Commit 79ba1861 authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Merge branch 'if-restrict_project_forks' into 'master'

Restrict project forking

See merge request gitlab-org/gitlab!17988
parents df21f58e 4892492a
...@@ -104,6 +104,7 @@ export default { ...@@ -104,6 +104,7 @@ export default {
visibilityLevel: visibilityOptions.PUBLIC, visibilityLevel: visibilityOptions.PUBLIC,
issuesAccessLevel: 20, issuesAccessLevel: 20,
repositoryAccessLevel: 20, repositoryAccessLevel: 20,
forkingAccessLevel: 20,
mergeRequestsAccessLevel: 20, mergeRequestsAccessLevel: 20,
buildsAccessLevel: 20, buildsAccessLevel: 20,
wikiAccessLevel: 20, wikiAccessLevel: 20,
...@@ -300,6 +301,19 @@ export default { ...@@ -300,6 +301,19 @@ export default {
name="project[project_feature_attributes][merge_requests_access_level]" name="project[project_feature_attributes][merge_requests_access_level]"
/> />
</project-setting-row> </project-setting-row>
<project-setting-row
:label="s__('ProjectSettings|Forks')"
:help-text="
s__('ProjectSettings|Allow users to make copies of your repository to a new project')
"
>
<project-feature-setting
v-model="forkingAccessLevel"
:options="featureAccessLevelOptions"
:disabled-input="!repositoryEnabled"
name="project[project_feature_attributes][forking_access_level]"
/>
</project-setting-row>
<project-setting-row <project-setting-row
:label="s__('ProjectSettings|Pipelines')" :label="s__('ProjectSettings|Pipelines')"
:help-text="s__('ProjectSettings|Build, test, and deploy your changes')" :help-text="s__('ProjectSettings|Build, test, and deploy your changes')"
......
...@@ -9,6 +9,7 @@ class Projects::ForksController < Projects::ApplicationController ...@@ -9,6 +9,7 @@ class Projects::ForksController < Projects::ApplicationController
before_action :require_non_empty_project before_action :require_non_empty_project
before_action :authorize_download_code! before_action :authorize_download_code!
before_action :authenticate_user!, only: [:new, :create] before_action :authenticate_user!, only: [:new, :create]
before_action :authorize_fork_project!, only: [:new, :create]
# rubocop: disable CodeReuse/ActiveRecord # rubocop: disable CodeReuse/ActiveRecord
def index def index
...@@ -61,6 +62,8 @@ class Projects::ForksController < Projects::ApplicationController ...@@ -61,6 +62,8 @@ class Projects::ForksController < Projects::ApplicationController
end end
# rubocop: enable CodeReuse/ActiveRecord # rubocop: enable CodeReuse/ActiveRecord
private
def whitelist_query_limiting def whitelist_query_limiting
Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42335') Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/42335')
end end
......
...@@ -391,6 +391,7 @@ class ProjectsController < Projects::ApplicationController ...@@ -391,6 +391,7 @@ class ProjectsController < Projects::ApplicationController
project_feature_attributes: %i[ project_feature_attributes: %i[
builds_access_level builds_access_level
issues_access_level issues_access_level
forking_access_level
merge_requests_access_level merge_requests_access_level
repository_access_level repository_access_level
snippets_access_level snippets_access_level
......
...@@ -563,6 +563,7 @@ module ProjectsHelper ...@@ -563,6 +563,7 @@ module ProjectsHelper
requestAccessEnabled: !!project.request_access_enabled, requestAccessEnabled: !!project.request_access_enabled,
issuesAccessLevel: feature.issues_access_level, issuesAccessLevel: feature.issues_access_level,
repositoryAccessLevel: feature.repository_access_level, repositoryAccessLevel: feature.repository_access_level,
forkingAccessLevel: feature.forking_access_level,
mergeRequestsAccessLevel: feature.merge_requests_access_level, mergeRequestsAccessLevel: feature.merge_requests_access_level,
buildsAccessLevel: feature.builds_access_level, buildsAccessLevel: feature.builds_access_level,
wikiAccessLevel: feature.wiki_access_level, wikiAccessLevel: feature.wiki_access_level,
......
