Fix GitAccess specs

These specs never ran due to incorrect indentation: the `context` blocks
were inside the `before`.

Additionally, `GitHooksService` now has to yield itself to callers, and
`GitAccess` never appears to have had an `allowed?` method.

spec/lib/gitlab/git_access_spec.rb

@@ -199,7 +199,9 @@ describe Gitlab::GitAccess, lib: true do
 
     def stub_git_hooks
       # Running the `pre-receive` hook is expensive, and not necessary for this test.
-      allow_any_instance_of(GitHooksService).to receive(:execute).and_yield
+      allow_any_instance_of(GitHooksService).to receive(:execute) do |service, &block|
+        block.call(service)
+      end
     end
 
     def merge_into_protected_branch
@@ -232,11 +234,18 @@ describe Gitlab::GitAccess, lib: true do
             else
               project.team << [user, role]
             end
+          end
+
+          permissions_matrix[role].each do |action, allowed|
+            context action do
+              subject { access.send(:check_push_access!, changes[action]) }
 
-            permissions_matrix[role].each do |action, allowed|
-              context action do
-                subject { access.send(:check_push_access!, changes[action]) }
-                it { expect(subject.allowed?).to allowed ? be_truthy : be_falsey }
+              it do
+                if allowed
+                  expect { subject }.not_to raise_error
+                else
+                  expect { subject }.to raise_error(Gitlab::GitAccess::UnauthorizedError)
+                end
               end
             end
           end