diff options
| author | Vinnie Okada <vokada@mrvinn.com> | 2015-03-07 11:23:43 -0700 |
|---|---|---|
| committer | Vinnie Okada <vokada@mrvinn.com> | 2015-03-08 16:10:05 -0600 |
| commit | 285c5341855f8af6cbea5e964e3104a4698fa450 (patch) | |
| tree | a73054190f441edcda4c33715c7822caeb7800ed /app/services | |
| parent | cacac147de2b317d02788c5da1cdc6010f00a340 (diff) | |
| download | gitlab-ce-285c5341855f8af6cbea5e964e3104a4698fa450.tar.gz | |
Allow admins to override restricted visibility
Allow admins to use restricted visibility levels when creating or
updating projects.
Diffstat (limited to 'app/services')
| -rw-r--r-- | app/services/projects/base_service.rb | 18 | ||||
| -rw-r--r-- | app/services/projects/create_service.rb | 11 | ||||
| -rw-r--r-- | app/services/projects/update_service.rb | 11 |
3 files changed, 33 insertions, 7 deletions
diff --git a/app/services/projects/base_service.rb b/app/services/projects/base_service.rb new file mode 100644 index 00000000000..2a683e0d40a --- /dev/null +++ b/app/services/projects/base_service.rb @@ -0,0 +1,18 @@ +module Projects + class BaseService < ::BaseService + # Add an error to the project for restricted visibility levels + def deny_visibility_level(project, denied_visibility_level = nil) + denied_visibility_level ||= project.visibility_level + + level_name = 'Unknown' + Gitlab::VisibilityLevel.options.each do |name, level| + level_name = name if level == denied_visibility_level + end + + project.errors.add( + :visibility_level, + "#{level_name} visibility has been restricted by your GitLab administrator" + ) + end + end +end diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb index 4fe790b98f1..5f166a9a30b 100644 --- a/app/services/projects/create_service.rb +++ b/app/services/projects/create_service.rb @@ -1,5 +1,5 @@ module Projects - class CreateService < BaseService + class CreateService < Projects::BaseService def initialize(user, params) @current_user, @params = user, params.dup end @@ -7,9 +7,12 @@ module Projects def execute @project = Project.new(params) - # Reset visibility level if is not allowed to set it - unless Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level]) - @project.visibility_level = default_features.visibility_level + # Make sure that the user is allowed to use the specified visibility + # level + unless Gitlab::VisibilityLevel.allowed_for?(current_user, + params[:visibility_level]) + deny_visibility_level(@project) + return @project end # Set project name from path diff --git a/app/services/projects/update_service.rb b/app/services/projects/update_service.rb index 36877a61679..823afadc186 100644 --- a/app/services/projects/update_service.rb +++ b/app/services/projects/update_service.rb @@ -1,9 +1,14 @@ module Projects - class UpdateService < BaseService + class UpdateService < Projects::BaseService def execute # check that user is allowed to set specified visibility_level - unless can?(current_user, :change_visibility_level, project) && Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level]) - params[:visibility_level] = project.visibility_level + new_visibility = params[:visibility_level] + if new_visibility && new_visibility.to_i != project.visibility_level + unless can?(current_user, :change_visibility_level, project) && + Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility) + deny_visibility_level(project, new_visibility) + return project + end end new_branch = params[:default_branch] |