Added access spec tests

Also created changelog and removed redundant code

app/assets/stylesheets/pages/projects.scss

@@ -761,6 +761,8 @@ pre.light-well {
 }
 
 .protected-branches-list {
+  margin-bottom: 30px;
+
   a {
     color: $gl-text-color;
 

app/controllers/projects/protected_branches_controller.rb

@@ -1,5 +1,4 @@
 class Projects::ProtectedBranchesController < Projects::ApplicationController
-  include RepositoryHelper
   # Authorize
   before_action :require_non_empty_project
   before_action :authorize_admin_project!
@@ -61,20 +60,4 @@ class Projects::ProtectedBranchesController < Projects::ApplicationController
   def load_protected_branches
     @protected_branches = @project.protected_branches.order(:name).page(params[:page])
   end
-
-  def access_levels_options
-    {
-      push_access_levels: {
-        "Roles" => ProtectedBranch::PushAccessLevel.human_access_levels.map { |id, text| { id: id, text: text, before_divider: true } },
-      },
-      merge_access_levels: {
-        "Roles" => ProtectedBranch::MergeAccessLevel.human_access_levels.map { |id, text| { id: id, text: text, before_divider: true } }
-      }
-    }
-  end
-
-  def load_gon_index
-    params = { open_branches: @project.open_branches.map { |br| { text: br.name, id: br.name, title: br.name } } }
-    gon.push(params.merge(access_levels_options))
-  end
 end

app/controllers/projects/settings/repository_controller.rb

@@ -21,7 +21,7 @@ module Projects
 
       def define_protected_branches_controller
         @protected_branch = @project.protected_branches.new
-        load_gon_index(@project)
+        load_gon_index
       end
     end
   end

app/helpers/repository_helper.rb

@@ -1,13 +1,17 @@
 module RepositoryHelper
   def access_levels_options
     {
-      push_access_levels: ProtectedBranch::PushAccessLevel.human_access_levels.map { |id, text| { id: id, text: text, before_divider: true } },
-      merge_access_levels: ProtectedBranch::MergeAccessLevel.human_access_levels.map { |id, text| { id: id, text: text, before_divider: true } }
+      push_access_levels: {
+        "Roles" => ProtectedBranch::PushAccessLevel.human_access_levels.map { |id, text| { id: id, text: text, before_divider: true } },
+      },
+      merge_access_levels: {
+        "Roles" => ProtectedBranch::MergeAccessLevel.human_access_levels.map { |id, text| { id: id, text: text, before_divider: true } }
+      }
     }
   end
 
-  def load_gon_index(project)
-    params = { open_branches: project.open_branches.map { |br| { text: br.name, id: br.name, title: br.name } } }
+  def load_gon_index
+    params = { open_branches: @project.open_branches.map { |br| { text: br.name, id: br.name, title: br.name } } }
     gon.push(params.merge(access_levels_options))
   end
 end

app/views/projects/protected_branches/_index.html.haml

@@ -1,11 +1,10 @@
-- page_title "Protected branches"
 - content_for :page_specific_javascripts do
   = page_specific_javascript_bundle_tag('protected_branches')
 
 .row.prepend-top-default.append-bottom-default
   .col-lg-3
     %h4.prepend-top-0
-      = page_title
+      Protected Branches
     %p Keep stable branches secure and force developers to use merge requests.
     %p.prepend-top-20
       By default, protected branches are designed to:

changelogs/unreleased/26732-combine-deploy-keys-and-push-rules-and-mirror-repository-and-protect-branches-settings-pages.yml

@@ -0,0 +1,5 @@
+---
+title: Combined deploy keys and push rules settings options into a single one called
+  Repository
+merge_request:
+author:

spec/features/security/project/internal_access_spec.rb

@@ -110,6 +110,20 @@ describe "Internal Project Access", feature: true  do
     it { is_expected.to be_denied_for(:external) }
   end
 
+  describe "GET /:project_path/settings/repository" do
+    subject { namespace_project_settings_repository_path(project.namespace, project) }
+
+    it { is_expected.to be_allowed_for(:admin) }
+    it { is_expected.to be_allowed_for(:owner).of(project) }
+    it { is_expected.to be_allowed_for(:master).of(project) }
+    it { is_expected.to be_denied_for(:developer).of(project) }
+    it { is_expected.to be_denied_for(:reporter).of(project) }
+    it { is_expected.to be_denied_for(:guest).of(project) }
+    it { is_expected.to be_denied_for(:user) }
+    it { is_expected.to be_denied_for(:visitor) }
+    it { is_expected.to be_denied_for(:external) }
+  end
+
   describe "GET /:project_path/blob" do
     let(:commit) { project.repository.commit }
     subject { namespace_project_blob_path(project.namespace, project, File.join(commit.id, '.gitignore')) }

spec/features/security/project/public_access_spec.rb

@@ -110,6 +110,20 @@ describe "Public Project Access", feature: true  do
     it { is_expected.to be_denied_for(:external) }
   end
 
+  describe "GET /:project_path/settings/repository" do
+    subject { namespace_project_settings_repository_path(project.namespace, project) }
+
+    it { is_expected.to be_allowed_for(:admin) }
+    it { is_expected.to be_allowed_for(:owner).of(project) }
+    it { is_expected.to be_allowed_for(:master).of(project) }
+    it { is_expected.to be_denied_for(:developer).of(project) }
+    it { is_expected.to be_denied_for(:reporter).of(project) }
+    it { is_expected.to be_denied_for(:guest).of(project) }
+    it { is_expected.to be_denied_for(:user) }
+    it { is_expected.to be_denied_for(:visitor) }
+    it { is_expected.to be_denied_for(:external) }
+  end
+
   describe "GET /:project_path/pipelines" do
     subject { namespace_project_pipelines_path(project.namespace, project) }