Add more specs and fix current ones

app/views/shared/push_rules/_commit_author_check_setting.html.haml

@@ -4,9 +4,9 @@
 - push_rule = local_assigns.fetch(:push_rule)
 
 .form-group
-  = form.check_box :commit_author_check, class: "pull-left", disabled: !can_change_push_rule?(f.object, :commit_author_check)
+  = form.check_box :commit_author_check, class: "pull-left", disabled: !can_change_push_rule?(form.object, :commit_author_check)
   .prepend-left-20
     = form.label :commit_author_check, class: "label-light append-bottom-0" do
       Author restriction
     %p.light.append-bottom-0
-      = commit_author_check_description(f.object)
+      = commit_author_check_description(push_rule)

app/views/shared/push_rules/_reject_unsigned_commits_setting.html.haml

@@ -4,7 +4,7 @@
 - push_rule = local_assigns.fetch(:push_rule)
 
 .form-group
-  = form.check_box :reject_unsigned_commits, class: "pull-left", disabled: !can_change_push_rule?(f.object, :reject_unsigned_commits)
+  = form.check_box :reject_unsigned_commits, class: "pull-left", disabled: !can_change_push_rule?(form.object, :reject_unsigned_commits)
   .prepend-left-20
     = form.label :reject_unsigned_commits, class: "label-light append-bottom-0" do
       Reject unsigned commits

doc/push_rules/push_rules.md

@@ -63,6 +63,7 @@ The following options are available.
 | --------- | :------------: | ----------- |
 | Removal of tags with `git push` | 7.10 | Forbid users to remove git tags with `git push`. Tags will still be able to be deleted through the web UI. |
 | Check whether author is a GitLab user | 7.10 | Restrict commits by author (email) to existing GitLab users. |
+| Check whether author is the current authenticated user | 10.2 | GitLab will reject any commit that does not belongs to the current authenticated user |
 | Check whether commit is signed through GPG | 10.1 | Reject commit when it is not signed through GPG. Read [signing commits with GPG][signing-commits]. |
 | Prevent committing secrets to Git | 8.12 | GitLab will reject any files that are likely to contain secrets. Read [what files are forbidden](#prevent-pushing-secrets-to-the-repository). |
 | Restrict by commit message | 7.10 | Only commit messages that match this Ruby regular expression are allowed to be pushed. Leave empty to allow any commit message. |

spec/controllers/projects/push_rules_controller_spec.rb

@@ -34,52 +34,54 @@ describe Projects::PushRulesController do
       end
     end
 
-    context 'Updating reject unsigned commit rule' do
-      context 'as an admin' do
-        let(:user) { create(:admin) }
+    PushRule::SETTINGS_WITH_GLOBAL_DEFAULT.each do |rule_attr|
+      context "Updating #{rule_attr} rule" do
+        context 'as an admin' do
+          let(:user) { create(:admin) }
 
-        it 'updates the setting' do
-          patch :update, namespace_id: project.namespace, project_id: project, id: 1, push_rule: { reject_unsigned_commits: true }
-
-          expect(project.push_rule(true).reject_unsigned_commits).to be_truthy
-        end
-      end
-
-      context 'as a master user' do
-        before do
-          project.add_master(user)
-        end
-
-        context 'when global setting is disabled' do
           it 'updates the setting' do
-            patch :update, namespace_id: project.namespace, project_id: project, id: 1, push_rule: { reject_unsigned_commits: true }
+            patch :update, namespace_id: project.namespace, project_id: project, id: 1, push_rule: { rule_attr => true }
 
-            expect(project.push_rule(true).reject_unsigned_commits).to be_truthy
+            expect(project.push_rule(true).public_send(rule_attr)).to be_truthy
           end
         end
 
-        context 'when global setting is enabled' do
+        context 'as a master user' do
           before do
-            create(:push_rule_sample, reject_unsigned_commits: true)
+            project.add_master(user)
           end
 
-          it 'does not update the setting' do
-            patch :update, namespace_id: project.namespace, project_id: project, id: 1, push_rule: { reject_unsigned_commits: false }
+          context 'when global setting is disabled' do
+            it 'updates the setting' do
+              patch :update, namespace_id: project.namespace, project_id: project, id: 1, push_rule: { rule_attr => true }
 
-            expect(project.push_rule(true).reject_unsigned_commits).to be_truthy
+              expect(project.push_rule(true).public_send(rule_attr)).to be_truthy
+            end
           end
-        end
-      end
 
-      context 'as a developer user' do
-        before do
-          project.add_developer(user)
+          context 'when global setting is enabled' do
+            before do
+              create(:push_rule_sample, rule_attr => true)
+            end
+
+            it 'does not update the setting' do
+              patch :update, namespace_id: project.namespace, project_id: project, id: 1, push_rule: { rule_attr => false }
+
+              expect(project.push_rule(true).public_send(rule_attr)).to be_truthy
+            end
+          end
         end
 
-        it 'does not update the setting' do
-          patch :update, namespace_id: project.namespace, project_id: project, id: 1, push_rule: { reject_unsigned_commits: true }
+        context 'as a developer user' do
+          before do
+            project.add_developer(user)
+          end
+
+          it 'does not update the setting' do
+            patch :update, namespace_id: project.namespace, project_id: project, id: 1, push_rule: { rule_attr => true }
 
-          expect(project.push_rule(true).reject_unsigned_commits).to be_falsy
+            expect(project.push_rule(true).public_send(rule_attr)).to be_falsy
+          end
         end
       end
     end

spec/features/admin/admin_push_rules_spec.rb

@@ -7,27 +7,34 @@ describe "Admin::PushRules"  do
     sign_in(current_user)
   end
 
-  context 'when reject_unsigned_commits is unlicensed' do
-    before do
-      stub_licensed_features(reject_unsigned_commits: false)
+  push_rules_with_titles = {
+    reject_unsigned_commits: 'Reject unsigned commits',
+    commit_author_check: 'Author restriction'
+  }
+
+  push_rules_with_titles.each do |rule_attr, title|
+    context "when #{rule_attr} is unlicensed" do
+      before do
+        stub_licensed_features(rule_attr => false)
+      end
+
+      it 'does not render the setting checkbox' do
+        visit admin_push_rule_path
+
+        expect(page).not_to have_content(title)
+      end
     end
 
-    it 'does not render the setting checkbox' do
-      visit admin_push_rule_path
+    context "when #{rule_attr} is licensed" do
+      before do
+        stub_licensed_features(rule_attr => true)
+      end
 
-      expect(page).not_to have_content('Reject unsigned commits')
-    end
-  end
-
-  context 'when reject_unsigned_commits is licensed' do
-    before do
-      stub_licensed_features(reject_unsigned_commits: true)
-    end
-
-    it 'renders the setting checkbox' do
-      visit admin_push_rule_path
+      it 'renders the setting checkbox' do
+        visit admin_push_rule_path
 
-      expect(page).to have_content('Reject unsigned commits')
+        expect(page).to have_content(title)
+      end
     end
   end
 end

spec/features/projects/push_rules_spec.rb

@@ -3,61 +3,69 @@ require 'spec_helper'
 feature 'Projects > Push Rules', :js do
   let(:user) { create(:user) }
   let(:project) { create(:project, :repository, namespace: user.namespace) }
+  let(:foo) {{ reject_unsigned_commits: 'Reject unsigned commits' }}
 
   before do
     project.team << [user, :master]
     sign_in(user)
   end
 
-  describe 'Reject unsigned commits rule' do
-    context 'unlicensed' do
-      before do
-        stub_licensed_features(reject_unsigned_commits: false)
-      end
-
-      it 'does not render the setting checkbox' do
-        visit project_settings_repository_path(project)
+  push_rules_with_titles = {
+    reject_unsigned_commits: 'Reject unsigned commits',
+    commit_author_check: 'Author restriction'
+  }
 
-        expect(page).not_to have_content('Reject unsigned commits')
-      end
-    end
+  push_rules_with_titles.each do |rule_attr, title|
+    describe "#{rule_attr} rule" do
+      context 'unlicensed' do
+        before do
+          stub_licensed_features(rule_attr => false)
+        end
 
-    context 'licensed' do
-      let(:bronze_plan) { Plan.find_by!(name: 'bronze') }
-      let(:gold_plan) { Plan.find_by!(name: 'gold') }
+        it 'does not render the setting checkbox' do
+          visit project_settings_repository_path(project)
 
-      before do
-        stub_licensed_features(reject_unsigned_commits: true)
+          expect(page).not_to have_content(title)
+        end
       end
 
