From 9dc93a4519d9d5d7be48ff274127136236a3adb3 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Tue, 20 Apr 2021 23:50:22 +0000
Subject: Add latest changes from gitlab-org/gitlab@13-11-stable-ee

---
 app/models/namespace_setting.rb | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'app/models/namespace_setting.rb')

diff --git a/app/models/namespace_setting.rb b/app/models/namespace_setting.rb
index 50844403d7f..d21f9632e18 100644
--- a/app/models/namespace_setting.rb
+++ b/app/models/namespace_setting.rb
@@ -1,14 +1,20 @@
 # frozen_string_literal: true
 
 class NamespaceSetting < ApplicationRecord
+  include CascadingNamespaceSettingAttribute
+
+  cascading_attr :delayed_project_removal
+
   belongs_to :namespace, inverse_of: :namespace_settings
 
   validate :default_branch_name_content
   validate :allow_mfa_for_group
+  validate :allow_resource_access_token_creation_for_group
 
   before_validation :normalize_default_branch_name
 
-  NAMESPACE_SETTINGS_PARAMS = [:default_branch_name].freeze
+  NAMESPACE_SETTINGS_PARAMS = [:default_branch_name, :delayed_project_removal,
+                               :lock_delayed_project_removal, :resource_access_token_creation_allowed].freeze
 
   self.primary_key = :namespace_id
 
@@ -31,6 +37,12 @@ class NamespaceSetting < ApplicationRecord
       errors.add(:allow_mfa_for_subgroups, _('is not allowed since the group is not top-level group.'))
     end
   end
+
+  def allow_resource_access_token_creation_for_group
+    if namespace&.subgroup? && !resource_access_token_creation_allowed
+      errors.add(:resource_access_token_creation_allowed, _('is not allowed since the group is not top-level group.'))
+    end
+  end
 end
 
 NamespaceSetting.prepend_if_ee('EE::NamespaceSetting')
-- 
cgit v1.2.1