Commit 48717b43 authored by James Edwards-Jones's avatar James Edwards-Jones

Revert exploratory branch restriction policy

parent b6a4c018
class ProtectedBranchPolicy < BasePolicy class ProtectedBranchPolicy < BasePolicy
delegate { @subject.project } delegate { @subject.project }
condition(:requires_admin_to_unprotect?, scope: :subject) do
@subject.name == 'master' && Gitlab::CurrentSettings.only_admins_can_unprotect_master_branch?
end
rule { can?(:admin_project) }.policy do rule { can?(:admin_project) }.policy do
enable :create_protected_branch enable :create_protected_branch
enable :update_protected_branch enable :update_protected_branch
enable :destroy_protected_branch enable :destroy_protected_branch
end end
rule { requires_admin_to_unprotect? & ~admin }.policy do
prevent :create_protected_branch
prevent :update_protected_branch
prevent :destroy_protected_branch
end
end end
...@@ -8,53 +8,15 @@ describe ProtectedBranchPolicy do ...@@ -8,53 +8,15 @@ describe ProtectedBranchPolicy do
subject { described_class.new(user, protected_branch) } subject { described_class.new(user, protected_branch) }
context 'when unprotection restriction feature is disabled' do it 'branches can be updated via project masters' do
it "branches can't be updated by guests" do project.add_master(user)
project.add_guest(user)
is_expected.to be_disallowed(:update_protected_branch) is_expected.to be_allowed(:update_protected_branch)
end
it 'branches can be updated via access to project settings' do
project.add_master(user)
is_expected.to be_allowed(:update_protected_branch)
end
end end
context 'when unprotection restriction feature is enabled' do it "branches can't be updated by guests" do
before do project.add_guest(user)
# stub_licensed_features(unprotection_restrictions: true)
end
context 'and unprotection is limited to admins' do #TODO: remove this is temporary exploration
before do
stub_application_setting(only_admins_can_unprotect_master_branch: true)
end
context 'and the protection is for master' do
let(:name) { 'master' }
it 'project owners cannot remove protections' do
project.add_master(user)
is_expected.not_to be_allowed(:update_protected_branch)
end
it 'admins can remove protections' do
user.update!(admin: true)
is_expected.to be_allowed(:update_protected_branch)
end
end
context "and the protection isn't for master" do
it 'project owners can remove protections' do
project.add_master(user)
is_expected.to be_allowed(:update_protected_branch) is_expected.to be_disallowed(:update_protected_branch)
end
end
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment