Merge branch 'master' into 38869-ci-global38869-ci-global

* master: (116 commits)
  Fix bad type checking to prevent 0 count badge to be shown
  fix incorrect description for advanced settings section of project settings
  Introduce new hook data builders for Issue and MergeRequest
  Don't create todos for old issue assignees
  Start adding Gitlab::HookData::IssuableBuilder
  Include the changes in issuable webhook payloads
  Rename the `codeclimate` job to `codequality`
  Don't show an "Unsubscribe" link in snippet comment notifications
  Add QA::Scenario::Gitlab::Group::Create
  Removes CommitsList from global namespace
  Fix wiki empty page translation namespace not being removed
  Fixes mini graph in commit view
  Fix link to new i18n index page
  Update i18n docs
  Move i18n/introduction to i18n/index
  Resolve "Simple documentation update - backup to restore in restore section"
  Remove AjaxLoadingSpinner and CreateLabelDropdown from global namespace
  Move cycle analytics banner into a vue file
  Updated Icons + Fix for Collapsed Groups Angle
  Don't create fork networks for root projects that are deleted
  ...

1 files changed, 25 insertions, 2 deletions

diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb
index 458627ee4de..c9643c5da47 100644
--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@@ -165,7 +165,7 @@ describe Gitlab::GitAccess do
         stub_application_setting(rsa_key_restriction: 4096)
       end
 
-      it 'does not allow keys which are too small', aggregate_failures: true do
+      it 'does not allow keys which are too small', :aggregate_failures do
         expect(actor).not_to be_valid
         expect { pull_access_check }.to raise_unauthorized('Your SSH key must be at least 4096 bits.')
         expect { push_access_check }.to raise_unauthorized('Your SSH key must be at least 4096 bits.')
@@ -177,7 +177,7 @@ describe Gitlab::GitAccess do
         stub_application_setting(rsa_key_restriction: ApplicationSetting::FORBIDDEN_KEY_VALUE)
       end
 
-      it 'does not allow keys which are too small', aggregate_failures: true do
+      it 'does not allow keys which are too small', :aggregate_failures do
         expect(actor).not_to be_valid
         expect { pull_access_check }.to raise_unauthorized(/Your SSH key type is forbidden/)
         expect { push_access_check }.to raise_unauthorized(/Your SSH key type is forbidden/)
@@ -598,6 +598,19 @@ describe Gitlab::GitAccess do
                                                             admin: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }))
       end
     end
+
+    context "when in a read-only GitLab instance" do
+      before do
+        create(:protected_branch, name: 'feature', project: project)
+        allow(Gitlab::Database).to receive(:read_only?) { true }
+      end
+
+      # Only check admin; if an admin can't do it, other roles can't either
+      matrix = permissions_matrix[:admin].dup
+      matrix.each { |key, _| matrix[key] = false }
+
+      run_permission_checks(admin: matrix)
+    end
   end
 
   describe 'build authentication abilities' do
@@ -632,6 +645,16 @@ describe Gitlab::GitAccess do
     end
   end
 
+  context 'when the repository is read only' do
+    let(:project) { create(:project, :repository, :read_only) }
+
+    it 'denies push access' do
+      project.add_master(user)
+
+      expect { push_access_check }.to raise_unauthorized('The repository is temporarily read-only. Please try again later.')
+    end
+  end
+
   describe 'deploy key permissions' do
     let(:key) { create(:deploy_key, user: user, can_push: can_push) }
     let(:actor) { key }