Added ProtectedBranch::UnprotectAccessLevel

06b89c6b · James Edwards-Jones · f89c3101 · 06b89c6b · 06b89c6b · 06b89c6b
Commit 06b89c6b authored Mar 25, 2018 by James Edwards-Jones
11 changed files
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -2079,6 +2079,17 @@ ActiveRecord::Schema.define(version: 20180405101928) do
  add_index "protected_branch_push_access_levels", ["protected_branch_id"], name: "index_protected_branch_push_access", using: :btree
  add_index "protected_branch_push_access_levels", ["user_id"], name: "index_protected_branch_push_access_levels_on_user_id", using: :btree

+  create_table "protected_branch_unprotect_access_levels", force: :cascade do |t|
+    t.integer "protected_branch_id", null: false
+    t.integer "access_level", default: 40
+    t.integer "user_id"
+    t.integer "group_id"
+  end
+
+  add_index "protected_branch_unprotect_access_levels", ["group_id"], name: "index_protected_branch_unprotect_access_levels_on_group_id", using: :btree
+  add_index "protected_branch_unprotect_access_levels", ["protected_branch_id"], name: "index_protected_branch_unprotect_access", using: :btree
+  add_index "protected_branch_unprotect_access_levels", ["user_id"], name: "index_protected_branch_unprotect_access_levels_on_user_id", using: :btree
+
  create_table "protected_branches", force: :cascade do |t|
    t.integer "project_id", null: false
    t.string "name", null: false
@@ -2782,6 +2793,9 @@ ActiveRecord::Schema.define(version: 20180405101928) do
  add_foreign_key "protected_branch_push_access_levels", "namespaces", column: "group_id", name: "fk_7111b68cdb", on_delete: :cascade
  add_foreign_key "protected_branch_push_access_levels", "protected_branches", name: "fk_9ffc86a3d9", on_delete: :cascade
  add_foreign_key "protected_branch_push_access_levels", "users"
+  add_foreign_key "protected_branch_unprotect_access_levels", "namespaces", column: "group_id", on_delete: :cascade
+  add_foreign_key "protected_branch_unprotect_access_levels", "protected_branches", on_delete: :cascade
+  add_foreign_key "protected_branch_unprotect_access_levels", "users", on_delete: :cascade
  add_foreign_key "protected_branches", "projects", name: "fk_7a9c6d93e7", on_delete: :cascade
  add_foreign_key "protected_tag_create_access_levels", "namespaces", column: "group_id", name: "fk_b4eb82fe3c", on_delete: :cascade
  add_foreign_key "protected_tag_create_access_levels", "protected_tags", name: "fk_f7dfda8c51", on_delete: :cascade

--- a/ee/app/models/concerns/ee/protected_branch.rb
+++ b/ee/app/models/concerns/ee/protected_branch.rb
+module EE
+  module ProtectedBranch
+    extend ActiveSupport::Concern
+
+    included do
+      protected_ref_access_levels :unprotect
+    end
+  end
+end
--- a/ee/app/models/protected_branch/unprotect_access_level.rb
+++ b/ee/app/models/protected_branch/unprotect_access_level.rb
+class ProtectedBranch::UnprotectAccessLevel < ActiveRecord::Base
+  include ProtectedBranchAccess
+end
--- a/ee/db/migrate/20180325034910_create_protected_branch_unprotect_access_levels.rb
+++ b/ee/db/migrate/20180325034910_create_protected_branch_unprotect_access_levels.rb
+class CreateProtectedBranchUnprotectAccessLevels < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  GITLAB_ACCESS_MASTER = 40
+
+  def change
+    create_table :protected_branch_unprotect_access_levels do |t|
+      t.references :protected_branch, index: { name: "index_protected_branch_unprotect_access" }, foreign_key: { on_delete: :cascade }, null: false
+      t.integer :access_level, default: GITLAB_ACCESS_MASTER, null: true
+      t.references :user, foreign_key:  { on_delete: :cascade }, index: true
+      t.integer :group_id, index: true
+    end
+
+    add_foreign_key :protected_branch_unprotect_access_levels, :namespaces, column: :group_id, on_delete: :cascade # rubocop: disable Migration/AddConcurrentForeignKey
+  end
+end
--- a/ee/spec/factories/protected_branches/unprotect_access_levels.rb
+++ b/ee/spec/factories/protected_branches/unprotect_access_levels.rb
+FactoryBot.define do
+  factory :protected_branch_unprotect_access_level, class: ProtectedBranch::UnprotectAccessLevel do
+    user nil
+    group nil
+    protected_branch
+    access_level { Gitlab::Access::DEVELOPER }
+  end
+end
--- a/ee/spec/models/protected_branch/unprotect_access_level_spec.rb
+++ b/ee/spec/models/protected_branch/unprotect_access_level_spec.rb
+require 'spec_helper'
+
+describe ProtectedBranch::UnprotectAccessLevel do
+  it { is_expected.to validate_inclusion_of(:access_level).in_array([Gitlab::Access::MASTER, Gitlab::Access::DEVELOPER, Gitlab::Access::NO_ACCESS]) }
+end
--- a/lib/gitlab/import_export/import_export.yml
+++ b/lib/gitlab/import_export/import_export.yml
@@ -61,6 +61,7 @@ project_tree:
  - protected_branches:
    - :merge_access_levels
    - :push_access_levels
+    - :unprotect_access_levels
  - protected_tags:
    - :create_access_levels
  - :project_feature

--- a/lib/gitlab/import_export/relation_factory.rb
+++ b/lib/gitlab/import_export/relation_factory.rb
@@ -11,6 +11,7 @@ module Gitlab
                    hooks: 'ProjectHook',
                    merge_access_levels: 'ProtectedBranch::MergeAccessLevel',
                    push_access_levels: 'ProtectedBranch::PushAccessLevel',
+                    unprotect_access_levels: 'ProtectedBranch::UnprotectAccessLevel',
                    create_access_levels: 'ProtectedTag::CreateAccessLevel',
                    labels: :project_labels,
                    priorities: :label_priorities,

--- a/spec/factories/protected_branches.rb
+++ b/spec/factories/protected_branches.rb
@@ -7,8 +7,10 @@ FactoryBot.define do
      # EE
      authorize_user_to_push nil
      authorize_user_to_merge nil
+      authorize_user_to_unprotect nil
      authorize_group_to_push nil
      authorize_group_to_merge nil
+      authorize_group_to_unprotect nil

      default_push_level true
      default_merge_level true
@@ -65,6 +67,10 @@ FactoryBot.define do
        protected_branch.merge_access_levels.new(user: user)
      end

+      if user = evaluator.authorize_user_to_unprotect
+        protected_branch.unprotect_access_levels.new(user: user)
+      end
+
      if group = evaluator.authorize_group_to_push
        protected_branch.push_access_levels.new(group: group)
      end
@@ -73,6 +79,10 @@ FactoryBot.define do
        protected_branch.merge_access_levels.new(group: group)
      end

+      if group = evaluator.authorize_group_to_unprotect
+        protected_branch.unprotect_access_levels.new(group: group)
+      end
+
      next unless protected_branch.merge_access_levels.empty?

      if evaluator.default_access_level && evaluator.default_push_level

--- a/spec/lib/gitlab/import_export/all_models.yml
+++ b/spec/lib/gitlab/import_export/all_models.yml
@@ -171,6 +171,7 @@ protected_branches:
 - project
 - merge_access_levels
 - push_access_levels
+- unprotect_access_levels
 protected_tags:
 - project
 - create_access_levels
@@ -182,6 +183,10 @@ push_access_levels:
 - user
 - protected_branch
 - group
+unprotect_access_levels:
+- user
+- protected_branch
+- group
 create_access_levels:
 - user
 - protected_tag

--- a/spec/lib/gitlab/import_export/safe_model_attributes.yml
+++ b/spec/lib/gitlab/import_export/safe_model_attributes.yml
@@ -509,6 +509,14 @@ ProtectedBranch::PushAccessLevel:
 - updated_at
 - user_id
 - group_id
+ProtectedBranch::UnprotectAccessLevel:
+- id
+- protected_branch_id
+- access_level
+- created_at
+- updated_at
+- user_id
+- group_id
 ProtectedTag::CreateAccessLevel:
 - id
 - protected_tag_id