Skip to content
Snippets Groups Projects
Commit cc1cebdc authored by Timothy Andrew's avatar Timothy Andrew
Browse files

Admins count as masters too. 

1. In the context of protected branches.

2. Test this behaviour.
parent 4d6dadc8
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app/models/project_team.rb
+ 8
0
View file @ cc1cebdc
@@ -118,6 +118,14 @@ class ProjectTeam
max_member_access(user.id) == Gitlab::Access::MASTER
end
 
def master_or_greater?(user)
master?(user) || user.is_admin?
end
def developer_or_greater?(user)
master_or_greater?(user) || developer?(user)
end
def member?(user, min_member_access = nil)
member = !!find_member(user.id)
 
app/models/protected_branch/merge_access_level.rb
+ 2
2
View file @ cc1cebdc
@@ -13,9 +13,9 @@ class ProtectedBranch::MergeAccessLevel < ActiveRecord::Base
 
def check_access(user)
if masters?
user.can?(:push_code, project) if project.team.master?(user)
user.can?(:push_code, project) if project.team.master_or_greater?(user)
elsif developers?
user.can?(:push_code, project) if project.team.master?(user) || project.team.developer?(user)
user.can?(:push_code, project) if project.team.developer_or_greater?(user)
end
end
 
app/models/protected_branch/push_access_level.rb
+ 2
2
View file @ cc1cebdc
@@ -14,9 +14,9 @@ class ProtectedBranch::PushAccessLevel < ActiveRecord::Base
 
def check_access(user)
if masters?
user.can?(:push_code, project) if project.team.master?(user)
user.can?(:push_code, project) if project.team.master_or_greater?(user)
elsif developers?
user.can?(:push_code, project) if project.team.master?(user) || project.team.developer?(user)
user.can?(:push_code, project) if project.team.developer_or_greater?(user)
elsif no_one?
false
end
spec/lib/gitlab/git_access_spec.rb
+ 24
6
View file @ cc1cebdc
@@ -151,7 +151,13 @@ describe Gitlab::GitAccess, lib: true do
def self.run_permission_checks(permissions_matrix)
permissions_matrix.keys.each do |role|
describe "#{role} access" do
before { project.team << [user, role] }
before do
if role == :admin
user.update_attribute(:admin, true)
else
project.team << [user, role]
end
end
 
permissions_matrix[role].each do |action, allowed|
context action do
@@ -165,6 +171,17 @@ describe Gitlab::GitAccess, lib: true do
end
 
permissions_matrix = {
admin: {
push_new_branch: true,
push_master: true,
push_protected_branch: true,
push_remove_protected_branch: false,
push_tag: true,
push_new_tag: true,
push_all: true,
merge_into_protected_branch: true
},
master: {
push_new_branch: true,
push_master: true,
@@ -257,13 +274,14 @@ describe Gitlab::GitAccess, lib: true do
 
run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: true, push_all: true, merge_into_protected_branch: true }))
end
end
 
context "when no one is allowed to push to the #{protected_branch_name} protected branch" do
before { create(:protected_branch, :no_one_can_push, name: protected_branch_name, project: project) }
context "when no one is allowed to push to the #{protected_branch_name} protected branch" do
before { create(:protected_branch, :no_one_can_push, name: protected_branch_name, project: project) }
 
run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
master: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }))
run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
master: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
admin: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }))
end
end
end
 
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment