diff options
| author | Nick Thomas <nick@gitlab.com> | 2019-01-16 16:56:30 +0000 |
|---|---|---|
| committer | Nick Thomas <nick@gitlab.com> | 2019-01-16 16:56:30 +0000 |
| commit | 824c6b03e7f0f4c549fc2eacfc23ea8529274849 (patch) | |
| tree | 1d2d0641540eded0ea708ad0b4e598e0e385ea16 /app/services | |
| parent | 766fbe1c1c3c542c28c24b1dda5c087a6b2f0645 (diff) | |
| parent | 52eeb56bf033e0695acba6c236ed6a9a40bc8a4d (diff) | |
| download | gitlab-ce-824c6b03e7f0f4c549fc2eacfc23ea8529274849.tar.gz | |
Merge branch 'refactor-after-create-default-branch' into 'master'
Refactor Project#after_create_default_branch
See merge request gitlab-org/gitlab-ce!24329
Diffstat (limited to 'app/services')
| -rw-r--r-- | app/services/projects/protect_default_branch_service.rb | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/app/services/projects/protect_default_branch_service.rb b/app/services/projects/protect_default_branch_service.rb new file mode 100644 index 00000000000..245490791bf --- /dev/null +++ b/app/services/projects/protect_default_branch_service.rb @@ -0,0 +1,67 @@ +# frozen_string_literal: true + +module Projects + # Service class that can be used to execute actions necessary after creating a + # default branch. + class ProtectDefaultBranchService + attr_reader :project, :default_branch_protection + + # @param [Project] project + def initialize(project) + @project = project + + @default_branch_protection = Gitlab::Access::BranchProtection + .new(Gitlab::CurrentSettings.default_branch_protection) + end + + def execute + protect_default_branch if default_branch + end + + def protect_default_branch + # Ensure HEAD points to the default branch in case it is not master + project.change_head(default_branch) + + create_protected_branch if protect_branch? + end + + def create_protected_branch + params = { + name: default_branch, + push_access_levels_attributes: [{ access_level: push_access_level }], + merge_access_levels_attributes: [{ access_level: merge_access_level }] + } + + # The creator of the project is always allowed to create protected + # branches, so we skip the authorization check in this service class. + ProtectedBranches::CreateService + .new(project, project.creator, params) + .execute(skip_authorization: true) + end + + def protect_branch? + default_branch_protection.any? && + !ProtectedBranch.protected?(project, default_branch) + end + + def default_branch + project.default_branch + end + + def push_access_level + if default_branch_protection.developer_can_push? + Gitlab::Access::DEVELOPER + else + Gitlab::Access::MAINTAINER + end + end + + def merge_access_level + if default_branch_protection.developer_can_merge? + Gitlab::Access::DEVELOPER + else + Gitlab::Access::MAINTAINER + end + end + end +end |