Admins count as masters too.

1. In the context of protected branches. 2. Test this behaviour.

Admins count as masters too.
1. In the context of protected branches. 2. Test this behaviour.
cc1cebdc · Timothy Andrew · 4d6dadc8 · cc1cebdc · cc1cebdc · cc1cebdc
Commit cc1cebdc authored Jul 14, 2016 by Timothy Andrew
4 changed files
--- a/app/models/project_team.rb
+++ b/app/models/project_team.rb
@@ -118,6 +118,14 @@ class ProjectTeam
    max_member_access(user.id) == Gitlab::Access::MASTER
  end

+  def master_or_greater?(user)
+    master?(user) || user.is_admin?
+  end
+
+  def developer_or_greater?(user)
+    master_or_greater?(user) || developer?(user)
+  end
+
  def member?(user, min_member_access = nil)
    member = !!find_member(user.id)


--- a/app/models/protected_branch/merge_access_level.rb
+++ b/app/models/protected_branch/merge_access_level.rb
@@ -13,9 +13,9 @@ class ProtectedBranch::MergeAccessLevel < ActiveRecord::Base

  def check_access(user)
    if masters?
-      user.can?(:push_code, project) if project.team.master?(user)
+      user.can?(:push_code, project) if project.team.master_or_greater?(user)
    elsif developers?
-      user.can?(:push_code, project) if project.team.master?(user) || project.team.developer?(user)
+      user.can?(:push_code, project) if project.team.developer_or_greater?(user)
    end
  end


--- a/app/models/protected_branch/push_access_level.rb
+++ b/app/models/protected_branch/push_access_level.rb
@@ -14,9 +14,9 @@ class ProtectedBranch::PushAccessLevel < ActiveRecord::Base

  def check_access(user)
    if masters?
-      user.can?(:push_code, project) if project.team.master?(user)
+      user.can?(:push_code, project) if project.team.master_or_greater?(user)
    elsif developers?
-      user.can?(:push_code, project) if project.team.master?(user) || project.team.developer?(user)
+      user.can?(:push_code, project) if project.team.developer_or_greater?(user)
    elsif no_one?
      false
    end

--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@@ -151,7 +151,13 @@ describe Gitlab::GitAccess, lib: true do
    def self.run_permission_checks(permissions_matrix)
      permissions_matrix.keys.each do |role|
        describe "#{role} access" do
-          before { project.team << [user, role] }
+          before do
+            if role == :admin
+              user.update_attribute(:admin, true)
+            else
+              project.team << [user, role]
+            end
+          end

          permissions_matrix[role].each do |action, allowed|
            context action do
@@ -165,6 +171,17 @@ describe Gitlab::GitAccess, lib: true do
    end

    permissions_matrix = {
+      admin: {
+        push_new_branch: true,
+        push_master: true,
+        push_protected_branch: true,
+        push_remove_protected_branch: false,
+        push_tag: true,
+        push_new_tag: true,
+        push_all: true,
+        merge_into_protected_branch: true
+      },
+
      master: {
        push_new_branch: true,
        push_master: true,
@@ -257,13 +274,14 @@ describe Gitlab::GitAccess, lib: true do

        run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: true, push_all: true, merge_into_protected_branch: true }))
      end
-    end

-    context "when no one is allowed to push to the #{protected_branch_name} protected branch" do
-      before { create(:protected_branch, :no_one_can_push, name: protected_branch_name, project: project) }
+      context "when no one is allowed to push to the #{protected_branch_name} protected branch" do
+        before { create(:protected_branch, :no_one_can_push, name: protected_branch_name, project: project) }

-      run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
-                                                          master: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }))
+        run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
+                                                            master: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
+                                                            admin: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }))
+      end
    end
  end