Enable update_(build|pipeline) for maintainers

2 files changed, 25 insertions, 0 deletions

diff --git a/spec/policies/ci/build_policy_spec.rb b/spec/policies/ci/build_policy_spec.rb
index 41cf2ef7225..9ca156deaa0 100644
--- a/spec/policies/ci/build_policy_spec.rb
+++ b/spec/policies/ci/build_policy_spec.rb
@@ -94,6 +94,19 @@ describe Ci::BuildPolicy do
           end
         end
       end
+
+      context 'when maintainer is allowed to push to pipeline branch' do
+        let(:project) { create(:project, :public) }
+        let(:owner) { user }
+
+        it 'enables update_build if user is maintainer' do
+          allow_any_instance_of(Project).to receive(:empty_repo?).and_return(false)
+          allow_any_instance_of(Project).to receive(:branch_allows_maintainer_push?).and_return(true)
+
+          expect(policy).to be_allowed :update_build
+          expect(policy).to be_allowed :update_commit_status
+        end
+      end
     end
 
     describe 'rules for protected ref' do
diff --git a/spec/policies/ci/pipeline_policy_spec.rb b/spec/policies/ci/pipeline_policy_spec.rb
index 48a8064c5fc..a5e509cfa0f 100644
--- a/spec/policies/ci/pipeline_policy_spec.rb
+++ b/spec/policies/ci/pipeline_policy_spec.rb
@@ -62,5 +62,17 @@ describe Ci::PipelinePolicy, :models do
         end
       end
     end
+
+    context 'when maintainer is allowed to push to pipeline branch' do
+      let(:project) { create(:project, :public) }
+      let(:owner) { user }
+
+      it 'enables update_pipeline if user is maintainer' do
+        allow_any_instance_of(Project).to receive(:empty_repo?).and_return(false)
+        allow_any_instance_of(Project).to receive(:branch_allows_maintainer_push?).and_return(true)
+
+        expect(policy).to be_allowed :update_pipeline
+      end
+    end
   end
 end