Resolve "Rename the `Master` role to `Maintainer`" Backend

app/models/concerns/protected_ref_access.rb

@@ -2,19 +2,20 @@ module ProtectedRefAccess
   extend ActiveSupport::Concern
   ALLOWED_ACCESS_LEVELS = [
-    Gitlab::Access::MASTER,
+    Gitlab::Access::MAINTAINER,
     Gitlab::Access::DEVELOPER,
     Gitlab::Access::NO_ACCESS
   ].freeze
   HUMAN_ACCESS_LEVELS = {
-    Gitlab::Access::MASTER => "Maintainers".freeze,
+    Gitlab::Access::MAINTAINER => "Maintainers".freeze,
     Gitlab::Access::DEVELOPER => "Developers + Maintainers".freeze,
     Gitlab::Access::NO_ACCESS => "No one".freeze
   }.freeze
   included do
-    scope :master, -> { where(access_level: Gitlab::Access::MASTER) }
+    scope :master, -> { maintainer } # @deprecated
+    scope :maintainer, -> { where(access_level: Gitlab::Access::MAINTAINER) }
     scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }
     validates :access_level, presence: true, if: :role?, inclusion: {

app/models/concerns/select_for_project_authorization.rb

@@ -6,8 +6,11 @@ module SelectForProjectAuthorization
       select("projects.id AS project_id, members.access_level")
     end
-    def select_as_master_for_project_authorization
-      select(["projects.id AS project_id", "#{Gitlab::Access::MASTER} AS access_level"])
+    def select_as_maintainer_for_project_authorization
+      select(["projects.id AS project_id", "#{Gitlab::Access::MAINTAINER} AS access_level"])
     end
+
+    # @deprecated
+    alias_method :select_as_master_for_project_authorization, :select_as_maintainer_for_project_authorization
   end
 end

app/models/group.rb

@@ -186,10 +186,13 @@ class Group < Namespace
     add_user(user, :developer, current_user: current_user)
   end
-  def add_master(user, current_user = nil)
-    add_user(user, :master, current_user: current_user)
+  def add_maintainer(user, current_user = nil)
+    add_user(user, :maintainer, current_user: current_user)
   end
+  # @deprecated
+  alias_method :add_master, :add_maintainer
+
   def add_owner(user, current_user = nil)
     add_user(user, :owner, current_user: current_user)
   end
@@ -206,12 +209,15 @@ class Group < Namespace
     members_with_parents.owners.where(user_id: user).any?
   end
-  def has_master?(user)
+  def has_maintainer?(user)
     return false unless user
-    members_with_parents.masters.where(user_id: user).any?
+    members_with_parents.maintainers.where(user_id: user).any?
   end
+  # @deprecated
+  alias_method :has_master?, :has_maintainer?
+
   # Check if user is a last owner of the group.
   # Parent owners are ignored for nested groups.
   def last_owner?(user)

app/models/member.rb

@@ -69,9 +69,11 @@ class Member < ActiveRecord::Base
   scope :guests, -> { active.where(access_level: GUEST) }
   scope :reporters, -> { active.where(access_level: REPORTER) }
   scope :developers, -> { active.where(access_level: DEVELOPER) }
-  scope :masters,  -> { active.where(access_level: MASTER) }
+  scope :maintainers, -> { active.where(access_level: MAINTAINER) }
+  scope :masters, -> { maintainers } # @deprecated
   scope :owners,  -> { active.where(access_level: OWNER) }
-  scope :owners_and_masters,  -> { active.where(access_level: [OWNER, MASTER]) }
+  scope :owners_and_maintainers,  -> { active.where(access_level: [OWNER, MAINTAINER]) }
+  scope :owners_and_masters,  -> { owners_and_maintainers } # @deprecated
   scope :order_name_asc, -> { left_join_users.reorder(Gitlab::Database.nulls_last_order('users.name', 'ASC')) }
   scope :order_name_desc, -> { left_join_users.reorder(Gitlab::Database.nulls_last_order('users.name', 'DESC')) }

app/models/members/project_member.rb

@@ -17,19 +17,19 @@ class ProjectMember < Member
     # Add users to projects with passed access option
     #
     # access can be an integer representing a access code
-    # or symbol like :master representing role
+    # or symbol like :maintainer representing role
     #
     # Ex.
     #   add_users_to_projects(
     #     project_ids,
     #     user_ids,
-    #     ProjectMember::MASTER
+    #     ProjectMember::MAINTAINER
     #   )
     #
     #   add_users_to_projects(
     #     project_ids,
     #     user_ids,
-    #     :master
+    #     :maintainer
     #   )
     #
     def add_users_to_projects(project_ids, users, access_level, current_user: nil, expires_at: nil)

app/models/project.rb

@@ -269,7 +269,8 @@ class Project < ActiveRecord::Base
   delegate :name, to: :owner, allow_nil: true, prefix: true
   delegate :members, to: :team, prefix: true
   delegate :add_user, :add_users, to: :team
-  delegate :add_guest, :add_reporter, :add_developer, :add_master, :add_role, to: :team
+  delegate :add_guest, :add_reporter, :add_developer, :add_maintainer, :add_role, to: :team
+  delegate :add_master, to: :team # @deprecated
   delegate :group_runners_enabled, :group_runners_enabled=, :group_runners_enabled?, to: :ci_cd_settings
   # Validations
@@ -1647,10 +1648,10 @@ class Project < ActiveRecord::Base
       params = {
         name: default_branch,
         push_access_levels_attributes: [{
-          access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_PUSH ? Gitlab::Access::DEVELOPER : Gitlab::Access::MASTER
+          access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_PUSH ? Gitlab::Access::DEVELOPER : Gitlab::Access::MAINTAINER
         }],
         merge_access_levels_attributes: [{
-          access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_MERGE ? Gitlab::Access::DEVELOPER : Gitlab::Access::MASTER
+          access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_MERGE ? Gitlab::Access::DEVELOPER : Gitlab::Access::MAINTAINER
         }]
       }

app/models/project_group_link.rb

@@ -4,7 +4,8 @@ class ProjectGroupLink < ActiveRecord::Base
   GUEST     = 10
   REPORTER  = 20
   DEVELOPER = 30
-  MASTER    = 40
+  MAINTAINER = 40
+  MASTER = MAINTAINER # @deprecated
   belongs_to :project
   belongs_to :group

app/models/project_team.rb

@@ -19,10 +19,13 @@ class ProjectTeam
     add_user(user, :developer, current_user: current_user)
   end
-  def add_master(user, current_user: nil)
-    add_user(user, :master, current_user: current_user)
+  def add_maintainer(user, current_user: nil)
+    add_user(user, :maintainer, current_user: current_user)
   end
+  # @deprecated
+  alias_method :add_master, :add_maintainer
+
   def add_role(user, role, current_user: nil)
     public_send(:"add_#{role}", user, current_user: current_user) # rubocop:disable GitlabSecurity/PublicSend
   end
@@ -81,10 +84,13 @@ class ProjectTeam
     @developers ||= fetch_members(Gitlab::Access::DEVELOPER)
   end
-  def masters
-    @masters ||= fetch_members(Gitlab::Access::MASTER)
+  def maintainers
+    @maintainers ||= fetch_members(Gitlab::Access::MAINTAINER)
   end
+  # @deprecated
+  alias_method :masters, :maintainers
+
   def owners
     @owners ||=
       if group
@@ -136,10 +142,13 @@ class ProjectTeam
     max_member_access(user.id) == Gitlab::Access::DEVELOPER
   end
-  def master?(user)
-    max_member_access(user.id) == Gitlab::Access::MASTER
+  def maintainer?(user)
+    max_member_access(user.id) == Gitlab::Access::MAINTAINER
   end
+  # @deprecated
+  alias_method :master?, :maintainer?
+
   # Checks if `user` is authorized for this project, with at least the
   # `min_access_level` (if given).
   def member?(user, min_access_level = Gitlab::Access::GUEST)

app/models/user.rb

@@ -99,7 +99,8 @@ class User < ActiveRecord::Base
   has_many :group_members, -> { where(requested_at: nil) }, source: 'GroupMember'
   has_many :groups, through: :group_members
   has_many :owned_groups, -> { where(members: { access_level: Gitlab::Access::OWNER }) }, through: :group_members, source: :group
-  has_many :masters_groups, -> { where(members: { access_level: Gitlab::Access::MASTER }) }, through: :group_members, source: :group
+  has_many :maintainers_groups, -> { where(members: { access_level: Gitlab::Access::MAINTAINER }) }, through: :group_members, source: :group
+  alias_attribute :masters_groups, :maintainers_groups
   # Projects
   has_many :groups_projects,          through: :groups, source: :projects
@@ -728,7 +729,7 @@ class User < ActiveRecord::Base
   end
   def several_namespaces?
-    owned_groups.any? || masters_groups.any?
+    owned_groups.any? || maintainers_groups.any?
   end
   def namespace_id
@@ -974,15 +975,15 @@ class User < ActiveRecord::Base
   end
   def manageable_groups
-    union_sql = Gitlab::SQL::Union.new([owned_groups.select(:id), masters_groups.select(:id)]).to_sql
+    union_sql = Gitlab::SQL::Union.new([owned_groups.select(:id), maintainers_groups.select(:id)]).to_sql
     # Update this line to not use raw SQL when migrated to Rails 5.2.
     # Either ActiveRecord or Arel constructions are fine.
     # This was replaced with the raw SQL construction because of bugs in the arel gem.
     # Bugs were fixed in arel 9.0.0 (Rails 5.2).
-    owned_and_master_groups = Group.where("namespaces.id IN (#{union_sql})") # rubocop:disable GitlabSecurity/SqlInjection
-    Gitlab::GroupHierarchy.new(owned_and_master_groups).base_and_descendants
+    owned_and_maintainer_groups = Group.where("namespaces.id IN (#{union_sql})") # rubocop:disable GitlabSecurity/SqlInjection
+    Gitlab::GroupHierarchy.new(owned_and_maintainer_groups).base_and_descendants
   end
   def namespaces
@@ -1023,11 +1024,11 @@ class User < ActiveRecord::Base
   def ci_owned_runners
     @ci_owned_runners ||= begin
       project_runner_ids = Ci::RunnerProject
-        .where(project: authorized_projects(Gitlab::Access::MASTER))
+        .where(project: authorized_projects(Gitlab::Access::MAINTAINER))
         .select(:runner_id)
       group_runner_ids = Ci::RunnerNamespace
-        .where(namespace_id: owned_or_masters_groups.select(:id))
+        .where(namespace_id: owned_or_maintainers_groups.select(:id))
         .select(:runner_id)
       union = Gitlab::SQL::Union.new([project_runner_ids, group_runner_ids])
@@ -1236,11 +1237,14 @@ class User < ActiveRecord::Base
       !terms_accepted?
   end
-  def owned_or_masters_groups
-    union = Gitlab::SQL::Union.new([owned_groups, masters_groups])
+  def owned_or_maintainers_groups
+    union = Gitlab::SQL::Union.new([owned_groups, maintainers_groups])
     Group.from("(#{union.to_sql}) namespaces")
   end
+  # @deprecated
+  alias_method :owned_or_masters_groups, :owned_or_maintainers_groups
+
   protected
   # override, from Devise::Validatable

app/policies/clusters/cluster_policy.rb

@@ -4,7 +4,7 @@ module Clusters
     delegate { cluster.project }
-    rule { can?(:master_access) }.policy do
+    rule { can?(:maintainer_access) }.policy do
       enable :update_cluster
       enable :admin_cluster
     end

app/policies/deploy_token_policy.rb

 class DeployTokenPolicy < BasePolicy
   with_options scope: :subject, score: 0
-  condition(:master) { @subject.project.team.master?(@user) }
+  condition(:maintainer) { @subject.project.team.maintainer?(@user) }
   rule { anonymous }.prevent_all
-  rule { master }.policy do
+  rule { maintainer }.policy do
     enable :create_deploy_token
     enable :update_deploy_token
   end

app/policies/group_policy.rb

@@ -11,7 +11,7 @@ class GroupPolicy < BasePolicy
   condition(:guest) { access_level >= GroupMember::GUEST }
   condition(:developer) { access_level >= GroupMember::DEVELOPER }
   condition(:owner) { access_level >= GroupMember::OWNER }
-  condition(:master) { access_level >= GroupMember::MASTER }
+  condition(:maintainer) { access_level >= GroupMember::MAINTAINER }
   condition(:reporter) { access_level >= GroupMember::REPORTER }
   condition(:nested_groups_supported, scope: :global) { Group.supports_nested_groups? }
@@ -59,7 +59,7 @@ class GroupPolicy < BasePolicy
     enable :admin_issue
   end
-  rule { master }.policy do
+  rule { maintainer }.policy do
     enable :create_projects
     enable :admin_pipeline
     enable :admin_build

app/policies/project_policy.rb

@@ -46,7 +46,7 @@ class ProjectPolicy < BasePolicy
   condition(:developer) { team_access_level >= Gitlab::Access::DEVELOPER }
   desc "User has maintainer access"
-  condition(:master) { team_access_level >= Gitlab::Access::MASTER }
+  condition(:maintainer) { team_access_level >= Gitlab::Access::MAINTAINER }
   desc "Project is public"
   condition(:public_project, scope: :subject, score: 0) { project.public? }
@@ -123,14 +123,14 @@ class ProjectPolicy < BasePolicy
   rule { guest }.enable :guest_access
   rule { reporter }.enable :reporter_access
   rule { developer }.enable :developer_access
-  rule { master }.enable :master_access
+  rule { maintainer }.enable :maintainer_access
   rule { owner | admin }.enable :owner_access
   rule { can?(:owner_access) }.policy do
     enable :guest_access
     enable :reporter_access
     enable :developer_access
-    enable :master_access
+    enable :maintainer_access
     enable :change_namespace
     enable :change_visibility_level
@@ -228,7 +228,7 @@ class ProjectPolicy < BasePolicy
     enable :create_deployment
   end
-  rule { can?(:master_access) }.policy do
+  rule { can?(:maintainer_access) }.policy do
     enable :push_to_delete_protected_branch
     enable :update_project_snippet
     enable :update_environment

app/services/notification_service.rb

@@ -274,9 +274,9 @@ class NotificationService
   def new_access_request(member)
     return true unless member.notifiable?(:subscription)
-    recipients = member.source.members.active_without_invites_and_requests.owners_and_masters
-    if fallback_to_group_owners_masters?(recipients, member)
-      recipients = member.source.group.members.active_without_invites_and_requests.owners_and_masters
+    recipients = member.source.members.active_without_invites_and_requests.owners_and_maintainers
+    if fallback_to_group_owners_maintainers?(recipients, member)
+      recipients = member.source.group.members.active_without_invites_and_requests.owners_and_maintainers
     end
     recipients.each { |recipient| deliver_access_request_email(recipient, member) }
@@ -519,7 +519,7 @@ class NotificationService
     return [] unless project
-    notifiable_users(project.team.masters, :watch, target: project)
+    notifiable_users(project.team.maintainers, :watch, target: project)
   end
   def notifiable?(*args)
@@ -534,7 +534,7 @@ class NotificationService
     mailer.member_access_requested_email(member.real_source_type, member.id, recipient.user.notification_email).deliver_later
   end
-  def fallback_to_group_owners_masters?(recipients, member)
+  def fallback_to_group_owners_maintainers?(recipients, member)
     return false if recipients.present?
     member.source.respond_to?(:group) && member.source.group

app/services/projects/create_service.rb

@@ -115,7 +115,7 @@ module Projects
         @project.group.refresh_members_authorized_projects(blocking: false)
         current_user.refresh_authorized_projects
       else
-        @project.add_master(@project.namespace.owner, current_user: current_user)
+        @project.add_maintainer(@project.namespace.owner, current_user: current_user)
       end
     end

app/services/protected_branches/access_level_params.rb

@@ -14,7 +14,7 @@ module ProtectedBranches
     private
     def params_with_default(params)
-      params[:"#{type}_access_level"] ||= Gitlab::Access::MASTER if use_default_access_level?(params)
+      params[:"#{type}_access_level"] ||= Gitlab::Access::MAINTAINER if use_default_access_level?(params)
       params
     end

app/services/protected_branches/legacy_api_create_service.rb

@@ -9,14 +9,14 @@ module ProtectedBranches
         if params.delete(:developers_can_push)
           Gitlab::Access::DEVELOPER
         else
-          Gitlab::Access::MASTER
+          Gitlab::Access::MAINTAINER
         end
       merge_access_level =
         if params.delete(:developers_can_merge)
           Gitlab::Access::DEVELOPER
         else
-          Gitlab::Access::MASTER
+          Gitlab::Access::MAINTAINER
         end
       @params.merge!(push_access_levels_attributes: [{ access_level: push_access_level }],

app/services/protected_branches/legacy_api_update_service.rb

@@ -17,14 +17,14 @@ module ProtectedBranches
         when true
           params[:push_access_levels_attributes] = [{ access_level: Gitlab::Access::DEVELOPER }]
         when false
-          params[:push_access_levels_attributes] = [{ access_level: Gitlab::Access::MASTER }]
+          params[:push_access_levels_attributes] = [{ access_level: Gitlab::Access::MAINTAINER }]
         end
         case @developers_can_merge
         when true
           params[:merge_access_levels_attributes] = [{ access_level: Gitlab::Access::DEVELOPER }]
         when false
-          params[:merge_access_levels_attributes] = [{ access_level: Gitlab::Access::MASTER }]
+          params[:merge_access_levels_attributes] = [{ access_level: Gitlab::Access::MAINTAINER }]
         end
         service = ProtectedBranches::UpdateService.new(@project, @current_user, @params)

db/fixtures/development/12_snippets.rb

@@ -17,7 +17,7 @@ class Member < ActiveRecord::Base
   scope :guests, -> { where(access_level: GUEST) }
   scope :reporters, -> { where(access_level: REPORTER) }
   scope :developers, -> { where(access_level: DEVELOPER) }
-  scope :masters,  -> { where(access_level: MASTER) }
+  scope :maintainers,  -> { where(access_level: MAINTAINER) }
   scope :owners,  -> { where(access_level: OWNER) }
   delegate :name, :username, :email, to: :user, prefix: true

db/migrate/20160705054938_add_protected_branches_push_access.rb

@@ -9,7 +9,7 @@ class AddProtectedBranchesPushAccess < ActiveRecord::Migration
     create_table :protected_branch_push_access_levels do |t|
       t.references :protected_branch, index: { name: "index_protected_branch_push_access" }, foreign_key: true, null: false
-      # Gitlab::Access::MASTER == 40
+      # Gitlab::Access::MAINTAINER == 40
       t.integer :access_level, default: 40, null: false
       t.timestamps null: false