4 files changed, 67 insertions, 9 deletions

diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index 2bdcbdc8c7f..90cb69760a9 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -31,11 +31,13 @@ module API
     end
 
     class Project < Grape::Entity
-      expose :id, :description, :default_branch, :public, :ssh_url_to_repo, :http_url_to_repo, :web_url
+      expose :id, :description, :default_branch
+      expose :public?, as: :public
+      expose :visibility_level, :ssh_url_to_repo, :http_url_to_repo, :web_url
       expose :owner, using: Entities::UserBasic
       expose :name, :name_with_namespace
       expose :path, :path_with_namespace
-      expose :issues_enabled, :merge_requests_enabled, :wall_enabled, :wiki_enabled, :snippets_enabled, :created_at, :last_activity_at, :public
+      expose :issues_enabled, :merge_requests_enabled, :wall_enabled, :wiki_enabled, :snippets_enabled, :created_at, :last_activity_at
       expose :namespace
       expose :forked_from_project, using: Entities::ForkedFromProject, :if => lambda{ | project, options | project.forked? }
     end
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index b927e63f4a4..003533fb59a 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -11,6 +11,13 @@ module API
           end
           not_found!
         end
+        
+        def map_public_to_visibility_level(attrs)
+          publik = attrs.delete(:public)
+          publik = [ true, 1, '1', 't', 'T', 'true', 'TRUE', 'on', 'ON' ].include?(publik)
+          attrs[:visibility_level] = Gitlab::VisibilityLevel::PUBLIC if !attrs[:visibility_level].present? && publik == true
+          attrs
+        end
       end
 
       # Get a projects list for authenticated user
@@ -76,7 +83,8 @@ module API
       #   wiki_enabled (optional)
       #   snippets_enabled (optional)
       #   namespace_id (optional) - defaults to user namespace
-      #   public (optional) - false by default
+      #   public (optional) - if true same as setting visibility_level = 20
+      #   visibility_level (optional) - 0 by default
       # Example Request
       #   POST /projects
       post do
@@ -90,7 +98,9 @@ module API
                                      :wiki_enabled,
                                      :snippets_enabled,
                                      :namespace_id,
-                                     :public]
+                                     :public,
+                                     :visibility_level]
+        attrs = map_public_to_visibility_level(attrs)
         @project = ::Projects::CreateContext.new(current_user, attrs).execute
         if @project.saved?
           present @project, with: Entities::Project
@@ -114,7 +124,8 @@ module API
       #   merge_requests_enabled (optional)
       #   wiki_enabled (optional)
       #   snippets_enabled (optional)
-      #   public (optional)
+      #   public (optional) - if true same as setting visibility_level = 20
+      #   visibility_level (optional)
       # Example Request
       #   POST /projects/user/:user_id
       post "user/:user_id" do
@@ -128,7 +139,9 @@ module API
                                      :merge_requests_enabled,
                                      :wiki_enabled,
                                      :snippets_enabled,
-                                     :public]
+                                     :public,
+                                     :visibility_level]
+        attrs = map_public_to_visibility_level(attrs)
         @project = ::Projects::CreateContext.new(user, attrs).execute
         if @project.saved?
           present @project, with: Entities::Project
@@ -290,7 +303,8 @@ module API
       #   GET /projects/search/:query
       get "/search/:query" do
         ids = current_user.authorized_projects.map(&:id)
-        projects = Project.where("(id in (?) OR public = true) AND (name LIKE (?))", ids, "%#{params[:query]}%")
+        visibility_levels = [ Gitlab::VisibilityLevel::INTERNAL, Gitlab::VisibilityLevel::PUBLIC ]
+        projects = Project.where("(id in (?) OR visibility_level in (?)) AND (name LIKE (?))", ids, visibility_levels, "%#{params[:query]}%")
         present paginate(projects), with: Entities::Project
       end
     end
diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb
index e2349495b57..c629144118c 100644
--- a/lib/gitlab/backend/grack_auth.rb
+++ b/lib/gitlab/backend/grack_auth.rb
@@ -58,7 +58,7 @@ module Grack
         end
 
       else
-        return unauthorized unless project.public
+        return unauthorized unless project.public?
       end
 
       if authorized_git_request?
@@ -80,7 +80,7 @@ module Grack
     def authorize_request(service)
       case service
       when 'git-upload-pack'
-        project.public || can?(user, :download_code, project)
+        can?(user, :download_code, project)
       when'git-receive-pack'
         refs.each do |ref|
           action = if project.protected_branch?(ref)
diff --git a/lib/gitlab/visibility_level.rb b/lib/gitlab/visibility_level.rb
new file mode 100644
index 00000000000..eada9bcddf5
--- /dev/null
+++ b/lib/gitlab/visibility_level.rb
@@ -0,0 +1,42 @@
+# Gitlab::VisibilityLevel module
+#
+# Define allowed public modes that can be used for
+# GitLab projects to determine project public mode
+#
+module Gitlab
+  module VisibilityLevel
+    PRIVATE  = 0
+    INTERNAL = 10
+    PUBLIC   = 20
+
+    class << self
+      def values
+        options.values
+      end
+
+      def options
+        {
+          'Private'  => PRIVATE,
+          'Internal' => INTERNAL,
+          'Public'   => PUBLIC
+        }
+      end
+      
+      def allowed_for?(user, level)
+        user.is_admin? || !Gitlab.config.gitlab.restricted_visibility_levels.include?(level)
+      end
+    end
+
+    def private?
+      visibility_level_field == PRIVATE
+    end
+
+    def internal?
+      visibility_level_field == INTERNAL
+    end
+
+    def public?
+      visibility_level_field == PUBLIC
+    end
+  end
+end