gitlab-org--gitlab-foss/app/models/protected_branch.rb

class ProtectedBranch < ActiveRecord::Base
  include Gitlab::ShellAdapter
  include ProtectedRef

  protected_ref_access_levels :merge, :push

  def self.protected_ref_accessible_to?(ref, user, project:, action:, protected_refs: nil)
    # Masters, owners and admins are allowed to create the default branch
    if default_branch_protected? && project.empty_repo?
      return true if user.admin? || project.team.max_member_access(user.id) > Gitlab::Access::DEVELOPER
    end

    super
  end

  # Check if branch name is marked as protected in the system
  def self.protected?(project, ref_name)
    return true if project.empty_repo? && default_branch_protected?

    refs = project.protected_branches.select(:name)

    self.matching(ref_name, protected_refs: refs).present?
  end

  def self.default_branch_protected?
    Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_FULL ||
      Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_MERGE
  end
end
ProtectedBranches model, Master permission for repo\n Allow push to protected branch for masters only 2012-02-15 15:02:33 -05:00			`class ProtectedBranch < ActiveRecord::Base`
replace Gitolited mixin with Gitlab::ShellAdapter 2013-03-21 15:01:14 -04:00			`include Gitlab::ShellAdapter`
Extract ProtectedRef Concern 2017-04-03 10:17:24 -04:00			`include ProtectedRef`
ProtectedBranches model, Master permission for repo\n Allow push to protected branch for masters only 2012-02-15 15:02:33 -05:00
Backport EE refactorings for Protected Tag EE-only functionality Improvements and refactorings were made while adding role based permissions for protected tags to EE. This doesn’t backport the feature, but should improve code quality and minimize divergence. 2017-05-05 11:59:31 -04:00			`protected_ref_access_levels :merge, :push`
Moved Project#protected_branch? to ProtectedBranch, similar for tags 2017-04-03 13:59:58 -04:00
Allow admins to push to empty repos 2018-04-18 09:52:55 -04:00			`def self.protected_ref_accessible_to?(ref, user, project:, action:, protected_refs: nil)`
			`# Masters, owners and admins are allowed to create the default branch`
			`if default_branch_protected? && project.empty_repo?`
			`return true if user.admin? \|\| project.team.max_member_access(user.id) > Gitlab::Access::DEVELOPER`
			`end`

			`super`
			`end`

Moved Project#protected_branch? to ProtectedBranch, similar for tags 2017-04-03 13:59:58 -04:00			`# Check if branch name is marked as protected in the system`
			`def self.protected?(project, ref_name)`
Moved default_branch_protected? out of Project 2017-04-03 14:28:54 -04:00			`return true if project.empty_repo? && default_branch_protected?`
Moved Project#protected_branch? to ProtectedBranch, similar for tags 2017-04-03 13:59:58 -04:00
Only load branch names for protected branch checks When checking if a branch is protected we don't need all columns of every protected branch row, instead we only care about the names. By using "select" here we reduce the amount of data we need to send over the wire and load into memory. 2017-11-28 10:50:44 -05:00			`refs = project.protected_branches.select(:name)`

			`self.matching(ref_name, protected_refs: refs).present?`
Moved Project#protected_branch? to ProtectedBranch, similar for tags 2017-04-03 13:59:58 -04:00			`end`
Moved default_branch_protected? out of Project 2017-04-03 14:28:54 -04:00
			`def self.default_branch_protected?`
use Gitlab::UserSettings directly as a singleton instead of including/extending it 2018-02-02 13:39:55 -05:00			`Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_FULL \|\|`
			`Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_MERGE`
Moved default_branch_protected? out of Project 2017-04-03 14:28:54 -04:00			`end`
ProtectedBranches model, Master permission for repo\n Allow push to protected branch for masters only 2012-02-15 15:02:33 -05:00			`end`