diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-27 16:06:17 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-27 16:06:17 +0300 |
commit | 8cf3b9ab464420af642931a89f5fb24c65b1338d (patch) | |
tree | bbe9873aef1a15764fe668258f6aea4e0efac2eb /lib | |
parent | c1c828ac7f7b3c2e51d81921bbef9d474cd4d0a4 (diff) |
Add latest changes from gitlab-org/security/gitlab@14-4-stable-ee
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/projects.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/visibility_level.rb | 8 |
2 files changed, 9 insertions, 1 deletions
diff --git a/lib/api/projects.rb b/lib/api/projects.rb index e8a48d6c9f4..bb74849a98a 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -429,7 +429,7 @@ module API authorize_admin_project attrs = declared_params(include_missing: false) authorize! :rename_project, user_project if attrs[:name].present? - authorize! :change_visibility_level, user_project if attrs[:visibility].present? + authorize! :change_visibility_level, user_project if user_project.visibility_attribute_present?(attrs) attrs = translate_params_for_compatibility(attrs) filter_attributes_using_license!(attrs) diff --git a/lib/gitlab/visibility_level.rb b/lib/gitlab/visibility_level.rb index 64029d4d3fe..d378e558b8a 100644 --- a/lib/gitlab/visibility_level.rb +++ b/lib/gitlab/visibility_level.rb @@ -155,6 +155,14 @@ module Gitlab false end + def visibility_attribute_value(attributes) + visibility_level_attributes.each do |attr| + return attributes[attr] if attributes.has_key?(attr) + end + + nil + end + def visibility_level_attributes [visibility_level_field, visibility_level_field.to_s, :visibility, 'visibility'] |