Add a fallback update view for protected branches & tags

When there were `AccessLevels` for users/groups in the protected branch. The CE view doesn't handle those correctly. So a specific view for EE has been added to deal with the case. It also shows the users/groups that still have access.

Add a fallback update view for protected branches & tags
When there were `AccessLevels` for users/groups in the protected branch. The CE view doesn't handle those correctly. So a specific view for EE has been added to deal with the case. It also shows the users/groups that still have access.
5f2f551c · Bob Van Landuyt · 05d54b51 · 5f2f551c · 5f2f551c · 5f2f551c
Commit 5f2f551c authored Jul 05, 2017 by Bob Van Landuyt
8 changed files
--- a/app/assets/stylesheets/pages/projects.scss
+++ b/app/assets/stylesheets/pages/projects.scss
@@ -755,6 +755,10 @@ a.allowed-to-push {
  .table-bordered {
    border-radius: 1px;

+    td {
+      vertical-align: top;
+    }
+
    th:not(:last-child),
    td:not(:last-child) {
      border-right: solid 1px transparent;

--- a/app/models/concerns/ee/protected_ref_access.rb
+++ b/app/models/concerns/ee/protected_ref_access.rb
@@ -24,6 +24,9 @@ module EE

      scope :by_user, -> (user) { where(user: user ) }
      scope :by_group, -> (group) { where(group: group ) }
+      scope :for_role, -> { where(user: nil, group: nil) }
+      scope :for_user, -> { where.not(user: nil) }
+      scope :for_group, -> { where.not(group: nil) }
    end

    def type

--- a/app/views/projects/protected_branches/_protected_branch.html.haml
+++ b/app/views/projects/protected_branches/_protected_branch.html.haml
@@ -15,7 +15,7 @@
      - else
        (branch was removed from repository)

-  = render partial: 'projects/protected_branches/update_protected_branch', locals: { protected_branch: protected_branch }
+  = render partial: 'projects/protected_branches/ee/fallback_update_protected_branch', locals: { protected_branch: protected_branch }

  - if can_admin_project
    %td

--- a/app/views/projects/protected_branches/ee/_fallback_update_protected_branch.html.haml
+++ b/app/views/projects/protected_branches/ee/_fallback_update_protected_branch.html.haml
+- merge_access_level = protected_branch.merge_access_levels.for_role.first
+- push_access_level = protected_branch.push_access_levels.for_role.first
+
+- user_merge_access_levels = protected_branch.merge_access_levels.for_user
+- user_push_access_levels = protected_branch.push_access_levels.for_user
+
+- group_merge_access_levels = protected_branch.merge_access_levels.for_group
+- group_push_access_levels = protected_branch.push_access_levels.for_group
+
+%td
+  = hidden_field_tag "allowed_to_merge_#{protected_branch.id}", merge_access_level&.access_level
+  = dropdown_tag( (merge_access_level&.humanize || 'Select') ,
+                 options: { toggle_class: 'js-allowed-to-merge', dropdown_class: 'dropdown-menu-selectable js-allowed-to-merge-container capitalize-header',
+                 data: { field_name: "allowed_to_merge_#{protected_branch.id}", access_level_id: merge_access_level&.id }})
+  - if user_merge_access_levels.any?
+    %p.small
+      The following
+      #{ 'user'.pluralize(user_merge_access_levels.size) }
+      can also merge into this branch:
+      #{ user_merge_access_levels.map(&:humanize).to_sentence }
+  - if group_merge_access_levels.any?
+    %p.small
+      Members of
+      #{ group_merge_access_levels.size > 1 ? 'these groups' : 'this group' }
+      can also merge into this branch:
+      #{ group_merge_access_levels.map(&:humanize).to_sentence }
+
+%td
+  = hidden_field_tag "allowed_to_push_#{protected_branch.id}", push_access_level&.access_level
+  = dropdown_tag( (push_access_level&.humanize || 'Select') ,
+                 options: { toggle_class: 'js-allowed-to-push', dropdown_class: 'dropdown-menu-selectable js-allowed-to-push-container capitalize-header',
+                 data: { field_name: "allowed_to_push_#{protected_branch.id}", access_level_id: push_access_level&.id }})
+  - if user_push_access_levels.any?
+    %p.small
+      The following
+      #{ 'user'.pluralize(user_push_access_levels.size) }
+      can also push to this branch:
+      #{ user_push_access_levels.map(&:humanize).to_sentence }
+  - if group_push_access_levels.any?
+    %p.small
+      Members of
+      #{ group_push_access_levels.size > 1 ? 'these groups' : 'this group' }
+      can also push to this branch:
+      #{ group_push_access_levels.map(&:humanize).to_sentence }
--- a/app/views/projects/protected_tags/_protected_tag.html.haml
+++ b/app/views/projects/protected_tags/_protected_tag.html.haml
@@ -15,7 +15,7 @@
      - else
        (tag was removed from repository)

