diff options
author | tiagonbotelho <tiagonbotelho@hotmail.com> | 2016-07-20 15:38:41 +0100 |
---|---|---|
committer | tiagonbotelho <tiagonbotelho@hotmail.com> | 2016-07-20 15:38:41 +0100 |
commit | 952ed20a786367c869cafec038b8d3174017b1bb (patch) | |
tree | ed1ad5e14c564cf2c75cf8ff8dba01e19b56981a | |
parent | 11ffdea7cebc7c4f896adbc5c2a5d31d25711395 (diff) | |
download | gitlab-ce-14898-all-developers-can-push-to-protected-branch-by-default.tar.gz |
developers in project cannot push to protected branch not even when the project is still empty14898-all-developers-can-push-to-protected-branch-by-default
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | lib/gitlab/user_access.rb | 2 | ||||
-rw-r--r-- | spec/lib/gitlab/user_access_spec.rb | 17 |
3 files changed, 19 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index 1abc4afdddd..2ba06fc1042 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -4,6 +4,7 @@ v 8.11.0 (unreleased) - Limit git rev-list output count to one in forced push check v 8.10.0 (unreleased) + - Developers cannot push to a protected branch without permission not even when project is still empty (tiagonbotelho) - Fix profile activity heatmap to show correct day name (eanplatter) - Speed up ExternalWikiHelper#get_project_wiki_path - Expose {should,force}_remove_source_branch (Ben Boeckel) diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb index c0f85e9b3a8..40d8c4bbf00 100644 --- a/lib/gitlab/user_access.rb +++ b/lib/gitlab/user_access.rb @@ -29,7 +29,7 @@ module Gitlab def can_push_to_branch?(ref) return false unless user - if project.protected_branch?(ref) && !project.developers_can_push_to_protected_branch?(ref) + if (project.protected_branch?(ref) && !project.developers_can_push_to_protected_branch?(ref)) || project.empty_repo? user.can?(:push_code_to_protected_branches, project) else user.can?(:push_code, project) diff --git a/spec/lib/gitlab/user_access_spec.rb b/spec/lib/gitlab/user_access_spec.rb index aa9ec243498..ab9b1541542 100644 --- a/spec/lib/gitlab/user_access_spec.rb +++ b/spec/lib/gitlab/user_access_spec.rb @@ -23,6 +23,23 @@ describe Gitlab::UserAccess, lib: true do end end + describe 'push to empty project' do + let(:empty_project) { create(:project_empty_repo) } + let(:project_access) { Gitlab::UserAccess.new(user, project: empty_project) } + + it 'returns true if user is master' do + empty_project.team << [user, :master] + + expect(project_access.can_push_to_branch?('master')).to be_truthy + end + + it 'returns false if user is developer' do + empty_project.team << [user, :developer] + + expect(project_access.can_push_to_branch?('master')).to be_falsey + end + end + describe 'push to protected branch' do let(:branch) { create :protected_branch, project: project } |