Allow configuring protection of the default branch upon first push

aad6ceae · Marco Wessel · 254d1d7a · aad6ceae · aad6ceae · aad6ceae
Commit aad6ceae authored Jan 25, 2015 by Marco Wessel
12 changed files
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -28,7 +28,7 @@ v 7.8.0
  - 
  - 
  - 
-  - 
+  - Allow configuring protection of the default branch upon first push (Marco Wessel)
  - 
  - 
  - 

--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -22,6 +22,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
  def application_setting_params
    params.require(:application_setting).permit(
      :default_projects_limit,
+      :default_branch_protection,
      :signup_enabled,
      :signin_enabled,
      :gravatar_enabled,

--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -4,6 +4,7 @@
 #
 #  id                     :integer          not null, primary key
 #  default_projects_limit :integer
+#  default_branch_protection :integer
 #  signup_enabled         :boolean
 #  signin_enabled         :boolean
 #  gravatar_enabled       :boolean
@@ -25,6 +26,7 @@ class ApplicationSetting < ActiveRecord::Base
  def self.create_from_defaults
    create(
      default_projects_limit: Settings.gitlab['default_projects_limit'],
+      default_branch_protection: Settings.gitlab['default_branch_protection'],
      signup_enabled: Settings.gitlab['signup_enabled'],
      signin_enabled: Settings.gitlab['signin_enabled'],
      gravatar_enabled: Settings.gravatar['enabled'],

--- a/app/services/git_push_service.rb
+++ b/app/services/git_push_service.rb
 class GitPushService
  attr_accessor :project, :user, :push_data, :push_commits
+  include Gitlab::CurrentSettings
+  include Gitlab::Access

  # This method will be called after each git update
  # and only if the provided user and project is present in GitLab.
@@ -29,8 +31,12 @@ class GitPushService
        if is_default_branch?(ref)
          # Initial push to the default branch. Take the full history of that branch as "newly pushed".
          @push_commits = project.repository.commits(newrev)
-          # Default branch is protected by default
-          project.protected_branches.create({ name: project.default_branch })
+
+          # Set protection on the default branch if configured
+          if (current_application_settings.default_branch_protection != PROTECTION_NONE)
+	          developers_can_push = current_application_settings.default_branch_protection == PROTECTION_DEV_CAN_PUSH ? true : false
+            project.protected_branches.create({ name: project.default_branch, developers_can_push: developers_can_push })
+          end
        else
          # Use the pushed commits that aren't reachable by the default branch
          # as a heuristic. This may include more commits than are actually pushed, but

--- a/app/views/admin/application_settings/_form.html.haml
+++ b/app/views/admin/application_settings/_form.html.haml
@@ -25,6 +25,10 @@
      = f.label :default_projects_limit, class: 'control-label'
      .col-sm-10
        = f.number_field :default_projects_limit, class: 'form-control'
+    .form-group
+      = f.label :default_branch_protection, class: 'control-label'
+      .col-sm-10
+        = f.select :default_branch_protection, options_for_select(Gitlab::Access.protection_options, @application_setting.default_branch_protection), {}, class: 'form-control'
    .form-group
      = f.label :home_page_url, class: 'control-label'
      .col-sm-10

--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -87,6 +87,7 @@ Settings['issues_tracker']  ||= {}
 #
 Settings['gitlab'] ||= Settingslogic.new({})
 Settings.gitlab['default_projects_limit'] ||= 10
+Settings.gitlab['default_branch_protection'] ||= 2
 Settings.gitlab['default_can_create_group'] = true if Settings.gitlab['default_can_create_group'].nil?
 Settings.gitlab['default_theme'] = Gitlab::Theme::MARS if Settings.gitlab['default_theme'].nil?
 Settings.gitlab['host']       ||= 'localhost'

--- a/db/migrate/20150125163100_add_default_branch_protection_setting.rb
+++ b/db/migrate/20150125163100_add_default_branch_protection_setting.rb
+class AddDefaultBranchProtectionSetting < ActiveRecord::Migration
+  def change
+    add_column :application_settings, :default_branch_protection, :integer, :default => 2
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,13 +11,14 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20150116234544) do
+ActiveRecord::Schema.define(version: 20150125163100) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"

  create_table "application_settings", force: true do |t|
    t.integer  "default_projects_limit"
+    t.integer  "default_branch_protection"
    t.boolean  "signup_enabled"
    t.boolean  "signin_enabled"
    t.boolean  "gravatar_enabled"

--- a/lib/gitlab/access.rb
+++ b/lib/gitlab/access.rb
@@ -11,6 +11,11 @@ module Gitlab
    MASTER    = 40
    OWNER     = 50

+    # Branch protection settings
+    PROTECTION_NONE         = 0
+    PROTECTION_DEV_CAN_PUSH = 1
+    PROTECTION_FULL         = 2
+
    class << self
      def values
        options.values
@@ -43,6 +48,17 @@ module Gitlab
          master:    MASTER,
        }
      end
+
+      def protection_options
+       {
+          "None"                          => PROTECTION_NONE,
+          "Protect, developers can push"  => PROTECTION_DEV_CAN_PUSH,
+          "Full protection"               => PROTECTION_FULL,
+       }
+      end
+      def protection_values
+        protection_options.values
+      end
    end

    def human_access

--- a/lib/gitlab/current_settings.rb
+++ b/lib/gitlab/current_settings.rb
@@ -12,6 +12,7 @@ module Gitlab
    def fake_application_settings
      OpenStruct.new(
        default_projects_limit: Settings.gitlab['default_projects_limit'],
+	default_branch_protection: Settings.gitlab['default_branch_protection'],
        signup_enabled: Settings.gitlab['signup_enabled'],
        signin_enabled: Settings.gitlab['signin_enabled'],
        gravatar_enabled: Settings.gravatar['enabled'],

--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -2,15 +2,16 @@
 #
 # Table name: application_settings
 #
-#  id                     :integer          not null, primary key
-#  default_projects_limit :integer
-#  signup_enabled         :boolean
-#  signin_enabled         :boolean
-#  gravatar_enabled       :boolean
-#  sign_in_text           :text
-#  created_at             :datetime
-#  updated_at             :datetime
-#  home_page_url          :string(255)
+#  id                         :integer          not null, primary key
+#  default_projects_limit     :integer
+#  default_branch_protection  :interger
+#  signup_enabled             :boolean
+#  signin_enabled             :boolean
+#  gravatar_enabled           :boolean
+#  sign_in_text               :text
+#  created_at                 :datetime
+#  updated_at                 :datetime
+#  home_page_url              :string(255)
 #

 require 'spec_helper'

--- a/spec/services/git_push_service_spec.rb
+++ b/spec/services/git_push_service_spec.rb
@@ -106,7 +106,7 @@ describe GitPushService do
      it "when pushing a branch for the first time" do
        project.should_receive(:execute_hooks)
        project.default_branch.should == "master"
-        project.protected_branches.should_receive(:create).with({ name: "master" })
+        project.protected_branches.should_receive(:create).with({ name: "master", developers_can_push: false })
        service.execute(project, user, @blankrev, 'newrev', 'refs/heads/master')
      end