Skip to content

Allow creating protected branches that can't be pushed to

username-removed-407765 requested to merge 18193-no-one-can-push into master

What does this MR do?

  • Add "No one can push" as a setting to protected branches.
  • This applies to Masters (as well as all other users)

What are the relevant issue numbers?

Closes #18193 (closed)

Does this need an EE merge request?

Yes. gitlab-org/gitlab-ee!569

Screenshots

Screen_Shot_2016-07-29_at_3.14.59_PM

TODO

  • #18193 (closed) !5081 (merged) No one can push to protected branches
    • Implementation
      • Model changes
        • Remove "developers_can_merge" and "developers_can_push"
        • Replace with ProtectedBranchPushAccess and ProtectedBranchMergeAccess
          • Reversible migration
          • Raise error on failure
          • MySQL
      • Backend changes
        • Creating a protected branch creates access rows
        • Add no_one as an access level
        • Enforce "no one can push"
        • Allow setting levels while creating protected branches?
      • Frontend
        • Replace checkboxes with selects
    • Add tests
    • GitPushService -> new projects' default branch protection
    • Fix existing tests
    • Refactor
    • Test workflows by hand
      • from the Web UI
        • When "Allowed to Push" is "No one"
          • Developers can't push
          • Masters can't push
        • When "Allowed to Push" is "Developers + Masters"
          • Developers can push
          • Masters can push
        • When "Allowed to Push" is "Masters"
          • Developers can't push
          • Masters can push
        • When "Allowed to Merge" is "Masters" and "Allowed to Push" is "Masters"
          • Developers can't push
          • Developers can't merge
          • Masters can merge
          • Masters can push
        • When "Allowed to Merge" is "Developers + Masters" and "Allowed to Push" is "Masters"
          • Developers can't push
          • Developers can merge
          • Masters can merge
          • Masters can push
        • When "Allowed to Merge" is "Developers + Masters" and "Allowed to Push" is "No one"
          • Developers can't push
          • Developers can merge
          • Masters can merge
          • Masters can't push
        • When "Allowed to Merge" is "Masters" and "Allowed to Push" is "No one"
          • Developers can't push
          • Developers can't merge
          • Masters can merge
          • Masters can't push
      • from CLI
        • When "Allowed to Push" is "No one"
          • Developers can't push
          • Masters can't push
        • When "Allowed to Push" is "Developers + Masters"
          • Developers can push
          • Masters can push
        • When "Allowed to Push" is "Masters"
          • Developers can't push
          • Masters can push
        • When "Allowed to Merge" is "Masters" and "Allowed to Push" is "Masters"
          • Developers can't push
          • Developers can't merge
          • Masters can merge
          • Masters can push
        • When "Allowed to Merge" is "Developers + Masters" and "Allowed to Push" is "Masters"
          • Developers can't push
          • Developers can't merge
          • Masters can merge
          • Masters can push
        • When "Allowed to Merge" is "Developers + Masters" and "Allowed to Push" is "No one"
          • Developers can't push
          • Developers can't merge
          • Masters can't merge
          • Masters can't push
        • When "Allowed to Merge" is "Masters" and "Allowed to Push" is "No one"
          • Developers can't push
          • Developers can't merge
          • Masters can't merge
          • Masters can't push
    • Add tests for owners and admins
    • CHANGELOG
    • Screenshots
    • Documentation
    • Wait for !4665 (merged) to be merged in
    • Wait for gitlab-org/gitlab-ce#19872 and gitlab-org/gitlab-ee!564 to be closed
    • Rebase against master instead of !4892 (merged)
    • Make sure build is green
    • Create EE MR
      • Cherry pick commits
      • Make sure build is green
    • Address @axil's comments
    • Assign to endboss
    • Wait for @dbalexandre's review
    • Address @dbalexandre's comments
    • Address @axil's comments
      • Align dropdowns
      • No flash when protected branch is updated
    • Resolve conflicts
    • Implement protect/unprotect API
    • Address @dbalexandre's comments
    • Update EE MR
    • Address @rymai's comments
      • Create/Update service should return a ProtectedBranch
      • Successfuly protected branch creation shouldn't load_protected_branches
      • Rename allowed_to_merge as #minimum_access_level_for_merge
      • Rename allowed_to_push as #minimum_access_level_for_push
      • Use inclusion and Gitlab::Access instead of an enum
      • Modify check_access to work with Gitlab::Access
      • Pass @protected_branch to #execute in UpdateService
      • simplify with a nested field protected_branch[push_access_level][access_level]
      • developers_can_{merge,push} should be handled in the API
      • Use can?(current_user, ...) instead of current_user.can?(...)
      • Instantiate ProtectedBranchesAccessSelect in dispatcher.js
      • constants regarding downtime migrations
      • Explicit #down for columns with default
    • Update EE MR
    • Wait for CE merge
    • Wait for EE merge
    • Create issue for UI changes proposed by @zyv

Merge request reports

Loading