Reject cross-organization Direct Transfer imports

Rezrequested to merge
reza-marandi/orgs-cross-org-entity-validation into master

What

Stops Direct Transfer from importing into a different organization when one of the two organizations involved has opted into isolation.

How

Adds validate_destination_organizations! to BulkImports::CreateService#validate!. For each entity, it resolves the destination organization and raises BulkImports::Error.cross_organization_destination when:

  • the destination organization differs from fallback_organization (the request-scoped org, populated from Current.organization by the controllers), and
  • either side returns true for Organizations::Isolatable#isolated?.

If neither organization is isolated, the validator is a no-op, so today's flows are unchanged.

The shape mirrors the existing gate in Members::CreatorService#commit_member and lines up with the rollout in epic &17388. Isolation is opt-in via mark_as_isolated!, so the rollback path is mark_as_not_isolated!.

Try it locally

  1. Two orgs A and B, user in both, destination group in B.
  2. Rails console: Organizations::Organization.find_by_path('org-a').mark_as_isolated!.
  3. Signed in scoped to A, POST /import/bulk_imports with destination_namespace pointing at B → rejected.
  4. mark_as_not_isolated! → succeeds again.

MR acceptance checklist

Closes #595674 (closed). Part of &21584. Related: &17388, &19415.

Edited by Rez

Merge request reports