From 19edeba8e3e8d091853ceed27f271cd67a636551 Mon Sep 17 00:00:00 2001
From: Pawel Chojnacki <pawel@chojnacki.ws>
Date: Fri, 28 Apr 2017 16:05:00 +0200
Subject: Prevent people from creating branches if they don't have persmission
 to push

---
 ...ple-from-creating-branches-if-they-don-have-permission-to-push.yml | 4 ++++
 lib/gitlab/user_access.rb                                             | 4 +---
 spec/lib/gitlab/user_access_spec.rb                                   | 4 ++--
 3 files changed, 7 insertions(+), 5 deletions(-)
 create mode 100644 changelogs/unreleased/28968-prevent-people-from-creating-branches-if-they-don-have-permission-to-push.yml

diff --git a/changelogs/unreleased/28968-prevent-people-from-creating-branches-if-they-don-have-permission-to-push.yml b/changelogs/unreleased/28968-prevent-people-from-creating-branches-if-they-don-have-permission-to-push.yml
new file mode 100644
index 00000000000..6612cfd8866
--- /dev/null
+++ b/changelogs/unreleased/28968-prevent-people-from-creating-branches-if-they-don-have-permission-to-push.yml
@@ -0,0 +1,4 @@
+---
+title: Prevent people from creating branches if they don't have persmission to push
+merge_request:
+author:
diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb
index 54728e5ff0e..e46ff313654 100644
--- a/lib/gitlab/user_access.rb
+++ b/lib/gitlab/user_access.rb
@@ -44,9 +44,7 @@ module Gitlab
       if ProtectedBranch.protected?(project, ref)
         return true if project.empty_repo? && project.user_can_push_to_empty_repo?(user)
 
-        has_access = project.protected_branches.protected_ref_accessible_to?(ref, user, action: :push)
-
-        has_access || !project.repository.branch_exists?(ref) && can_merge_to_branch?(ref)
+        project.protected_branches.protected_ref_accessible_to?(ref, user, action: :push)
       else
         user.can?(:push_code, project)
       end
diff --git a/spec/lib/gitlab/user_access_spec.rb b/spec/lib/gitlab/user_access_spec.rb
index 611cdbbc865..2b27ff66c09 100644
--- a/spec/lib/gitlab/user_access_spec.rb
+++ b/spec/lib/gitlab/user_access_spec.rb
@@ -87,10 +87,10 @@ describe Gitlab::UserAccess, lib: true do
         expect(access.can_push_to_branch?(branch.name)).to be_falsey
       end
 
-      it 'returns true if branch does not exist and user has permission to merge' do
+      it 'returns false if branch does not exist' do
         project.team << [user, :developer]
 
-        expect(access.can_push_to_branch?(not_existing_branch.name)).to be_truthy
+        expect(access.can_push_to_branch?(not_existing_branch.name)).to be_falsey
       end
     end
 
-- 
cgit v1.2.1