Private project import in private group fails if "default projects visibility" setting is set to "Internal"

Summary

If a "private" project is imported into a "private" existing group, but the default visibility level for projects is configured as "Internal" in the global settings, the import fails with the following message : "Visibility level internal is not allowed in a private group".

Steps to reproduce

• Set the "Default project visibility" to "Internal" in GitLab instance settings
• Create a new group with "private" visibility level
• Export a "private" project from another (or maybe the same) GitLab instance
• Import the project inside the private group namespace (using the API or the Web interface)

What is the current bug behavior?

The error message "Visibility level internal is not allowed in a private group" is returned, whereas the imported project has "private" visibility level (I checked inside the project archive before import, the file ./tree/project.json does contains "visibility_level":0).

What is the expected correct behavior?

The project should import correctly, as it is a private project imported in a private group. This is indeed the case if the default visibility level for projects is configured as "Private" in the global settings.

Results of GitLab environment info

Expand for output related to GitLab environment info

System information
System:
Proxy:          no
Current User:   git
Using RVM:      no
Ruby Version:   2.6.6p146
Gem Version:    2.7.10
Bundler Version:1.17.3
Rake Version:   12.3.3
Redis Version:  5.0.9
Git Version:    2.26.2
Sidekiq Version:5.2.7
Go Version:     unknown

GitLab information
Version:        13.0.5-ee
Revision:       260c6231ed0
Directory:      /opt/gitlab/embedded/service/gitlab-rails
DB Adapter:     PostgreSQL
DB Version:     11.7
URL:            https://
HTTP Clone URL: https:///some-group/some-project.git
SSH Clone URL:  git@:some-group/some-project.git
Elasticsearch:  no
Geo:            no
Using LDAP:     no
Using Omniauth: yes
Omniauth Providers:

GitLab Shell
Version:        13.2.0
Repository storage paths:
- default:      /var/opt/gitlab/git-data/repositories
GitLab Shell path:              /opt/gitlab/embedded/service/gitlab-shell
Git:            /opt/gitlab/embedded/bin/git

Results of GitLab application Check

Expand for output related to the GitLab application check

Checking GitLab subtasks ...
Checking GitLab Shell ...
GitLab Shell: ... GitLab Shell version >= 13.2.0 ? ... OK (13.2.0)
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Internal API available: OK
Redis available via internal API: OK
gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Gitaly ...
Gitaly: ... default ... OK
Checking Gitaly ... Finished
Checking Sidekiq ...
Sidekiq: ... Running? ... yes
Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Checking Incoming Email ...
Incoming Email: ... Reply by email is disabled in config/gitlab.yml
Checking Incoming Email ... Finished
Checking LDAP ...
LDAP: ... LDAP is disabled in config/gitlab.yml
Checking LDAP ... Finished
Checking GitLab App ...
Git configured correctly? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config up to date? ... yes
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory exists? ... yes
Uploads directory has correct permissions? ... yes
Uploads directory tmp has correct permissions? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
Projects have namespace: ...
1/1 ... yes
3181/484 ... yes
3182/485 ... yes
3100/486 ... yes
3114/487 ... yes
3183/488 ... yes
3183/489 ... yes
3183/490 ... yes
3183/491 ... yes
3183/492 ... yes
3114/493 ... yes
3058/494 ... yes
3114/495 ... yes
3114/496 ... yes
3064/497 ... yes
3039/498 ... yes
3023/499 ... yes
3023/500 ... yes
3037/501 ... yes
3061/502 ... yes
3181/503 ... yes
3181/504 ... yes
3101/505 ... yes
3181/506 ... yes
3169/507 ... yes
3170/508 ... yes
3112/509 ... yes
3010/510 ... yes
3171/511 ... yes
3171/512 ... yes
3171/513 ... yes
3171/514 ... yes
3171/515 ... yes
3171/516 ... yes
3057/517 ... yes
2998/518 ... yes
3179/519 ... yes
3179/520 ... yes
3181/521 ... yes
3179/522 ... yes
3181/523 ... yes
3178/524 ... yes
3181/525 ... yes
3181/526 ... yes
3181/527 ... yes
3181/528 ... yes
3181/529 ... yes
3178/530 ... yes
3181/531 ... yes
3182/532 ... yes
3180/533 ... yes
3180/534 ... yes
3114/535 ... yes
3182/536 ... yes
3114/537 ... yes
3181/538 ... yes
3181/539 ... yes
3181/540 ... yes
3105/541 ... yes
3114/542 ... yes
3108/543 ... yes
3182/544 ... yes
3100/545 ... yes
3094/546 ... yes
3073/547 ... yes
3114/548 ... yes
3114/549 ... yes
3110/550 ... yes
3093/551 ... yes
3181/552 ... yes
3064/553 ... yes
3057/554 ... yes
3064/555 ... yes
1/556 ... yes
Redis version >= 4.0.0? ... yes
Ruby version >= 2.5.3 ? ... yes (2.6.6)
Git version >= 2.22.0 ? ... yes (2.26.2)
Git user has default SSH configuration? ... yes
Active users: ... 143
Is authorized keys file accessible? ... yes
GitLab configured to store new projects in hashed storage? ... yes
All projects are in hashed storage? ... yes
Elasticsearch version 5.6 - 6.x? ... skipped (elasticsearch is disabled)
Checking GitLab App ... Finished
Checking GitLab subtasks ... Finished

Possible fixes

I did not check in the code (don't know Ruby, sorry :/), but I think before the import, a blank project with defaults settings is created, and sanity checks regarding visibility are performed (at least once) before the actual import is done.