Revert exploratory branch restriction policy
This commit is contained in:
James Edwards-Jones
parent
b6a4c0181b
commit
48717b434d
|
|
@ -1,19 +1,9 @@
|
|||
class ProtectedBranchPolicy < BasePolicy
|
||||
delegate { @subject.project }
|
||||
|
||||
condition(:requires_admin_to_unprotect?, scope: :subject) do
|
||||
@subject.name == 'master' && Gitlab::CurrentSettings.only_admins_can_unprotect_master_branch?
|
||||
end
|
||||
|
||||
rule { can?(:admin_project) }.policy do
|
||||
enable :create_protected_branch
|
||||
enable :update_protected_branch
|
||||
enable :destroy_protected_branch
|
||||
end
|
||||
|
||||
rule { requires_admin_to_unprotect? & ~admin }.policy do
|
||||
prevent :create_protected_branch
|
||||
prevent :update_protected_branch
|
||||
prevent :destroy_protected_branch
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -8,53 +8,15 @@ describe ProtectedBranchPolicy do
|
|||
|
||||
subject { described_class.new(user, protected_branch) }
|
||||
|
||||
context 'when unprotection restriction feature is disabled' do
|
||||
it "branches can't be updated by guests" do
|
||||
project.add_guest(user)
|
||||
it 'branches can be updated via project masters' do
|
||||
project.add_master(user)
|
||||
|
||||
is_expected.to be_disallowed(:update_protected_branch)
|
||||
end
|
||||
|
||||
it 'branches can be updated via access to project settings' do
|
||||
project.add_master(user)
|
||||
|
||||
is_expected.to be_allowed(:update_protected_branch)
|
||||
end
|
||||
is_expected.to be_allowed(:update_protected_branch)
|
||||
end
|
||||
|
||||
context 'when unprotection restriction feature is enabled' do
|
||||
before do
|
||||
# stub_licensed_features(unprotection_restrictions: true)
|
||||
end
|
||||
it "branches can't be updated by guests" do
|
||||
project.add_guest(user)
|
||||
|
||||
context 'and unprotection is limited to admins' do #TODO: remove this is temporary exploration
|
||||
before do
|
||||
stub_application_setting(only_admins_can_unprotect_master_branch: true)
|
||||
end
|
||||
|
||||
context 'and the protection is for master' do
|
||||
let(:name) { 'master' }
|
||||
|
||||
it 'project owners cannot remove protections' do
|
||||
project.add_master(user)
|
||||
|
||||
is_expected.not_to be_allowed(:update_protected_branch)
|
||||
end
|
||||
|
||||
it 'admins can remove protections' do
|
||||
user.update!(admin: true)
|
||||
|
||||
is_expected.to be_allowed(:update_protected_branch)
|
||||
end
|
||||
end
|
||||
|
||||
context "and the protection isn't for master" do
|
||||
it 'project owners can remove protections' do
|
||||
project.add_master(user)
|
||||
|
||||
is_expected.to be_allowed(:update_protected_branch)
|
||||
end
|
||||
end
|
||||
end
|
||||
is_expected.to be_disallowed(:update_protected_branch)
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue