diff options
| author | Stan Hu <stanhu@gmail.com> | 2019-08-25 07:20:17 -0700 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2019-08-25 13:18:28 -0700 |
| commit | a47ab605a316dbf321b429572ab0a4305f4c66e6 (patch) | |
| tree | a45b75bc2893de0e3465912422b497b10b8c5421 | |
| parent | fc08d48cf0a596dc151cb7bc7ab0f7d2721f3333 (diff) | |
| download | gitlab-ce-sh-guard-against-orphaned-project-feature.tar.gz | |
Guard against deleted project feature entrysh-guard-against-orphaned-project-feature
In https://gitlab.com/gitlab-org/gitlab-ce/issues/66482, we see that a
project's `project_feature` association may be lazily loaded and hence
return `nil` if the entry is deleted if the `Project` is already loaded
in memory. To ensure we don't fail hard when this happens, assume all
features are disabled.
We can fix this issue by eager loading the `project_feature` in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/32169, but we
shouldn't have to depend on that.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66482
| -rw-r--r-- | app/policies/project_policy.rb | 2 | ||||
| -rw-r--r-- | changelogs/unreleased/sh-guard-against-orphaned-project-feature.yml | 5 | ||||
| -rw-r--r-- | spec/policies/project_policy_spec.rb | 13 |
3 files changed, 20 insertions, 0 deletions
diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index b8dee1b0789..e2634692dc7 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -502,6 +502,8 @@ class ProjectPolicy < BasePolicy end def feature_available?(feature) + return false unless project.project_feature + case project.project_feature.access_level(feature) when ProjectFeature::DISABLED false diff --git a/changelogs/unreleased/sh-guard-against-orphaned-project-feature.yml b/changelogs/unreleased/sh-guard-against-orphaned-project-feature.yml new file mode 100644 index 00000000000..5f112d7cd18 --- /dev/null +++ b/changelogs/unreleased/sh-guard-against-orphaned-project-feature.yml @@ -0,0 +1,5 @@ +--- +title: Guard against deleted project feature entry +merge_request: 32187 +author: +type: fixed diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index 8fd54e0bf1d..71ba73d5661 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -94,6 +94,19 @@ describe ProjectPolicy do permissions.each { |p| is_expected.not_to be_allowed(p) } end + context 'with no project feature' do + subject { described_class.new(owner, project) } + + before do + project.project_feature.destroy + project.reload + end + + it 'returns false' do + is_expected.to be_disallowed(:read_build) + end + end + it 'does not include the read_issue permission when the issue author is not a member of the private project' do project = create(:project, :private) issue = create(:issue, project: project, author: create(:user)) |