Allow users to create protected branches via CLI

This is for fixing a regression introduced by:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24969

This fix will allow users who are allowed to push to protected
branches to create protected branches via CLI as well, just
like before. The checks for protected branch creation won't
need to run.

app/views/projects/protected_branches/shared/_index.html.haml

@@ -12,7 +12,7 @@
     %p
       By default, protected branches are designed to:
       %ul
-        %li prevent their creation, if not already created, from everybody except users who are allowed to merge
+        %li prevent their creation, if not already created, from everybody except Maintainers
         %li prevent pushes from everybody except Maintainers
         %li prevent <strong>anyone</strong> from force pushing to the branch
         %li prevent <strong>anyone</strong> from deleting the branch

changelogs/unreleased/59289-fix-push-to-create-protected-branches.yml

@@ -0,0 +1,6 @@
+---
+title: Allow users who can push to protected branches to create protected branches
+  via CLI
+merge_request: 26413
+author:
+type: fixed

doc/user/project/protected_branches.md

@@ -10,7 +10,7 @@ created protected branches.
 By default, a protected branch does four simple things:
 
 - it prevents its creation, if not already created, from everybody except users
-  who are allowed to merge
+  with Maintainer permission
 - it prevents pushes from everybody except users with Maintainer permission
 - it prevents **anyone** from force pushing to the branch
 - it prevents **anyone** from deleting the branch

lib/gitlab/checks/branch_check.rb

@@ -59,6 +59,8 @@ module Gitlab
 
       def protected_branch_creation_checks
         logger.log_timed(LOG_MESSAGES[:protected_branch_creation_checks]) do
+          break if user_access.can_push_to_branch?(branch_name)
+
           unless user_access.can_merge_to_branch?(branch_name)
             raise GitAccess::UnauthorizedError, ERROR_MESSAGES[:create_protected_branch]
           end

spec/lib/gitlab/checks/branch_check_spec.rb

@@ -108,7 +108,28 @@ describe Gitlab::Checks::BranchCheck do
         end
 
         context 'protected branch creation feature is enabled' do
-          context 'user is not allowed to create protected branches' do
+          context 'user can push to branch' do
+            before do
+              allow(user_access)
+                .to receive(:can_push_to_branch?)
+                .with('feature')
+                .and_return(true)
+            end
+
+            it 'does not raise an error' do
+              expect { subject.validate! }.not_to raise_error
+            end
+          end
+
+          context 'user cannot push to branch' do
+            before do
+              allow(user_access)
+                .to receive(:can_push_to_branch?)
+                .with('feature')
+                .and_return(false)
+            end
+
+            context 'user cannot merge to branch' do
               before do
                 allow(user_access)
                   .to receive(:can_merge_to_branch?)
@@ -121,7 +142,7 @@ describe Gitlab::Checks::BranchCheck do
               end
             end
 
-          context 'user is allowed to create protected branches' do
+            context 'user can merge to branch' do
               before do
                 allow(user_access)
                   .to receive(:can_merge_to_branch?)
@@ -172,6 +193,7 @@ describe Gitlab::Checks::BranchCheck do
             end
           end
         end
+      end
 
       context 'branch deletion' do
         let(:newrev) { '0000000000000000000000000000000000000000' }