kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Merge branch 'jej/fix-protected-branch-validations-ce' into 'master'

Browse source 
Fix ProtectedBranch access level validations

See merge request gitlab-org/gitlab-ce!15586
This commit is contained in:
Rémy Coutable 2017-11-24 16:16:31 +00:00
commit b355ebc4c9
8 changed files with 34 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/controllers/projects/settings/repository_controller.rb
View file

@ -21,14 +21,14 @@ module Projects
def access_levels_options
{
create_access_levels: levels_for_dropdown(ProtectedTag::CreateAccessLevel),
push_access_levels: levels_for_dropdown(ProtectedBranch::PushAccessLevel),
merge_access_levels: levels_for_dropdown(ProtectedBranch::MergeAccessLevel)
create_access_levels: levels_for_dropdown,
push_access_levels: levels_for_dropdown,
merge_access_levels: levels_for_dropdown
}
end
def levels_for_dropdown(access_level_type)
roles = access_level_type.human_access_levels.map do |id, text|
def levels_for_dropdown
roles = ProtectedRefAccess::HUMAN_ACCESS_LEVELS.map do |id, text|
{ id: id, text: text, before_divider: true }
end
{ roles: roles }

18
app/models/concerns/protected_branch_access.rb
View file

@ -1,12 +1,6 @@
module ProtectedBranchAccess
extend ActiveSupport::Concern
ALLOWED_ACCESS_LEVELS ||= [
Gitlab::Access::MASTER,
Gitlab::Access::DEVELOPER,
Gitlab::Access::NO_ACCESS
].freeze
included do
include ProtectedRefAccess
@ -14,18 +8,6 @@ module ProtectedBranchAccess
delegate :project, to: :protected_branch
validates :access_level, presence: true, inclusion: {
in: ALLOWED_ACCESS_LEVELS
}
def self.human_access_levels
{
Gitlab::Access::MASTER => "Masters",
Gitlab::Access::DEVELOPER => "Developers + Masters",
Gitlab::Access::NO_ACCESS => "No one"
}.with_indifferent_access
end
def check_access(user)
return false if access_level == Gitlab::Access::NO_ACCESS

24
app/models/concerns/protected_ref_access.rb
View file

@ -1,13 +1,35 @@
module ProtectedRefAccess
extend ActiveSupport::Concern
ALLOWED_ACCESS_LEVELS = [
Gitlab::Access::MASTER,
Gitlab::Access::DEVELOPER,
Gitlab::Access::NO_ACCESS
].freeze
HUMAN_ACCESS_LEVELS = {
Gitlab::Access::MASTER => "Masters".freeze,
Gitlab::Access::DEVELOPER => "Developers + Masters".freeze,
Gitlab::Access::NO_ACCESS => "No one".freeze
}.freeze
included do
scope :master, -> { where(access_level: Gitlab::Access::MASTER) }
scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }
validates :access_level, presence: true, if: :role?, inclusion: {
in: ALLOWED_ACCESS_LEVELS
}
end
def humanize
self.class.human_access_levels[self.access_level]
HUMAN_ACCESS_LEVELS[self.access_level]
end
# CE access levels are always role-based,
# where as EE allows groups and users too
def role?
true
end
def check_access(user)

12
app/models/protected_tag/create_access_level.rb
View file

@ -1,18 +1,6 @@
class ProtectedTag::CreateAccessLevel < ActiveRecord::Base
include ProtectedTagAccess
validates :access_level, presence: true, inclusion: { in: [Gitlab::Access::MASTER,
Gitlab::Access::DEVELOPER,
Gitlab::Access::NO_ACCESS] }
def self.human_access_levels
{
Gitlab::Access::MASTER => "Masters",
Gitlab::Access::DEVELOPER => "Developers + Masters",
Gitlab::Access::NO_ACCESS => "No one"
}.with_indifferent_access
end
def check_access(user)
return false if access_level == Gitlab::Access::NO_ACCESS

2
doc/api/protected_branches.md
View file

@ -4,7 +4,7 @@
**Valid access levels**
The access levels are defined in the `ProtectedBranchAccess::ALLOWED_ACCESS_LEVELS` constant. Currently, these levels are recognized:
The access levels are defined in the `ProtectedRefAccess::ALLOWED_ACCESS_LEVELS` constant. Currently, these levels are recognized:
```
0 => No access
30 => Developer access

4
lib/api/protected_branches.rb
View file

@ -40,10 +40,10 @@ module API
params do
requires :name, type: String, desc: 'The name of the protected branch'
optional :push_access_level, type: Integer, default: Gitlab::Access::MASTER,
values: ProtectedBranchAccess::ALLOWED_ACCESS_LEVELS,
values: ProtectedRefAccess::ALLOWED_ACCESS_LEVELS,
desc: 'Access levels allowed to push (defaults: `40`, master access level)'
optional :merge_access_level, type: Integer, default: Gitlab::Access::MASTER,
values: ProtectedBranchAccess::ALLOWED_ACCESS_LEVELS,
values: ProtectedRefAccess::ALLOWED_ACCESS_LEVELS,
desc: 'Access levels allowed to merge (defaults: `40`, master access level)'
end
post ':id/protected_branches' do

2
spec/support/protected_tags/access_control_ce_shared_examples.rb
View file

@ -1,5 +1,5 @@
RSpec.shared_examples "protected tags > access control > CE" do
ProtectedTag::CreateAccessLevel.human_access_levels.each do |(access_type_id, access_type_name)|
ProtectedRefAccess::HUMAN_ACCESS_LEVELS.each do |(access_type_id, access_type_name)|
it "allows creating protected tags that #{access_type_name} can create" do
visit project_protected_tags_path(project)

4
spec/support/shared_examples/features/protected_branches_access_control_ce.rb
View file

@ -1,5 +1,5 @@
shared_examples "protected branches > access control > CE" do
ProtectedBranch::PushAccessLevel.human_access_levels.each do |(access_type_id, access_type_name)|
ProtectedRefAccess::HUMAN_ACCESS_LEVELS.each do |(access_type_id, access_type_name)|
it "allows creating protected branches that #{access_type_name} can push to" do
visit project_protected_branches_path(project)
@ -44,7 +44,7 @@ shared_examples "protected branches > access control > CE" do
end
end
ProtectedBranch::MergeAccessLevel.human_access_levels.each do |(access_type_id, access_type_name)|
ProtectedRefAccess::HUMAN_ACCESS_LEVELS.each do |(access_type_id, access_type_name)|
it "allows creating protected branches that #{access_type_name} can merge to" do
visit project_protected_branches_path(project)