Commit graph

8 commits

Author SHA1 Message Date
Timothy Andrew
828f6eb6e5 Enforce "No One Can Push" during git operations.
1. The crux of this change is in `UserAccess`, which looks through all
   the access levels, asking each if the user has access to push/merge
   for the current project.

2. Update the `protected_branches` factory to create access levels as
   necessary.

3. Fix and augment `user_access` and `git_access` specs.
2016-07-29 15:20:39 +05:30
Rémy Coutable
2cf7f09b1e
Revert "Revert "Merge branch '18193-developers-can-merge' into 'master' ""
This reverts commit 530f5158e2.

See !4892.

Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-07-18 10:16:56 +02:00
Robert Speicher
530f5158e2 Revert "Merge branch '18193-developers-can-merge' into 'master' "
This reverts commit 9ca633eb4c, reversing
changes made to fb229bbf79.
2016-07-13 13:57:30 -05:00
Timothy Andrew
60245bbe22 Refactor Gitlab::GitAccess
1. Don't use case statements for dispatch anymore. This leads to a lot
   of duplication, and makes the logic harder to follow.

2. Remove duplicated logic.

    - For example, the `can_push_to_branch?` exists, but we also have a
      different way of checking the same condition within `change_access_check`.

    - This kind of duplication is removed, and the `can_push_to_branch?`
      method is used in both places.

3. Move checks returning true/false to `UserAccess`.

    - All public methods in `GitAccess` now return an instance of
      `GitAccessStatus`. Previously, some methods would return
      true/false as well, which was confusing.

    - It makes sense for these kinds of checks to be at the level of a
      user, so the `UserAccess` class was repurposed for this. The prior
      `UserAccess.allowed?` classmethod is converted into an instance
      method.

    - All external uses of these checks have been migrated to use the
      `UserAccess` class

4. Move the "change_access_check" into a separate class.

    - Create the `GitAccess::ChangeAccessCheck` class to run these
      checks, which are quite substantial.

    - `ChangeAccessCheck` returns an instance of `GitAccessStatus` as
      well.

5. Break out the boolean logic in `ChangeAccessCheck` into `if/else`
   chains - this seems more readable.

6. I can understand that this might look like overkill for !4892, but I
   think this is a good opportunity to clean it up.

    - http://martinfowler.com/bliki/OpportunisticRefactoring.html
2016-07-13 13:24:56 +05:30
Jacob Vosmaer
e7df3f51c9 Move method to User 2016-03-10 12:37:14 +01:00
Jacob Vosmaer
acd9bc0213 Acquire lock before LDAP sync 2016-03-09 19:11:24 +01:00
Jacob Vosmaer
82dc40936a Cache LDAP check in Gitlab::UserAccess
This changes the number of LDAP calls when users access GitLab via
Git-over-SSH or the API. LDAP check results are cached for 1 hour.
2014-08-06 18:03:01 +02:00
Jacob Vosmaer
34fd557055 Move user access check to Gitlab::UserAccess 2014-05-15 10:22:59 +02:00