Commit 3257f8fc authored by Marin Jankovski's avatar Marin Jankovski

Do not allow adding users via api if member lock is enabled.

parent 6c656c75
...@@ -53,6 +53,10 @@ module API ...@@ -53,6 +53,10 @@ module API
authorize! :admin_project, user_project authorize! :admin_project, user_project
required_attributes! [:user_id, :access_level] required_attributes! [:user_id, :access_level]
if user_project.group && user_project.group.membership_lock
not_allowed!
end
# either the user is already a team member or a new one # either the user is already a team member or a new one
team_member = user_project.team_member_by_id(params[:user_id]) team_member = user_project.team_member_by_id(params[:user_id])
if team_member.nil? if team_member.nil?
......
...@@ -90,6 +90,18 @@ describe API::API, api: true do ...@@ -90,6 +90,18 @@ describe API::API, api: true do
post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234 post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234
response.status.should == 422 response.status.should == 422
end end
context 'project in a group' do
before do
project2 = create(:project, group: create(:group, membership_lock: true))
project2.group.add_owner(user)
post api("/projects/#{project2.id}/members", user), user_id: user2.id, access_level: ProjectMember::MASTER
end
it 'should return a 405 method not allowed error when group membership lock is enabled' do
response.status.should == 405
end
end
end end
describe "PUT /projects/:id/members/:user_id" do describe "PUT /projects/:id/members/:user_id" do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment