Commit graph

7 commits

Author SHA1 Message Date
tiagonbotelho
482d7802cc changes default_branch_protection to allow devs_can_merge protection option aswell 2016-08-04 21:15:26 +01:00
tiagonbotelho
edc5f4018e developer cannot push to protected branch when project is empty or he has not been granted permission to do so 2016-08-02 04:17:32 +01:00
Timothy Andrew
828f6eb6e5 Enforce "No One Can Push" during git operations.
1. The crux of this change is in `UserAccess`, which looks through all
   the access levels, asking each if the user has access to push/merge
   for the current project.

2. Update the `protected_branches` factory to create access levels as
   necessary.

3. Fix and augment `user_access` and `git_access` specs.
2016-07-29 15:20:39 +05:30
Rémy Coutable
2cf7f09b1e
Revert "Revert "Merge branch '18193-developers-can-merge' into 'master' ""
This reverts commit 530f5158e2.

See !4892.

Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-07-18 10:16:56 +02:00
Robert Speicher
530f5158e2 Revert "Merge branch '18193-developers-can-merge' into 'master' "
This reverts commit 9ca633eb4c, reversing
changes made to fb229bbf79.
2016-07-13 13:57:30 -05:00
Timothy Andrew
bb81f2afc1 Implement last round of review comments from !4892.
1. Fix typos, minor styling errors.

2. Use single quotes rather than double quotes in `user_access_spec`.

3. Test formatting.
2016-07-13 14:18:05 +05:30
Timothy Andrew
60245bbe22 Refactor Gitlab::GitAccess
1. Don't use case statements for dispatch anymore. This leads to a lot
   of duplication, and makes the logic harder to follow.

2. Remove duplicated logic.

    - For example, the `can_push_to_branch?` exists, but we also have a
      different way of checking the same condition within `change_access_check`.

    - This kind of duplication is removed, and the `can_push_to_branch?`
      method is used in both places.

3. Move checks returning true/false to `UserAccess`.

    - All public methods in `GitAccess` now return an instance of
      `GitAccessStatus`. Previously, some methods would return
      true/false as well, which was confusing.

    - It makes sense for these kinds of checks to be at the level of a
      user, so the `UserAccess` class was repurposed for this. The prior
      `UserAccess.allowed?` classmethod is converted into an instance
      method.

    - All external uses of these checks have been migrated to use the
      `UserAccess` class

4. Move the "change_access_check" into a separate class.

    - Create the `GitAccess::ChangeAccessCheck` class to run these
      checks, which are quite substantial.

    - `ChangeAccessCheck` returns an instance of `GitAccessStatus` as
      well.

5. Break out the boolean logic in `ChangeAccessCheck` into `if/else`
   chains - this seems more readable.

6. I can understand that this might look like overkill for !4892, but I
   think this is a good opportunity to clean it up.

    - http://martinfowler.com/bliki/OpportunisticRefactoring.html
2016-07-13 13:24:56 +05:30