summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorSam Rose <samrose3@gmail.com>2017-05-08 07:41:58 +0000
committerPhil Hughes <me@iamphill.com>2017-05-08 07:41:58 +0000
commit1ebd9dad8e4a3ade4fa829d1d5ac6cbc9825bf48 (patch)
treeea175b4ef388f79d8550a424ac5b46a535555664 /lib
parent1a5e84febeb3f2d63c019981e80c777195c37dd2 (diff)
downloadgitlab-ce-1ebd9dad8e4a3ade4fa829d1d5ac6cbc9825bf48.tar.gz
Add confirm delete protected branch modal
Diffstat (limited to 'lib')
-rw-r--r--lib/gitlab/checks/change_access.rb68
-rw-r--r--lib/gitlab/user_access.rb10
2 files changed, 51 insertions, 27 deletions
diff --git a/lib/gitlab/checks/change_access.rb b/lib/gitlab/checks/change_access.rb
index 8793b20aa35..c984eb20606 100644
--- a/lib/gitlab/checks/change_access.rb
+++ b/lib/gitlab/checks/change_access.rb
@@ -1,7 +1,6 @@
module Gitlab
module Checks
class ChangeAccess
- # protocol is currently used only in EE
attr_reader :user_access, :project, :skip_authorization, :protocol
def initialize(
@@ -18,7 +17,9 @@ module Gitlab
end
def exec
- error = push_checks || tag_checks || protected_branch_checks
+ return GitAccessStatus.new(true) if skip_authorization
+
+ error = push_checks || branch_checks || tag_checks
if error
GitAccessStatus.new(false, error)
@@ -29,35 +30,59 @@ module Gitlab
protected
- def protected_branch_checks
- return if skip_authorization
+ def push_checks
+ if user_access.cannot_do_action?(:push_code)
+ "You are not allowed to push code to this project."
+ end
+ end
+
+ def branch_checks
return unless @branch_name
+
+ if deletion? && @branch_name == project.default_branch
+ return "The default branch of a project cannot be deleted."
+ end
+
+ protected_branch_checks
+ end
+
+ def protected_branch_checks
return unless ProtectedBranch.protected?(project, @branch_name)
if forced_push?
return "You are not allowed to force push code to a protected branch on this project."
- elsif deletion?
- return "You are not allowed to delete protected branches from this project."
end
+ if deletion?
+ protected_branch_deletion_checks
+ else
+ protected_branch_push_checks
+ end
+ end
+
+ def protected_branch_deletion_checks
+ unless user_access.can_delete_branch?(@branch_name)
+ return 'You are not allowed to delete protected branches from this project. Only a project master or owner can delete a protected branch.'
+ end
+
+ unless protocol == 'web'
+ 'You can only delete protected branches using the web interface.'
+ end
+ end
+
+ def protected_branch_push_checks
if matching_merge_request?
- if user_access.can_merge_to_branch?(@branch_name) || user_access.can_push_to_branch?(@branch_name)
- return
- else
+ unless user_access.can_merge_to_branch?(@branch_name) || user_access.can_push_to_branch?(@branch_name)
"You are not allowed to merge code into protected branches on this project."
end
else
- if user_access.can_push_to_branch?(@branch_name)
- return
- else
+ unless user_access.can_push_to_branch?(@branch_name)
"You are not allowed to push code to protected branches on this project."
end
end
end
def tag_checks
- return if skip_authorization
-
return unless @tag_name
if tag_exists? && user_access.cannot_do_action?(:admin_project)
@@ -68,7 +93,8 @@ module Gitlab
end
def protected_tag_checks
- return unless tag_protected?
+ return unless ProtectedTag.protected?(project, @tag_name)
+
return "Protected tags cannot be updated." if update?
return "Protected tags cannot be deleted." if deletion?
@@ -77,18 +103,6 @@ module Gitlab
end
end
- def tag_protected?
- ProtectedTag.protected?(project, @tag_name)
- end
-
- def push_checks
- return if skip_authorization
-
- if user_access.cannot_do_action?(:push_code)
- "You are not allowed to push code to this project."
- end
- end
-
private
def tag_exists?
diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb
index e46ff313654..3b922da7ced 100644
--- a/lib/gitlab/user_access.rb
+++ b/lib/gitlab/user_access.rb
@@ -38,6 +38,16 @@ module Gitlab
end
end
+ def can_delete_branch?(ref)
+ return false unless can_access_git?
+
+ if ProtectedBranch.protected?(project, ref)
+ user.can?(:delete_protected_branch, project)
+ else
+ user.can?(:push_code, project)
+ end
+ end
+
def can_push_to_branch?(ref)
return false unless can_access_git?