Private snippets created through API set to internal when default visibility is internal
Summary
When the default snippet visibility level is set to Internal instance-wide, snippets created through the API are set to internal when the passed visibility level in the request is private.
Steps to reproduce
- Fresh install of
12.3.5-ee
- Change the default visibility to Internal in
/admin/application_settings
- Create a Personal Access Token
- Do the following request and observe that visibility is "internal" despite passing "private":
curl --header "PRIVATE-TOKEN: your-generated-pat" http://your-gitlab-instance/api/v4/snippets -H "Content-Type: application/json" --data '{"title":"snippet","file_name":"snippet","content":"lorem ipsum\n","visibility":"private"}'
What is the current bug behavior?
Snippets are created with the Internal visibility despite the visibility param passed as private
.
What is the expected correct behavior?
Snippets should be created as private when the visibility param is passed as private
.
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
System information System: Ubuntu 16.04 Proxy: no Current User: git Using RVM: no Ruby Version: 2.6.3p62 Gem Version: 2.7.9 Bundler Version:1.17.3 Rake Version: 12.3.2 Redis Version: 3.2.12 Git Version: 2.22.0 Sidekiq Version:5.2.7 Go Version: unknownGitLab information Version: 12.3.5-ee Revision: 9dbaa740018 Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 10.9 URL: http://gitlab.example.com HTTP Clone URL: http://gitlab.example.com/some-group/some-project.git SSH Clone URL: git@gitlab.example.com:some-group/some-project.git Elasticsearch: no Geo: no Using LDAP: no Using Omniauth: yes Omniauth Providers:
GitLab Shell Version: 10.0.0 Repository storage paths:
- default: /var/opt/gitlab/git-data/repositories GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell Git: /opt/gitlab/embedded/bin/git
Results of GitLab application Check
Expand for output related to the GitLab application check
Checking GitLab subtasks ...Checking GitLab Shell ...
GitLab Shell: ... GitLab Shell version >= 10.0.0 ? ... OK (10.0.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Check GitLab API access: OK Redis available via internal API: OK
gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Gitaly ...
Gitaly: ... default ... OK
Checking Gitaly ... Finished
Checking Sidekiq ...
Sidekiq: ... Running? ... yes Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Checking Incoming Email ...
Incoming Email: ... Reply by email is disabled in config/gitlab.yml
Checking Incoming Email ... Finished
Checking LDAP ...
LDAP: ... LDAP is disabled in config/gitlab.yml
Checking LDAP ... Finished
Checking GitLab App ...
Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... skipped (no tmp uploads folder yet) Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... can't check, you have no projects Redis version >= 2.8.0? ... yes Ruby version >= 2.5.3 ? ... yes (2.6.3) Git version >= 2.22.0 ? ... yes (2.22.0) Git user has default SSH configuration? ... yes Active users: ... 1 Is authorized keys file accessible? ... yes Elasticsearch version 5.6 - 6.x? ... skipped (elasticsearch is disabled)
Checking GitLab App ... Finished
Checking GitLab subtasks ... Finished
Possible fixes
It seems like the issue is related to snippet creation, since updating a snippet seems to correctly set the visibility level here
One possible workaround for the moment is to either change the default snippet visibility level from Internal to Public or Private, or follow-up with another PUT request to the ID returned by the previous request and set the visibility level manually like the following (replacing ID
with the ID returned by the previous request):
curl --header "PRIVATE-TOKEN: your-generated-pat" http://your-gitlab-instance/api/v4/snippets/ID -H "Content-Type: application/json" --data '{"visibility":"private"}' -X PUT