Merge branch 'fix-api-group-visibility' into 'master'

Fix api group visibility

See merge request gitlab-org/gitlab-ce!26896

5 files changed, 30 insertions, 2 deletions

diff --git a/app/services/groups/create_service.rb b/app/services/groups/create_service.rb
index 74aad3b1c94..8f1f25a7307 100644
--- a/app/services/groups/create_service.rb
+++ b/app/services/groups/create_service.rb
@@ -62,12 +62,16 @@ module Groups
     end
 
     def can_use_visibility_level?
-      unless Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level])
+      unless Gitlab::VisibilityLevel.allowed_for?(current_user, visibility_level)
         deny_visibility_level(@group)
         return false
       end
 
       true
     end
+
+    def visibility_level
+      params[:visibility].present? ? Gitlab::VisibilityLevel.level_value(params[:visibility]) : params[:visibility_level]
+    end
   end
 end
diff --git a/changelogs/unreleased/fix-api-group-visibility.yml b/changelogs/unreleased/fix-api-group-visibility.yml
new file mode 100644
index 00000000000..7fbdcd729c6
--- /dev/null
+++ b/changelogs/unreleased/fix-api-group-visibility.yml
@@ -0,0 +1,5 @@
+---
+title: Fix api group visibility
+merge_request: 26896
+author:
+type: fixed
diff --git a/lib/gitlab/visibility_level.rb b/lib/gitlab/visibility_level.rb
index a3c7de87765..8f9d5cf1e63 100644
--- a/lib/gitlab/visibility_level.rb
+++ b/lib/gitlab/visibility_level.rb
@@ -75,8 +75,8 @@ module Gitlab
         user.admin? || allowed_level?(level.to_i)
       end
 
+      # Level should be a numeric value, e.g. `20`
       # Return true if the specified level is allowed for the current user.
-      # Level should be a numeric value, e.g. `20`.
       def allowed_level?(level)
         valid_level?(level) && non_restricted_level?(level)
       end
diff --git a/spec/lib/gitlab/visibility_level_spec.rb b/spec/lib/gitlab/visibility_level_spec.rb
index 2c1146ceff5..0a170a157fe 100644
--- a/spec/lib/gitlab/visibility_level_spec.rb
+++ b/spec/lib/gitlab/visibility_level_spec.rb
@@ -85,4 +85,12 @@ describe Gitlab::VisibilityLevel do
         .to eq(described_class::PRIVATE)
     end
   end
+
+  describe '.valid_level?' do
+    it 'returns true when visibility is valid' do
+      expect(described_class.valid_level?(described_class::PRIVATE)).to be_truthy
+      expect(described_class.valid_level?(described_class::INTERNAL)).to be_truthy
+      expect(described_class.valid_level?(described_class::PUBLIC)).to be_truthy
+    end
+  end
 end
diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb
index fe6a8691ae0..cd061afbfd5 100644
--- a/spec/services/groups/create_service_spec.rb
+++ b/spec/services/groups/create_service_spec.rb
@@ -88,6 +88,17 @@ describe Groups::CreateService, '#execute' do
     end
   end
 
+  describe "when visibility level is passed as a string" do
+    let(:service) { described_class.new(user, group_params) }
+    let(:group_params) { { path: 'group_path', visibility: 'public' } }
+
+    it "assigns the correct visibility level" do
+      group = service.execute
+
+      expect(group.visibility_level).to eq(Gitlab::VisibilityLevel::PUBLIC)
+    end
+  end
+
   describe 'creating a mattermost team' do
     let!(:params) { group_params.merge(create_chat_team: "true") }
     let!(:service) { described_class.new(user, params) }