Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/services/groups
diff options
context:
space:
mode:
Diffstat (limited to 'app/services/groups')
-rw-r--r--app/services/groups/create_service.rb10
1 files changed, 10 insertions, 0 deletions
diff --git a/app/services/groups/create_service.rb b/app/services/groups/create_service.rb
index 21d3c6499a0..bb577b41fa8 100644
--- a/app/services/groups/create_service.rb
+++ b/app/services/groups/create_service.rb
@@ -92,6 +92,16 @@ module Groups
end
end
+ if @group.organization && !can?(current_user, :create_group, @group.organization)
+ # We are unsetting this here to match behavior of invalid parent_id above and protect against possible
+ # committing to the database of a value that isn't allowed.
+ @group.organization = nil
+ message = s_("CreateGroup|You don't have permission to create a group in the provided organization.")
+ @group.errors.add(:organization_id, message)
+
+ return false
+ end
+
true
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-17 15:55:25 +0300