diff options
| author | James Edwards-Jones <jedwardsjones@gitlab.com> | 2018-03-25 03:45:43 +0100 |
|---|---|---|
| committer | James Edwards-Jones <jedwardsjones@gitlab.com> | 2018-03-26 10:29:53 +0100 |
| commit | 48717b434d583a0be1f22803edd6948c13e11591 (patch) | |
| tree | 1d03ffc89bd912f79759877ce0ef42018429e636 | |
| parent | b6a4c0181b2a3d8bebde549cb9ad8dc6da8361d6 (diff) | |
| download | gitlab-ce-jej/add-protected-branch-policy.tar.gz | |
Revert exploratory branch restriction policyjej/add-protected-branch-policy
| -rw-r--r-- | app/policies/protected_branch_policy.rb | 10 | ||||
| -rw-r--r-- | spec/policies/protected_branch_policy_spec.rb | 50 |
2 files changed, 6 insertions, 54 deletions
diff --git a/app/policies/protected_branch_policy.rb b/app/policies/protected_branch_policy.rb index 29dd897194d..1a7faa4db40 100644 --- a/app/policies/protected_branch_policy.rb +++ b/app/policies/protected_branch_policy.rb @@ -1,19 +1,9 @@ class ProtectedBranchPolicy < BasePolicy delegate { @subject.project } - condition(:requires_admin_to_unprotect?, scope: :subject) do - @subject.name == 'master' && Gitlab::CurrentSettings.only_admins_can_unprotect_master_branch? - end - rule { can?(:admin_project) }.policy do enable :create_protected_branch enable :update_protected_branch enable :destroy_protected_branch end - - rule { requires_admin_to_unprotect? & ~admin }.policy do - prevent :create_protected_branch - prevent :update_protected_branch - prevent :destroy_protected_branch - end end diff --git a/spec/policies/protected_branch_policy_spec.rb b/spec/policies/protected_branch_policy_spec.rb index decddfde89a..b39de42d721 100644 --- a/spec/policies/protected_branch_policy_spec.rb +++ b/spec/policies/protected_branch_policy_spec.rb @@ -8,53 +8,15 @@ describe ProtectedBranchPolicy do subject { described_class.new(user, protected_branch) } - context 'when unprotection restriction feature is disabled' do - it "branches can't be updated by guests" do - project.add_guest(user) + it 'branches can be updated via project masters' do + project.add_master(user) - is_expected.to be_disallowed(:update_protected_branch) - end - - it 'branches can be updated via access to project settings' do - project.add_master(user) - - is_expected.to be_allowed(:update_protected_branch) - end + is_expected.to be_allowed(:update_protected_branch) end - context 'when unprotection restriction feature is enabled' do - before do - # stub_licensed_features(unprotection_restrictions: true) - end - - context 'and unprotection is limited to admins' do #TODO: remove this is temporary exploration - before do - stub_application_setting(only_admins_can_unprotect_master_branch: true) - end - - context 'and the protection is for master' do - let(:name) { 'master' } - - it 'project owners cannot remove protections' do - project.add_master(user) - - is_expected.not_to be_allowed(:update_protected_branch) - end - - it 'admins can remove protections' do - user.update!(admin: true) - - is_expected.to be_allowed(:update_protected_branch) - end - end - - context "and the protection isn't for master" do - it 'project owners can remove protections' do - project.add_master(user) + it "branches can't be updated by guests" do + project.add_guest(user) - is_expected.to be_allowed(:update_protected_branch) - end - end - end + is_expected.to be_disallowed(:update_protected_branch) end end |