Only assign merge params when allowed

When a user updates a merge request coming from a fork, they should not be able to set `force_remove_source_branch` if they cannot push code to the source project. Otherwise developers of the target project could remove the source branch of the source project by setting this flag through the API.
author: Bob Van Landuyt <bob@vanlanduyt.co> 2019-09-25 18:25:40 +0200
committer: Bob Van Landuyt <bob@vanlanduyt.co> 2019-10-24 12:19:56 +0200
commit: 20cb4f7ab567062fd67ccd40cd29ff1d2e85d8f0 (patch)
tree: 9a6c1fc7836513723d2948ec1cd53dc268b25bf7 /app/services/merge_requests/create_service.rb
parent: dc0622dbe3cd552abca4107557c6c09edb23625c (diff)
download: gitlab-ce-20cb4f7ab567062fd67ccd40cd29ff1d2e85d8f0.tar.gz
1 files changed, 0 insertions, 1 deletions
diff --git a/app/services/merge_requests/create_service.rb b/app/services/merge_requests/create_service.rb
index 1c730232abb..9a37a0330fc 100644
--- a/app/services/merge_requests/create_service.rb
+++ b/app/services/merge_requests/create_service.rb
@@ -9,7 +9,6 @@ module MergeRequests
       merge_request.target_project = @project
       merge_request.source_project = @source_project
       merge_request.source_branch = params[:source_branch]
-      merge_request.merge_params['force_remove_source_branch'] = params.delete(:force_remove_source_branch)
 
       create(merge_request)
     end
author	Bob Van Landuyt <bob@vanlanduyt.co>	2019-09-25 18:25:40 +0200
committer	Bob Van Landuyt <bob@vanlanduyt.co>	2019-10-24 12:19:56 +0200
commit	20cb4f7ab567062fd67ccd40cd29ff1d2e85d8f0 (patch)
tree	9a6c1fc7836513723d2948ec1cd53dc268b25bf7 /app/services/merge_requests/create_service.rb
parent	dc0622dbe3cd552abca4107557c6c09edb23625c (diff)
download	gitlab-ce-20cb4f7ab567062fd67ccd40cd29ff1d2e85d8f0.tar.gz