Commit 7426e616 authored by Lin Jen-Shin's avatar Lin Jen-Shin

Make sure it checks against the tag only when it's a tag

parent ef2e9879
......@@ -5,8 +5,11 @@ module Ci
access = ::Gitlab::UserAccess.new(@user, project: @subject.project)
!access.can_merge_to_branch?(@subject.ref) ||
if @subject.tag?
!access.can_create_tag?(@subject.ref)
else
!access.can_merge_to_branch?(@subject.ref)
end
end
rule { protected_action }.prevent :update_build
......
......@@ -138,11 +138,30 @@ describe Ci::BuildPolicy, :models do
before do
create(:protected_tag, :no_one_can_create,
name: 'some-ref', project: project)
build.update(tag: true)
end
it_behaves_like 'protected ref'
end
context 'when build is against a protected tag but it is not a tag' do
before do
create(:protected_tag, :no_one_can_create,
name: 'some-ref', project: project)
end
context 'when build is a manual action' do
let(:build) do
create(:ci_build, :manual, ref: 'some-ref', pipeline: pipeline)
end
it 'includes ability to update build' do
expect(policy).to be_allowed :update_build
end
end
end
context 'when branch build is assigned to is not protected' do
context 'when build is a manual action' do
let(:build) { create(:ci_build, :manual, pipeline: pipeline) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment