From 89ecba5e6cec6632c2f8e3baef6604b1b8ea0d45 Mon Sep 17 00:00:00 2001
From: Tomasz Maczukin <tomasz@maczukin.pl>
Date: Wed, 4 Nov 2015 23:40:43 +0100
Subject: Update forks visibility_level after parent project visibility_level
 change

---
 app/models/project.rb                   |  6 ++++-
 app/services/projects/update_service.rb | 48 ++++++++++++++++++++++++---------
 2 files changed, 40 insertions(+), 14 deletions(-)

diff --git a/app/models/project.rb b/app/models/project.rb
index 7f2dd37a3cc..f287e59b6df 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -731,7 +731,11 @@ class Project < ActiveRecord::Base
   end
 
   def forks_count
-    ForkedProjectLink.where(forked_from_project_id: self.id).count
+    forks.count
+  end
+
+  def forks
+    ForkedProjectLink.where(forked_from_project_id: self.id)
   end
 
   def find_label(name)
diff --git a/app/services/projects/update_service.rb b/app/services/projects/update_service.rb
index 0a42f3e02aa..0d2665f298d 100644
--- a/app/services/projects/update_service.rb
+++ b/app/services/projects/update_service.rb
@@ -3,21 +3,17 @@ module Projects
     def execute
       # check that user is allowed to set specified visibility_level
       new_visibility = params[:visibility_level]
-      if new_visibility && new_visibility.to_i != project.visibility_level
-        unless can?(current_user, :change_visibility_level, project) &&
-          Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility)
-          deny_visibility_level(project, new_visibility)
-          return project
+      if new_visibility
+        if new_visibility.to_i != project.visibility_level
+          unless can?(current_user, :change_visibility_level, project) &&
+            Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility)
+            deny_visibility_level(project, new_visibility)
+            return project
+          end
         end
-      end
 
-      unless project.visibility_level_allowed?(new_visibility)
-        level_name = Gitlab::VisibilityLevel.level_name(new_visibility)
-        project.errors.add(
-          :visibility_level,
-          "#{level_name} could not be set as visibility level of this project - parent project settings are more restrictive"
-        )
-        return false
+        return false unless visibility_level_allowed?(new_visibility)
+        update_forks_visibility_level(new_visibility)
       end
 
       new_branch = params[:default_branch]
@@ -32,5 +28,31 @@ module Projects
         end
       end
     end
+
+    private
+
+    def visibility_level_allowed?(level)
+      return true if project.visibility_level_allowed?(level)
+
+      level_name = Gitlab::VisibilityLevel.level_name(level)
+      project.errors.add(
+        :visibility_level,
+        "#{level_name} could not be set as visibility level of this project - parent project settings are more restrictive"
+      )
+
+      false
+    end
+
+    def update_forks_visibility_level(new_level)
+      project.forks.each do |forked_link|
+        forked_project = forked_link.forked_to_project
+        fork_level = forked_project.visibility_level
+
+        if fork_level > new_level.to_i
+          forked_project.visibility_level = new_level.to_i
+          forked_project.save!
+        end
+      end
+    end
   end
 end
-- 
cgit v1.2.1