diff options
| author | Douwe Maan <douwe@gitlab.com> | 2017-05-01 15:14:31 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2017-05-01 15:14:31 +0000 |
| commit | 623eb34f1a54607d5da5e79a41ffa03de2ae3285 (patch) | |
| tree | 409329f0bf43bdeb22eb52cdf9fb5ae034cfae6b | |
| parent | 0789d7aab31674dc6158c8d4f8687fcff281e8a2 (diff) | |
| parent | 19edeba8e3e8d091853ceed27f271cd67a636551 (diff) | |
| download | gitlab-ce-623eb34f1a54607d5da5e79a41ffa03de2ae3285.tar.gz | |
Merge branch '28968-revert-allow-people-with-merge-access-to-create-branches' into 'master'
Prevent people from creating branches if they don't have persmission to push
Closes #28968
See merge request !10983
3 files changed, 7 insertions, 5 deletions
diff --git a/changelogs/unreleased/28968-prevent-people-from-creating-branches-if-they-don-have-permission-to-push.yml b/changelogs/unreleased/28968-prevent-people-from-creating-branches-if-they-don-have-permission-to-push.yml new file mode 100644 index 00000000000..6612cfd8866 --- /dev/null +++ b/changelogs/unreleased/28968-prevent-people-from-creating-branches-if-they-don-have-permission-to-push.yml @@ -0,0 +1,4 @@ +--- +title: Prevent people from creating branches if they don't have persmission to push +merge_request: +author: diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb index 54728e5ff0e..e46ff313654 100644 --- a/lib/gitlab/user_access.rb +++ b/lib/gitlab/user_access.rb @@ -44,9 +44,7 @@ module Gitlab if ProtectedBranch.protected?(project, ref) return true if project.empty_repo? && project.user_can_push_to_empty_repo?(user) - has_access = project.protected_branches.protected_ref_accessible_to?(ref, user, action: :push) - - has_access || !project.repository.branch_exists?(ref) && can_merge_to_branch?(ref) + project.protected_branches.protected_ref_accessible_to?(ref, user, action: :push) else user.can?(:push_code, project) end diff --git a/spec/lib/gitlab/user_access_spec.rb b/spec/lib/gitlab/user_access_spec.rb index 611cdbbc865..2b27ff66c09 100644 --- a/spec/lib/gitlab/user_access_spec.rb +++ b/spec/lib/gitlab/user_access_spec.rb @@ -87,10 +87,10 @@ describe Gitlab::UserAccess, lib: true do expect(access.can_push_to_branch?(branch.name)).to be_falsey end - it 'returns true if branch does not exist and user has permission to merge' do + it 'returns false if branch does not exist' do project.team << [user, :developer] - expect(access.can_push_to_branch?(not_existing_branch.name)).to be_truthy + expect(access.can_push_to_branch?(not_existing_branch.name)).to be_falsey end end |