Add confirm delete protected branch modal

author: Sam Rose <samrose3@gmail.com> 2017-05-08 10:41:58 +0300
committer: Phil Hughes <me@iamphill.com> 2017-05-08 10:41:58 +0300
commit: 1ebd9dad8e4a3ade4fa829d1d5ac6cbc9825bf48 (patch)
tree: ea175b4ef388f79d8550a424ac5b46a535555664 /lib
parent: 1a5e84febeb3f2d63c019981e80c777195c37dd2 (diff)
2 files changed, 51 insertions, 27 deletions
diff --git a/lib/gitlab/checks/change_access.rb b/lib/gitlab/checks/change_access.rb
index 8793b20aa35..c984eb20606 100644
--- a/lib/gitlab/checks/change_access.rb
+++ b/lib/gitlab/checks/change_access.rb
@@ -1,7 +1,6 @@
 module Gitlab
   module Checks
     class ChangeAccess
-      # protocol is currently used only in EE
       attr_reader :user_access, :project, :skip_authorization, :protocol
 
       def initialize(
@@ -18,7 +17,9 @@ module Gitlab
       end
 
       def exec
-        error = push_checks || tag_checks || protected_branch_checks
+        return GitAccessStatus.new(true) if skip_authorization
+
+        error = push_checks || branch_checks || tag_checks
 
         if error
           GitAccessStatus.new(false, error)
@@ -29,35 +30,59 @@ module Gitlab
 
       protected
 
-      def protected_branch_checks
-        return if skip_authorization
+      def push_checks
+        if user_access.cannot_do_action?(:push_code)
+          "You are not allowed to push code to this project."
+        end
+      end
+
+      def branch_checks
         return unless @branch_name
+
+        if deletion? && @branch_name == project.default_branch
+          return "The default branch of a project cannot be deleted."
+        end
+
+        protected_branch_checks
+      end
+
+      def protected_branch_checks
         return unless ProtectedBranch.protected?(project, @branch_name)
 
         if forced_push?
           return "You are not allowed to force push code to a protected branch on this project."
-        elsif deletion?
-          return "You are not allowed to delete protected branches from this project."
         end
 
+        if deletion?
+          protected_branch_deletion_checks
+        else
+          protected_branch_push_checks
+        end
+      end
+
+      def protected_branch_deletion_checks
+        unless user_access.can_delete_branch?(@branch_name)
+          return 'You are not allowed to delete protected branches from this project. Only a project master or owner can delete a protected branch.'
+        end
+
+        unless protocol == 'web'
+          'You can only delete protected branches using the web interface.'
+        end
+      end
+
+      def protected_branch_push_checks
         if matching_merge_request?
-          if user_access.can_merge_to_branch?(@branch_name) || user_access.can_push_to_branch?(@branch_name)
-            return
-          else
+          unless user_access.can_merge_to_branch?(@branch_name) || user_access.can_push_to_branch?(@branch_name)
             "You are not allowed to merge code into protected branches on this project."
           end
         else
-          if user_access.can_push_to_branch?(@branch_name)
-            return
-          else
+          unless user_access.can_push_to_branch?(@branch_name)
             "You are not allowed to push code to protected branches on this project."
           end
         end
       end
 
       def tag_checks
-        return if skip_authorization
-
         return unless @tag_name
 
         if tag_exists? && user_access.cannot_do_action?(:admin_project)
@@ -68,7 +93,8 @@ module Gitlab
       end
 
       def protected_tag_checks
-        return unless tag_protected?
+        return unless ProtectedTag.protected?(project, @tag_name)
+
         return "Protected tags cannot be updated." if update?
         return "Protected tags cannot be deleted." if deletion?
 
@@ -77,18 +103,6 @@ module Gitlab
         end
       end
 
-      def tag_protected?
-        ProtectedTag.protected?(project, @tag_name)
-      end
-
-      def push_checks
-        return if skip_authorization
-
-        if user_access.cannot_do_action?(:push_code)
-          "You are not allowed to push code to this project."
-        end
-      end
-
       private
 
       def tag_exists?
diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb
index e46ff313654..3b922da7ced 100644
--- a/lib/gitlab/user_access.rb
+++ b/lib/gitlab/user_access.rb
@@ -38,6 +38,16 @@ module Gitlab
       end
     end
 
+    def can_delete_branch?(ref)
+      return false unless can_access_git?
+
+      if ProtectedBranch.protected?(project, ref)
+        user.can?(:delete_protected_branch, project)
+      else
+        user.can?(:push_code, project)
+      end
+    end
+
     def can_push_to_branch?(ref)
       return false unless can_access_git?
author	Sam Rose <samrose3@gmail.com>	2017-05-08 10:41:58 +0300
committer	Phil Hughes <me@iamphill.com>	2017-05-08 10:41:58 +0300
commit	1ebd9dad8e4a3ade4fa829d1d5ac6cbc9825bf48 (patch)
tree	ea175b4ef388f79d8550a424ac5b46a535555664 /lib
parent	1a5e84febeb3f2d63c019981e80c777195c37dd2 (diff)