-  = render partial: 'projects/protected_tags/update_protected_tag', locals: { protected_tag: protected_tag }
+  = render partial: 'projects/protected_tags/ee/fallback_update_protected_tag', locals: { protected_tag: protected_tag }

  - if can_admin_project
    %td

--- a/app/views/projects/protected_tags/ee/_fallback_update_protected_tag.haml
+++ b/app/views/projects/protected_tags/ee/_fallback_update_protected_tag.haml
+- create_access_level = protected_tag.create_access_levels.for_role.first
+- user_create_access_levels = protected_tag.create_access_levels.for_user
+- group_create_access_levels =protected_tag.create_access_levels.for_group
+
+%td
+  = hidden_field_tag "allowed_to_create_#{protected_tag.id}", create_access_level&.access_level
+  = dropdown_tag( (create_access_level&.humanize || 'Select') ,
+                 options: { toggle_class: 'js-allowed-to-create', dropdown_class: 'dropdown-menu-selectable capitalize-header js-allowed-to-create-container',
+                 data: { field_name: "allowed_to_create_#{protected_tag.id}", access_level_id: create_access_level&.id }})
+  - if user_create_access_levels.any?
+    %p.small
+      The following
+      #{ 'user'.pluralize(user_create_access_levels.size) }
+      can also create tags:
+      #{ user_create_access_levels.map(&:humanize).to_sentence }
+  - if group_create_access_levels.any?
+    %p.small
+      Members of
+      #{ group_create_access_levels.size > 1 ? 'these groups' : 'this group' }
+      can also create tags:
+      #{ group_create_access_levels.map(&:humanize).to_sentence }
--- a/spec/features/protected_branches_spec.rb
+++ b/spec/features/protected_branches_spec.rb
@@ -116,6 +116,53 @@ feature 'Protected Branches', feature: true, js: true do
      end

      include_examples "protected branches > access control > CE"
+
+      context 'with existing access levels' do
+        let(:protected_branch) { create(:protected_branch, project: project) }
+
+        it 'shows users that can push to the branch' do
+          protected_branch.push_access_levels.new(user: create(:user, name: 'Jane'))
+            .save!(validate: false)
+
+          visit project_settings_repository_path(project)
+
+          expect(page).to have_content("The following user can also push to this branch: "\
+                                       "Jane")
+        end
+
+        it 'shows groups that can push to the branch' do
+          protected_branch.push_access_levels.new(group: create(:group, name: 'Team Awesome'))
+            .save!(validate: false)
+
+          visit project_settings_repository_path(project)
+
+          expect(page).to have_content("Members of this group can also push to "\
+                                       "this branch: Team Awesome")
+        end
+
+        it 'shows users that can merge into the branch' do
+          protected_branch.merge_access_levels.new(user: create(:user, name: 'Jane'))
+            .save!(validate: false)
+
+          visit project_settings_repository_path(project)
+
+          expect(page).to have_content("The following user can also merge into "\
+                                       "this branch: Jane")
+        end
+
+        it 'shows groups that have can push to the branch' do
+          protected_branch.merge_access_levels.new(group: create(:group, name: 'Team Awesome'))
+            .save!(validate: false)
+          protected_branch.merge_access_levels.new(group: create(:group, name: 'Team B'))
+            .save!(validate: false)
+
+          visit project_settings_repository_path(project)
+
+          expect(page).to have_content("Members of these groups can also merge into "\
+                                       "this branch:")
+          expect(page).to have_content(/(Team Awesome|Team B) and (Team Awesome|Team B)/)
+        end
+      end
    end
  end
 end
--- a/spec/features/protected_tags_spec.rb
+++ b/spec/features/protected_tags_spec.rb
@@ -120,6 +120,30 @@ feature 'Projected Tags', feature: true, js: true do
      end

      include_examples "protected tags > access control > CE"
+
+      describe 'with existing access levels' do
+        let(:protected_tag) { create(:protected_tag, project: project) }
+
+        it 'shows users that can push to the branch' do
+          protected_tag.create_access_levels.new(user: create(:user, name: 'Jane'))
+            .save!(validate: false)
+
+          visit namespace_project_settings_repository_path(project.namespace, project)
+
+          expect(page).to have_content("The following user can also create tags: "\
+                                       "Jane")
+        end
+
+        it 'shows groups that can create to the branch' do
+          protected_tag.create_access_levels.new(group: create(:group, name: 'Team Awesome'))
+            .save!(validate: false)
+
+          visit namespace_project_settings_repository_path(project.namespace, project)
+
+          expect(page).to have_content("Members of this group can also create tags: "\
+                                       "Team Awesome")
+        end
+      end
    end
  end
 end