summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDouwe Maan <douwe@selenight.nl>2017-02-27 16:38:45 -0600
committerDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2017-02-28 15:11:21 +0200
commit68faad16bd4bf81ccd1e279bc487fd02818b05d6 (patch)
treeddf84393180e9c62b6c7a8cb2d0a5d4399b223f3
parent71fbbc9da428268411c5a3cef319f7537b63d199 (diff)
downloadgitlab-ce-68faad16bd4bf81ccd1e279bc487fd02818b05d6.tar.gz
Don't allow a project to be shared with an ancestor of the group it is in
-rw-r--r--app/models/project_group_link.rb11
-rw-r--r--spec/models/project_group_link_spec.rb17
2 files changed, 25 insertions, 3 deletions
diff --git a/app/models/project_group_link.rb b/app/models/project_group_link.rb
index 5cb6b0c527d..ac1e9ab2b0b 100644
--- a/app/models/project_group_link.rb
+++ b/app/models/project_group_link.rb
@@ -33,8 +33,15 @@ class ProjectGroupLink < ActiveRecord::Base
private
def different_group
- if self.group && self.project && self.project.group == self.group
- errors.add(:base, "Project cannot be shared with the project it is in.")
+ return unless self.group && self.project
+
+ project_group = self.project.group
+ return unless project_group
+
+ group_ids = project_group.ancestors.map(&:id).push(project_group.id)
+
+ if group_ids.include?(self.group.id)
+ errors.add(:base, "Project cannot be shared with the group it is in or one of its ancestors.")
end
end
diff --git a/spec/models/project_group_link_spec.rb b/spec/models/project_group_link_spec.rb
index 59a4ae1b799..9b711bfc007 100644
--- a/spec/models/project_group_link_spec.rb
+++ b/spec/models/project_group_link_spec.rb
@@ -7,12 +7,27 @@ describe ProjectGroupLink do
end
describe "Validation" do
- let!(:project_group_link) { create(:project_group_link) }
+ let(:parent_group) { create(:group) }
+ let(:group) { create(:group, parent: parent_group) }
+ let(:project) { create(:project, group: group) }
+ let!(:project_group_link) { create(:project_group_link, project: project) }
it { should validate_presence_of(:project_id) }
it { should validate_uniqueness_of(:group_id).scoped_to(:project_id).with_message(/already shared/) }
it { should validate_presence_of(:group) }
it { should validate_presence_of(:group_access) }
+
+ it "doesn't allow a project to be shared with the group it is in" do
+ project_group_link.group = group
+
+ expect(project_group_link).not_to be_valid
+ end
+
+ it "doesn't allow a project to be shared with an ancestor of the group it is in" do
+ project_group_link.group = parent_group
+
+ expect(project_group_link).not_to be_valid
+ end
end
describe "destroying a record", truncate: true do