Add validation for visibility level of sub groups

Sub groups should not have a visibility level higher than its parent.
author: Rubén Dávila <ruben@gitlab.com> 2017-08-15 20:25:47 -0500
committer: Mike Greiling <mike@pixelcog.com> 2017-08-26 03:30:01 -0500
commit: d413f8e4e426e2cb2dc61d5a72d84a7dc67a28c8 (patch)
tree: fb58f3e1f60552bb7c201c697eb9fa7e8b194788 /app/models/group.rb
parent: a30257c0321e872646fe945739482fdeadbba4c2 (diff)
download: gitlab-ce-d413f8e4e426e2cb2dc61d5a72d84a7dc67a28c8.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/app/models/group.rb b/app/models/group.rb
index 2816a68257c..15355418d05 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -26,6 +26,7 @@ class Group < Namespace
 
   validate :avatar_type, if: ->(user) { user.avatar.present? && user.avatar_changed? }
   validate :visibility_level_allowed_by_projects
+  validate :visibility_level_allowed_by_parent
 
   validates :avatar, file_size: { maximum: 200.kilobytes.to_i }
 
@@ -102,6 +103,14 @@ class Group < Namespace
     full_name
   end
 
+  def visibility_level_allowed_by_parent
+    return if parent_id.blank?
+
+    if parent && (visibility_level > parent.visibility_level)
+      errors.add(:visibility_level, "#{visibility} is not allowed since the parent group has a #{parent.visibility} visibility.")
+    end
+  end
+
   def visibility_level_allowed_by_projects
     allowed_by_projects = self.projects.where('visibility_level > ?', self.visibility_level).none?
author	Rubén Dávila <ruben@gitlab.com>	2017-08-15 20:25:47 -0500
committer	Mike Greiling <mike@pixelcog.com>	2017-08-26 03:30:01 -0500
commit	d413f8e4e426e2cb2dc61d5a72d84a7dc67a28c8 (patch)
tree	fb58f3e1f60552bb7c201c697eb9fa7e8b194788 /app/models/group.rb
parent	a30257c0321e872646fe945739482fdeadbba4c2 (diff)
download	gitlab-ce-d413f8e4e426e2cb2dc61d5a72d84a7dc67a28c8.tar.gz