Commit d413f8e4 authored by Rubén Dávila's avatar Rubén Dávila Committed by Mike Greiling

Add validation for visibility level of sub groups

Sub groups should not have a visibility level higher than its parent.
parent a30257c0
...@@ -26,6 +26,7 @@ class Group < Namespace ...@@ -26,6 +26,7 @@ class Group < Namespace
validate :avatar_type, if: ->(user) { user.avatar.present? && user.avatar_changed? } validate :avatar_type, if: ->(user) { user.avatar.present? && user.avatar_changed? }
validate :visibility_level_allowed_by_projects validate :visibility_level_allowed_by_projects
validate :visibility_level_allowed_by_parent
validates :avatar, file_size: { maximum: 200.kilobytes.to_i } validates :avatar, file_size: { maximum: 200.kilobytes.to_i }
...@@ -102,6 +103,14 @@ class Group < Namespace ...@@ -102,6 +103,14 @@ class Group < Namespace
full_name full_name
end end
def visibility_level_allowed_by_parent
return if parent_id.blank?
if parent && (visibility_level > parent.visibility_level)
errors.add(:visibility_level, "#{visibility} is not allowed since the parent group has a #{parent.visibility} visibility.")
end
end
def visibility_level_allowed_by_projects def visibility_level_allowed_by_projects
allowed_by_projects = self.projects.where('visibility_level > ?', self.visibility_level).none? allowed_by_projects = self.projects.where('visibility_level > ?', self.visibility_level).none?
......
...@@ -84,6 +84,39 @@ describe Group do ...@@ -84,6 +84,39 @@ describe Group do
expect(group).not_to be_valid expect(group).not_to be_valid
end end
end end
describe '#visibility_level_allowed_by_parent' do
let(:parent) { create(:group, :internal) }
let(:sub_group) { build(:group, parent_id: parent.id) }
context 'without a parent' do
it 'is valid' do
sub_group.parent_id = nil
expect(sub_group).to be_valid
end
end
context 'with a parent' do
context 'when visibility of sub group is greater than the parent' do
it 'is invalid' do
sub_group.visibility_level = Gitlab::VisibilityLevel::PUBLIC
expect(sub_group).to be_invalid
end
end
context 'when visibility of sub group is lower or equal to the parent' do
[Gitlab::VisibilityLevel::INTERNAL, Gitlab::VisibilityLevel::PRIVATE].each do |level|
it 'is valid' do
sub_group.visibility_level = level
expect(sub_group).to be_valid
end
end
end
end
end
end end
describe '.visible_to_user' do describe '.visible_to_user' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment