find_or_create_namespace in Import::BaseController checks for permissions which might not be required
Summary
When trying to import (in this case from GitHub) an external repository into a namespace which is not the users namespace this will fail always as long as the user has no right to create groups even though the group already exists and the user is an owner of the group
Steps to reproduce
- Create a user which has no right to create groups
- Create a group like 'testgroup'
- Make the user an owner of 'testgroup'
- try to import from a GitHub repository into 'testgroup'
(this was actually happening on gitlab-ee 10.0.3 but the code looks still wrong in the community edition as well)
What is the current bug behavior?
The repository is being imported into the users namespace
What is the expected correct behavior?
The repository should be imported into the requested namespace
Possible fixes
https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/controllers/import/base_controller.rb#L6
The line 6 should be probably at line 12 because only then we require this permission.