Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2023-12-21 03:13:46 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2023-12-21 03:13:46 +0300
commit: 4aa6fba6d825b88d23ff37668e78c851bec102b0 (patch)
tree: 2588fec6fc68f27fbfc23e89daf9b9af34d5466b /app/services/groups
parent: faf60c19a9a1a29ce07d1b51ea3a69466e7129f3 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/app/services/groups/create_service.rb b/app/services/groups/create_service.rb
index 21d3c6499a0..bb577b41fa8 100644
--- a/app/services/groups/create_service.rb
+++ b/app/services/groups/create_service.rb
@@ -92,6 +92,16 @@ module Groups
         end
       end
 
+      if @group.organization && !can?(current_user, :create_group, @group.organization)
+        # We are unsetting this here to match behavior of invalid parent_id above and protect against possible
+        # committing to the database of a value that isn't allowed.
+        @group.organization = nil
+        message = s_("CreateGroup|You don't have permission to create a group in the provided organization.")
+        @group.errors.add(:organization_id, message)
+
+        return false
+      end
+
       true
     end
author	GitLab Bot <gitlab-bot@gitlab.com>	2023-12-21 03:13:46 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2023-12-21 03:13:46 +0300
commit	4aa6fba6d825b88d23ff37668e78c851bec102b0 (patch)
tree	2588fec6fc68f27fbfc23e89daf9b9af34d5466b /app/services/groups
parent	faf60c19a9a1a29ce07d1b51ea3a69466e7129f3 (diff)