Skip to content

Developer users can create repositories in group namespace but not push to it

Summary

It is possible to create a new repository under a group namespace for a user which is only a "Developer" in that group but this user can then not push to or create a default branch in the newly created repository.

Steps to reproduce

  • Log in as a user with "Developer" permissions in a group.
  • Click "New project", and select a "Blank project" (ie the default).
  • Under Project URL change the namespace from your username to the group name where you have only developer permission.
  • Fill in some nice project name and description, set visibility to Internal (maybe an issue on other settings as well).
  • Do not check "Initialize repository with a README".
  • Then create the project.
  • Now clone the project to your local machine and then try to add anything. When trying to push the error message states: remote: A default branch (e.g. master) does not yet exist for GROUP/NEWREPO (where GROUP is the group name and NEWREPO is the newly created repository, written in lower case letters but replaced here by placeholders in capital letters).

What is the current bug behavior?

The repository is created (by a user with limited permissions in the group), but can not be used unless a user with Maintainer permission defines a default branch.

What is the expected correct behavior?

Either limit creation of new repositories in groups to users with Maintainer (or higher) permissions in the group or allow for Developer to define a default branch in newly created group repositories. I would guess the first of these two is to be preferred for security reasons.

Relevant logs and/or screenshots

After the repository is created when browsing to it the default page is shown

The repository for this project is empty

You can create files directly in GitLab using one of the following options.
Command line instructions

You can also upload existing files from your computer using the instructions below.
Git global setup

git config --global user.name "NAME NAME"
git config --global user.email "EMAIL@DOMAIN.TLD"

and so on..

Follow the instructions to clone the new repository then try to add some files and push it to the server again results in the following:

remote: GitLab: 
remote: A default branch (e.g. master) does not yet exist for GROUP/NEWREPO
remote: Ask a project Owner or Maintainer to create a default branch:
remote: 
remote:   https://SERVERNAME.TLD/GROUP/NEWREPO/-/project_members
remote: 
To SERVERNAME.TLD:GROUP/NEWREPO.git
 ! [remote rejected] master -> master (pre-receive hook declined)

(SERVERNAME, TLD, GROUP and NEWREPO is here placeholder for the actual servername, etc.)

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info 
Can not run sudo on the server in question, but it was an omnibus install with gitlab-ce version 12.

Results of GitLab application Check

Expand for output related to the GitLab application check 
Once again, I am not able to run the sudo command on the server in question...