3 files changed, 34 insertions, 51 deletions

diff --git a/spec/lib/gitlab/checks/changes_access_spec.rb b/spec/lib/gitlab/checks/changes_access_spec.rb
index 41ec11c1055..60118823b5a 100644
--- a/spec/lib/gitlab/checks/changes_access_spec.rb
+++ b/spec/lib/gitlab/checks/changes_access_spec.rb
@@ -49,56 +49,26 @@ RSpec.describe Gitlab::Checks::ChangesAccess do
 
     context 'when changes contain empty revisions' do
       let(:expected_commit) { instance_double(Commit) }
-      let(:expected_allow_quarantine) { allow_quarantine }
 
       shared_examples 'returns only commits with non empty revisions' do
-        before do
-          stub_feature_flags(filter_quarantined_commits: filter_quarantined_commits)
-        end
-
         specify do
           expect(project.repository)
             .to receive(:new_commits)
-            .with([newrev], allow_quarantine: expected_allow_quarantine) { [expected_commit] }
+            .with([newrev]) { [expected_commit] }
           expect(subject.commits).to match_array([expected_commit])
         end
       end
 
-      it_behaves_like 'returns only commits with non empty revisions' do
+      context 'with oldrev' do
         let(:changes) { [{ oldrev: oldrev, newrev: newrev }, { newrev: '' }, { newrev: Gitlab::Git::BLANK_SHA }] }
-        let(:allow_quarantine) { true }
-        let(:filter_quarantined_commits) { true }
+
+        it_behaves_like 'returns only commits with non empty revisions'
       end
 
       context 'without oldrev' do
         let(:changes) { [{ newrev: newrev }, { newrev: '' }, { newrev: Gitlab::Git::BLANK_SHA }] }
 
-        context 'with disallowed quarantine' do
-          # The quarantine directory should not be used because we're lacking
-          # oldrev, and we're not filtering commits.
-          let(:allow_quarantine) { false }
-          let(:filter_quarantined_commits) { false }
-
-          it_behaves_like 'returns only commits with non empty revisions'
-        end
-
-        context 'with allowed quarantine and :filter_quarantined_commits disabled' do
-          # When we allow usage of the quarantine but have no oldrev and we're
-          # not filtering commits then results returned by the quarantine aren't
-          # accurate. We thus mustn't try using it.
-          let(:allow_quarantine) { true }
-          let(:filter_quarantined_commits) { false }
-          let(:expected_allow_quarantine) { false }
-
-          it_behaves_like 'returns only commits with non empty revisions'
-        end
-
-        context 'with allowed quarantine and :filter_quarantined_commits enabled' do
-          let(:allow_quarantine) { true }
-          let(:filter_quarantined_commits) { true }
-
-          it_behaves_like 'returns only commits with non empty revisions'
-        end
+        it_behaves_like 'returns only commits with non empty revisions'
       end
     end
   end
diff --git a/spec/lib/gitlab/checks/single_change_access_spec.rb b/spec/lib/gitlab/checks/single_change_access_spec.rb
index 1b34e58797e..8d9f96dd2b4 100644
--- a/spec/lib/gitlab/checks/single_change_access_spec.rb
+++ b/spec/lib/gitlab/checks/single_change_access_spec.rb
@@ -96,26 +96,14 @@ RSpec.describe Gitlab::Checks::SingleChangeAccess do
         let(:provided_commits) { nil }
 
         before do
-          stub_feature_flags(filter_quarantined_commits: filter_quarantined_commits)
-
           expect(project.repository)
             .to receive(:new_commits)
-            .with(newrev, allow_quarantine: filter_quarantined_commits)
+            .with(newrev)
             .once
             .and_return(expected_commits)
         end
 
-        context 'with :filter_quarantined_commits disabled' do
-          let(:filter_quarantined_commits) { false }
-
-          it_behaves_like '#commits'
-        end
-
-        context 'with :filter_quarantined_commits enabled' do
-          let(:filter_quarantined_commits) { true }
-
-          it_behaves_like '#commits'
-        end
+        it_behaves_like '#commits'
       end
     end
   end
diff --git a/spec/lib/gitlab/checks/tag_check_spec.rb b/spec/lib/gitlab/checks/tag_check_spec.rb
index e2e7d9c9648..6cd3a2d1c07 100644
--- a/spec/lib/gitlab/checks/tag_check_spec.rb
+++ b/spec/lib/gitlab/checks/tag_check_spec.rb
@@ -26,8 +26,18 @@ RSpec.describe Gitlab::Checks::TagCheck do
           let(:oldrev) { 'be93687618e4b132087f430a4d8fc3a609c9b77c' }
           let(:newrev) { '0000000000000000000000000000000000000000' }
 
-          it 'is prevented' do
-            expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, /cannot be deleted/)
+          context 'via web interface' do
+            let(:protocol) { 'web' }
+
+            it 'is allowed' do
+              expect { subject.validate! }.not_to raise_error
+            end
+          end
+
+          context 'via SSH' do
+            it 'is prevented' do
+              expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, /only delete.*web interface/)
+            end
           end
         end
 
@@ -41,6 +51,21 @@ RSpec.describe Gitlab::Checks::TagCheck do
         end
       end
 
+      context 'as developer' do
+        before do
+          project.add_developer(user)
+        end
+
+        context 'deletion' do
+          let(:oldrev) { 'be93687618e4b132087f430a4d8fc3a609c9b77c' }
+          let(:newrev) { '0000000000000000000000000000000000000000' }
+
+          it 'is prevented' do
+            expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, /not allowed to delete/)
+          end
+        end
+      end
+
       context 'creation' do
         let(:oldrev) { '0000000000000000000000000000000000000000' }
         let(:newrev) { '54fcc214b94e78d7a41a9a8fe6d87a5e59500e51' }