Add latest changes from gitlab-org/security/gitlab@14-8-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-02-25 19:30:40 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-02-25 19:30:40 +0300
commit: b485c8c3723dc5aaba15ab9fa258010d1ec66d61 (patch)
tree: 36cd2260b2f31bc77ad313b644e5784160ce9104 /app
parent: 479d579719c36f1b8706165c20f4525bc32bb451 (diff)
3 files changed, 23 insertions, 2 deletions
diff --git a/app/assets/javascripts/mirrors/mirror_repos.js b/app/assets/javascripts/mirrors/mirror_repos.js
index e59da18fb77..5bf08be1ead 100644
--- a/app/assets/javascripts/mirrors/mirror_repos.js
+++ b/app/assets/javascripts/mirrors/mirror_repos.js
@@ -6,6 +6,8 @@ import { __ } from '~/locale';
 import { hide } from '~/tooltips';
 import SSHMirror from './ssh_mirror';
 
+const PASSWORD_FIELD_SELECTOR = '.js-mirror-password-field';
+
 export default class MirrorRepos {
   constructor(container) {
     this.$container = $(container);
@@ -27,7 +29,6 @@ export default class MirrorRepos {
     this.$passwordGroup = $('.js-password-group', this.$container);
     this.$password = $('.js-password', this.$passwordGroup);
     this.$authMethod = $('.js-auth-method', this.$form);
-
     this.$keepDivergentRefsInput.on('change', () => this.updateKeepDivergentRefs());
     this.$authMethod.on('change', () => this.togglePassword());
     this.$password.on('input.updateUrl', () => this.debouncedUpdateUrl());
@@ -35,6 +36,13 @@ export default class MirrorRepos {
     this.initMirrorSSH();
     this.updateProtectedBranches();
     this.updateKeepDivergentRefs();
+    MirrorRepos.resetPasswordField();
+  }
+
+  static resetPasswordField() {
+    if (document.querySelector(PASSWORD_FIELD_SELECTOR)) {
+      document.querySelector(PASSWORD_FIELD_SELECTOR).value = '';
+    }
   }
 
   initMirrorSSH() {
diff --git a/app/services/members/create_service.rb b/app/services/members/create_service.rb
index dc29bb2c6da..758fa2e67f1 100644
--- a/app/services/members/create_service.rb
+++ b/app/services/members/create_service.rb
@@ -19,6 +19,8 @@ module Members
     end
 
     def execute
+      raise Gitlab::Access::AccessDeniedError unless can?(current_user, create_member_permission(source), source)
+
       validate_invite_source!
       validate_invitable!
 
@@ -156,6 +158,17 @@ module Members
         })
       )
     end
+
+    def create_member_permission(source)
+      case source
+      when Group
+        :admin_group_member
+      when Project
+        :admin_project_member
+      else
+        raise "Unknown source type: #{source.class}!"
+      end
+    end
   end
 end
 
diff --git a/app/views/projects/mirrors/_authentication_method.html.haml b/app/views/projects/mirrors/_authentication_method.html.haml
index e9e3645d7f2..28b433b2514 100644
--- a/app/views/projects/mirrors/_authentication_method.html.haml
+++ b/app/views/projects/mirrors/_authentication_method.html.haml
@@ -13,4 +13,4 @@
 .form-group
   .well-password-auth.collapse.js-well-password-auth
     = f.label :password, _("Password"), class: "label-bold"
-    = f.password_field :password, class: 'form-control gl-form-input qa-password', autocomplete: 'new-password'
+    = f.password_field :password, class: 'form-control gl-form-input qa-password js-mirror-password-field', autocomplete: 'off'
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-02-25 19:30:40 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-02-25 19:30:40 +0300
commit	b485c8c3723dc5aaba15ab9fa258010d1ec66d61 (patch)
tree	36cd2260b2f31bc77ad313b644e5784160ce9104 /app
parent	479d579719c36f1b8706165c20f4525bc32bb451 (diff)