Skip to content

Direct Import: Bug fix for visibility level restrictions

Madelein van Niekerk requested to merge 402495-internal-visibility-level into master

What does this MR do and why?

Addresses #402495 (closed) whereby a Direct Import fails when an internal group is imported onto an instance that has internal visibility level restricted. This also happens when an internal project is imported into a public group.

We had 8 occurrences of this happening in the last 7 days and some customer reports.

After adding more robust tests, the following cases failed with the current logic:

  • internal group imported into public group with internal visibility restricted should be set to private but is set to internal
  • internal group imported into no namespace with internal visibility restricted should be set to private but is set to internal
  • internal project imported into public group with internal visibility restricted should be set to private but is set to internal

This is a bug since the transformer sets the group's visibility to internal even if the visibility level is disabled on the destination instance, leading to an error message "Visibility level internal has been restricted by your GitLab administrator".

The fix

Update the logic for transforming group and project visibility level in lib/bulk_imports/visibility_level.rb

We basically want to consider 3 things:

  1. The visibility level of the source group/project
  2. The visibility level of the destination group (if any)
  3. If there are any restricted visibility levels on the source instance

The updated logic takes the minimum of 1 and 2 and finds the closest allowed (not restricted level) that is <= to that level.

Screenshots or screen recordings

Before After
before after

How to set up and validate locally

Before

  1. Checkout master
  2. Sign in as a non-admin user
  3. Create an internal group, let's call it source-internal-group
  4. Create a public group called destination-public-group
  5. Sign in as admin
  6. Restrict internal visibility level on the admin page by checking Internal in the Restricted visibility levels section and saving
  7. Sign in as your non-admin user
  8. Go to the Direct Import status page
  9. Import source-internal-group into destination-public-group
  10. Go to the imports history page and note that the group fails to import. Click on Details and see that the error message is "Visibility level internal has been restricted by your GitLab administrator".
  11. Import source-internal-group into "No namespace" and observe the same result

After

  1. Checkout this branch
  2. Go to the Direct Import status page
  3. Import source-internal-group into destination-public-group
  4. Go to the imports history page and note that the group does not fail to import.
  5. Import source-internal-group into "No namespace" and observe the same result

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #402495 (closed)

Edited by Madelein van Niekerk

Merge request reports