diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-02-08 15:10:06 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-02-08 15:10:06 +0300 |
commit | d0aeb5df3d6b06165355b023a25b79c7bd74a27d (patch) | |
tree | 7b5d3ff0f0ac5c124aa8626aeb4a0682d99a17c2 /app/policies | |
parent | 9ccf40d15a14e9ccf613701ba7e3d5d250961345 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/policies')
-rw-r--r-- | app/policies/group_policy.rb | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index abb3616c58f..9568998e27d 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -36,7 +36,14 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy condition(:request_access_enabled) { @subject.request_access_enabled } condition(:create_projects_disabled, scope: :subject) do - @subject.project_creation_level == ::Gitlab::Access::NO_ONE_PROJECT_ACCESS + next true if @user.nil? + + visibility_evaluation_result = Gitlab::VisibilityLevelChecker + .new(user, Project.new(namespace_id: @subject.id)) + .level_restricted? + + @subject.project_creation_level == ::Gitlab::Access::NO_ONE_PROJECT_ACCESS || + visibility_evaluation_result.restricted? end condition(:developer_maintainer_access, scope: :subject) do |