Fix forks creation when visibility level is restricted

52733352 · Felipe Artur · 9a10205a · 52733352 · 52733352 · 52733352
Commit 52733352 authored 8 years ago by Felipe Artur
--- a/CHANGELOG
+++ b/CHANGELOG
 Please view this file on the master branch, on stable branches it's out of date.
  
 v 8.9.0 (unreleased)
+  - Allow forking projects with restricted visibility level
  - Redesign navigation for project pages
  - Use gitlab-shell v3.0.0
  - Changed the Slack build message to use the singular duration if necessary (Aran Koning)

--- a/app/services/projects/fork_service.rb
+++ b/app/services/projects/fork_service.rb
@@ -3,7 +3,7 @@ module Projects
    def execute
      new_params = {
        forked_from_project_id: @project.id,
-        visibility_level:       @project.visibility_level,
+        visibility_level:       allowed_visibility_level,
        description:            @project.description,
        name:                   @project.name,
        path:                   @project.path,
@@ -19,5 +19,17 @@ module Projects
      new_project = CreateService.new(current_user, new_params).execute
      new_project
    end
+
+    private
+
+    def allowed_visibility_level
+      project_level = @project.visibility_level
+
+      if Gitlab::VisibilityLevel.non_restricted_level?(project_level)
+        project_level
+      else
+        Gitlab::VisibilityLevel.highest_allowed_level
+      end
+    end
  end
 end
--- a/lib/gitlab/visibility_level.rb
+++ b/lib/gitlab/visibility_level.rb
@@ -32,6 +32,13 @@ module Gitlab
        }
      end
  
+      def highest_allowed_level
+        restricted_levels = current_application_settings.restricted_visibility_levels
+
+        allowed_levels = self.values - restricted_levels
+        allowed_levels.max || PRIVATE
+      end
+
      def allowed_for?(user, level)
        user.is_admin? || allowed_level?(level.to_i)
      end

--- a/spec/services/projects/fork_service_spec.rb
+++ b/spec/services/projects/fork_service_spec.rb
@@ -42,6 +42,33 @@ describe Projects::ForkService, services: true do
        expect(@to_project.builds_enabled?).to be_truthy
      end
    end
+
+    context "when project has restricted visibility level" do
+      context "and only one visibility level is restricted" do
+        before do
+          @from_project.update_attributes(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
+          stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::INTERNAL])
+        end
+
+        it "creates fork with highest allowed level" do
+          forked_project = fork_project(@from_project, @to_user)
+
+          expect(forked_project.visibility_level).to eq(Gitlab::VisibilityLevel::PUBLIC)
+        end
+      end
+
+      context "and all visibility levels are restricted" do
+        before do
+          stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC, Gitlab::VisibilityLevel::INTERNAL, Gitlab::VisibilityLevel::PRIVATE])
+        end
+
+        it "creates fork with private visibility levels" do
+          forked_project = fork_project(@from_project, @to_user)
+
+          expect(forked_project.visibility_level).to eq(Gitlab::VisibilityLevel::PRIVATE)
+        end
+      end
+    end
  end
  
  describe :fork_to_namespace do