-      it 'renders the setting checkbox' do
-        visit project_settings_repository_path(project)
+      context 'licensed' do
+        let(:bronze_plan) { Plan.find_by!(name: 'bronze') }
+        let(:gold_plan) { Plan.find_by!(name: 'gold') }
 
-        expect(page).to have_content('Reject unsigned commits')
-      end
-
-      describe 'with GL.com plans' do
         before do
-          stub_application_setting(check_namespace_plan: true)
+          stub_licensed_features(rule_attr => true)
         end
 
-        context 'when disabled' do
-          it 'does not render the setting checkbox' do
-            project.namespace.update!(plan_id: bronze_plan.id)
+        it 'renders the setting checkbox' do
+          visit project_settings_repository_path(project)
 
-            visit project_settings_repository_path(project)
+          expect(page).to have_content(title)
+        end
 
-            expect(page).not_to have_content('Reject unsigned commits')
+        describe 'with GL.com plans' do
+          before do
+            stub_application_setting(check_namespace_plan: true)
+          end
+
+          context 'when disabled' do
+            it 'does not render the setting checkbox' do
+              project.namespace.update!(plan_id: bronze_plan.id)
+
+              visit project_settings_repository_path(project)
+
+              expect(page).not_to have_content(title)
+            end
           end
-        end
 
-        context 'when enabled' do
-          it 'renders the setting checkbox' do
-            project.namespace.update!(plan_id: gold_plan.id)
+          context 'when enabled' do
+            it 'renders the setting checkbox' do
+              project.namespace.update!(plan_id: gold_plan.id)
 
-            visit project_settings_repository_path(project)
+              visit project_settings_repository_path(project)
 
-            expect(page).to have_content('Reject unsigned commits')
+              expect(page).to have_content(title)
+            end
           end
         end
       end

spec/helpers/push_rules_helper_spec.rb

@@ -7,7 +7,8 @@ describe PushRulesHelper do
   let(:project_owner) { push_rule.project.owner }
   let(:possible_help_texts) do
     {
-      base_help: /Only signed commits can be pushed to this repository/,
+      commit_author_check_base_help: /Only the author of a commit can push changes to this repository/,
+      reject_unsigned_commits_base_help: /Only signed commits can be pushed to this repository/,
       default_admin_help: /This setting will be applied to all projects unless overridden by an admin/,
       setting_can_be_overridden: /This setting is applied on the server level and can be overridden by an admin/,
       setting_has_been_overridden: /This setting is applied on the server level but has been overridden for this project/,
@@ -43,20 +44,23 @@ describe PushRulesHelper do
   end
 
   with_them do
-    before do
-      global_push_rule.update_column(:reject_unsigned_commits, enabled_globally)
-      push_rule.update_column(:reject_unsigned_commits, enabled_in_project)
+    PushRule::SETTINGS_WITH_GLOBAL_DEFAULT.each do |rule_attr|
+      before do
+        global_push_rule.update_column(rule_attr, enabled_globally)
+        push_rule.update_column(rule_attr, enabled_in_project)
 
-      allow(helper).to receive(:current_user).and_return(users[current_user])
-    end
+        allow(helper).to receive(:current_user).and_return(users[current_user])
+      end
 
-    it 'has the correct help text' do
-      rule = global_setting ? global_push_rule : push_rule
+      it 'has the correct help text' do
+        rule = global_setting ? global_push_rule : push_rule
+        message = possible_help_texts["#{rule_attr}_#{help_text}".to_sym].presence || possible_help_texts[help_text]
 
-      expect(helper.reject_unsigned_commits_description(rule)).to match(possible_help_texts[help_text])
+        expect(helper.public_send("#{rule_attr}_description", rule)).to match(message)
 
-      if invalid_text
-        expect(helper.reject_unsigned_commits_description(rule)).not_to match(possible_help_texts[invalid_text])
+        if invalid_text
+          expect(helper.public_send("#{rule_attr}_description", rule)).not_to match(possible_help_texts[invalid_text])
+        end
       end
     end
   end

spec/models/push_rule_spec.rb

@@ -24,6 +24,7 @@ describe PushRule do
       author_email_regex: 'regex',
       file_name_regex: 'regex',
       reject_unsigned_commits: true,
+      commit_author_check: true,
       member_check: true,
       prevent_secrets: true,
       max_file_size: 1