e371520f46
This commit includes changes to add `UserAccess#can_create_branch?` which will check whether the user is allowed to create a branch even if it matches a protected branch. This is used in `Gitlab::Checks::BranchCheck` when the branch name matches a protected branch. A `push_to_create_protected_branch` ability in `ProjectPolicy` has been added to allow Developers and above to create protected branches.
40 lines
1.3 KiB
Ruby
40 lines
1.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class ProtectedBranch < ActiveRecord::Base
|
|
include ProtectedRef
|
|
|
|
protected_ref_access_levels :merge, :push
|
|
|
|
def self.protected_ref_accessible_to?(ref, user, project:, action:, protected_refs: nil)
|
|
# Maintainers, owners and admins are allowed to create the default branch
|
|
if default_branch_protected? && project.empty_repo?
|
|
return true if user.admin? || project.team.max_member_access(user.id) > Gitlab::Access::DEVELOPER
|
|
end
|
|
|
|
super
|
|
end
|
|
|
|
# Check if branch name is marked as protected in the system
|
|
def self.protected?(project, ref_name)
|
|
return true if project.empty_repo? && default_branch_protected?
|
|
|
|
self.matching(ref_name, protected_refs: protected_refs(project)).present?
|
|
end
|
|
|
|
def self.any_protected?(project, ref_names)
|
|
protected_refs(project).any? do |protected_ref|
|
|
ref_names.any? do |ref_name|
|
|
protected_ref.matches?(ref_name)
|
|
end
|
|
end
|
|
end
|
|
|
|
def self.default_branch_protected?
|
|
Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_FULL ||
|
|
Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_MERGE
|
|
end
|
|
|
|
def self.protected_refs(project)
|
|
project.protected_branches.select(:name)
|
|
end
|
|
end
|