diff options
author | Tim Zallmann <tzallmann@gitlab.com> | 2017-08-31 17:17:05 +0000 |
---|---|---|
committer | Tim Zallmann <tzallmann@gitlab.com> | 2017-08-31 17:17:05 +0000 |
commit | e58428382265f02639a7fc8c1bfcc6311564c0d0 (patch) | |
tree | 6dc51a5d77df9e804dd7f5b1ad33d68005bb9f43 /app/models/group.rb | |
parent | 9aef0427eb9986fc27a399ea6b47e1518d6ebdac (diff) | |
parent | cf37f0b173abacaef36660f1c9875f8fee8b78d8 (diff) | |
download | gitlab-ce-e58428382265f02639a7fc8c1bfcc6311564c0d0.tar.gz |
Merge branch '31273-creating-an-project-within-an-internal-sub-group-gives-the-option-to-set-it-a-public' into 'master'
Resolve various visibility level settings issues
Closes #31273
See merge request !13442
Diffstat (limited to 'app/models/group.rb')
-rw-r--r-- | app/models/group.rb | 45 |
1 files changed, 37 insertions, 8 deletions
diff --git a/app/models/group.rb b/app/models/group.rb index cb3ee032f69..190b27cf66b 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -26,6 +26,8 @@ class Group < Namespace validate :avatar_type, if: ->(user) { user.avatar.present? && user.avatar_changed? } validate :visibility_level_allowed_by_projects + validate :visibility_level_allowed_by_sub_groups + validate :visibility_level_allowed_by_parent validates :avatar, file_size: { maximum: 200.kilobytes.to_i } @@ -102,15 +104,24 @@ class Group < Namespace full_name end - def visibility_level_allowed_by_projects - allowed_by_projects = self.projects.where('visibility_level > ?', self.visibility_level).none? + def visibility_level_allowed_by_parent?(level = self.visibility_level) + return true unless parent_id && parent_id.nonzero? - unless allowed_by_projects - level_name = Gitlab::VisibilityLevel.level_name(visibility_level).downcase - self.errors.add(:visibility_level, "#{level_name} is not allowed since there are projects with higher visibility.") - end + level <= parent.visibility_level + end + + def visibility_level_allowed_by_projects?(level = self.visibility_level) + !projects.where('visibility_level > ?', level).exists? + end - allowed_by_projects + def visibility_level_allowed_by_sub_groups?(level = self.visibility_level) + !children.where('visibility_level > ?', level).exists? + end + + def visibility_level_allowed?(level = self.visibility_level) + visibility_level_allowed_by_parent?(level) && + visibility_level_allowed_by_projects?(level) && + visibility_level_allowed_by_sub_groups?(level) end def avatar_url(**args) @@ -275,11 +286,29 @@ class Group < Namespace list_of_ids.reverse.map { |group| variables[group.id] }.compact.flatten end - protected + private def update_two_factor_requirement return unless require_two_factor_authentication_changed? || two_factor_grace_period_changed? users.find_each(&:update_two_factor_requirement) end + + def visibility_level_allowed_by_parent + return if visibility_level_allowed_by_parent? + + errors.add(:visibility_level, "#{visibility} is not allowed since the parent group has a #{parent.visibility} visibility.") + end + + def visibility_level_allowed_by_projects + return if visibility_level_allowed_by_projects? + + errors.add(:visibility_level, "#{visibility} is not allowed since this group contains projects with higher visibility.") + end + + def visibility_level_allowed_by_sub_groups + return if visibility_level_allowed_by_sub_groups? + + errors.add(:visibility_level, "#{visibility} is not allowed since there are sub-groups with higher visibility.") + end end |