Prevent people from creating branches if they don't have persmission to push

19edeba8 · Pawel Chojnacki · 61046e75 · 19edeba8 · 19edeba8 · 19edeba8
Commit 19edeba8 authored Apr 28, 2017 by Pawel Chojnacki
3 changed files
--- a/changelogs/unreleased/28968-prevent-people-from-creating-branches-if-they-don-have-permission-to-push.yml
+++ b/changelogs/unreleased/28968-prevent-people-from-creating-branches-if-they-don-have-permission-to-push.yml
+---
+title: Prevent people from creating branches if they don't have persmission to push
+merge_request:
+author:
--- a/lib/gitlab/user_access.rb
+++ b/lib/gitlab/user_access.rb
@@ -44,9 +44,7 @@ module Gitlab
      if ProtectedBranch.protected?(project, ref)
        return true if project.empty_repo? && project.user_can_push_to_empty_repo?(user)
-        has_access = project.protected_branches.protected_ref_accessible_to?(ref, user, action: :push)
+        project.protected_branches.protected_ref_accessible_to?(ref, user, action: :push)
-        has_access || !project.repository.branch_exists?(ref) && can_merge_to_branch?(ref)
      else
        user.can?(:push_code, project)
      end

--- a/spec/lib/gitlab/user_access_spec.rb
+++ b/spec/lib/gitlab/user_access_spec.rb
@@ -87,10 +87,10 @@ describe Gitlab::UserAccess, lib: true do
        expect(access.can_push_to_branch?(branch.name)).to be_falsey
      end
-      it 'returns true if branch does not exist and user has permission to merge' do
+      it 'returns false if branch does not exist' do
        project.team << [user, :developer]
-        expect(access.can_push_to_branch?(not_existing_branch.name)).to be_truthy
+        expect(access.can_push_to_branch?(not_existing_branch.name)).to be_falsey
      end
    end