Return 404 for `/projects/new` when namespace ID has visibility levels are restricted
What is the problem we are trying to solve?
If you have Private
checked under the Restricted visibility levels
field in the admin area then non-admins can not create projects in private groups.
Proposal to solve this problem
When Private
is checked under the Restricted visibility levels
setting the /projects/new?namespace_id=72
route should 404 if the namespace is private and a non-admin is signed in because the user cannot create a project in that namespace.
Engineering implementation plan
- Create a method to check for private visibility level similar to the public_visibility_restricted? method.
- If namespace is found (Ref: L#79 in project controller), return 404 if the following is true:
- namespace is private
- private visibility is selected using the method created above
Availability and Testing
- No new E2E tests or updates needed at this time. Please ensure coverage is added in unit and integration tests.
Edited by Valerie Burton