Prevent creating access level for users & groups

When the feature isn't available

Prevent creating access level for users & groups
When the feature isn't available
8fd684b1 · Bob Van Landuyt · f59a7f28 · 8fd684b1 · 8fd684b1
Commit 8fd684b1 authored Jul 02, 2017 by Bob Van Landuyt
Hide whitespace changes
Inline Side-by-side

Showing with 61 additions and 0 deletions

app/models/ee/protected_ref_access.rb app/models/ee/protected_ref_access.rb +3 -0

spec/models/ee/protected_ref_access_spec.rb spec/models/ee/protected_ref_access_spec.rb +58 -0

No files found.
--- a/app/models/ee/protected_ref_access.rb
+++ b/app/models/ee/protected_ref_access.rb
@@ -18,6 +18,9 @@ module EE
      validates :user_id, uniqueness: { scope: protected_type, allow_nil: true }
      validates :access_level, uniqueness: { scope: protected_type, if: :role?,
                                             conditions: -> { where(user_id: nil, group_id: nil) } }
+      validates :group, :user,
+               absence: true,
+               unless: proc { |access| access.type != :role && access.project.feature_available?(:ref_permissions_for_users) }

      scope :by_user, -> (user) { where(user: user ) }
      scope :by_group, -> (group) { where(group: group ) }

--- a/spec/models/ee/protected_ref_access_spec.rb
+++ b/spec/models/ee/protected_ref_access_spec.rb
+require 'spec_helper'
+
+describe EE::ProtectedRefAccess do
+  included_in_classes = [ProtectedBranch::MergeAccessLevel,
+                         ProtectedBranch::PushAccessLevel,
+                         ProtectedTag::CreateAccessLevel]
+
+  included_in_classes.each do |included_in_class|
+    context "in #{included_in_class}" do
+      let(:access_level) do
+        factory_name = included_in_class.name.underscore.tr('/', '_')
+        build(factory_name)
+      end
+
+      it "#{included_in_class} includes {described_class}" do
+        expect(included_in_class.included_modules).to include(described_class)
+      end
+
+      context 'with the `ref_permissions_for_users` feature disabled' do
+        before do
+          stub_licensed_features(ref_permissions_for_users: false)
+        end
+
+        it "allows creating an #{included_in_class} with a group" do
+          access_level.group = create(:group)
+
+          expect(access_level).not_to be_valid
+          expect(access_level.errors).to include(:group)
+        end
+
+        it "allows creating an #{included_in_class} with a group" do
+          access_level.user = create(:user)
+
+          expect(access_level).not_to be_valid
+          expect(access_level.errors).to include(:user)
+        end
+      end
+
+      context 'with the `ref_permissions_for_users` feature enabled' do
+        before do
+          stub_licensed_features(ref_permissions_for_users: true)
+        end
+
+        it "allows creating an #{included_in_class} with a group" do
+          access_level.group = create(:group)
+
+          expect(access_level).to be_valid
+        end
+
+        it "allows creating an #{included_in_class} with a group" do
+          access_level.user = create(:user)
+
+          expect(access_level).to be_valid
+        end
+      end
+    end
+  end
+end