Add latest changes from gitlab-org/security/gitlab@12-10-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-26 17:29:59 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-26 17:29:59 +0300
commit: e80b54a5d37aa0fad54e90a7bcc2af0de2f18be6 (patch)
tree: 3606a874f8570dfa705e2d330f4e68c0cb9f5cdb /spec
parent: 65e85dd1d83c9f4fe550ab66a7ff113c35708c5d (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb
index 853155cea7a..1332aee7bf3 100644
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -1891,6 +1891,17 @@ describe API::Projects do
           expect(project_fork_target).to be_forked
         end
 
+        it 'fails without permission from forked_from project' do
+          project_fork_source.project_feature.update_attribute(:forking_access_level, ProjectFeature::PRIVATE)
+
+          post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", user)
+
+          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(project_fork_target.forked_from_project).to be_nil
+          expect(project_fork_target.fork_network_member).not_to be_present
+          expect(project_fork_target).not_to be_forked
+        end
+
         it 'denies project to be forked from a private project' do
           post api("/projects/#{project_fork_target.id}/fork/#{private_project_fork_source.id}", user)
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-26 17:29:59 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-26 17:29:59 +0300
commit	e80b54a5d37aa0fad54e90a7bcc2af0de2f18be6 (patch)
tree	3606a874f8570dfa705e2d330f4e68c0cb9f5cdb /spec
parent	65e85dd1d83c9f4fe550ab66a7ff113c35708c5d (diff)