...@@ -50,6 +50,10 @@ module ProjectFeaturesCompatibility ...@@ -50,6 +50,10 @@ module ProjectFeaturesCompatibility
write_feature_attribute_string(:merge_requests_access_level, value) write_feature_attribute_string(:merge_requests_access_level, value)
end end
def forking_access_level=(value)
write_feature_attribute_string(:forking_access_level, value)
end
def issues_access_level=(value) def issues_access_level=(value)
write_feature_attribute_string(:issues_access_level, value) write_feature_attribute_string(:issues_access_level, value)
end end
......
...@@ -317,10 +317,12 @@ class Project < ApplicationRecord ...@@ -317,10 +317,12 @@ class Project < ApplicationRecord
accepts_nested_attributes_for :metrics_setting, update_only: true, allow_destroy: true accepts_nested_attributes_for :metrics_setting, update_only: true, allow_destroy: true
accepts_nested_attributes_for :grafana_integration, update_only: true, allow_destroy: true accepts_nested_attributes_for :grafana_integration, update_only: true, allow_destroy: true
delegate :feature_available?, :builds_enabled?, :wiki_enabled?, :merge_requests_enabled?, delegate :feature_available?, :builds_enabled?, :wiki_enabled?,
:issues_enabled?, :pages_enabled?, :public_pages?, :private_pages?, :merge_requests_enabled?, :forking_enabled?, :issues_enabled?,
:merge_requests_access_level, :issues_access_level, :wiki_access_level, :pages_enabled?, :public_pages?, :private_pages?,
:snippets_access_level, :builds_access_level, :repository_access_level, :merge_requests_access_level, :forking_access_level, :issues_access_level,
:wiki_access_level, :snippets_access_level, :builds_access_level,
:repository_access_level,
to: :project_feature, allow_nil: true to: :project_feature, allow_nil: true
delegate :scheduled?, :started?, :in_progress?, :failed?, :finished?, delegate :scheduled?, :started?, :in_progress?, :failed?, :finished?,
prefix: :import, to: :import_state, allow_nil: true prefix: :import, to: :import_state, allow_nil: true
......
...@@ -22,7 +22,7 @@ class ProjectFeature < ApplicationRecord ...@@ -22,7 +22,7 @@ class ProjectFeature < ApplicationRecord
ENABLED = 20 ENABLED = 20
PUBLIC = 30 PUBLIC = 30
FEATURES = %i(issues merge_requests wiki snippets builds repository pages).freeze FEATURES = %i(issues forking merge_requests wiki snippets builds repository pages).freeze
PRIVATE_FEATURES_MIN_ACCESS_LEVEL = { merge_requests: Gitlab::Access::REPORTER }.freeze PRIVATE_FEATURES_MIN_ACCESS_LEVEL = { merge_requests: Gitlab::Access::REPORTER }.freeze
PRIVATE_FEATURES_MIN_ACCESS_LEVEL_FOR_PRIVATE_PROJECT = { repository: Gitlab::Access::REPORTER }.freeze PRIVATE_FEATURES_MIN_ACCESS_LEVEL_FOR_PRIVATE_PROJECT = { repository: Gitlab::Access::REPORTER }.freeze
STRING_OPTIONS = HashWithIndifferentAccess.new({ STRING_OPTIONS = HashWithIndifferentAccess.new({
...@@ -92,6 +92,7 @@ class ProjectFeature < ApplicationRecord ...@@ -92,6 +92,7 @@ class ProjectFeature < ApplicationRecord
default_value_for :builds_access_level, value: ENABLED, allows_nil: false default_value_for :builds_access_level, value: ENABLED, allows_nil: false
default_value_for :issues_access_level, value: ENABLED, allows_nil: false default_value_for :issues_access_level, value: ENABLED, allows_nil: false
default_value_for :forking_access_level, value: ENABLED, allows_nil: false
default_value_for :merge_requests_access_level, value: ENABLED, allows_nil: false default_value_for :merge_requests_access_level, value: ENABLED, allows_nil: false
default_value_for :snippets_access_level, value: ENABLED, allows_nil: false default_value_for :snippets_access_level, value: ENABLED, allows_nil: false
default_value_for :wiki_access_level, value: ENABLED, allows_nil: false default_value_for :wiki_access_level, value: ENABLED, allows_nil: false
...@@ -132,6 +133,10 @@ class ProjectFeature < ApplicationRecord ...@@ -132,6 +133,10 @@ class ProjectFeature < ApplicationRecord
merge_requests_access_level > DISABLED merge_requests_access_level > DISABLED
end end
def forking_enabled?
forking_access_level > DISABLED
end
def issues_enabled? def issues_enabled?
issues_access_level > DISABLED issues_access_level > DISABLED
end end
......
...@@ -83,6 +83,11 @@ class ProjectPolicy < BasePolicy ...@@ -83,6 +83,11 @@ class ProjectPolicy < BasePolicy
project.merge_requests_allowing_push_to_user(user).any? project.merge_requests_allowing_push_to_user(user).any?
end end
with_scope :subject
condition(:forking_allowed) do
@subject.feature_available?(:forking, @user)
end
with_scope :global with_scope :global
condition(:mirror_available, score: 0) do condition(:mirror_available, score: 0) do
::Gitlab::CurrentSettings.current_application_settings.mirror_available ::Gitlab::CurrentSettings.current_application_settings.mirror_available
...@@ -203,7 +208,6 @@ class ProjectPolicy < BasePolicy ...@@ -203,7 +208,6 @@ class ProjectPolicy < BasePolicy
enable :download_code enable :download_code
enable :read_statistics enable :read_statistics
enable :download_wiki_code enable :download_wiki_code
enable :fork_project
enable :create_project_snippet enable :create_project_snippet
enable :update_issue enable :update_issue
enable :reopen_issue enable :reopen_issue
...@@ -232,12 +236,15 @@ class ProjectPolicy < BasePolicy ...@@ -232,12 +236,15 @@ class ProjectPolicy < BasePolicy
enable :public_access enable :public_access
enable :guest_access enable :guest_access
enable :fork_project
enable :build_download_code enable :build_download_code
enable :build_read_container_image enable :build_read_container_image
enable :request_access enable :request_access
end end
rule { can?(:download_code) & forking_allowed }.policy do
enable :fork_project
end
rule { owner | admin | guest | group_member }.prevent :request_access rule { owner | admin | guest | group_member }.prevent :request_access
rule { ~request_access_enabled }.prevent :request_access rule { ~request_access_enabled }.prevent :request_access
......
---
title: Add an option to configure forking restriction
merge_request: 17988
author:
type: added
# frozen_string_literal: true
class AddForkingAccessLevelToProjectFeature < ActiveRecord::Migration[5.2]
DOWNTIME = false
def change
add_column :project_features, :forking_access_level, :integer
end
end
...@@ -3167,6 +3167,7 @@ ActiveRecord::Schema.define(version: 2020_01_14_204949) do ...@@ -3167,6 +3167,7 @@ ActiveRecord::Schema.define(version: 2020_01_14_204949) do
t.datetime "updated_at" t.datetime "updated_at"
t.integer "repository_access_level", default: 20, null: false t.integer "repository_access_level", default: 20, null: false
t.integer "pages_access_level", null: false t.integer "pages_access_level", null: false
t.integer "forking_access_level"
t.index ["project_id"], name: "index_project_features_on_project_id", unique: true t.index ["project_id"], name: "index_project_features_on_project_id", unique: true
end end
......
...@@ -43,6 +43,7 @@ Use the switches to enable or disable the following features: ...@@ -43,6 +43,7 @@ Use the switches to enable or disable the following features:
| **Issues** | ✓ | Activates the GitLab issues tracker | | **Issues** | ✓ | Activates the GitLab issues tracker |
| **Repository** | ✓ | Enables [repository](../repository/) functionality | | **Repository** | ✓ | Enables [repository](../repository/) functionality |
| **Merge Requests** | ✓ | Enables [merge request](../merge_requests/) functionality; also see [Merge request settings](#merge-request-settings) | | **Merge Requests** | ✓ | Enables [merge request](../merge_requests/) functionality; also see [Merge request settings](#merge-request-settings) |
| **Forks** | ✓ | Enables [forking](../index.md#fork-a-project) functionality |
| **Pipelines** | ✓ | Enables [CI/CD](../../../ci/README.md) functionality | | **Pipelines** | ✓ | Enables [CI/CD](../../../ci/README.md) functionality |
| **Container Registry** | | Activates a [registry](../../packages/container_registry/) for your docker images | | **Container Registry** | | Activates a [registry](../../packages/container_registry/) for your docker images |
| **Git Large File Storage** | | Enables the use of [large files](../../../administration/lfs/manage_large_binaries_with_git_lfs.md#git-lfs) | | **Git Large File Storage** | | Enables the use of [large files](../../../administration/lfs/manage_large_binaries_with_git_lfs.md#git-lfs) |
......
