Skip to content
Snippets Groups Projects
Commit d6dd9d71 authored by James Edwards-Jones's avatar James Edwards-Jones
Browse files

Fix ProtectedBranch access level validations 

Before an access_level was required in EE even when an
it had been set for a user/group.
parent e548c613
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app/models/concerns/protected_branch_access.rb
+ 0
10
View file @ d6dd9d71
module ProtectedBranchAccess
extend ActiveSupport::Concern
 
ALLOWED_ACCESS_LEVELS ||= [
Gitlab::Access::MASTER,
Gitlab::Access::DEVELOPER,
Gitlab::Access::NO_ACCESS
].freeze
included do
include ProtectedRefAccess
 
@@ -14,10 +8,6 @@ module ProtectedBranchAccess
 
delegate :project, to: :protected_branch
 
validates :access_level, presence: true, inclusion: {
in: ALLOWED_ACCESS_LEVELS
}
def self.human_access_levels
{
Gitlab::Access::MASTER => "Masters",
app/models/concerns/protected_ref_access.rb
+ 16
0
View file @ d6dd9d71
module ProtectedRefAccess
extend ActiveSupport::Concern
 
ALLOWED_ACCESS_LEVELS = [
Gitlab::Access::MASTER,
Gitlab::Access::DEVELOPER,
Gitlab::Access::NO_ACCESS
].freeze
included do
scope :master, -> { where(access_level: Gitlab::Access::MASTER) }
scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }
validates :access_level, presence: true, if: :role?, inclusion: {
in: ALLOWED_ACCESS_LEVELS
}
end
 
def humanize
self.class.human_access_levels[self.access_level]
end
 
# CE access levels are always role-based,
# where as EE allows groups and users too
def role?
true
end
def check_access(user)
return true if user.admin?
 
app/models/protected_tag/create_access_level.rb
+ 0
4
View file @ d6dd9d71
class ProtectedTag::CreateAccessLevel < ActiveRecord::Base
include ProtectedTagAccess
 
validates :access_level, presence: true, inclusion: { in: [Gitlab::Access::MASTER,
Gitlab::Access::DEVELOPER,
Gitlab::Access::NO_ACCESS] }
def self.human_access_levels
{
Gitlab::Access::MASTER => "Masters",
doc/api/protected_branches.md
+ 1
1
View file @ d6dd9d71
@@ -4,7 +4,7 @@
 
**Valid access levels**
 
The access levels are defined in the `ProtectedBranchAccess::ALLOWED_ACCESS_LEVELS` constant. Currently, these levels are recognized:
The access levels are defined in the `ProtectedRefAccess::ALLOWED_ACCESS_LEVELS` constant. Currently, these levels are recognized:
```
0 => No access
30 => Developer access
lib/api/protected_branches.rb
+ 2
2
View file @ d6dd9d71
@@ -40,10 +40,10 @@ module API
params do
requires :name, type: String, desc: 'The name of the protected branch'
optional :push_access_level, type: Integer, default: Gitlab::Access::MASTER,
values: ProtectedBranchAccess::ALLOWED_ACCESS_LEVELS,
values: ProtectedRefAccess::ALLOWED_ACCESS_LEVELS,
desc: 'Access levels allowed to push (defaults: `40`, master access level)'
optional :merge_access_level, type: Integer, default: Gitlab::Access::MASTER,
values: ProtectedBranchAccess::ALLOWED_ACCESS_LEVELS,
values: ProtectedRefAccess::ALLOWED_ACCESS_LEVELS,
desc: 'Access levels allowed to merge (defaults: `40`, master access level)'
end
post ':id/protected_branches' do
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment