Commit b36fc6d5 authored by Douwe Maan's avatar Douwe Maan

Merge branch '59289-fix-push-to-create-protected-branches' into 'master'

Allow users to create protected branches via CLI

Closes #59289

See merge request gitlab-org/gitlab-ce!26413
parents 0e54c440 438485ef
......@@ -12,7 +12,7 @@
%p
By default, protected branches are designed to:
%ul
%li prevent their creation, if not already created, from everybody except users who are allowed to merge
%li prevent their creation, if not already created, from everybody except Maintainers
%li prevent pushes from everybody except Maintainers
%li prevent <strong>anyone</strong> from force pushing to the branch
%li prevent <strong>anyone</strong> from deleting the branch
......
---
title: Allow users who can push to protected branches to create protected branches
via CLI
merge_request: 26413
author:
type: fixed
......@@ -10,7 +10,7 @@ created protected branches.
By default, a protected branch does four simple things:
- it prevents its creation, if not already created, from everybody except users
who are allowed to merge
with Maintainer permission
- it prevents pushes from everybody except users with Maintainer permission
- it prevents **anyone** from force pushing to the branch
- it prevents **anyone** from deleting the branch
......
......@@ -59,6 +59,8 @@ module Gitlab
def protected_branch_creation_checks
logger.log_timed(LOG_MESSAGES[:protected_branch_creation_checks]) do
break if user_access.can_push_to_branch?(branch_name)
unless user_access.can_merge_to_branch?(branch_name)
raise GitAccess::UnauthorizedError, ERROR_MESSAGES[:create_protected_branch]
end
......
......@@ -108,7 +108,28 @@ describe Gitlab::Checks::BranchCheck do
end
context 'protected branch creation feature is enabled' do
context 'user is not allowed to create protected branches' do
context 'user can push to branch' do
before do
allow(user_access)
.to receive(:can_push_to_branch?)
.with('feature')
.and_return(true)
end
it 'does not raise an error' do
expect { subject.validate! }.not_to raise_error
end
end
context 'user cannot push to branch' do
before do
allow(user_access)
.to receive(:can_push_to_branch?)
.with('feature')
.and_return(false)
end
context 'user cannot merge to branch' do
before do
allow(user_access)
.to receive(:can_merge_to_branch?)
......@@ -121,7 +142,7 @@ describe Gitlab::Checks::BranchCheck do
end
end
context 'user is allowed to create protected branches' do
context 'user can merge to branch' do
before do
allow(user_access)
.to receive(:can_merge_to_branch?)
......@@ -172,6 +193,7 @@ describe Gitlab::Checks::BranchCheck do
end
end
end
end
context 'branch deletion' do
let(:newrev) { '0000000000000000000000000000000000000000' }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment