diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2016-04-05 14:37:06 +0200 |
---|---|---|
committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2016-04-05 14:37:06 +0200 |
commit | bb9c194c23b8b3ffef30c7fdbe244d4fefc93883 (patch) | |
tree | 20979ccf055b372fa8e4f09205673ec8551f5fb2 | |
parent | c52b5c92fbd31dc6f76087c43a94243d382d3172 (diff) | |
download | gitlab-ce-fix/permissions-when-importing-members.tar.gz |
Respond 404 when unauthorized user imports membersfix/permissions-when-importing-members
-rw-r--r-- | app/controllers/projects/project_members_controller.rb | 2 | ||||
-rw-r--r-- | spec/controllers/projects/project_members_controller_spec.rb | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb index fd56dfd1260..e457db2f0b7 100644 --- a/app/controllers/projects/project_members_controller.rb +++ b/app/controllers/projects/project_members_controller.rb @@ -100,7 +100,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController status = @project.team.import(source_project, current_user) notice = status ? "Successfully imported" : "Import failed" else - notice = 'Import failed - source project not found!' + return render_404 end redirect_to(namespace_project_project_members_path(project.namespace, project), diff --git a/spec/controllers/projects/project_members_controller_spec.rb b/spec/controllers/projects/project_members_controller_spec.rb index 6ff3d4199f6..d47e4ab9a4f 100644 --- a/spec/controllers/projects/project_members_controller_spec.rb +++ b/spec/controllers/projects/project_members_controller_spec.rb @@ -41,8 +41,8 @@ describe Projects::ProjectMembersController do expect(project.team_members).to_not include member end - it 'pretends that source projects does not exist' do - expect(response).to set_flash.to /source project not found/ + it 'responds with not found' do + expect(response.status).to eq 404 end end end |