Add latest changes from gitlab-org/security/gitlab@14-4-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-10-27 16:06:17 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-10-27 16:06:17 +0300
commit: 8cf3b9ab464420af642931a89f5fb24c65b1338d (patch)
tree: bbe9873aef1a15764fe668258f6aea4e0efac2eb /lib
parent: c1c828ac7f7b3c2e51d81921bbef9d474cd4d0a4 (diff)
2 files changed, 9 insertions, 1 deletions
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index e8a48d6c9f4..bb74849a98a 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -429,7 +429,7 @@ module API
         authorize_admin_project
         attrs = declared_params(include_missing: false)
         authorize! :rename_project, user_project if attrs[:name].present?
-        authorize! :change_visibility_level, user_project if attrs[:visibility].present?
+        authorize! :change_visibility_level, user_project if user_project.visibility_attribute_present?(attrs)
 
         attrs = translate_params_for_compatibility(attrs)
         filter_attributes_using_license!(attrs)
diff --git a/lib/gitlab/visibility_level.rb b/lib/gitlab/visibility_level.rb
index 64029d4d3fe..d378e558b8a 100644
--- a/lib/gitlab/visibility_level.rb
+++ b/lib/gitlab/visibility_level.rb
@@ -155,6 +155,14 @@ module Gitlab
       false
     end
 
+    def visibility_attribute_value(attributes)
+      visibility_level_attributes.each do |attr|
+        return attributes[attr] if attributes.has_key?(attr)
+      end
+
+      nil
+    end
+
     def visibility_level_attributes
       [visibility_level_field, visibility_level_field.to_s,
        :visibility, 'visibility']
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-10-27 16:06:17 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-10-27 16:06:17 +0300
commit	8cf3b9ab464420af642931a89f5fb24c65b1338d (patch)
tree	bbe9873aef1a15764fe668258f6aea4e0efac2eb /lib
parent	c1c828ac7f7b3c2e51d81921bbef9d474cd4d0a4 (diff)