Commit c575599a authored by Sean McGivern's avatar Sean McGivern

Merge branch 'if-197895-fix_fork_project_policy' into 'master'

Disallow project forking policy for anonymous user

See merge request gitlab-org/gitlab!23320
parents e27800cd 9825ef1f
......@@ -241,7 +241,7 @@ class ProjectPolicy < BasePolicy
enable :request_access
end
rule { can?(:download_code) & forking_allowed }.policy do
rule { (can?(:public_user_access) | can?(:reporter_access)) & forking_allowed }.policy do
enable :fork_project
end
......
......@@ -508,6 +508,34 @@ describe ProjectPolicy do
end
end
context 'forking a project' do
subject { described_class.new(current_user, project) }
context 'anonymous user' do
let(:current_user) { nil }
it { is_expected.to be_disallowed(:fork_project) }
end
context 'project member' do
let_it_be(:project) { create(:project, :private) }
context 'guest' do
let(:current_user) { guest }
it { is_expected.to be_disallowed(:fork_project) }
end
%w(reporter developer maintainer).each do |role|
context role do
let(:current_user) { send(role) }
it { is_expected.to be_allowed(:fork_project) }
end
end
end
end
describe 'update_max_artifacts_size' do
subject { described_class.new(current_user, project) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment