Implement changes from @DouweM's review of !927

- Move `ProctedBranchAccessEe` to `EE::ProtectedBranchAccess`. This is a lot cleaner, and has a precedent (`EE::Group`). - Include `EE::ProtectedBranchAccess` inside `ProtectedBranchAccess`, instead of including both in the model classes. `EE::ProtectedBranchAccess` depends on `ProtectedBranchAccess` - this is a good way to model that dependency. - Remove author credit from CHANGELOG entry

Implement changes from @DouweM's review of !927
- Move `ProctedBranchAccessEe` to `EE::ProtectedBranchAccess`. This is a lot cleaner, and has a precedent (`EE::Group`). - Include `EE::ProtectedBranchAccess` inside `ProtectedBranchAccess`, instead of including both in the model classes. `EE::ProtectedBranchAccess` depends on `ProtectedBranchAccess` - this is a good way to model that dependency. - Remove author credit from CHANGELOG entry
60a38e5c · Timothy Andrew · 2a3b3545 · 60a38e5c · 2a3b3545 · 60a38e5c
Commit 60a38e5c authored Dec 06, 2016 by Timothy Andrew
6 changed files
--- a/app/models/concerns/protected_branch_access.rb
+++ b/app/models/concerns/protected_branch_access.rb
@@ -2,6 +2,8 @@ module ProtectedBranchAccess
  extend ActiveSupport::Concern

  included do
+    include EE::ProtectedBranchAccess
+
    belongs_to :protected_branch
    delegate :project, to: :protected_branch

@@ -18,10 +20,4 @@ module ProtectedBranchAccess

    project.team.max_member_access(user.id) >= access_level
  end
-
-  def check_access(user)
-    return true if user.is_admin?
-
-    project.team.max_member_access(user.id) >= access_level
-  end
 end
--- a/app/models/concerns/protected_branch_access_ee.rb
+++ b/app/models/concerns/protected_branch_access_ee.rb
-# EE-specific code related to protected branch access levels.
-#
-# Note: Include `ProtectedBranchAccess` _before_ including this module, since
-# a number of methods here override methods in `ProtectedBranchAccess`
-
-module ProtectedBranchAccessEe
-  extend ActiveSupport::Concern
-
-  included do
-    belongs_to :user
-    belongs_to :group
-
-    validates :group_id, uniqueness: { scope: :protected_branch, allow_nil: true }
-    validates :user_id, uniqueness: { scope: :protected_branch, allow_nil: true }
-    validates :access_level, uniqueness: { scope: :protected_branch, if: :role?,
-                                           conditions: -> { where(user_id: nil, group_id: nil) } }
-
-    scope :by_user, -> (user) { where(user: user ) }
-    scope :by_group, -> (group) { where(group: group ) }
-  end
-
-  def type
-    if self.user.present?
-      :user
-    elsif self.group.present?
-      :group
-    else
-      :role
-    end
-  end
-
-  # Is this a role-based access level?
-  def role?
-    type == :role
-  end
-
-  def humanize
-    return self.user.name if self.user.present?
-    return self.group.name if self.group.present?
-
-    super
-  end
-
-  def check_access(user)
-    return true if user.is_admin?
-    return user.id == self.user_id if self.user.present?
-    return group.users.exists?(user.id) if self.group.present?
-
-    super
-  end
-end
--- a/app/models/ee/protected_branch_access.rb
+++ b/app/models/ee/protected_branch_access.rb
+# EE-specific code related to protected branch access levels.
+#
+# Note: Don't directly include this concern into a model class.
+# Instead, include `ProtectedBranchAccess`, which in turn includes
+# this concern. A number of methods here depend on `ProtectedBranchAccess`
+# being next up in the ancestor chain.
+
+module EE
+  module ProtectedBranchAccess
+    extend ActiveSupport::Concern
+
+    included do
+      belongs_to :user
+      belongs_to :group
+
+      validates :group_id, uniqueness: { scope: :protected_branch, allow_nil: true }
+      validates :user_id, uniqueness: { scope: :protected_branch, allow_nil: true }
+      validates :access_level, uniqueness: { scope: :protected_branch, if: :role?,
+                                             conditions: -> { where(user_id: nil, group_id: nil) } }
+
+      scope :by_user, -> (user) { where(user: user ) }
+      scope :by_group, -> (group) { where(group: group ) }
+    end
+
+    def type
+      if self.user.present?
+        :user
+      elsif self.group.present?
+        :group
+      else
+        :role
+      end
+    end
+
+    # Is this a role-based access level?
+    def role?
+      type == :role
+    end
+
+    def humanize
+      return self.user.name if self.user.present?
+      return self.group.name if self.group.present?
+
+      super
+    end
+
+    def check_access(user)
+      return true if user.is_admin?
+      return user.id == self.user_id if self.user.present?
+      return group.users.exists?(user.id) if self.group.present?
+
+      super
+    end
+  end
+end
--- a/app/models/protected_branch/merge_access_level.rb
+++ b/app/models/protected_branch/merge_access_level.rb
 class ProtectedBranch::MergeAccessLevel < ActiveRecord::Base
  include ProtectedBranchAccess
-  include ProtectedBranchAccessEe

  validates :access_level, presence: true, inclusion: { in: [Gitlab::Access::MASTER,
                                                             Gitlab::Access::DEVELOPER] }

--- a/app/models/protected_branch/push_access_level.rb
+++ b/app/models/protected_branch/push_access_level.rb
 class ProtectedBranch::PushAccessLevel < ActiveRecord::Base
  include ProtectedBranchAccess
-  include ProtectedBranchAccessEe

  validates :access_level, presence: true, inclusion: { in: [Gitlab::Access::MASTER,
                                                             Gitlab::Access::DEVELOPER,

--- a/changelogs/unreleased-ee/ee-1137-follow-up-protected-branch-users-and-groups-ee.yml
+++ b/changelogs/unreleased-ee/ee-1137-follow-up-protected-branch-users-and-groups-ee.yml
 ---
 title: Technical debt follow-up from restricting pushes / merges by group
 merge_request: 927
-author: Timothy Andrew
+author: