diff options
| author | Stan Hu <stanhu@gmail.com> | 2019-08-27 10:31:59 -0700 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2019-08-28 22:49:58 -0700 |
| commit | 680f437715dcf7a8871aa997559cf57362b43217 (patch) | |
| tree | 83ee049647b181ed9e74ad3d221f5d78106c5c8b /app | |
| parent | 549e95b8f921dfb30bc7982e9957ce9ccdfd916e (diff) | |
| download | gitlab-ce-680f437715dcf7a8871aa997559cf57362b43217.tar.gz | |
Fix snippets API not working with visibility levelsh-fix-snippet-visibility-api
When a restricted visibility level of `private` is set in the instance,
creating a snippet with the `visibility` level would always fail.
This happened because:
1. `params[:visibility]` was a string (e.g. "public")
2. `CreateSnippetService` and `UpdateSnippetService` only looked
at `params[:visibility_level]`, which was `nil`.
To fix this, we:
1. Make `CreateSnippetService` look at the newly-built
`snippet.visibility_level`, since the right value is assigned by the
`VisibilityLevel#visibility=` method.
2. Modify `UpdateSnippetService` to handle both `visibility_level` and
`visibility` parameters.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/66050
Diffstat (limited to 'app')
| -rw-r--r-- | app/services/base_service.rb | 4 | ||||
| -rw-r--r-- | app/services/create_snippet_service.rb | 2 | ||||
| -rw-r--r-- | app/services/groups/create_service.rb | 4 | ||||
| -rw-r--r-- | app/services/update_snippet_service.rb | 2 |
4 files changed, 6 insertions, 6 deletions
diff --git a/app/services/base_service.rb b/app/services/base_service.rb index 3e968c8f707..c39edd5c114 100644 --- a/app/services/base_service.rb +++ b/app/services/base_service.rb @@ -44,6 +44,10 @@ class BaseService model.errors.add(:visibility_level, "#{level_name} has been restricted by your GitLab administrator") end + def visibility_level + params[:visibility].is_a?(String) ? Gitlab::VisibilityLevel.level_value(params[:visibility]) : params[:visibility_level] + end + private def error(message, http_status = nil) diff --git a/app/services/create_snippet_service.rb b/app/services/create_snippet_service.rb index 6e5bf823cc7..0aa76df35ba 100644 --- a/app/services/create_snippet_service.rb +++ b/app/services/create_snippet_service.rb @@ -12,7 +12,7 @@ class CreateSnippetService < BaseService PersonalSnippet.new(params) end - unless Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level]) + unless Gitlab::VisibilityLevel.allowed_for?(current_user, snippet.visibility_level) deny_visibility_level(snippet) return snippet end diff --git a/app/services/groups/create_service.rb b/app/services/groups/create_service.rb index e78e5d5fc2c..1dd22d7a3ae 100644 --- a/app/services/groups/create_service.rb +++ b/app/services/groups/create_service.rb @@ -68,9 +68,5 @@ module Groups true end - - def visibility_level - params[:visibility].present? ? Gitlab::VisibilityLevel.level_value(params[:visibility]) : params[:visibility_level] - end end end diff --git a/app/services/update_snippet_service.rb b/app/services/update_snippet_service.rb index 2969c360de5..a294812ef9e 100644 --- a/app/services/update_snippet_service.rb +++ b/app/services/update_snippet_service.rb @@ -12,7 +12,7 @@ class UpdateSnippetService < BaseService def execute # check that user is allowed to set specified visibility_level - new_visibility = params[:visibility_level] + new_visibility = visibility_level if new_visibility && new_visibility.to_i != snippet.visibility_level unless Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility) |