1 files changed, 96 insertions, 54 deletions

diff --git a/spec/models/protected_branch_spec.rb b/spec/models/protected_branch_spec.rb
index b623d534f29..71e22f848cc 100644
--- a/spec/models/protected_branch_spec.rb
+++ b/spec/models/protected_branch_spec.rb
@@ -214,7 +214,6 @@ RSpec.describe ProtectedBranch do
         let_it_be(:project) { create(:project, :repository) }
         let_it_be(:protected_branch) { create(:protected_branch, project: project, name: "“jawn”") }
 
-        let(:use_new_cache_implementation) { true }
         let(:rely_on_new_cache) { true }
 
         shared_examples_for 'hash based cache implementation' do
@@ -230,7 +229,6 @@ RSpec.describe ProtectedBranch do
         end
 
         before do
-          stub_feature_flags(hash_based_cache_for_protected_branches: use_new_cache_implementation)
           stub_feature_flags(rely_on_protected_branches_cache: rely_on_new_cache)
           allow(described_class).to receive(:matching).and_call_original
 
@@ -296,48 +294,6 @@ RSpec.describe ProtectedBranch do
             expect(described_class.protected?(project, protected_branch.name)).to eq(true)
           end
         end
-
-        context 'when feature flag hash_based_cache_for_protected_branches is off' do
-          let(:use_new_cache_implementation) { false }
-
-          it 'does not call hash based cache implementation' do
-            expect(ProtectedBranches::CacheService).not_to receive(:new)
-            expect(Rails.cache).to receive(:fetch).and_call_original
-
-            described_class.protected?(project, 'missing-branch')
-          end
-
-          it 'correctly invalidates a cache' do
-            expect(described_class).to receive(:matching).with(protected_branch.name, protected_refs: anything).once.and_call_original
-
-            create(:protected_branch, project: project, name: "bar")
-            # the cache is invalidated because the project has been "updated"
-            expect(described_class.protected?(project, protected_branch.name)).to eq(true)
-          end
-
-          it 'sets expires_in of 1 hour for the Rails cache key' do
-            cache_key = described_class.protected_ref_cache_key(project, protected_branch.name)
-
-            expect(Rails.cache).to receive(:fetch).with(cache_key, expires_in: 1.hour)
-
-            described_class.protected?(project, protected_branch.name)
-          end
-
-          context 'when project is updated' do
-            it 'invalidates Rails cache' do
-              expect(described_class).to receive(:matching).with(protected_branch.name, protected_refs: anything).once.and_call_original
-
-              project.touch
-
-              described_class.protected?(project, protected_branch.name)
-            end
-          end
-
-          it 'correctly uses the cached version' do
-            expect(described_class).not_to receive(:matching)
-            expect(described_class.protected?(project, protected_branch.name)).to eq(true)
-          end
-        end
       end
     end
 
@@ -385,23 +341,61 @@ RSpec.describe ProtectedBranch do
   end
 
   describe "#allow_force_push?" do
-    context "when the attr allow_force_push is true" do
-      let(:subject_branch) { create(:protected_branch, allow_force_push: true, name: "foo") }
+    context "when feature flag disabled" do
+      before do
+        stub_feature_flags(group_protected_branches: false)
+      end
+
+      let(:subject_branch) { create(:protected_branch, allow_force_push: allow_force_push, name: "foo") }
+      let(:project) { subject_branch.project }
+
+      context "when the attr allow_force_push is true" do
+        let(:allow_force_push) { true }
 
-      it "returns true" do
-        project = subject_branch.project
+        it "returns true" do
+          expect(described_class.allow_force_push?(project, "foo")).to eq(true)
+        end
+      end
 
-        expect(described_class.allow_force_push?(project, "foo")).to eq(true)
+      context "when the attr allow_force_push is false" do
+        let(:allow_force_push) { false }
+
+        it "returns false" do
+          expect(described_class.allow_force_push?(project, "foo")).to eq(false)
+        end
       end
     end
 
-    context "when the attr allow_force_push is false" do
-      let(:subject_branch) { create(:protected_branch, allow_force_push: false, name: "foo") }
+    context "when feature flag enabled" do
+      using RSpec::Parameterized::TableSyntax
+
+      let_it_be(:group) { create(:group) }
+      let_it_be(:project) { create(:project, group: group) }
 
-      it "returns false" do
-        project = subject_branch.project
+      where(:group_level_value, :project_level_value, :result) do
+        true    | false    | true
+        false   | true     | false
+        true    | nil      | true
+        false   | nil      | false
+        nil     | nil      | false
+      end
+
+      with_them do
+        before do
+          stub_feature_flags(group_protected_branches: true)
+
+          unless group_level_value.nil?
+            create(:protected_branch, allow_force_push: group_level_value, name: "foo", project: nil, group: group)
+          end
+
+          unless project_level_value.nil?
+            create(:protected_branch, allow_force_push: project_level_value, name: "foo", project: project)
+          end
+        end
 
-        expect(described_class.allow_force_push?(project, "foo")).to eq(false)
+        it "returns result" do
+          expect(described_class.allow_force_push?(project, "foo")).to eq(result)
+        end
       end
     end
   end
@@ -434,6 +428,36 @@ RSpec.describe ProtectedBranch do
     end
   end
 
+  describe '.protected_refs' do
+    let_it_be(:project) { create(:project) }
+
+    subject { described_class.protected_refs(project) }
+
+    context 'when feature flag enabled' do
+      before do
+        stub_feature_flags(group_protected_branches: true)
+      end
+
+      it 'call `all_protected_branches`' do
+        expect(project).to receive(:all_protected_branches)
+
+        subject
+      end
+    end
+
+    context 'when feature flag disabled' do
+      before do
+        stub_feature_flags(group_protected_branches: false)
+      end
+
+      it 'call `protected_branches`' do
+        expect(project).to receive(:protected_branches)
+
+        subject
+      end
+    end
+  end
+
   describe '.by_name' do
     let!(:protected_branch) { create(:protected_branch, name: 'master') }
     let!(:another_protected_branch) { create(:protected_branch, name: 'stable') }
@@ -502,4 +526,22 @@ RSpec.describe ProtectedBranch do
       it { is_expected.not_to be_default_branch }
     end
   end
+
+  describe '#group_level?' do
+    context 'when entity is a Group' do
+      before do
+        subject.assign_attributes(project: nil, group: build(:group))
+      end
+
+      it { is_expected.to be_group_level }
+    end
+
+    context 'when entity is a Project' do
+      before do
+        subject.assign_attributes(project: build(:project), group: nil)
+      end
+
+      it { is_expected.not_to be_group_level }
+    end
+  end
 end