Merge branch 'refactor-after-create-default-branch' into 'master'

Refactor Project#after_create_default_branch

See merge request gitlab-org/gitlab-ce!24329

2 files changed, 68 insertions, 18 deletions

diff --git a/app/models/project.rb b/app/models/project.rb
index 000d7c5b949..376f8efacb1 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -1602,24 +1602,7 @@ class Project < ActiveRecord::Base
 
   # rubocop: disable CodeReuse/ServiceClass
   def after_create_default_branch
-    return unless default_branch
-
-    # Ensure HEAD points to the default branch in case it is not master
-    change_head(default_branch)
-
-    if Gitlab::CurrentSettings.default_branch_protection != Gitlab::Access::PROTECTION_NONE && !ProtectedBranch.protected?(self, default_branch)
-      params = {
-        name: default_branch,
-        push_access_levels_attributes: [{
-          access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_PUSH ? Gitlab::Access::DEVELOPER : Gitlab::Access::MAINTAINER
-        }],
-        merge_access_levels_attributes: [{
-          access_level: Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_MERGE ? Gitlab::Access::DEVELOPER : Gitlab::Access::MAINTAINER
-        }]
-      }
-
-      ProtectedBranches::CreateService.new(self, creator, params).execute(skip_authorization: true)
-    end
+    Projects::ProtectDefaultBranchService.new(self).execute
   end
   # rubocop: enable CodeReuse/ServiceClass
 
diff --git a/app/services/projects/protect_default_branch_service.rb b/app/services/projects/protect_default_branch_service.rb
new file mode 100644
index 00000000000..245490791bf
--- /dev/null
+++ b/app/services/projects/protect_default_branch_service.rb
@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Projects
+  # Service class that can be used to execute actions necessary after creating a
+  # default branch.
+  class ProtectDefaultBranchService
+    attr_reader :project, :default_branch_protection
+
+    # @param [Project] project
+    def initialize(project)
+      @project = project
+
+      @default_branch_protection = Gitlab::Access::BranchProtection
+        .new(Gitlab::CurrentSettings.default_branch_protection)
+    end
+
+    def execute
+      protect_default_branch if default_branch
+    end
+
+    def protect_default_branch
+      # Ensure HEAD points to the default branch in case it is not master
+      project.change_head(default_branch)
+
+      create_protected_branch if protect_branch?
+    end
+
+    def create_protected_branch
+      params = {
+        name: default_branch,
+        push_access_levels_attributes: [{ access_level: push_access_level }],
+        merge_access_levels_attributes: [{ access_level: merge_access_level }]
+      }
+
+      # The creator of the project is always allowed to create protected
+      # branches, so we skip the authorization check in this service class.
+      ProtectedBranches::CreateService
+        .new(project, project.creator, params)
+        .execute(skip_authorization: true)
+    end
+
+    def protect_branch?
+      default_branch_protection.any? &&
+        !ProtectedBranch.protected?(project, default_branch)
+    end
+
+    def default_branch
+      project.default_branch
+    end
+
+    def push_access_level
+      if default_branch_protection.developer_can_push?
+        Gitlab::Access::DEVELOPER
+      else
+        Gitlab::Access::MAINTAINER
+      end
+    end
+
+    def merge_access_level
+      if default_branch_protection.developer_can_merge?
+        Gitlab::Access::DEVELOPER
+      else
+        Gitlab::Access::MAINTAINER
+      end
+    end
+  end
+end