...@@ -6,6 +6,7 @@ module EE ...@@ -6,6 +6,7 @@ module EE
attr_accessor :project attr_accessor :project
COLUMNS = [:merge_requests_access_level, COLUMNS = [:merge_requests_access_level,
:forking_access_level,
:issues_access_level, :issues_access_level,
:wiki_access_level, :wiki_access_level,
:snippets_access_level, :snippets_access_level,
......
...@@ -14360,6 +14360,9 @@ msgstr "" ...@@ -14360,6 +14360,9 @@ msgstr ""
msgid "ProjectSettings|All discussions must be resolved" msgid "ProjectSettings|All discussions must be resolved"
msgstr "" msgstr ""
msgid "ProjectSettings|Allow users to make copies of your repository to a new project"
msgstr ""
msgid "ProjectSettings|Allow users to request access" msgid "ProjectSettings|Allow users to request access"
msgstr "" msgstr ""
...@@ -14420,6 +14423,9 @@ msgstr "" ...@@ -14420,6 +14423,9 @@ msgstr ""
msgid "ProjectSettings|Fast-forward merges only" msgid "ProjectSettings|Fast-forward merges only"
msgstr "" msgstr ""
msgid "ProjectSettings|Forks"
msgstr ""
msgid "ProjectSettings|Git Large File Storage" msgid "ProjectSettings|Git Large File Storage"
msgstr "" msgstr ""
......
...@@ -12,6 +12,21 @@ describe Projects::ForksController do ...@@ -12,6 +12,21 @@ describe Projects::ForksController do
group.add_owner(user) group.add_owner(user)
end end
shared_examples 'forking disabled' do
let(:project) { create(:project, :private, :repository, :forking_disabled) }
before do
project.add_developer(user)
sign_in(user)
end
it 'returns with 404' do
subject
expect(response).to have_gitlab_http_status(404)
end
end
describe 'GET index' do describe 'GET index' do
def get_forks(search: nil) def get_forks(search: nil)
get :index, get :index,
...@@ -138,19 +153,19 @@ describe Projects::ForksController do ...@@ -138,19 +153,19 @@ describe Projects::ForksController do
end end
describe 'GET new' do describe 'GET new' do
def get_new subject do
get :new, get :new,
params: { params: {
namespace_id: project.namespace, namespace_id: project.namespace,
project_id: project project_id: project
} }
end end
context 'when user is signed in' do context 'when user is signed in' do
it 'responds with status 200' do it 'responds with status 200' do
sign_in(user) sign_in(user)
get_new subject
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
end end
...@@ -160,21 +175,26 @@ describe Projects::ForksController do ...@@ -160,21 +175,26 @@ describe Projects::ForksController do
it 'redirects to the sign-in page' do it 'redirects to the sign-in page' do
sign_out(user) sign_out(user)
get_new subject
expect(response).to redirect_to(new_user_session_path) expect(response).to redirect_to(new_user_session_path)
end end
end end
it_behaves_like 'forking disabled'
end end
describe 'POST create' do describe 'POST create' do
def post_create(params = {}) let(:params) do
post :create, {
params: { namespace_id: project.namespace,
namespace_id: project.namespace, project_id: project,
project_id: project, namespace_key: user.namespace.id
namespace_key: user.namespace.id }
}.merge(params) end
subject do
post :create, params: params
end end
context 'when user is signed in' do context 'when user is signed in' do
...@@ -183,18 +203,34 @@ describe Projects::ForksController do ...@@ -183,18 +203,34 @@ describe Projects::ForksController do
end end
it 'responds with status 302' do it 'responds with status 302' do
post_create subject
expect(response).to have_gitlab_http_status(302) expect(response).to have_gitlab_http_status(302)
expect(response).to redirect_to(namespace_project_import_path(user.namespace, project)) expect(response).to redirect_to(namespace_project_import_path(user.namespace, project))
end end
it 'passes continue params to the redirect' do context 'continue params' do
continue_params = { to: '/-/ide/project/path', notice: 'message' } let(:params) do
post_create continue: continue_params {
namespace_id: project.namespace,
project_id: project,
namespace_key: user.namespace.id,
continue: continue_params
}
end
let(:continue_params) do
{
to: '/-/ide/project/path',
notice: 'message'
}
end
expect(response).to have_gitlab_http_status(302) it 'passes continue params to the redirect' do
expect(response).to redirect_to(namespace_project_import_path(user.namespace, project, continue: continue_params)) subject
expect(response).to have_gitlab_http_status(302)
expect(response).to redirect_to(namespace_project_import_path(user.namespace, project, continue: continue_params))
end
end end
end end
...@@ -202,10 +238,12 @@ describe Projects::ForksController do ...@@ -202,10 +238,12 @@ describe Projects::ForksController do
it 'redirects to the sign-in page' do it 'redirects to the sign-in page' do
sign_out(user) sign_out(user)
post_create subject
expect(response).to redirect_to(new_user_session_path) expect(response).to redirect_to(new_user_session_path)
end end
end end
it_behaves_like 'forking disabled'
end end
end end
...@@ -25,6 +25,7 @@ FactoryBot.define do ...@@ -25,6 +25,7 @@ FactoryBot.define do
builds_access_level { ProjectFeature::ENABLED } builds_access_level { ProjectFeature::ENABLED }
snippets_access_level { ProjectFeature::ENABLED } snippets_access_level { ProjectFeature::ENABLED }
issues_access_level { ProjectFeature::ENABLED } issues_access_level { ProjectFeature::ENABLED }
forking_access_level { ProjectFeature::ENABLED }
merge_requests_access_level { ProjectFeature::ENABLED } merge_requests_access_level { ProjectFeature::ENABLED }
repository_access_level { ProjectFeature::ENABLED } repository_access_level { ProjectFeature::ENABLED }
pages_access_level do pages_access_level do
...@@ -48,6 +49,7 @@ FactoryBot.define do ...@@ -48,6 +49,7 @@ FactoryBot.define do
builds_access_level: builds_access_level, builds_access_level: builds_access_level,
snippets_access_level: evaluator.snippets_access_level, snippets_access_level: evaluator.snippets_access_level,
issues_access_level: evaluator.issues_access_level, issues_access_level: evaluator.issues_access_level,
forking_access_level: evaluator.forking_access_level,
merge_requests_access_level: merge_requests_access_level, merge_requests_access_level: merge_requests_access_level,
repository_access_level: evaluator.repository_access_level repository_access_level: evaluator.repository_access_level
} }
...@@ -264,6 +266,9 @@ FactoryBot.define do ...@@ -264,6 +266,9 @@ FactoryBot.define do
trait(:issues_disabled) { issues_access_level { ProjectFeature::DISABLED } } trait(:issues_disabled) { issues_access_level { ProjectFeature::DISABLED } }
trait(:issues_enabled) { issues_access_level { ProjectFeature::ENABLED } } trait(:issues_enabled) { issues_access_level { ProjectFeature::ENABLED } }
trait(:issues_private) { issues_access_level { ProjectFeature::PRIVATE } } trait(:issues_private) { issues_access_level { ProjectFeature::PRIVATE } }
trait(:forking_disabled) { forking_access_level { ProjectFeature::DISABLED } }
trait(:forking_enabled) { forking_access_level { ProjectFeature::ENABLED } }
trait(:forking_private) { forking_access_level { ProjectFeature::PRIVATE } }
trait(:merge_requests_enabled) { merge_requests_access_level { ProjectFeature::ENABLED } } trait(:merge_requests_enabled) { merge_requests_access_level { ProjectFeature::ENABLED } }
trait(:merge_requests_disabled) { merge_requests_access_level { ProjectFeature::DISABLED } } trait(:merge_requests_disabled) { merge_requests_access_level { ProjectFeature::DISABLED } }
trait(:merge_requests_private) { merge_requests_access_level { ProjectFeature::PRIVATE } } trait(:merge_requests_private) { merge_requests_access_level { ProjectFeature::PRIVATE } }
......
...@@ -186,7 +186,7 @@ describe 'Edit Project Settings' do ...@@ -186,7 +186,7 @@ describe 'Edit Project Settings' do
click_button "Save changes" click_button "Save changes"
end end
expect(find(".sharing-permissions")).to have_selector(".project-feature-toggle.is-disabled", count: 2) expect(find(".sharing-permissions")).to have_selector(".project-feature-toggle.is-disabled", count: 3)
end end
it "shows empty features project homepage" do it "shows empty features project homepage" do
......
...@@ -27,6 +27,89 @@ describe 'Project fork' do ...@@ -27,6 +27,89 @@ describe 'Project fork' do
expect(page).to have_css('a.disabled', text: 'Fork') expect(page).to have_css('a.disabled', text: 'Fork')
end end
context 'forking enabled / disabled in project settings' do
before do
project.project_feature.update_attribute(
:forking_access_level, forking_access_level)
end
context 'forking is enabled' do
let(:forking_access_level) { ProjectFeature::ENABLED }
it 'enables fork button' do
visit project_path(project)
expect(page).to have_css('a', text: 'Fork')
expect(page).not_to have_css('a.disabled', text: 'Fork')
end
it 'renders new project fork page' do
visit new_project_fork_path(project)
expect(page.status_code).to eq(200)
expect(page).to have_text(' Select a namespace to fork the project ')
end
end
context 'forking is disabled' do
let(:forking_access_level) { ProjectFeature::DISABLED }
it 'does not render fork button' do
visit project_path(project)
expect(page).not_to have_css('a', text: 'Fork')
end
it 'does not render new project fork page' do
visit new_project_fork_path(project)
expect(page.status_code).to eq(404)
end
end
context 'forking is private' do
let(:forking_access_level) { ProjectFeature::PRIVATE }
before do
project.update(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
end
context 'user is not a team member' do
it 'does not render fork button' do
visit project_path(project)
expect(page).not_to have_css('a', text: 'Fork')
end
it 'does not render new project fork page' do
visit new_project_fork_path(project)
expect(page.status_code).to eq(404)
end
end
context 'user is a team member' do
before do
project.add_developer(user)
end
it 'enables fork button' do
visit project_path(project)
expect(page).to have_css('a', text: 'Fork')
expect(page).not_to have_css('a.disabled', text: 'Fork')
end
it 'renders new project fork page' do
visit new_project_fork_path(project)
expect(page.status_code).to eq(200)
expect(page).to have_text(' Select a namespace to fork the project ')
end
end
end
end
it 'forks the project', :sidekiq_might_not_need_inline do it 'forks the project', :sidekiq_might_not_need_inline do
visit project_path(project) visit project_path(project)
......
...@@ -34,6 +34,26 @@ describe 'Projects settings' do ...@@ -34,6 +34,26 @@ describe 'Projects settings' do
expect_toggle_state(:expanded) expect_toggle_state(:expanded)
end end
context 'forking enabled', :js do
it 'toggles forking enabled / disabled' do
visit edit_project_path(project)
forking_enabled_input = find('input[name="project[project_feature_attributes][forking_access_level]"]', visible: :hidden)
forking_enabled_button = find('input[name="project[project_feature_attributes][forking_access_level]"] + label > button')
expect(forking_enabled_input.value).to eq('20')
# disable by clicking toggle
forking_enabled_button.click
page.within('.sharing-permissions') do
find('input[value="Save changes"]').click
end
wait_for_requests
expect(forking_enabled_input.value).to eq('0')
end
end
def expect_toggle_state(state) def expect_toggle_state(state)
is_collapsed = state == :collapsed is_collapsed = state == :collapsed
......
...@@ -545,6 +545,7 @@ ProjectFeature: ...@@ -545,6 +545,7 @@ ProjectFeature:
- id - id
- project_id - project_id
- merge_requests_access_level - merge_requests_access_level
- forking_access_level
- issues_access_level - issues_access_level
- wiki_access_level - wiki_access_level
- snippets_access_level - snippets_access_level
......
...@@ -2858,6 +2858,20 @@ describe API::Projects do ...@@ -2858,6 +2858,20 @@ describe API::Projects do
expect(json_response['message']).to eq('401 Unauthorized') expect(json_response['message']).to eq('401 Unauthorized')
end end
end end
context 'forking disabled' do
before do
project.project_feature.update_attribute(
:forking_access_level, ProjectFeature::DISABLED)
end
it 'denies project to be forked' do
post api("/projects/#{project.id}/fork", admin)
expect(response).to have_gitlab_http_status(409)
expect(json_response['message']['forked_from_project_id']).to eq(['is forbidden'])
end
end
end end
describe 'POST /projects/:id/housekeeping' do describe 'POST /projects/:id/housekeeping' do
......
...@@ -224,6 +224,19 @@ describe Projects::ForkService do ...@@ -224,6 +224,19 @@ describe Projects::ForkService do
end end
end end
end end
context 'when forking is disabled' do
before do
@from_project.project_feature.update_attribute(
:forking_access_level, ProjectFeature::DISABLED)
end
it 'fails' do
to_project = fork_project(@from_project, @to_user, namespace: @to_user.namespace)
expect(to_project.errors[:forked_from_project_id]).to eq(['is forbidden'])
end
end
end end
describe 'fork to namespace' do describe 'fork to namespace' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment