Fix restricted visibility bugs

Check for nil values in the restricted_visibility_level validation
method, and set the restricted visibility request parameter to `[]` when
it's missing from the request.

2 files changed, 8 insertions, 4 deletions

diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index 8f7d5e8006f..9a5685877f8 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -21,7 +21,9 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
 
   def application_setting_params
     restricted_levels = params[:application_setting][:restricted_visibility_levels]
-    unless restricted_levels.nil?
+    if restricted_levels.nil?
+      params[:application_setting][:restricted_visibility_levels] = []
+    else
       restricted_levels.map! do |level|
         level.to_i
       end
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 6abdf0c755a..1c87db613ae 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -27,9 +27,11 @@ class ApplicationSetting < ActiveRecord::Base
     if: :home_page_url_column_exist
 
   validates_each :restricted_visibility_levels do |record, attr, value|
-    value.each do |level|
-      unless Gitlab::VisibilityLevel.options.has_value?(level)
-        record.errors.add(attr, "'#{level}' is not a valid visibility level")
+    unless value.nil?
+      value.each do |level|
+        unless Gitlab::VisibilityLevel.options.has_value?(level)
+          record.errors.add(attr, "'#{level}' is not a valid visibility level")
+        end
       end
     end
   end