Regular users can change `repository_storage` with API
Summary
Regular users are currently able to change the repository_storage
value using the API.
Steps to reproduce
Create a project, ensure at least one file exists.
Update the project using API and change the repository_storage
value. (curl -X PUT -H "Private-Token: <token> https://gitlab.com/api/v4/projects/<id>?repository_storage=default
)
What is the current bug behavior?
Regular users can edit repository_storage
with the API.
What is the expected correct behavior?
Non-admin users should be prevented from doing this.
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
GitLab Enterprise Edition 11.2.0-rc1-ee 53c4827