Commit c575599a authored by Sean McGivern's avatar Sean McGivern

Merge branch 'if-197895-fix_fork_project_policy' into 'master'

Disallow project forking policy for anonymous user

See merge request gitlab-org/gitlab!23320
parents e27800cd 9825ef1f
...@@ -241,7 +241,7 @@ class ProjectPolicy < BasePolicy ...@@ -241,7 +241,7 @@ class ProjectPolicy < BasePolicy
enable :request_access enable :request_access
end end
rule { can?(:download_code) & forking_allowed }.policy do rule { (can?(:public_user_access) | can?(:reporter_access)) & forking_allowed }.policy do
enable :fork_project enable :fork_project
end end
......
...@@ -508,6 +508,34 @@ describe ProjectPolicy do ...@@ -508,6 +508,34 @@ describe ProjectPolicy do
end end
end end
context 'forking a project' do
subject { described_class.new(current_user, project) }
context 'anonymous user' do
let(:current_user) { nil }
it { is_expected.to be_disallowed(:fork_project) }
end
context 'project member' do
let_it_be(:project) { create(:project, :private) }
context 'guest' do
let(:current_user) { guest }
it { is_expected.to be_disallowed(:fork_project) }
end
%w(reporter developer maintainer).each do |role|
context role do
let(:current_user) { send(role) }
it { is_expected.to be_allowed(:fork_project) }
end
end
end
end
describe 'update_max_artifacts_size' do describe 'update_max_artifacts_size' do
subject { described_class.new(current_user, project) } subject { described_class.new(current_user, project) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment