Commit cc1cebdc authored by Timothy Andrew's avatar Timothy Andrew

Admins count as masters too.

1. In the context of protected branches.

2. Test this behaviour.
parent 4d6dadc8
......@@ -118,6 +118,14 @@ class ProjectTeam
max_member_access(user.id) == Gitlab::Access::MASTER
end
def master_or_greater?(user)
master?(user) || user.is_admin?
end
def developer_or_greater?(user)
master_or_greater?(user) || developer?(user)
end
def member?(user, min_member_access = nil)
member = !!find_member(user.id)
......
......@@ -13,9 +13,9 @@ class ProtectedBranch::MergeAccessLevel < ActiveRecord::Base
def check_access(user)
if masters?
user.can?(:push_code, project) if project.team.master?(user)
user.can?(:push_code, project) if project.team.master_or_greater?(user)
elsif developers?
user.can?(:push_code, project) if project.team.master?(user) || project.team.developer?(user)
user.can?(:push_code, project) if project.team.developer_or_greater?(user)
end
end
......
......@@ -14,9 +14,9 @@ class ProtectedBranch::PushAccessLevel < ActiveRecord::Base
def check_access(user)
if masters?
user.can?(:push_code, project) if project.team.master?(user)
user.can?(:push_code, project) if project.team.master_or_greater?(user)
elsif developers?
user.can?(:push_code, project) if project.team.master?(user) || project.team.developer?(user)
user.can?(:push_code, project) if project.team.developer_or_greater?(user)
elsif no_one?
false
end
......
......@@ -151,7 +151,13 @@ describe Gitlab::GitAccess, lib: true do
def self.run_permission_checks(permissions_matrix)
permissions_matrix.keys.each do |role|
describe "#{role} access" do
before { project.team << [user, role] }
before do
if role == :admin
user.update_attribute(:admin, true)
else
project.team << [user, role]
end
end
permissions_matrix[role].each do |action, allowed|
context action do
......@@ -165,6 +171,17 @@ describe Gitlab::GitAccess, lib: true do
end
permissions_matrix = {
admin: {
push_new_branch: true,
push_master: true,
push_protected_branch: true,
push_remove_protected_branch: false,
push_tag: true,
push_new_tag: true,
push_all: true,
merge_into_protected_branch: true
},
master: {
push_new_branch: true,
push_master: true,
......@@ -257,13 +274,14 @@ describe Gitlab::GitAccess, lib: true do
run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: true, push_all: true, merge_into_protected_branch: true }))
end
end
context "when no one is allowed to push to the #{protected_branch_name} protected branch" do
before { create(:protected_branch, :no_one_can_push, name: protected_branch_name, project: project) }
run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
master: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }))
master: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
admin: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }))
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment