Merge branch 'fix-api-group-visibility' into 'master'

Fix api group visibility

See merge request gitlab-org/gitlab-ce!26896

app/services/groups/create_service.rb

@@ -62,12 +62,16 @@ module Groups
     end
 
     def can_use_visibility_level?
-      unless Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level])
+      unless Gitlab::VisibilityLevel.allowed_for?(current_user, visibility_level)
         deny_visibility_level(@group)
         return false
       end
 
       true
     end
+
+    def visibility_level
+      params[:visibility].present? ? Gitlab::VisibilityLevel.level_value(params[:visibility]) : params[:visibility_level]
+    end
   end
 end

changelogs/unreleased/fix-api-group-visibility.yml

+---
+title: Fix api group visibility
+merge_request: 26896
+author:
+type: fixed

lib/gitlab/visibility_level.rb

@@ -75,8 +75,8 @@ module Gitlab
         user.admin? || allowed_level?(level.to_i)
       end
 
+      # Level should be a numeric value, e.g. `20`
       # Return true if the specified level is allowed for the current user.
-      # Level should be a numeric value, e.g. `20`.
       def allowed_level?(level)
         valid_level?(level) && non_restricted_level?(level)
       end

spec/lib/gitlab/visibility_level_spec.rb

@@ -85,4 +85,12 @@ describe Gitlab::VisibilityLevel do
         .to eq(described_class::PRIVATE)
     end
   end
+
+  describe '.valid_level?' do
+    it 'returns true when visibility is valid' do
+      expect(described_class.valid_level?(described_class::PRIVATE)).to be_truthy
+      expect(described_class.valid_level?(described_class::INTERNAL)).to be_truthy
+      expect(described_class.valid_level?(described_class::PUBLIC)).to be_truthy
+    end
+  end
 end

spec/services/groups/create_service_spec.rb

@@ -88,6 +88,17 @@ describe Groups::CreateService, '#execute' do
     end
   end
 
+  describe "when visibility level is passed as a string" do
+    let(:service) { described_class.new(user, group_params) }
+    let(:group_params) { { path: 'group_path', visibility: 'public' } }
+
+    it "assigns the correct visibility level" do
+      group = service.execute
+
+      expect(group.visibility_level).to eq(Gitlab::VisibilityLevel::PUBLIC)
+    end
+  end
+
   describe 'creating a mattermost team' do
     let!(:params) { group_params.merge(create_chat_team: "true") }
     let!(:service) { described_class.new(user, params) }