Commit 16949138 authored by Timothy Andrew's avatar Timothy Andrew

Admins count as masters too.

1. In the context of protected branches.

2. Test this behaviour.
parent 8cf42e63
......@@ -120,6 +120,14 @@ class ProjectTeam
max_member_access(user.id) == Gitlab::Access::MASTER
end
def master_or_greater?(user)
master?(user) || user.is_admin?
end
def developer_or_greater?(user)
master_or_greater?(user) || developer?(user)
end
def member?(user, min_member_access = nil)
member = !!find_member(user.id)
......
......@@ -13,9 +13,9 @@ class ProtectedBranch::MergeAccessLevel < ActiveRecord::Base
def check_access(user)
if masters?
user.can?(:push_code, project) if project.team.master?(user)
user.can?(:push_code, project) if project.team.master_or_greater?(user)
elsif developers?
user.can?(:push_code, project) if project.team.master?(user) || project.team.developer?(user)
user.can?(:push_code, project) if project.team.developer_or_greater?(user)
end
end
......
......@@ -14,9 +14,9 @@ class ProtectedBranch::PushAccessLevel < ActiveRecord::Base
def check_access(user)
if masters?
user.can?(:push_code, project) if project.team.master?(user)
user.can?(:push_code, project) if project.team.master_or_greater?(user)
elsif developers?
user.can?(:push_code, project) if project.team.master?(user) || project.team.developer?(user)
user.can?(:push_code, project) if project.team.developer_or_greater?(user)
elsif no_one?
false
end
......
......@@ -167,7 +167,13 @@ describe Gitlab::GitAccess, lib: true do
def self.run_permission_checks(permissions_matrix)
permissions_matrix.keys.each do |role|
describe "#{role} access" do
before { project.team << [user, role] }
before do
if role == :admin
user.update_attribute(:admin, true)
else
project.team << [user, role]
end
end
permissions_matrix[role].each do |action, allowed|
context action do
......@@ -181,6 +187,17 @@ describe Gitlab::GitAccess, lib: true do
end
permissions_matrix = {
admin: {
push_new_branch: true,
push_master: true,
push_protected_branch: true,
push_remove_protected_branch: false,
push_tag: true,
push_new_tag: true,
push_all: true,
merge_into_protected_branch: true
},
master: {
push_new_branch: true,
push_master: true,
......@@ -246,7 +263,7 @@ describe Gitlab::GitAccess, lib: true do
context "when the merge request is in progress" do
before do
create(:merge_request, source_project: project, source_branch: unprotected_branch, target_branch: 'feature',
state: 'locked', in_progress_merge_commit_sha: merge_into_protected_branch)
state: 'locked', in_progress_merge_commit_sha: merge_into_protected_branch)
end
context "when the merge request is not in progress" do
......@@ -278,7 +295,8 @@ describe Gitlab::GitAccess, lib: true do
before { create(:protected_branch, :no_one_can_push, name: protected_branch_name, project: project) }
run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
master: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }))
master: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
admin: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }))
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment