Project cannot belong to bot user namespace
What does this MR do and why?
- Adding validation at the ActiveRecord level to prevent creation of projects within bot user namespaces via the Projects API
- #362683 (closed)
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
- Create a group access token
- Use the group access token to create a project via the API (do not pass in
namespace_id
param so that the fallback is to create the project within the bot user's namespace)curl --request POST --header "PRIVATE-TOKEN: $TOKEN" \ --header "Content-Type: application/json" --data '{ "description": "New Project", "path": "bot_project_3", "initialize_with_readme": "true"}' \ --url 'http://localhost:3000/api/v4/projects/'
- An error should be returned indicating that a project can't be created in a bot user's namespace.
- You can also pull the
namespace_id
of the bot user from Rails console and try to pass that tocurl
:rails c User.last.namespace.id # because my last action was creating a group access token the last user is the group access token bot user => 77 curl --request POST --header "PRIVATE-TOKEN: $TOKEN" \ --header "Content-Type: application/json" --data '{ "description": "New Project", "path": "bot_project_4", "namespace_id": "77", "initialize_with_readme": "true"}' \ --url 'http://localhost:3000/api/v4/projects/'
- An error should be returned indicating that a project can't be created in a bot user's namespace.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Jessie Young