diff options
author | Douwe Maan <douwe@gitlab.com> | 2016-11-03 00:50:44 +0300 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-11-09 14:27:17 +0300 |
commit | b0bf92140f469db90ef378fd42a6f65eee1d4633 (patch) | |
tree | ef70b549ced2aca1b92a9f463014707b393c58b0 /spec/factories/projects.rb | |
parent | a14ee68fe4815d2906ece670bcc333303fd3c816 (diff) |
Merge branch 'fix-unathorized-cloning' into 'security'
Ensure external users are not able to clone disabled repositories.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23788
See merge request !2017
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'spec/factories/projects.rb')
-rw-r--r-- | spec/factories/projects.rb | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/spec/factories/projects.rb b/spec/factories/projects.rb index dd4a86b1e31..bfd88a254f1 100644 --- a/spec/factories/projects.rb +++ b/spec/factories/projects.rb @@ -49,13 +49,17 @@ FactoryGirl.define do end after(:create) do |project, evaluator| + # Builds and MRs can't have higher visibility level than repository access level. + builds_access_level = [evaluator.builds_access_level, evaluator.repository_access_level].min + merge_requests_access_level = [evaluator.merge_requests_access_level, evaluator.repository_access_level].min + project.project_feature. - update_attributes( + update_attributes!( wiki_access_level: evaluator.wiki_access_level, - builds_access_level: evaluator.builds_access_level, + builds_access_level: builds_access_level, snippets_access_level: evaluator.snippets_access_level, issues_access_level: evaluator.issues_access_level, - merge_requests_access_level: evaluator.merge_requests_access_level, + merge_requests_access_level: merge_requests_access_level, repository_access_level: evaluator.repository_access_level ) end |