Skip to content

Fix for group transfer service to deny transferring a group to its subgroup

What does this MR do?

Attempt to transfer a group to one of its sub-group results in an exception:

Errno::EINVAL (Invalid argument @ rb_file_s_rename - (/opt/gitlab/embedded/service/gitlab-rails/public/uploads/group-1, /opt/gitlab/embedded/service/gi

The issue occurs because as part of the transfer, group directories are moved to its new parent directory. In case of attempt to transfer a group to one of its sub-group, this move is not possible at filesystem level hence FileUtils.move raises exception.

The issue can be reproduced by following steps:

  1. Create a group - Group-1
  2. Create a sub-group under Group-1 named Group-2
  3. Transfer Group-1 to Group-2

This MR fixes the bug by introducing a constraint preventing transfer of a group to one of it's sub-group.


Does this MR meet the acceptance criteria?


Availability and Testing


If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Ash McKenzie

Merge request reports