Commit cc1cebdc authored by Timothy Andrew's avatar Timothy Andrew

Admins count as masters too.

1. In the context of protected branches.

2. Test this behaviour.
parent 4d6dadc8
No related merge requests found
......@@ -118,6 +118,14 @@ class ProjectTeam
max_member_access(user.id) == Gitlab::Access::MASTER
end
def master_or_greater?(user)
master?(user) || user.is_admin?
end
def developer_or_greater?(user)
master_or_greater?(user) || developer?(user)
end
def member?(user, min_member_access = nil)
member = !!find_member(user.id)
......
......@@ -13,9 +13,9 @@ class ProtectedBranch::MergeAccessLevel < ActiveRecord::Base
def check_access(user)
if masters?
user.can?(:push_code, project) if project.team.master?(user)
user.can?(:push_code, project) if project.team.master_or_greater?(user)
elsif developers?
user.can?(:push_code, project) if project.team.master?(user) || project.team.developer?(user)
user.can?(:push_code, project) if project.team.developer_or_greater?(user)
end
end
......
......@@ -14,9 +14,9 @@ class ProtectedBranch::PushAccessLevel < ActiveRecord::Base
def check_access(user)
if masters?
user.can?(:push_code, project) if project.team.master?(user)
user.can?(:push_code, project) if project.team.master_or_greater?(user)
elsif developers?
user.can?(:push_code, project) if project.team.master?(user) || project.team.developer?(user)
user.can?(:push_code, project) if project.team.developer_or_greater?(user)
elsif no_one?
false
end
......
......@@ -151,7 +151,13 @@ describe Gitlab::GitAccess, lib: true do
def self.run_permission_checks(permissions_matrix)
permissions_matrix.keys.each do |role|
describe "#{role} access" do
before { project.team << [user, role] }
before do
if role == :admin
user.update_attribute(:admin, true)
else
project.team << [user, role]
end
end
permissions_matrix[role].each do |action, allowed|
context action do
......@@ -165,6 +171,17 @@ describe Gitlab::GitAccess, lib: true do
end
permissions_matrix = {
admin: {
push_new_branch: true,
push_master: true,
push_protected_branch: true,
push_remove_protected_branch: false,
push_tag: true,
push_new_tag: true,
push_all: true,
merge_into_protected_branch: true
},
master: {
push_new_branch: true,
push_master: true,
......@@ -257,13 +274,14 @@ describe Gitlab::GitAccess, lib: true do
run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: true, push_all: true, merge_into_protected_branch: true }))
end
end
context "when no one is allowed to push to the #{protected_branch_name} protected branch" do
before { create(:protected_branch, :no_one_can_push, name: protected_branch_name, project: project) }
run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
master: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }))
master: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
admin: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }))
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment