> [Introduced][https://gitlab.com/gitlab-org/gitlab-ce/issues/53361] in GitLab 11.9.
When a protected branch or wildcard protected branches are set to
[**No one** is **Allowed to push**](#using-the-allowed-to-merge-and-allowed-to-push-settings),
Developers (and users with higher [permission levels](../permissions.md)) are allowed
to create a new protected branch, but only via the UI or through the API (to avoid
creating protected branches accidentally from the command line or from a Git
client application).
To create a new branch through the user interface:
1. Visit **Repository > Branches**.
1. Click on **New branch**.
1. Fill in the branch name and select an existing branch, tag, or commit that
the new branch will be based off. Only existing protected branches and commits
that are already in protected branches will be accepted.
## Deleting a protected branch
## Deleting a protected branch
> [Introduced][ce-21393] in GitLab 9.3.
> [Introduced][ce-21393] in GitLab 9.3.
...
@@ -138,6 +157,10 @@ for details about the pipelines security model.
...
@@ -138,6 +157,10 @@ for details about the pipelines security model.
## Changelog
## Changelog
**11.9**
-[Allow protected branches to be created](https://gitlab.com/gitlab-org/gitlab-ce/issues/53361) by Developers (and users with higher permission levels) through the API and the user interface.
**9.2**
**9.2**
- Allow deletion of protected branches via the web interface [gitlab-org/gitlab-ce#21393][ce-21393]
- Allow deletion of protected branches via the web interface [gitlab-org/gitlab-ce#21393][ce-21393]
non_master_delete_protected_branch: 'You are not allowed to delete protected branches from this project. Only a project maintainer or owner can delete a protected branch.',
non_master_delete_protected_branch: 'You are not allowed to delete protected branches from this project. Only a project maintainer or owner can delete a protected branch.',
non_web_delete_protected_branch: 'You can only delete protected branches using the web interface.',
non_web_delete_protected_branch: 'You can only delete protected branches using the web interface.',
merge_protected_branch: 'You are not allowed to merge code into protected branches on this project.',
merge_protected_branch: 'You are not allowed to merge code into protected branches on this project.',
push_protected_branch: 'You are not allowed to push code to protected branches on this project.'
push_protected_branch: 'You are not allowed to push code to protected branches on this project.',
create_protected_branch: 'You are not allowed to create protected branches on this project.',
invalid_commit_create_protected_branch: 'You can only use an existing protected branch ref as the basis of a new protected branch.',
non_web_create_protected_branch: 'You can only create protected branches using the web interface and API.'
}.freeze
}.freeze
LOG_MESSAGES={
LOG_MESSAGES={
delete_default_branch_check: "Checking if default branch is being deleted...",
delete_default_branch_check: "Checking if default branch is being deleted...",
protected_branch_checks: "Checking if you are force pushing to a protected branch...",
protected_branch_checks: "Checking if you are force pushing to a protected branch...",
protected_branch_push_checks: "Checking if you are allowed to push to the protected branch...",
protected_branch_push_checks: "Checking if you are allowed to push to the protected branch...",
protected_branch_creation_checks: "Checking if you are allowed to create a protected branch...",
protected_branch_deletion_checks: "Checking if you are allowed to delete the protected branch..."
protected_branch_deletion_checks: "Checking if you are allowed to delete the protected branch..."
context'user is not allowed to push to protected branch'do
beforedo
allow(user_access)
.toreceive(:can_push_to_branch?)
.and_return(false)
end
it'raises an error'do
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::UnauthorizedError,'You are not allowed to push code to protected branches on this project.')
end
end
context'user is allowed to push to protected branch'do
beforedo
allow(user_access)
.toreceive(:can_push_to_branch?)
.and_return(true)
end
it'does not raise an error'do
expect{subject.validate!}.not_toraise_error
end
end
end
context'protected branch creation feature is enabled'do
context'user is not allowed to create protected branches'do
beforedo
allow(user_access)
.toreceive(:can_merge_to_branch?)
.with('feature')
.and_return(false)
end
it'raises an error'do
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::UnauthorizedError,'You are not allowed to create protected branches on this project.')
end
end
context'user is allowed to create protected branches'do
beforedo
allow(user_access)
.toreceive(:can_merge_to_branch?)
.with('feature')
.and_return(true)
allow(project.repository)
.toreceive(:branch_names_contains_sha)
.with(newrev)
.and_return(['branch'])
end
context"newrev isn't in any protected branches"do
beforedo
allow(ProtectedBranch)
.toreceive(:any_protected?)
.with(project,['branch'])
.and_return(false)
end
it'raises an error'do
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::UnauthorizedError,'You can only use an existing protected branch ref as the basis of a new protected branch.')
end
end
context'newrev is included in a protected branch'do
beforedo
allow(ProtectedBranch)
.toreceive(:any_protected?)
.with(project,['branch'])
.and_return(true)
end
context'via web interface'do
let(:protocol){'web'}
it'allows branch creation'do
expect{subject.validate!}.not_toraise_error
end
end
context'via SSH'do
it'raises an error'do
expect{subject.validate!}.toraise_error(Gitlab::GitAccess::UnauthorizedError,'You can only create protected branches using the web interface and API.')