API uses ProtectedBranchPolicy for destroy/create

b6a4c018 · James Edwards-Jones · 973bd462 · b6a4c018 · b6a4c018
Commit b6a4c018 authored Mar 25, 2018 by James Edwards-Jones
Hide whitespace changes
Inline Side-by-side

Showing with 35 additions and 4 deletions

lib/api/protected_branches.rb lib/api/protected_branches.rb +4 -1

spec/requests/api/protected_branches_spec.rb spec/requests/api/protected_branches_spec.rb +31 -3

No files found.
--- a/lib/api/protected_branches.rb
+++ b/lib/api/protected_branches.rb
@@ -74,7 +74,10 @@ module API
      delete ':id/protected_branches/:name', requirements: BRANCH_ENDPOINT_REQUIREMENTS do
        protected_branch = user_project.protected_branches.find_by!(name: params[:name])

-        destroy_conditionally!(protected_branch)
+        destroy_conditionally!(protected_branch) do
+          destroy_service = ::ProtectedBranches::DestroyService.new(user_project, current_user)
+          destroy_service.execute(protected_branch)
+        end
      end
    end
  end

--- a/spec/requests/api/protected_branches_spec.rb
+++ b/spec/requests/api/protected_branches_spec.rb
@@ -193,6 +193,19 @@ describe API::ProtectedBranches do
          expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::MASTER)
        end
      end
+
+      context 'when a policy restricts rule deletion' do
+        before do
+          policy = instance_double(ProtectedBranchPolicy, can?: false)
+          expect(ProtectedBranchPolicy).to receive(:new).and_return(policy)
+        end
+
+        it "prevents deletion of the protected branch rule" do
+          post post_endpoint, name: branch_name
+
+          expect(response).to have_gitlab_http_status(403)
+        end
+      end
    end

    context 'when authenticated as a guest' do
@@ -209,18 +222,20 @@ describe API::ProtectedBranches do
  end

  describe "DELETE /projects/:id/protected_branches/unprotect/:branch" do
+    let(:delete_endpoint) { api("/projects/#{project.id}/protected_branches/#{branch_name}", user) }
+
    before do
      project.add_master(user)
    end

    it "unprotects a single branch" do
-      delete api("/projects/#{project.id}/protected_branches/#{branch_name}", user)
+      delete delete_endpoint

      expect(response).to have_gitlab_http_status(204)
    end

    it_behaves_like '412 response' do
-      let(:request) { api("/projects/#{project.id}/protected_branches/#{branch_name}", user) }
+      let(:request) { delete_endpoint }
    end

    it "returns 404 if branch does not exist" do
@@ -229,11 +244,24 @@ describe API::ProtectedBranches do
      expect(response).to have_gitlab_http_status(404)
    end

+    context 'when a policy restricts rule deletion' do
+      before do
+        policy = instance_double(ProtectedBranchPolicy, can?: false)
+        expect(ProtectedBranchPolicy).to receive(:new).and_return(policy)
+      end
+
+      it "prevents deletion of the protected branch rule" do
+        delete delete_endpoint
+
+        expect(response).to have_gitlab_http_status(403)
+      end
+    end
+
    context 'when branch has a wildcard in its name' do
      let(:protected_name) { 'feature*' }

      it "unprotects a wildcard branch" do
-        delete api("/projects/#{project.id}/protected_branches/#{branch_name}", user)
+        delete delete_endpoint

        expect(response).to have_gitlab_http_status(204)
      end