Commit cc1cebdc authored by Timothy Andrew's avatar Timothy Andrew

Admins count as masters too.

1. In the context of protected branches.

2. Test this behaviour.
parent 4d6dadc8
...@@ -118,6 +118,14 @@ class ProjectTeam ...@@ -118,6 +118,14 @@ class ProjectTeam
max_member_access(user.id) == Gitlab::Access::MASTER max_member_access(user.id) == Gitlab::Access::MASTER
end end
def master_or_greater?(user)
master?(user) || user.is_admin?
end
def developer_or_greater?(user)
master_or_greater?(user) || developer?(user)
end
def member?(user, min_member_access = nil) def member?(user, min_member_access = nil)
member = !!find_member(user.id) member = !!find_member(user.id)
......
...@@ -13,9 +13,9 @@ class ProtectedBranch::MergeAccessLevel < ActiveRecord::Base ...@@ -13,9 +13,9 @@ class ProtectedBranch::MergeAccessLevel < ActiveRecord::Base
def check_access(user) def check_access(user)
if masters? if masters?
user.can?(:push_code, project) if project.team.master?(user) user.can?(:push_code, project) if project.team.master_or_greater?(user)
elsif developers? elsif developers?
user.can?(:push_code, project) if project.team.master?(user) || project.team.developer?(user) user.can?(:push_code, project) if project.team.developer_or_greater?(user)
end end
end end
......
...@@ -14,9 +14,9 @@ class ProtectedBranch::PushAccessLevel < ActiveRecord::Base ...@@ -14,9 +14,9 @@ class ProtectedBranch::PushAccessLevel < ActiveRecord::Base
def check_access(user) def check_access(user)
if masters? if masters?
user.can?(:push_code, project) if project.team.master?(user) user.can?(:push_code, project) if project.team.master_or_greater?(user)
elsif developers? elsif developers?
user.can?(:push_code, project) if project.team.master?(user) || project.team.developer?(user) user.can?(:push_code, project) if project.team.developer_or_greater?(user)
elsif no_one? elsif no_one?
false false
end end
......
...@@ -151,7 +151,13 @@ describe Gitlab::GitAccess, lib: true do ...@@ -151,7 +151,13 @@ describe Gitlab::GitAccess, lib: true do
def self.run_permission_checks(permissions_matrix) def self.run_permission_checks(permissions_matrix)
permissions_matrix.keys.each do |role| permissions_matrix.keys.each do |role|
describe "#{role} access" do describe "#{role} access" do
before { project.team << [user, role] } before do
if role == :admin
user.update_attribute(:admin, true)
else
project.team << [user, role]
end
end
permissions_matrix[role].each do |action, allowed| permissions_matrix[role].each do |action, allowed|
context action do context action do
...@@ -165,6 +171,17 @@ describe Gitlab::GitAccess, lib: true do ...@@ -165,6 +171,17 @@ describe Gitlab::GitAccess, lib: true do
end end
permissions_matrix = { permissions_matrix = {
admin: {
push_new_branch: true,
push_master: true,
push_protected_branch: true,
push_remove_protected_branch: false,
push_tag: true,
push_new_tag: true,
push_all: true,
merge_into_protected_branch: true
},
master: { master: {
push_new_branch: true, push_new_branch: true,
push_master: true, push_master: true,
...@@ -257,13 +274,14 @@ describe Gitlab::GitAccess, lib: true do ...@@ -257,13 +274,14 @@ describe Gitlab::GitAccess, lib: true do
run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: true, push_all: true, merge_into_protected_branch: true })) run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: true, push_all: true, merge_into_protected_branch: true }))
end end
end
context "when no one is allowed to push to the #{protected_branch_name} protected branch" do context "when no one is allowed to push to the #{protected_branch_name} protected branch" do
before { create(:protected_branch, :no_one_can_push, name: protected_branch_name, project: project) } before { create(:protected_branch, :no_one_can_push, name: protected_branch_name, project: project) }
run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }, run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
master: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false })) master: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
admin: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }))
end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment