Commit 336825c3 authored by Michael Kozono's avatar Michael Kozono

Merge branch 'fix-api-group-visibility' into 'master'

Fix api group visibility

See merge request gitlab-org/gitlab-ce!26896
parents d25cdca6 dc00fa90
...@@ -62,12 +62,16 @@ module Groups ...@@ -62,12 +62,16 @@ module Groups
end end
def can_use_visibility_level? def can_use_visibility_level?
unless Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level]) unless Gitlab::VisibilityLevel.allowed_for?(current_user, visibility_level)
deny_visibility_level(@group) deny_visibility_level(@group)
return false return false
end end
true true
end end
def visibility_level
params[:visibility].present? ? Gitlab::VisibilityLevel.level_value(params[:visibility]) : params[:visibility_level]
end
end end
end end
---
title: Fix api group visibility
merge_request: 26896
author:
type: fixed
...@@ -75,8 +75,8 @@ module Gitlab ...@@ -75,8 +75,8 @@ module Gitlab
user.admin? || allowed_level?(level.to_i) user.admin? || allowed_level?(level.to_i)
end end
# Level should be a numeric value, e.g. `20`
# Return true if the specified level is allowed for the current user. # Return true if the specified level is allowed for the current user.
# Level should be a numeric value, e.g. `20`.
def allowed_level?(level) def allowed_level?(level)
valid_level?(level) && non_restricted_level?(level) valid_level?(level) && non_restricted_level?(level)
end end
......
...@@ -85,4 +85,12 @@ describe Gitlab::VisibilityLevel do ...@@ -85,4 +85,12 @@ describe Gitlab::VisibilityLevel do
.to eq(described_class::PRIVATE) .to eq(described_class::PRIVATE)
end end
end end
describe '.valid_level?' do
it 'returns true when visibility is valid' do
expect(described_class.valid_level?(described_class::PRIVATE)).to be_truthy
expect(described_class.valid_level?(described_class::INTERNAL)).to be_truthy
expect(described_class.valid_level?(described_class::PUBLIC)).to be_truthy
end
end
end end
...@@ -88,6 +88,17 @@ describe Groups::CreateService, '#execute' do ...@@ -88,6 +88,17 @@ describe Groups::CreateService, '#execute' do
end end
end end
describe "when visibility level is passed as a string" do
let(:service) { described_class.new(user, group_params) }
let(:group_params) { { path: 'group_path', visibility: 'public' } }
it "assigns the correct visibility level" do
group = service.execute
expect(group.visibility_level).to eq(Gitlab::VisibilityLevel::PUBLIC)
end
end
describe 'creating a mattermost team' do describe 'creating a mattermost team' do
let!(:params) { group_params.merge(create_chat_team: "true") } let!(:params) { group_params.merge(create_chat_team: "true") }
let!(:service) { described_class.new(user, params) } let!(:service) { described_class.new(user, params) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment