Add EE-specific fixes for the branch protection API.

1. Add an EE-specific spec. 2. The code deleting redundant access levels is different for EE, since EE protected branches can have 0 or more access levels, while CE protected branches can have a single access level. Existing access levels (apart from 'developer' access levels) should not be removed while using the branch protection API.

Add EE-specific fixes for the branch protection API.
1. Add an EE-specific spec. 2. The code deleting redundant access levels is different for EE, since EE protected branches can have 0 or more access levels, while CE protected branches can have a single access level. Existing access levels (apart from 'developer' access levels) should not be removed while using the branch protection API.
af0a527d · Timothy Andrew · acae6211 · af0a527d · af0a527d
Commit af0a527d authored Sep 07, 2016 by Timothy Andrew
Showing with 35 additions and 1 deletion

app/services/protected_branches/api_update_service.rb app/services/protected_branches/api_update_service.rb +22 -1

spec/requests/api/branches_spec.rb spec/requests/api/branches_spec.rb +13 -0

No files found.
--- a/app/services/protected_branches/api_update_service.rb
+++ b/app/services/protected_branches/api_update_service.rb
@@ -14,7 +14,7 @@ module ProtectedBranches
      @protected_branch = protected_branch

      protected_branch.transaction do
-        delete_redundant_access_levels
+        delete_redundant_ee_access_levels

        case @developers_can_push
        when true
@@ -46,5 +46,26 @@ module ProtectedBranches
        @protected_branch.push_access_levels.destroy_all
      end
    end
+
+    # If a protected branch can have more than one access level (EE), only
+    # remove the relevant access levels. If we don't do this, we'll have a
+    # failed validation.
+    def delete_redundant_ee_access_levels
+      case @developers_can_merge
+      when true
+        @protected_branch.merge_access_levels.developer.destroy_all
+      when false
+        @protected_branch.merge_access_levels.developer.destroy_all
+        @protected_branch.merge_access_levels.master.destroy_all
+      end
+
+      case @developers_can_push
+      when true
+        @protected_branch.push_access_levels.developer.destroy_all
+      when false
+        @protected_branch.push_access_levels.developer.destroy_all
+        @protected_branch.push_access_levels.master.destroy_all
+      end
+    end
  end
 end
--- a/spec/requests/api/branches_spec.rb
+++ b/spec/requests/api/branches_spec.rb
@@ -163,6 +163,19 @@ describe API::API, api: true  do
          expect(json_response['developers_can_merge']).to eq(true)
        end
      end
+
+      context "when no one can push" do
+        let(:protected_branch) { create(:protected_branch, :no_one_can_push, project: project, name: 'protected_branch') }
+
+        it "updates 'developers_can_push' without removing the 'no_one' access level" do
+          put api("/projects/#{project.id}/repository/branches/#{protected_branch.name}/protect", user),
+              developers_can_push: true, developers_can_merge: true
+
+          expect(response).to have_http_status(200)
+          expect(json_response['name']).to eq(protected_branch.name)
+          expect(protected_branch.reload.push_access_levels.pluck(:access_level)).to include(Gitlab::Access::NO_ACCESS)
+        end
+      end
    end

    context "multiple API calls" do