From 4262687a978c9521b8025a08543942286989fb11 Mon Sep 17 00:00:00 2001
From: Ahmad Sherif <me@ahmadsherif.com>
Date: Mon, 21 Nov 2016 16:38:54 +0200
Subject: [PATCH] Use the minimum access level of group link and group member
 when inserting authorized project records

---
 app/models/group.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models/group.rb b/app/models/group.rb
index 73b0f1c6572..40ba8b6a34d 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -65,7 +65,7 @@ class Group < Namespace
 
     def select_for_project_authorization
       if current_scope.joins_values.include?(:shared_projects)
-        select("members.user_id, projects.id AS project_id, project_group_links.group_access")
+        select("members.user_id, projects.id AS project_id, LEAST(project_group_links.group_access, members.access_level) AS access_level")
       else
         super
       end
-- 
GitLab