Add latest changes from gitlab-org/security/gitlab@13-0-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-26 14:29:59 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-26 14:29:59 +0000
commit: 5bc4a1efecfffbd467d7e2e2f42f3f1bf6e6f030 (patch)
tree: 81f5111534cc56919e4aeb453fc65462e596b56d /spec/requests/api
parent: df400447bfd5c650b32cc8d75fa80f8cc7099d94 (diff)
download: gitlab-ce-5bc4a1efecfffbd467d7e2e2f42f3f1bf6e6f030.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb
index 0deff138e2e..3abcf1cb7ed 100644
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -1891,6 +1891,17 @@ describe API::Projects do
           expect(project_fork_target).to be_forked
         end
 
+        it 'fails without permission from forked_from project' do
+          project_fork_source.project_feature.update_attribute(:forking_access_level, ProjectFeature::PRIVATE)
+
+          post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", user)
+
+          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(project_fork_target.forked_from_project).to be_nil
+          expect(project_fork_target.fork_network_member).not_to be_present
+          expect(project_fork_target).not_to be_forked
+        end
+
         it 'denies project to be forked from a private project' do
           post api("/projects/#{project_fork_target.id}/fork/#{private_project_fork_source.id}", user)
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-26 14:29:59 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-26 14:29:59 +0000
commit	5bc4a1efecfffbd467d7e2e2f42f3f1bf6e6f030 (patch)
tree	81f5111534cc56919e4aeb453fc65462e596b56d /spec/requests/api
parent	df400447bfd5c650b32cc8d75fa80f8cc7099d94 (diff)
download	gitlab-ce-5bc4a1efecfffbd467d7e2e2f42f3f1bf6e6f030.tar.gz