diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-24 21:53:44 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-24 21:53:44 +0300 |
commit | c620b8f91759e38b429eb931eb3f75202321fb96 (patch) | |
tree | 74b888943a5a81c0953f776c043ea964b0e8a51b /app | |
parent | 19c5bdd7cc3908f40c284c51c75e5b6f69048c15 (diff) | |
parent | 4aa9bb16e679273cf516922e1f7b995ae36a72d0 (diff) |
Merge branch 'security-developer-transfer-project-12-2' into '12-2-stable'
Require Maintainer permission on group where project is transferred to
See merge request gitlab/gitlabhq!3473
Diffstat (limited to 'app')
-rw-r--r-- | app/policies/group_policy.rb | 2 | ||||
-rw-r--r-- | app/policies/namespace_policy.rb | 2 | ||||
-rw-r--r-- | app/services/projects/transfer_service.rb | 2 |
3 files changed, 5 insertions, 1 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index c686e7763bb..987f252546d 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -124,6 +124,8 @@ class GroupPolicy < BasePolicy rule { developer & developer_maintainer_access }.enable :create_projects rule { create_projects_disabled }.prevent :create_projects + rule { maintainer & can?(:create_projects) }.enable :transfer_projects + def access_level return GroupMember::NO_ACCESS if @user.nil? diff --git a/app/policies/namespace_policy.rb b/app/policies/namespace_policy.rb index 2babcb0a2d9..926a8b7264d 100644 --- a/app/policies/namespace_policy.rb +++ b/app/policies/namespace_policy.rb @@ -14,4 +14,6 @@ class NamespacePolicy < BasePolicy end rule { personal_project & ~can_create_personal_project }.prevent :create_projects + + rule { (owner | admin) & can?(:create_projects) }.enable :transfer_projects end diff --git a/app/services/projects/transfer_service.rb b/app/services/projects/transfer_service.rb index 233dcf37e35..b94d618dc43 100644 --- a/app/services/projects/transfer_service.rb +++ b/app/services/projects/transfer_service.rb @@ -95,7 +95,7 @@ module Projects @new_namespace && can?(current_user, :change_namespace, project) && @new_namespace.id != project.namespace_id && - current_user.can?(:create_projects, @new_namespace) + current_user.can?(:transfer_projects, @new_namespace) end def update_namespace_and_visibility(to_namespace) |