GitLab steht aufgrund wichtiger Wartungsarbeiten am Montag, den 8. März, zwischen 17:00 und 19:00 Uhr nicht zur Verfügung.

Commit cc1cebdc authored by Timothy Andrew's avatar Timothy Andrew

Admins count as masters too.

1. In the context of protected branches.

2. Test this behaviour.
parent 4d6dadc8
......@@ -118,6 +118,14 @@ def master?(user)
max_member_access(user.id) == Gitlab::Access::MASTER
end
def master_or_greater?(user)
master?(user) || user.is_admin?
end
def developer_or_greater?(user)
master_or_greater?(user) || developer?(user)
end
def member?(user, min_member_access = nil)
member = !!find_member(user.id)
......
......@@ -13,9 +13,9 @@ def self.human_access_levels
def check_access(user)
if masters?
user.can?(:push_code, project) if project.team.master?(user)
user.can?(:push_code, project) if project.team.master_or_greater?(user)
elsif developers?
user.can?(:push_code, project) if project.team.master?(user) || project.team.developer?(user)
user.can?(:push_code, project) if project.team.developer_or_greater?(user)
end
end
......
......@@ -14,9 +14,9 @@ def self.human_access_levels
def check_access(user)
if masters?
user.can?(:push_code, project) if project.team.master?(user)
user.can?(:push_code, project) if project.team.master_or_greater?(user)
elsif developers?
user.can?(:push_code, project) if project.team.master?(user) || project.team.developer?(user)
user.can?(:push_code, project) if project.team.developer_or_greater?(user)
elsif no_one?
false
end
......
......@@ -151,7 +151,13 @@ def merge_into_protected_branch
def self.run_permission_checks(permissions_matrix)
permissions_matrix.keys.each do |role|
describe "#{role} access" do
before { project.team << [user, role] }
before do
if role == :admin
user.update_attribute(:admin, true)
else
project.team << [user, role]
end
end
permissions_matrix[role].each do |action, allowed|
context action do
......@@ -165,6 +171,17 @@ def self.run_permission_checks(permissions_matrix)
end
permissions_matrix = {
admin: {
push_new_branch: true,
push_master: true,
push_protected_branch: true,
push_remove_protected_branch: false,
push_tag: true,
push_new_tag: true,
push_all: true,
merge_into_protected_branch: true
},
master: {
push_new_branch: true,
push_master: true,
......@@ -257,13 +274,14 @@ def self.run_permission_checks(permissions_matrix)
run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: true, push_all: true, merge_into_protected_branch: true }))
end
end
context "when no one is allowed to push to the #{protected_branch_name} protected branch" do
before { create(:protected_branch, :no_one_can_push, name: protected_branch_name, project: project) }
context "when no one is allowed to push to the #{protected_branch_name} protected branch" do
before { create(:protected_branch, :no_one_can_push, name: protected_branch_name, project: project) }
run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
master: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }))
run_permission_checks(permissions_matrix.deep_merge(developer: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
master: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false },
admin: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }))
end
end
end
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment