diff options
| author | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-12-06 17:04:34 +0100 |
|---|---|---|
| committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-12-14 10:21:09 +0100 |
| commit | 08dbd93bd6e08bca179567a3c020b8fac5139b49 (patch) | |
| tree | 688b1e4398b7eb8e78f37486e74fa0c01a6be279 /app/services | |
| parent | 352af3e57220e3f0178da8de2c3f03c42c419a9b (diff) | |
| download | gitlab-ce-08dbd93bd6e08bca179567a3c020b8fac5139b49.tar.gz | |
Validate projects in MR build service
This validates the correct abilities for both projects. Only
`read_project` isn't enough:
For the `source_project` we validate `create_merge_request_from` this
also validates that the user has developer access to the project.
For the `target_project` we validate `create_merge_reqeust_in` this
also validates that the user has access to the project's repository.
To avoid generating diffs for unrelated projects we also validate that
the projects are in the same fork network now.
Diffstat (limited to 'app/services')
| -rw-r--r-- | app/services/merge_requests/build_service.rb | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/app/services/merge_requests/build_service.rb b/app/services/merge_requests/build_service.rb index 36767621d74..48419da98ad 100644 --- a/app/services/merge_requests/build_service.rb +++ b/app/services/merge_requests/build_service.rb @@ -18,7 +18,7 @@ module MergeRequests merge_request.source_project = find_source_project merge_request.target_project = find_target_project merge_request.target_branch = find_target_branch - merge_request.can_be_created = branches_valid? + merge_request.can_be_created = projects_and_branches_valid? # compare branches only if branches are valid, otherwise # compare_branches may raise an error @@ -49,15 +49,19 @@ module MergeRequests to: :merge_request def find_source_project - return source_project if source_project.present? && can?(current_user, :read_project, source_project) + return source_project if source_project.present? && can?(current_user, :create_merge_request_from, source_project) project end def find_target_project - return target_project if target_project.present? && can?(current_user, :read_project, target_project) + return target_project if target_project.present? && can?(current_user, :create_merge_request_in, target_project) - project.default_merge_request_target + target_project = project.default_merge_request_target + + return target_project if target_project.present? && can?(current_user, :create_merge_request_in, target_project) + + project end def find_target_branch @@ -72,10 +76,11 @@ module MergeRequests params[:target_branch].present? end - def branches_valid? + def projects_and_branches_valid? + return false if source_project.nil? || target_project.nil? return false unless source_branch_specified? || target_branch_specified? - validate_branches + validate_projects_and_branches errors.blank? end @@ -94,7 +99,12 @@ module MergeRequests end end - def validate_branches + def validate_projects_and_branches + merge_request.validate_target_project + merge_request.validate_fork + + return if errors.any? + add_error('You must select source and target branch') unless branches_present? add_error('You must select different branches') if same_source_and_target? add_error("Source branch \"#{source_branch}\" does not exist") unless source_branch_exists? |