Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
482d7802
Commit
482d7802
authored
Aug 01, 2016
by
tiagonbotelho
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
changes default_branch_protection to allow devs_can_merge protection option aswell
parent
edc5f401
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
40 additions
and
59 deletions
+40
-59
app/models/project.rb
app/models/project.rb
+4
-9
lib/gitlab/user_access.rb
lib/gitlab/user_access.rb
+2
-0
spec/lib/gitlab/user_access_spec.rb
spec/lib/gitlab/user_access_spec.rb
+12
-1
spec/models/project_spec.rb
spec/models/project_spec.rb
+22
-49
No files found.
app/models/project.rb
View file @
482d7802
...
@@ -876,14 +876,8 @@ class Project < ActiveRecord::Base
...
@@ -876,14 +876,8 @@ class Project < ActiveRecord::Base
ProtectedBranch
.
matching
(
branch_name
,
protected_branches:
@protected_branches
).
present?
ProtectedBranch
.
matching
(
branch_name
,
protected_branches:
@protected_branches
).
present?
end
end
def
developers_can_push_to_protected_branch?
(
branch_name
)
def
user_can_push_to_empty_repo?
(
user
)
return
true
if
empty_repo?
&&
!
default_branch_protected?
!
default_branch_protected?
||
team
.
max_member_access
(
user
.
id
)
>
Gitlab
::
Access
::
DEVELOPER
protected_branches
.
matching
(
branch_name
).
any?
(
&
:developers_can_push
)
end
def
developers_can_merge_to_protected_branch?
(
branch_name
)
protected_branches
.
matching
(
branch_name
).
any?
(
&
:developers_can_merge
)
end
end
def
forked?
def
forked?
...
@@ -1278,7 +1272,8 @@ class Project < ActiveRecord::Base
...
@@ -1278,7 +1272,8 @@ class Project < ActiveRecord::Base
private
private
def
default_branch_protected?
def
default_branch_protected?
current_application_settings
.
default_branch_protection
==
Gitlab
::
Access
::
PROTECTION_FULL
current_application_settings
.
default_branch_protection
==
Gitlab
::
Access
::
PROTECTION_FULL
||
current_application_settings
.
default_branch_protection
==
Gitlab
::
Access
::
PROTECTION_DEV_CAN_MERGE
end
end
def
authorized_for_user_by_group?
(
user
,
min_access_level
)
def
authorized_for_user_by_group?
(
user
,
min_access_level
)
...
...
lib/gitlab/user_access.rb
View file @
482d7802
...
@@ -30,6 +30,8 @@ module Gitlab
...
@@ -30,6 +30,8 @@ module Gitlab
return
false
unless
user
return
false
unless
user
if
project
.
protected_branch?
(
ref
)
if
project
.
protected_branch?
(
ref
)
return
true
if
project
.
empty_repo?
&&
project
.
user_can_push_to_empty_repo?
(
user
)
access_levels
=
project
.
protected_branches
.
matching
(
ref
).
map
(
&
:push_access_level
)
access_levels
=
project
.
protected_branches
.
matching
(
ref
).
map
(
&
:push_access_level
)
access_levels
.
any?
{
|
access_level
|
access_level
.
check_access
(
user
)
}
access_levels
.
any?
{
|
access_level
|
access_level
.
check_access
(
user
)
}
else
else
...
...
spec/lib/gitlab/user_access_spec.rb
View file @
482d7802
...
@@ -9,16 +9,19 @@ describe Gitlab::UserAccess, lib: true do
...
@@ -9,16 +9,19 @@ describe Gitlab::UserAccess, lib: true do
describe
'push to none protected branch'
do
describe
'push to none protected branch'
do
it
'returns true if user is a master'
do
it
'returns true if user is a master'
do
project
.
team
<<
[
user
,
:master
]
project
.
team
<<
[
user
,
:master
]
expect
(
access
.
can_push_to_branch?
(
'random_branch'
)).
to
be_truthy
expect
(
access
.
can_push_to_branch?
(
'random_branch'
)).
to
be_truthy
end
end
it
'returns true if user is a developer'
do
it
'returns true if user is a developer'
do
project
.
team
<<
[
user
,
:developer
]
project
.
team
<<
[
user
,
:developer
]
expect
(
access
.
can_push_to_branch?
(
'random_branch'
)).
to
be_truthy
expect
(
access
.
can_push_to_branch?
(
'random_branch'
)).
to
be_truthy
end
end
it
'returns false if user is a reporter'
do
it
'returns false if user is a reporter'
do
project
.
team
<<
[
user
,
:reporter
]
project
.
team
<<
[
user
,
:reporter
]
expect
(
access
.
can_push_to_branch?
(
'random_branch'
)).
to
be_falsey
expect
(
access
.
can_push_to_branch?
(
'random_branch'
)).
to
be_falsey
end
end
end
end
...
@@ -67,16 +70,19 @@ describe Gitlab::UserAccess, lib: true do
...
@@ -67,16 +70,19 @@ describe Gitlab::UserAccess, lib: true do
it
'returns true if user is a master'
do
it
'returns true if user is a master'
do
project
.
team
<<
[
user
,
:master
]
project
.
team
<<
[
user
,
:master
]
expect
(
access
.
can_push_to_branch?
(
branch
.
name
)).
to
be_truthy
expect
(
access
.
can_push_to_branch?
(
branch
.
name
)).
to
be_truthy
end
end
it
'returns false if user is a developer'
do
it
'returns false if user is a developer'
do
project
.
team
<<
[
user
,
:developer
]
project
.
team
<<
[
user
,
:developer
]
expect
(
access
.
can_push_to_branch?
(
branch
.
name
)).
to
be_falsey
expect
(
access
.
can_push_to_branch?
(
branch
.
name
)).
to
be_falsey
end
end
it
'returns false if user is a reporter'
do
it
'returns false if user is a reporter'
do
project
.
team
<<
[
user
,
:reporter
]
project
.
team
<<
[
user
,
:reporter
]
expect
(
access
.
can_push_to_branch?
(
branch
.
name
)).
to
be_falsey
expect
(
access
.
can_push_to_branch?
(
branch
.
name
)).
to
be_falsey
end
end
end
end
...
@@ -88,16 +94,19 @@ describe Gitlab::UserAccess, lib: true do
...
@@ -88,16 +94,19 @@ describe Gitlab::UserAccess, lib: true do
it
'returns true if user is a master'
do
it
'returns true if user is a master'
do
project
.
team
<<
[
user
,
:master
]
project
.
team
<<
[
user
,
:master
]
expect
(
access
.
can_push_to_branch?
(
@branch
.
name
)).
to
be_truthy
expect
(
access
.
can_push_to_branch?
(
@branch
.
name
)).
to
be_truthy
end
end
it
'returns true if user is a developer'
do
it
'returns true if user is a developer'
do
project
.
team
<<
[
user
,
:developer
]
project
.
team
<<
[
user
,
:developer
]
expect
(
access
.
can_push_to_branch?
(
@branch
.
name
)).
to
be_truthy
expect
(
access
.
can_push_to_branch?
(
@branch
.
name
)).
to
be_truthy
end
end
it
'returns false if user is a reporter'
do
it
'returns false if user is a reporter'
do
project
.
team
<<
[
user
,
:reporter
]
project
.
team
<<
[
user
,
:reporter
]
expect
(
access
.
can_push_to_branch?
(
@branch
.
name
)).
to
be_falsey
expect
(
access
.
can_push_to_branch?
(
@branch
.
name
)).
to
be_falsey
end
end
end
end
...
@@ -109,19 +118,21 @@ describe Gitlab::UserAccess, lib: true do
...
@@ -109,19 +118,21 @@ describe Gitlab::UserAccess, lib: true do
it
'returns true if user is a master'
do
it
'returns true if user is a master'
do
project
.
team
<<
[
user
,
:master
]
project
.
team
<<
[
user
,
:master
]
expect
(
access
.
can_merge_to_branch?
(
@branch
.
name
)).
to
be_truthy
expect
(
access
.
can_merge_to_branch?
(
@branch
.
name
)).
to
be_truthy
end
end
it
'returns true if user is a developer'
do
it
'returns true if user is a developer'
do
project
.
team
<<
[
user
,
:developer
]
project
.
team
<<
[
user
,
:developer
]
expect
(
access
.
can_merge_to_branch?
(
@branch
.
name
)).
to
be_truthy
expect
(
access
.
can_merge_to_branch?
(
@branch
.
name
)).
to
be_truthy
end
end
it
'returns false if user is a reporter'
do
it
'returns false if user is a reporter'
do
project
.
team
<<
[
user
,
:reporter
]
project
.
team
<<
[
user
,
:reporter
]
expect
(
access
.
can_merge_to_branch?
(
@branch
.
name
)).
to
be_falsey
expect
(
access
.
can_merge_to_branch?
(
@branch
.
name
)).
to
be_falsey
end
end
end
end
end
end
end
end
spec/models/project_spec.rb
View file @
482d7802
...
@@ -1126,69 +1126,42 @@ describe Project, models: true do
...
@@ -1126,69 +1126,42 @@ describe Project, models: true do
end
end
end
end
describe
"#developers_can_push_to_protected_branch?"
do
describe
'#user_can_push_to_empty_repo?'
do
let
(
:project
)
{
create
(
:empty_project
)
}
let
(
:project
)
{
create
(
:empty_project
)
}
let
(
:user
)
{
create
(
:user
)
}
context
"when the branch matches a protected branch via direct match"
do
it
'returns false when default_branch_protection is in full protection and user is developer'
do
it
"returns true if 'Developers can Push' is turned on"
do
project
.
team
<<
[
user
,
:developer
]
create
(
:protected_branch
,
name:
"production"
,
project:
project
,
developers_can_push:
true
)
stub_application_setting
(
default_branch_protection:
Gitlab
::
Access
::
PROTECTION_FULL
)
expect
(
project
.
developers_can_push_to_protected_branch?
(
'production'
)).
to
be
true
end
it
"returns false if 'Developers can Push' is turned off"
do
create
(
:protected_branch
,
name:
"production"
,
project:
project
,
developers_can_push:
false
)
expect
(
project
.
developers_can_push_to_protected_branch?
(
'production'
)).
to
be
false
end
end
context
"when project is new"
do
it
"returns true if project is unprotected"
do
stub_application_setting
(
default_branch_protection:
Gitlab
::
Access
::
PROTECTION_NONE
)
expect
(
project
.
developers_can_push_to_protected_branch?
(
'master'
)).
to
be
true
end
it
"returns true if project allows developers to push to protected branch"
do
stub_application_setting
(
default_branch_protection:
Gitlab
::
Access
::
PROTECTION_DEV_CAN_PUSH
)
expect
(
project
.
developers_can_push_to_protected_branch?
(
'master'
)).
to
be
true
expect
(
project
.
user_can_push_to_empty_repo?
(
user
)).
to
be_falsey
end
end
it
"returns false if project does not let developer push to protected branch but let them merge branches"
do
it
'returns false when default_branch_protection only lets devs merge and user is dev'
do
project
.
team
<<
[
user
,
:developer
]
stub_application_setting
(
default_branch_protection:
Gitlab
::
Access
::
PROTECTION_DEV_CAN_MERGE
)
stub_application_setting
(
default_branch_protection:
Gitlab
::
Access
::
PROTECTION_DEV_CAN_MERGE
)
expect
(
project
.
developers_can_push_to_protected_branch?
(
'master'
)).
to
be
false
expect
(
project
.
user_can_push_to_empty_repo?
(
user
)).
to
be_falsey
end
end
it
"returns false if project is on full protection mode"
do
it
'returns true when default_branch_protection lets devs push and user is developer'
do
stub_application_setting
(
default_branch_protection:
Gitlab
::
Access
::
PROTECTION_FULL
)
project
.
team
<<
[
user
,
:developer
]
stub_application_setting
(
default_branch_protection:
Gitlab
::
Access
::
PROTECTION_DEV_CAN_PUSH
)
expect
(
project
.
developers_can_push_to_protected_branch?
(
'master'
)).
to
be
false
end
end
context
"when the branch matches a protected branch via wilcard match"
do
it
"returns true if 'Developers can Push' is turned on"
do
create
(
:protected_branch
,
name:
"production/*"
,
project:
project
,
developers_can_push:
true
)
expect
(
project
.
developers_can_push_to_protected_branch?
(
'production/some-branch'
)).
to
be
true
expect
(
project
.
user_can_push_to_empty_repo?
(
user
)).
to
be_truthy
end
end
it
"returns false if 'Developers can Push' is turned off"
do
it
'returns true when default_branch_protection is unprotected and user is developer'
do
create
(
:protected_branch
,
name:
"production/*"
,
project:
project
,
developers_can_push:
false
)
project
.
team
<<
[
user
,
:developer
]
stub_application_setting
(
default_branch_protection:
Gitlab
::
Access
::
PROTECTION_NONE
)
expect
(
project
.
developers_can_push_to_protected_branch?
(
'production/some-branch'
)).
to
be
false
expect
(
project
.
user_can_push_to_empty_repo?
(
user
)).
to
be_truthy
end
end
end
context
"when the branch does not match a protected branch"
do
it
'returns true when user is master'
do
it
"returns false"
do
project
.
team
<<
[
user
,
:master
]
create
(
:protected_branch
,
name:
"production/*"
,
project:
project
,
developers_can_push:
true
)
expect
(
project
.
developers_can_push_to_protected_branch?
(
'staging/some-branch'
)).
to
be
false
expect
(
project
.
user_can_push_to_empty_repo?
(
user
)).
to
be_truthy
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment