Commit ef3a898d authored by Douwe Maan's avatar Douwe Maan

Merge branch 'ee-1137-follow-up-protected-branch-users-and-groups' into 'master'

CE-specific changes for gitlab-org/gitlab-ee#1137

## What does this MR do?

- gitlab-org/gitlab-ee#1137 is a `technical debt` issue to clean up the EE protected branch access levels (for users and groups) implementation.
- Some of this cleanup bleeds over to code shared by CE and EE, which is why this MR is required.
- An EE-specific MR has also been created: gitlab-org/gitlab-ee!927

See merge request !7821
parents 32f6e444 41bf0936
...@@ -2,6 +2,9 @@ module ProtectedBranchAccess ...@@ -2,6 +2,9 @@ module ProtectedBranchAccess
extend ActiveSupport::Concern extend ActiveSupport::Concern
included do included do
belongs_to :protected_branch
delegate :project, to: :protected_branch
scope :master, -> { where(access_level: Gitlab::Access::MASTER) } scope :master, -> { where(access_level: Gitlab::Access::MASTER) }
scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) } scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }
end end
...@@ -9,4 +12,10 @@ module ProtectedBranchAccess ...@@ -9,4 +12,10 @@ module ProtectedBranchAccess
def humanize def humanize
self.class.human_access_levels[self.access_level] self.class.human_access_levels[self.access_level]
end end
def check_access(user)
return true if user.is_admin?
project.team.max_member_access(user.id) >= access_level
end
end end
class ProtectedBranch::MergeAccessLevel < ActiveRecord::Base class ProtectedBranch::MergeAccessLevel < ActiveRecord::Base
include ProtectedBranchAccess include ProtectedBranchAccess
belongs_to :protected_branch
delegate :project, to: :protected_branch
validates :access_level, presence: true, inclusion: { in: [Gitlab::Access::MASTER, validates :access_level, presence: true, inclusion: { in: [Gitlab::Access::MASTER,
Gitlab::Access::DEVELOPER] } Gitlab::Access::DEVELOPER] }
...@@ -13,10 +10,4 @@ class ProtectedBranch::MergeAccessLevel < ActiveRecord::Base ...@@ -13,10 +10,4 @@ class ProtectedBranch::MergeAccessLevel < ActiveRecord::Base
Gitlab::Access::DEVELOPER => "Developers + Masters" Gitlab::Access::DEVELOPER => "Developers + Masters"
}.with_indifferent_access }.with_indifferent_access
end end
def check_access(user)
return true if user.is_admin?
project.team.max_member_access(user.id) >= access_level
end
end end
class ProtectedBranch::PushAccessLevel < ActiveRecord::Base class ProtectedBranch::PushAccessLevel < ActiveRecord::Base
include ProtectedBranchAccess include ProtectedBranchAccess
belongs_to :protected_branch
delegate :project, to: :protected_branch
validates :access_level, presence: true, inclusion: { in: [Gitlab::Access::MASTER, validates :access_level, presence: true, inclusion: { in: [Gitlab::Access::MASTER,
Gitlab::Access::DEVELOPER, Gitlab::Access::DEVELOPER,
Gitlab::Access::NO_ACCESS] } Gitlab::Access::NO_ACCESS] }
...@@ -18,8 +15,7 @@ class ProtectedBranch::PushAccessLevel < ActiveRecord::Base ...@@ -18,8 +15,7 @@ class ProtectedBranch::PushAccessLevel < ActiveRecord::Base
def check_access(user) def check_access(user)
return false if access_level == Gitlab::Access::NO_ACCESS return false if access_level == Gitlab::Access::NO_ACCESS
return true if user.is_admin?
project.team.max_member_access(user.id) >= access_level super
end end
end end
...@@ -4,7 +4,7 @@ describe AutocompleteController do ...@@ -4,7 +4,7 @@ describe AutocompleteController do
let!(:project) { create(:project) } let!(:project) { create(:project) }
let!(:user) { create(:user) } let!(:user) { create(:user) }
context 'users and members' do context 'GET users' do
let!(:user2) { create(:user) } let!(:user2) { create(:user) }
let!(:non_member) { create(:user) } let!(:non_member) { create(:user) }
...@@ -180,7 +180,7 @@ describe AutocompleteController do ...@@ -180,7 +180,7 @@ describe AutocompleteController do
end end
end end
context 'projects' do context 'GET projects' do
let(:authorized_project) { create(:project) } let(:authorized_project) { create(:project) }
let(:authorized_search_project) { create(:project, name: 'rugged') } let(:authorized_search_project) { create(:project, name: 'rugged') }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment