Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
48717b43
Commit
48717b43
authored
Mar 25, 2018
by
James Edwards-Jones
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Revert exploratory branch restriction policy
parent
b6a4c018
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
6 additions
and
54 deletions
+6
-54
app/policies/protected_branch_policy.rb
app/policies/protected_branch_policy.rb
+0
-10
spec/policies/protected_branch_policy_spec.rb
spec/policies/protected_branch_policy_spec.rb
+6
-44
No files found.
app/policies/protected_branch_policy.rb
View file @
48717b43
class
ProtectedBranchPolicy
<
BasePolicy
delegate
{
@subject
.
project
}
condition
(
:requires_admin_to_unprotect?
,
scope: :subject
)
do
@subject
.
name
==
'master'
&&
Gitlab
::
CurrentSettings
.
only_admins_can_unprotect_master_branch?
end
rule
{
can?
(
:admin_project
)
}.
policy
do
enable
:create_protected_branch
enable
:update_protected_branch
enable
:destroy_protected_branch
end
rule
{
requires_admin_to_unprotect?
&
~
admin
}.
policy
do
prevent
:create_protected_branch
prevent
:update_protected_branch
prevent
:destroy_protected_branch
end
end
spec/policies/protected_branch_policy_spec.rb
View file @
48717b43
...
...
@@ -8,53 +8,15 @@ describe ProtectedBranchPolicy do
subject
{
described_class
.
new
(
user
,
protected_branch
)
}
context
'when unprotection restriction feature is disabled'
do
it
"branches can't be updated by guests"
do
project
.
add_guest
(
user
)
it
'branches can be updated via project masters'
do
project
.
add_master
(
user
)
is_expected
.
to
be_disallowed
(
:update_protected_branch
)
end
it
'branches can be updated via access to project settings'
do
project
.
add_master
(
user
)
is_expected
.
to
be_allowed
(
:update_protected_branch
)
end
is_expected
.
to
be_allowed
(
:update_protected_branch
)
end
context
'when unprotection restriction feature is enabled'
do
before
do
# stub_licensed_features(unprotection_restrictions: true)
end
context
'and unprotection is limited to admins'
do
#TODO: remove this is temporary exploration
before
do
stub_application_setting
(
only_admins_can_unprotect_master_branch:
true
)
end
context
'and the protection is for master'
do
let
(
:name
)
{
'master'
}
it
'project owners cannot remove protections'
do
project
.
add_master
(
user
)
is_expected
.
not_to
be_allowed
(
:update_protected_branch
)
end
it
'admins can remove protections'
do
user
.
update!
(
admin:
true
)
is_expected
.
to
be_allowed
(
:update_protected_branch
)
end
end
context
"and the protection isn't for master"
do
it
'project owners can remove protections'
do
project
.
add_master
(
user
)
it
"branches can't be updated by guests"
do
project
.
add_guest
(
user
)
is_expected
.
to
be_allowed
(
:update_protected_branch
)
end
end
end
is_expected
.
to
be_disallowed
(
:update_protected_branch
)
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment