Rename `create_merge_request` permissions

So we can distinguish between the permissions on the source and the target project. - `create_merge_request_from` indicates a user can create a merge request with the project as a source_project - `create_merge_request_in` indicates a user can create a merge request with the project as a target_project

Rename `create_merge_request` permissions
So we can distinguish between the permissions on the source and the target project. - `create_merge_request_from` indicates a user can create a merge request with the project as a source_project - `create_merge_request_in` indicates a user can create a merge request with the project as a target_project
8ad9c4e8 · Bob Van Landuyt · ec43e364 · 8ad9c4e8 · 8ad9c4e8 · 8ad9c4e8
Commit 8ad9c4e8 authored Apr 06, 2018 by Bob Van Landuyt
13 changed files
--- a/app/controllers/projects/application_controller.rb
+++ b/app/controllers/projects/application_controller.rb
@@ -35,7 +35,7 @@ class Projects::ApplicationController < ApplicationController
    project ||= @project
    can_create_merge_request =
-      can?(current_user, :create_merge_request_in_project, project) &&
+      can?(current_user, :create_merge_request_in, project) &&
      current_user.already_forked?(project)
    can?(current_user, :push_code, project) ||

--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -20,7 +20,7 @@ class Projects::IssuesController < Projects::ApplicationController
  before_action :authorize_update_issuable!, only: [:edit, :update, :move]
  # Allow create a new branch and empty WIP merge request from current issue
-  before_action :authorize_create_merge_request!, only: [:create_merge_request]
+  before_action :authorize_create_merge_request_in!, only: [:create_merge_request]
  respond_to :html

--- a/app/controllers/projects/merge_requests/creations_controller.rb
+++ b/app/controllers/projects/merge_requests/creations_controller.rb
@@ -5,7 +5,7 @@ class Projects::MergeRequests::CreationsController < Projects::MergeRequests::Ap
  skip_before_action :merge_request
  before_action :whitelist_query_limiting, only: [:create]
-  before_action :authorize_create_merge_request!
+  before_action :authorize_create_merge_request_from!
  before_action :apply_diff_view_cookie!, only: [:diffs, :diff_for_path]
  before_action :build_merge_request, except: [:create]

--- a/app/helpers/blob_helper.rb
+++ b/app/helpers/blob_helper.rb
@@ -59,7 +59,7 @@ module BlobHelper
      button_tag label, class: "#{common_classes} disabled has-tooltip", title: "It is not possible to #{action} files that are stored in LFS using the web interface", data: { container: 'body' }
    elsif can_modify_blob?(blob, project, ref)
      button_tag label, class: "#{common_classes}", 'data-target' => "#modal-#{modal_type}-blob", 'data-toggle' => 'modal'
-    elsif can?(current_user, :create_merge_request_in_project, project)
+    elsif can?(current_user, :create_merge_request_in, project)
      edit_fork_button_tag(common_classes, project, label, edit_modify_file_fork_params(action), action)
    end
  end
@@ -280,7 +280,7 @@ module BlobHelper
      options << link_to("submit an issue", new_project_issue_path(project))
    end
-    merge_project = can?(current_user, :create_merge_request, project) ? project : (current_user && current_user.fork_of(project))
+    merge_project = can?(current_user, :create_merge_request_from, project) ? project : (current_user && current_user.fork_of(project))
    if merge_project
      options << link_to("create a merge request", project_new_merge_request_path(project))
    end
@@ -334,7 +334,7 @@ module BlobHelper
      # Web IDE (Beta) requires the user to have this feature enabled
    elsif !current_user || (current_user && can_modify_blob?(blob, project, ref))
      edit_link_tag(text, edit_path, common_classes)
-    elsif can?(current_user, :create_merge_request_in_project, project)
+    elsif can?(current_user, :fork_project, project) && can?(current_user, :create_merge_request_in, project)
      edit_fork_button_tag(common_classes, project, text, edit_blob_fork_params(edit_path))
    end
  end

--- a/app/helpers/compare_helper.rb
+++ b/app/helpers/compare_helper.rb
@@ -3,7 +3,7 @@ module CompareHelper
    from.present? &&
      to.present? &&
      from != to &&
-      can?(current_user, :create_merge_request, project) &&
+      can?(current_user, :create_merge_request_from, project) &&
      project.repository.branch_exists?(from) &&
      project.repository.branch_exists?(to)
  end

--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -140,7 +140,7 @@ class ProjectPolicy < BasePolicy
  rule { can?(:guest_access) }.policy do
    enable :read_project
-    enable :create_merge_request_in_project
+    enable :create_merge_request_in
    enable :read_board
    enable :read_list
    enable :read_wiki
@@ -212,7 +212,7 @@ class ProjectPolicy < BasePolicy
    enable :create_pipeline
    enable :update_pipeline
    enable :create_pipeline_schedule
-    enable :create_merge_request
+    enable :create_merge_request_from
    enable :create_wiki
    enable :push_code
    enable :resolve_note
@@ -251,7 +251,8 @@ class ProjectPolicy < BasePolicy
    prevent :request_access
    prevent :upload_file
    prevent :resolve_note
-    prevent :create_merge_request_in_project
+    prevent :create_merge_request_from
+    prevent :create_merge_request_in
    READONLY_FEATURES_WHEN_ARCHIVED.each do |feature|
      prevent(*create_update_admin_destroy(feature))
@@ -263,7 +264,8 @@ class ProjectPolicy < BasePolicy
  end
  rule { merge_requests_disabled | repository_disabled }.policy do
-    prevent :create_merge_request_in_project
+    prevent :create_merge_request_in
+    prevent :create_merge_request_from
    prevent(*create_read_update_admin_destroy(:merge_request))
  end
@@ -309,7 +311,6 @@ class ProjectPolicy < BasePolicy
  rule { can?(:public_access) }.policy do
    enable :read_project
-    enable :create_merge_request_in_project
    enable :read_board
    enable :read_list
    enable :read_wiki

--- a/app/presenters/merge_request_presenter.rb
+++ b/app/presenters/merge_request_presenter.rb
@@ -197,7 +197,7 @@ class MergeRequestPresenter < Gitlab::View::Presenter::Delegated
  def user_can_collaborate_with_project?
    can_create_merge_request =
-      can?(current_user, :create_merge_request_in_project, project) &&
+      can?(current_user, :create_merge_request_in, project) &&
      current_user.already_forked?(project)
    can?(current_user, :push_code, project) ||

--- a/app/services/merge_requests/create_service.rb
+++ b/app/services/merge_requests/create_service.rb
@@ -71,8 +71,8 @@ module MergeRequests
      params.delete(:source_project_id)
      params.delete(:target_project_id)
-      unless can?(current_user, :read_project, @source_project) &&
+      unless can?(current_user, :create_merge_request_from, @source_project) &&
-          can?(current_user, :create_merge_request_in_project, @project)
+          can?(current_user, :create_merge_request_in, @project)
        raise Gitlab::Access::AccessDeniedError
      end

--- a/app/views/projects/branches/_branch.html.haml
+++ b/app/views/projects/branches/_branch.html.haml
@@ -4,7 +4,7 @@
 - diverging_commit_counts = @repository.diverging_commit_counts(branch)
 - number_commits_behind = diverging_commit_counts[:behind]
 - number_commits_ahead = diverging_commit_counts[:ahead]
- merge_project = can?(current_user, :create_merge_request, @project) ? @project : (current_user && current_user.fork_of(@project))
+- merge_project = can?(current_user, :create_merge_request_from, @project) ? @project : (current_user && current_user.fork_of(@project))
 %li{ class: "branch-item js-branch-#{branch.name}" }
  .branch-info
    .branch-title

--- a/app/views/projects/issues/_new_branch.html.haml
+++ b/app/views/projects/issues/_new_branch.html.haml
- can_create_merge_request = can?(current_user, :create_merge_request, @project)
+- can_create_merge_request = can?(current_user, :create_merge_request_from, @project)
 - data_action = can_create_merge_request ? 'create-mr' : 'create-branch'
 - value = can_create_merge_request ? 'Create merge request' : 'Create branch'

--- a/app/views/projects/merge_requests/index.html.haml
+++ b/app/views/projects/merge_requests/index.html.haml
 - @no_container = true
 - @can_bulk_update = can?(current_user, :admin_merge_request, @project)
- merge_project = can?(current_user, :create_merge_request, @project) ? @project : (current_user && current_user.fork_of(@project))
+- merge_project = can?(current_user, :create_merge_request_from, @project) ? @project : (current_user && current_user.fork_of(@project))
 - new_merge_request_path = project_new_merge_request_path(merge_project) if merge_project
 - page_title "Merge Requests"

--- a/db/fixtures/development/10_merge_requests.rb
+++ b/db/fixtures/development/10_merge_requests.rb
@@ -4,7 +4,7 @@ Gitlab::Seeder.quiet do
  # Limit the number of merge requests per project to avoid long seeds
  MAX_NUM_MERGE_REQUESTS = 10
-  Project.all.reject(&:empty_repo?).each do |project|
+  Project.non_archived.with_merge_requests_enabled.reject(&:empty_repo?).each do |project|
    branches = project.repository.branch_names.sample(MAX_NUM_MERGE_REQUESTS * 2)
    branches.each do |branch_name|
@@ -21,7 +21,11 @@ Gitlab::Seeder.quiet do
        assignee: project.team.users.sample
      }
-      MergeRequests::CreateService.new(project, project.team.users.sample, params).execute
+      # Only create MRs with users that are allowed to create MRs
+      developer = project.team.developers.sample
+      break unless developer
+      MergeRequests::CreateService.new(project, developer, params).execute
      print '.'
    end
  end

--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -14,7 +14,7 @@ describe ProjectPolicy do
      read_project read_board read_list read_wiki read_issue
      read_project_for_iids read_issue_iid read_merge_request_iid read_label
      read_milestone read_project_snippet read_project_member read_note
-      create_project create_issue create_note upload_file create_merge_request_in_project
+      create_project create_issue create_note upload_file create_merge_request_in
    ]
  end
@@ -35,7 +35,7 @@ describe ProjectPolicy do
    %i[
      admin_milestone admin_merge_request update_merge_request create_commit_status
      update_commit_status create_build update_build create_pipeline
-      update_pipeline create_merge_request create_wiki push_code
+      update_pipeline create_merge_request_from create_wiki push_code
      resolve_note create_container_image update_container_image
      create_environment create_deployment
    ]
@@ -142,9 +142,9 @@ describe ProjectPolicy do
    it 'disallows all permissions when the feature is disabled' do
      project.project_feature.update(merge_requests_access_level: ProjectFeature::DISABLED)
-      mr_permissions = [:create_merge_request, :read_merge_request,
+      mr_permissions = [:create_merge_request_from, :read_merge_request,
                        :update_merge_request, :admin_merge_request,
-                        :create_merge_request_in_project]
+                        :create_merge_request_in]
      expect_disallowed(*mr_permissions)
    end
@@ -159,7 +159,8 @@ describe ProjectPolicy do
    let(:other_write_abilities) do
      %i[
-        create_merge_request_in_project
+        create_merge_request_in
+        create_merge_request_from
        push_to_delete_protected_branch
        push_code
        request_access
@@ -192,7 +193,7 @@ describe ProjectPolicy do
      context 'when a project has pending invites' do
        let(:group) { create(:group, :public) }
        let(:project) { create(:project, :public, namespace: group) }
-        let(:user_permissions) { [:create_project, :create_issue, :create_note, :upload_file] }
+        let(:user_permissions) { [:create_merge_request_in, :create_project, :create_issue, :create_note, :upload_file] }
        let(:anonymous_permissions) { guest_permissions - user_permissions  }
        subject { described_class.new(nil, project) }