Commit c43f3089 authored by Stan Hu's avatar Stan Hu

Fix bug where users could not be added in protected branch rules

dbf7978b introduced a regression where protected branches and tags
could only be added if the user getting access to push or merge was a
direct member of the project. However, this does not consider that
team members can gain access to a project via group membership. Fix this
by checking the user has any access within the team.

Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/9591
parent 11110e6c
...@@ -96,7 +96,7 @@ module EE ...@@ -96,7 +96,7 @@ module EE
def validate_user_membership def validate_user_membership
return unless user return unless user
unless project.members.where(user: user).exists? unless project.team.member?(user)
self.errors.add(:user, 'is not a member of the project') self.errors.add(:user, 'is not a member of the project')
end end
end end
......
---
title: Fix bug where users could not be added in protected branch rules
merge_request: 9474
author:
type: fixed
...@@ -77,6 +77,16 @@ describe EE::ProtectedRefAccess do ...@@ -77,6 +77,16 @@ describe EE::ProtectedRefAccess do
expect(access_level.errors.count).to eq 1 expect(access_level.errors.count).to eq 1
expect(access_level.errors[:user].first).to eq 'is not a member of the project' expect(access_level.errors[:user].first).to eq 'is not a member of the project'
end end
it 'allows users with access through group' do
new_project = create(:project, group: group)
new_user = create(:user)
group.add_developer(new_user)
access_level.user = new_user
expect(access_level).to be_valid
end
end end
it 'requires access_level if no user or group is specified' do it 'requires access_level if no user or group is specified' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment