From 191c0c2ef622cce66aac14abaac31693a2e14adb Mon Sep 17 00:00:00 2001
From: Ruby Nealon <rnealon@gitlab.com>
Date: Thu, 30 Nov 2023 14:01:38 +0000
Subject: [PATCH] Fix scope of project visibility checks when changing group
visibility
Changelog: fixed
---
app/models/group.rb | 2 +-
spec/models/group_spec.rb | 9 ++++++++-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/app/models/group.rb b/app/models/group.rb
index 215d6624fd342..e1c8830691752 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -406,7 +406,7 @@ def visibility_level_allowed_by_parent?(level = self.visibility_level)
end
def visibility_level_allowed_by_projects?(level = self.visibility_level)
- !projects.without_deleted.where('visibility_level > ?', level).exists?
+ !projects.not_aimed_for_deletion.where('visibility_level > ?', level).exists?
end
def visibility_level_allowed_by_sub_groups?(level = self.visibility_level)
diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb
index 0236ae9dc9e8d..279d4bc194e29 100644
--- a/spec/models/group_spec.rb
+++ b/spec/models/group_spec.rb
@@ -391,12 +391,19 @@
expect(internal_group.errors[:visibility_level]).to include('private is not allowed since this group contains projects with higher visibility.')
end
- it 'is valid if higher visibility project is deleted' do
+ it 'is valid if higher visibility project is currently undergoing deletion' do
internal_project.update_attribute(:pending_delete, true)
internal_group.visibility_level = Gitlab::VisibilityLevel::PRIVATE
expect(internal_group).to be_valid
end
+
+ it 'is valid if higher visibility project is pending deletion via marked_for_deletion_at' do
+ internal_project.update_attribute(:marked_for_deletion_at, Time.current)
+ internal_group.visibility_level = Gitlab::VisibilityLevel::PRIVATE
+
+ expect(internal_group).to be_valid
+ end
end
context 'when group has a higher visibility' do
--
GitLab