Add more specs and fix current ones

app/views/shared/push_rules/_commit_author_check_setting.html.haml

@@ -4,9 +4,9 @@
 - push_rule = local_assigns.fetch(:push_rule)
 
 .form-group
-  = form.check_box :commit_author_check, class: "pull-left", disabled: !can_change_push_rule?(f.object, :commit_author_check)
+  = form.check_box :commit_author_check, class: "pull-left", disabled: !can_change_push_rule?(form.object, :commit_author_check)
   .prepend-left-20
     = form.label :commit_author_check, class: "label-light append-bottom-0" do
       Author restriction
     %p.light.append-bottom-0
-      = commit_author_check_description(f.object)
+      = commit_author_check_description(push_rule)

app/views/shared/push_rules/_reject_unsigned_commits_setting.html.haml

@@ -4,7 +4,7 @@
 - push_rule = local_assigns.fetch(:push_rule)
 
 .form-group
-  = form.check_box :reject_unsigned_commits, class: "pull-left", disabled: !can_change_push_rule?(f.object, :reject_unsigned_commits)
+  = form.check_box :reject_unsigned_commits, class: "pull-left", disabled: !can_change_push_rule?(form.object, :reject_unsigned_commits)
   .prepend-left-20
     = form.label :reject_unsigned_commits, class: "label-light append-bottom-0" do
       Reject unsigned commits

doc/push_rules/push_rules.md

@@ -63,6 +63,7 @@ The following options are available.
 | --------- | :------------: | ----------- |
 | Removal of tags with `git push` | 7.10 | Forbid users to remove git tags with `git push`. Tags will still be able to be deleted through the web UI. |
 | Check whether author is a GitLab user | 7.10 | Restrict commits by author (email) to existing GitLab users. |
+| Check whether author is the current authenticated user | 10.2 | GitLab will reject any commit that does not belongs to the current authenticated user |
 | Check whether commit is signed through GPG | 10.1 | Reject commit when it is not signed through GPG. Read [signing commits with GPG][signing-commits]. |
 | Prevent committing secrets to Git | 8.12 | GitLab will reject any files that are likely to contain secrets. Read [what files are forbidden](#prevent-pushing-secrets-to-the-repository). |
 | Restrict by commit message | 7.10 | Only commit messages that match this Ruby regular expression are allowed to be pushed. Leave empty to allow any commit message. |

spec/controllers/projects/push_rules_controller_spec.rb

@@ -34,14 +34,15 @@ describe Projects::PushRulesController do
       end
     end
 
-    context 'Updating reject unsigned commit rule' do
+    PushRule::SETTINGS_WITH_GLOBAL_DEFAULT.each do |rule_attr|
+      context "Updating #{rule_attr} rule" do
         context 'as an admin' do
           let(:user) { create(:admin) }
 
           it 'updates the setting' do
-          patch :update, namespace_id: project.namespace, project_id: project, id: 1, push_rule: { reject_unsigned_commits: true }
+            patch :update, namespace_id: project.namespace, project_id: project, id: 1, push_rule: { rule_attr => true }
 
-          expect(project.push_rule(true).reject_unsigned_commits).to be_truthy
+            expect(project.push_rule(true).public_send(rule_attr)).to be_truthy
           end
         end
 
@@ -52,21 +53,21 @@ describe Projects::PushRulesController do
 
           context 'when global setting is disabled' do
             it 'updates the setting' do
-            patch :update, namespace_id: project.namespace, project_id: project, id: 1, push_rule: { reject_unsigned_commits: true }
+              patch :update, namespace_id: project.namespace, project_id: project, id: 1, push_rule: { rule_attr => true }
 
-            expect(project.push_rule(true).reject_unsigned_commits).to be_truthy
+              expect(project.push_rule(true).public_send(rule_attr)).to be_truthy
             end
           end
 
           context 'when global setting is enabled' do
             before do
-            create(:push_rule_sample, reject_unsigned_commits: true)
+              create(:push_rule_sample, rule_attr => true)
             end
 
             it 'does not update the setting' do
-            patch :update, namespace_id: project.namespace, project_id: project, id: 1, push_rule: { reject_unsigned_commits: false }
+              patch :update, namespace_id: project.namespace, project_id: project, id: 1, push_rule: { rule_attr => false }
 
-            expect(project.push_rule(true).reject_unsigned_commits).to be_truthy
+              expect(project.push_rule(true).public_send(rule_attr)).to be_truthy
             end
           end
         end
@@ -77,9 +78,10 @@ describe Projects::PushRulesController do
           end
 
           it 'does not update the setting' do
-          patch :update, namespace_id: project.namespace, project_id: project, id: 1, push_rule: { reject_unsigned_commits: true }
+            patch :update, namespace_id: project.namespace, project_id: project, id: 1, push_rule: { rule_attr => true }
 
-          expect(project.push_rule(true).reject_unsigned_commits).to be_falsy
+            expect(project.push_rule(true).public_send(rule_attr)).to be_falsy
+          end
         end
       end
     end

spec/features/admin/admin_push_rules_spec.rb

@@ -7,27 +7,34 @@ describe "Admin::PushRules"  do
     sign_in(current_user)
   end
 
-  context 'when reject_unsigned_commits is unlicensed' do
+  push_rules_with_titles = {
+    reject_unsigned_commits: 'Reject unsigned commits',
+    commit_author_check: 'Author restriction'
+  }
+
+  push_rules_with_titles.each do |rule_attr, title|
+    context "when #{rule_attr} is unlicensed" do
       before do
-      stub_licensed_features(reject_unsigned_commits: false)
+        stub_licensed_features(rule_attr => false)
       end
 
       it 'does not render the setting checkbox' do
         visit admin_push_rule_path
 
-      expect(page).not_to have_content('Reject unsigned commits')
+        expect(page).not_to have_content(title)
       end
     end
 
-  context 'when reject_unsigned_commits is licensed' do
+    context "when #{rule_attr} is licensed" do
       before do
-      stub_licensed_features(reject_unsigned_commits: true)
+        stub_licensed_features(rule_attr => true)
       end
 
       it 'renders the setting checkbox' do
         visit admin_push_rule_path
 
-      expect(page).to have_content('Reject unsigned commits')
+        expect(page).to have_content(title)
+      end
     end
   end
 end

spec/features/projects/push_rules_spec.rb

@@ -3,22 +3,29 @@ require 'spec_helper'
 feature 'Projects > Push Rules', :js do
   let(:user) { create(:user) }
   let(:project) { create(:project, :repository, namespace: user.namespace) }
+  let(:foo) {{ reject_unsigned_commits: 'Reject unsigned commits' }}
 
   before do
     project.team << [user, :master]
     sign_in(user)
   end
 
-  describe 'Reject unsigned commits rule' do
+  push_rules_with_titles = {
+    reject_unsigned_commits: 'Reject unsigned commits',
+    commit_author_check: 'Author restriction'
+  }
+
+  push_rules_with_titles.each do |rule_attr, title|
+    describe "#{rule_attr} rule" do
       context 'unlicensed' do
         before do
-        stub_licensed_features(reject_unsigned_commits: false)
+          stub_licensed_features(rule_attr => false)
         end
 
         it 'does not render the setting checkbox' do
           visit project_settings_repository_path(project)
 
-        expect(page).not_to have_content('Reject unsigned commits')
+          expect(page).not_to have_content(title)
         end
       end
 
@@ -27,13 +34,13 @@ feature 'Projects > Push Rules', :js do
         let(:gold_plan) { Plan.find_by!(name: 'gold') }
 
         before do
-        stub_licensed_features(reject_unsigned_commits: true)
+          stub_licensed_features(rule_attr => true)
         end
 
         it 'renders the setting checkbox' do
           visit project_settings_repository_path(project)
 
-        expect(page).to have_content('Reject unsigned commits')
+          expect(page).to have_content(title)
         end
 
         describe 'with GL.com plans' do
@@ -47,7 +54,7 @@ feature 'Projects > Push Rules', :js do
 
               visit project_settings_repository_path(project)
 
-            expect(page).not_to have_content('Reject unsigned commits')
+              expect(page).not_to have_content(title)
             end
           end
 
@@ -57,7 +64,8 @@ feature 'Projects > Push Rules', :js do
 
               visit project_settings_repository_path(project)
 
-            expect(page).to have_content('Reject unsigned commits')
+              expect(page).to have_content(title)
+            end
           end
         end
       end

spec/helpers/push_rules_helper_spec.rb

@@ -7,7 +7,8 @@ describe PushRulesHelper do
   let(:project_owner) { push_rule.project.owner }
   let(:possible_help_texts) do
     {
-      base_help: /Only signed commits can be pushed to this repository/,
+      commit_author_check_base_help: /Only the author of a commit can push changes to this repository/,
+      reject_unsigned_commits_base_help: /Only signed commits can be pushed to this repository/,
       default_admin_help: /This setting will be applied to all projects unless overridden by an admin/,
       setting_can_be_overridden: /This setting is applied on the server level and can be overridden by an admin/,
       setting_has_been_overridden: /This setting is applied on the server level but has been overridden for this project/,
@@ -43,20 +44,23 @@ describe PushRulesHelper do
   end
 
   with_them do
+    PushRule::SETTINGS_WITH_GLOBAL_DEFAULT.each do |rule_attr|
       before do
-      global_push_rule.update_column(:reject_unsigned_commits, enabled_globally)
-      push_rule.update_column(:reject_unsigned_commits, enabled_in_project)
+        global_push_rule.update_column(rule_attr, enabled_globally)
+        push_rule.update_column(rule_attr, enabled_in_project)
 
         allow(helper).to receive(:current_user).and_return(users[current_user])
       end
 
       it 'has the correct help text' do
         rule = global_setting ? global_push_rule : push_rule
+        message = possible_help_texts["#{rule_attr}_#{help_text}".to_sym].presence || possible_help_texts[help_text]
 
-      expect(helper.reject_unsigned_commits_description(rule)).to match(possible_help_texts[help_text])
+        expect(helper.public_send("#{rule_attr}_description", rule)).to match(message)
 
         if invalid_text
-        expect(helper.reject_unsigned_commits_description(rule)).not_to match(possible_help_texts[invalid_text])
+          expect(helper.public_send("#{rule_attr}_description", rule)).not_to match(possible_help_texts[invalid_text])
+        end
       end
     end
   end

spec/models/push_rule_spec.rb

@@ -24,6 +24,7 @@ describe PushRule do
       author_email_regex: 'regex',
       file_name_regex: 'regex',
       reject_unsigned_commits: true,
+      commit_author_check: true,
       member_check: true,
       prevent_secrets: true,
       max_file_size: 1