Merge branch 'ee-1137-follow-up-protected-branch-users-and-groups' into 'master'

CE-specific changes for gitlab-org/gitlab-ee#1137

## What does this MR do?

- gitlab-org/gitlab-ee#1137 is a `technical debt` issue to clean up the EE protected branch access levels (for users and groups) implementation.
- Some of this cleanup bleeds over to code shared by CE and EE, which is why this MR is required.
- An EE-specific MR has also been created: gitlab-org/gitlab-ee!927

See merge request !7821

3 files changed, 10 insertions, 14 deletions

diff --git a/app/models/concerns/protected_branch_access.rb b/app/models/concerns/protected_branch_access.rb
index 7fd0905ee81..9dd4d9c6f24 100644
--- a/app/models/concerns/protected_branch_access.rb
+++ b/app/models/concerns/protected_branch_access.rb
@@ -2,6 +2,9 @@ module ProtectedBranchAccess
   extend ActiveSupport::Concern
 
   included do
+    belongs_to :protected_branch
+    delegate :project, to: :protected_branch
+
     scope :master, -> { where(access_level: Gitlab::Access::MASTER) }
     scope :developer, -> { where(access_level: Gitlab::Access::DEVELOPER) }
   end
@@ -9,4 +12,10 @@ module ProtectedBranchAccess
   def humanize
     self.class.human_access_levels[self.access_level]
   end
+
+  def check_access(user)
+    return true if user.is_admin?
+
+    project.team.max_member_access(user.id) >= access_level
+  end
 end
diff --git a/app/models/protected_branch/merge_access_level.rb b/app/models/protected_branch/merge_access_level.rb
index 806b3ccd275..771e3376613 100644
--- a/app/models/protected_branch/merge_access_level.rb
+++ b/app/models/protected_branch/merge_access_level.rb
@@ -1,9 +1,6 @@
 class ProtectedBranch::MergeAccessLevel < ActiveRecord::Base
   include ProtectedBranchAccess
 
-  belongs_to :protected_branch
-  delegate :project, to: :protected_branch
-
   validates :access_level, presence: true, inclusion: { in: [Gitlab::Access::MASTER,
                                                              Gitlab::Access::DEVELOPER] }
 
@@ -13,10 +10,4 @@ class ProtectedBranch::MergeAccessLevel < ActiveRecord::Base
       Gitlab::Access::DEVELOPER => "Developers + Masters"
     }.with_indifferent_access
   end
-
-  def check_access(user)
-    return true if user.is_admin?
-
-    project.team.max_member_access(user.id) >= access_level
-  end
 end
diff --git a/app/models/protected_branch/push_access_level.rb b/app/models/protected_branch/push_access_level.rb
index 92e9c51d883..14610cb42b7 100644
--- a/app/models/protected_branch/push_access_level.rb
+++ b/app/models/protected_branch/push_access_level.rb
@@ -1,9 +1,6 @@
 class ProtectedBranch::PushAccessLevel < ActiveRecord::Base
   include ProtectedBranchAccess
 
-  belongs_to :protected_branch
-  delegate :project, to: :protected_branch
-
   validates :access_level, presence: true, inclusion: { in: [Gitlab::Access::MASTER,
                                                              Gitlab::Access::DEVELOPER,
                                                              Gitlab::Access::NO_ACCESS] }
@@ -18,8 +15,7 @@ class ProtectedBranch::PushAccessLevel < ActiveRecord::Base
 
   def check_access(user)
     return false if access_level == Gitlab::Access::NO_ACCESS
-    return true if user.is_admin?
 
-    project.team.max_member_access(user.id) >= access_level
+    super
   end
 end