Commit 1f1ac58d authored by Sean McGivern's avatar Sean McGivern

Merge branch '59572-remove-protected-branch-creation-flag' into 'master'

Remove protected_branch_creation feature flag

Closes #59572

See merge request gitlab-org/gitlab-ce!27543
parents 383642e1 42c631b1
......@@ -48,7 +48,7 @@ module Gitlab
if project.empty_repo?
protected_branch_push_checks
elsif creation? && protected_branch_creation_enabled?
elsif creation?
protected_branch_creation_checks
elsif deletion?
protected_branch_deletion_checks
......@@ -124,10 +124,6 @@ module Gitlab
Gitlab::Routing.url_helpers.project_project_members_url(project)
end
def protected_branch_creation_enabled?
Feature.enabled?(:protected_branch_creation, project, default_enabled: true)
end
def matching_merge_request?
Checks::MatchingMergeRequest.new(newrev, branch_name, project).match?
end
......
......@@ -77,117 +77,85 @@ describe Gitlab::Checks::BranchCheck do
let(:oldrev) { '0000000000000000000000000000000000000000' }
let(:ref) { 'refs/heads/feature' }
context 'protected branch creation feature is disabled' do
context 'user can push to branch' do
before do
stub_feature_flags(protected_branch_creation: false)
allow(user_access)
.to receive(:can_push_to_branch?)
.with('feature')
.and_return(true)
end
context 'user is not allowed to push to protected branch' do
before do
allow(user_access)
.to receive(:can_push_to_branch?)
.and_return(false)
end
it 'raises an error' do
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'You are not allowed to push code to protected branches on this project.')
end
it 'does not raise an error' do
expect { subject.validate! }.not_to raise_error
end
end
context 'user is allowed to push to protected branch' do
before do
allow(user_access)
.to receive(:can_push_to_branch?)
.and_return(true)
end
it 'does not raise an error' do
expect { subject.validate! }.not_to raise_error
end
context 'user cannot push to branch' do
before do
allow(user_access)
.to receive(:can_push_to_branch?)
.with('feature')
.and_return(false)
end
end
context 'protected branch creation feature is enabled' do
context 'user can push to branch' do
context 'user cannot merge to branch' do
before do
allow(user_access)
.to receive(:can_push_to_branch?)
.to receive(:can_merge_to_branch?)
.with('feature')
.and_return(true)
.and_return(false)
end
it 'does not raise an error' do
expect { subject.validate! }.not_to raise_error
it 'raises an error' do
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'You are not allowed to create protected branches on this project.')
end
end
context 'user cannot push to branch' do
context 'user can merge to branch' do
before do
allow(user_access)
.to receive(:can_push_to_branch?)
.to receive(:can_merge_to_branch?)
.with('feature')
.and_return(false)
.and_return(true)
allow(project.repository)
.to receive(:branch_names_contains_sha)
.with(newrev)
.and_return(['branch'])
end
context 'user cannot merge to branch' do
context "newrev isn't in any protected branches" do
before do
allow(user_access)
.to receive(:can_merge_to_branch?)
.with('feature')
allow(ProtectedBranch)
.to receive(:any_protected?)
.with(project, ['branch'])
.and_return(false)
end
it 'raises an error' do
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'You are not allowed to create protected branches on this project.')
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'You can only use an existing protected branch ref as the basis of a new protected branch.')
end
end
context 'user can merge to branch' do
context 'newrev is included in a protected branch' do
before do
allow(user_access)
.to receive(:can_merge_to_branch?)
.with('feature')
allow(ProtectedBranch)
.to receive(:any_protected?)
.with(project, ['branch'])
.and_return(true)
allow(project.repository)
.to receive(:branch_names_contains_sha)
.with(newrev)
.and_return(['branch'])
end
context "newrev isn't in any protected branches" do
before do
allow(ProtectedBranch)
.to receive(:any_protected?)
.with(project, ['branch'])
.and_return(false)
end
context 'via web interface' do
let(:protocol) { 'web' }
it 'raises an error' do
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'You can only use an existing protected branch ref as the basis of a new protected branch.')
it 'allows branch creation' do
expect { subject.validate! }.not_to raise_error
end
end
context 'newrev is included in a protected branch' do
before do
allow(ProtectedBranch)
.to receive(:any_protected?)
.with(project, ['branch'])
.and_return(true)
end
context 'via web interface' do
let(:protocol) { 'web' }
it 'allows branch creation' do
expect { subject.validate! }.not_to raise_error
end
end
context 'via SSH' do
it 'raises an error' do
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'You can only create protected branches using the web interface and API.')
end
context 'via SSH' do
it 'raises an error' do
expect { subject.validate! }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'You can only create protected branches using the web interface and API.')
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment