diff options
| author | Timothy Andrew <mail@timothyandrew.net> | 2016-07-08 09:15:02 +0300 |
|---|---|---|
| committer | Timothy Andrew <mail@timothyandrew.net> | 2016-07-29 12:50:39 +0300 |
| commit | 828f6eb6e50e6193fad9dbdd95d9dd56506e4064 (patch) | |
| tree | 9a328d1698606d81c0bb7000ed68a4d01891f3f0 /app/models/protected_branch/push_access_level.rb | |
| parent | ab6096c17261605d835a4a8edae21f31d90026df (diff) | |
Enforce "No One Can Push" during git operations.
1. The crux of this change is in `UserAccess`, which looks through all
the access levels, asking each if the user has access to push/merge
for the current project.
2. Update the `protected_branches` factory to create access levels as
necessary.
3. Fix and augment `user_access` and `git_access` specs.
Diffstat (limited to 'app/models/protected_branch/push_access_level.rb')
| -rw-r--r-- | app/models/protected_branch/push_access_level.rb | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/app/models/protected_branch/push_access_level.rb b/app/models/protected_branch/push_access_level.rb index 8861632c055..5a4a33556ce 100644 --- a/app/models/protected_branch/push_access_level.rb +++ b/app/models/protected_branch/push_access_level.rb @@ -1,5 +1,16 @@ class ProtectedBranch::PushAccessLevel < ActiveRecord::Base belongs_to :protected_branch + delegate :project, to: :protected_branch enum access_level: [:masters, :developers, :no_one] + + def check_access(user) + if masters? + user.can?(:push_code, project) if project.team.master?(user) + elsif developers? + user.can?(:push_code, project) if (project.team.master?(user) || project.team.developer?(user)) + elsif no_one? + false + end + end end |