Merge branch 'fix-api-private-project-update' into 'master'

Fix API setting of 'public' attribute to false will make a project private There is a bug in the projects API where setting `public` to `false` of would not change `visibility_level` even if `visiblity_level` were not present. Closes #3864 See merge request !1996

Merge branch 'fix-api-private-project-update' into 'master'
168b3e97 · Dmitriy Zaporozhets · 815cec3e · 631a3027 · 168b3e97 · 168b3e97
Commit 168b3e97 authored 9 years ago by Dmitriy Zaporozhets
--- a/CHANGELOG
+++ b/CHANGELOG
 Please view this file on the master branch, on stable branches it's out of date.
  
 v 8.3.0 (unreleased)
+  - Fix API setting of 'public' attribute to false will make a project private (Stan Hu)
  - Fix: Assignee selector is empty when 'Unassigned' is selected (Jose Corcuera)
  - Fix 500 error when update group member permission
  - Trim leading and trailing whitespace of milestone and issueable titles (Jose Corcuera)

--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -7,8 +7,12 @@ module API
      helpers do
        def map_public_to_visibility_level(attrs)
          publik = attrs.delete(:public)
-          publik = parse_boolean(publik)
-          attrs[:visibility_level] = Gitlab::VisibilityLevel::PUBLIC if !attrs[:visibility_level].present? && publik == true
+          if publik.present? && !attrs[:visibility_level].present?
+            publik = parse_boolean(publik)
+            # Since setting the public attribute to private could mean either
+            # private or internal, use the more conservative option, private.
+            attrs[:visibility_level] = (publik == true) ? Gitlab::VisibilityLevel::PUBLIC : Gitlab::VisibilityLevel::PRIVATE
+          end
          attrs
        end
      end

--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -742,6 +742,18 @@ describe API::API, api: true  do
        end
      end
  
+      it 'should update visibility_level from public to private' do
+        project3.update_attributes({ visibility_level: Gitlab::VisibilityLevel::PUBLIC })
+
+        project_param = { public: false }
+        put api("/projects/#{project3.id}", user), project_param
+        expect(response.status).to eq(200)
+        project_param.each_pair do |k, v|
+          expect(json_response[k.to_s]).to eq(v)
+        end
+        expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PRIVATE)
+      end
+
      it 'should not update name to existing name' do
        project_param = { name: project3.name }
        put api("/projects/#{project.id}", user), project_param