Create idea of read-only database

In GitLab EE, a GitLab instance can be read-only (e.g. when it's a Geo
secondary node). But in GitLab CE it also might be useful to have the
"read-only" idea around. So port it back to GitLab CE.

Also having the principle of read-only in GitLab CE would hopefully
lead to less errors introduced, doing write operations when there
aren't allowed for read-only calls.

Closes gitlab-org/gitlab-ce#37534.

1 files changed, 23 insertions, 0 deletions

diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb
index 458627ee4de..c54327bd2e4 100644
--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@@ -598,6 +598,19 @@ describe Gitlab::GitAccess do
                                                             admin: { push_protected_branch: false, push_all: false, merge_into_protected_branch: false }))
       end
     end
+
+    context "when in a read-only GitLab instance" do
+      before do
+        create(:protected_branch, name: 'feature', project: project)
+        allow(Gitlab::Database).to receive(:read_only?) { true }
+      end
+
+      # Only check admin; if an admin can't do it, other roles can't either
+      matrix = permissions_matrix[:admin].dup
+      matrix.each { |key, _| matrix[key] = false }
+
+      run_permission_checks(admin: matrix)
+    end
   end
 
   describe 'build authentication abilities' do
@@ -632,6 +645,16 @@ describe Gitlab::GitAccess do
     end
   end
 
+  context 'when the repository is read only' do
+    let(:project) { create(:project, :repository, :read_only) }
+
+    it 'denies push access' do
+      project.add_master(user)
+
+      expect { push_access_check }.to raise_unauthorized('The repository is temporarily read-only. Please try again later.')
+    end
+  end
+
   describe 'deploy key permissions' do
     let(:key) { create(:deploy_key, user: user, can_push: can_push) }
     let(:actor) { key }