sources/:id/members', 'group' do let(:source) { group } end