From 1ebd9dad8e4a3ade4fa829d1d5ac6cbc9825bf48 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Mon, 8 May 2017 07:41:58 +0000 Subject: Add confirm delete protected branch modal --- lib/gitlab/checks/change_access.rb | 68 +++++++++++++++++++++++--------------- lib/gitlab/user_access.rb | 10 ++++++ 2 files changed, 51 insertions(+), 27 deletions(-) (limited to 'lib') diff --git a/lib/gitlab/checks/change_access.rb b/lib/gitlab/checks/change_access.rb index 8793b20aa35..c984eb20606 100644 --- a/lib/gitlab/checks/change_access.rb +++ b/lib/gitlab/checks/change_access.rb @@ -1,7 +1,6 @@ module Gitlab module Checks class ChangeAccess - # protocol is currently used only in EE attr_reader :user_access, :project, :skip_authorization, :protocol def initialize( @@ -18,7 +17,9 @@ module Gitlab end def exec - error = push_checks || tag_checks || protected_branch_checks + return GitAccessStatus.new(true) if skip_authorization + + error = push_checks || branch_checks || tag_checks if error GitAccessStatus.new(false, error) @@ -29,35 +30,59 @@ module Gitlab protected - def protected_branch_checks - return if skip_authorization + def push_checks + if user_access.cannot_do_action?(:push_code) + "You are not allowed to push code to this project." + end + end + + def branch_checks return unless @branch_name + + if deletion? && @branch_name == project.default_branch + return "The default branch of a project cannot be deleted." + end + + protected_branch_checks + end + + def protected_branch_checks return unless ProtectedBranch.protected?(project, @branch_name) if forced_push? return "You are not allowed to force push code to a protected branch on this project." - elsif deletion? - return "You are not allowed to delete protected branches from this project." end + if deletion? + protected_branch_deletion_checks + else + protected_branch_push_checks + end + end + + def protected_branch_deletion_checks + unless user_access.can_delete_branch?(@branch_name) + return 'You are not allowed to delete protected branches from this project. Only a project master or owner can delete a protected branch.' + end + + unless protocol == 'web' + 'You can only delete protected branches using the web interface.' + end + end + + def protected_branch_push_checks if matching_merge_request? - if user_access.can_merge_to_branch?(@branch_name) || user_access.can_push_to_branch?(@branch_name) - return - else + unless user_access.can_merge_to_branch?(@branch_name) || user_access.can_push_to_branch?(@branch_name) "You are not allowed to merge code into protected branches on this project." end else - if user_access.can_push_to_branch?(@branch_name) - return - else + unless user_access.can_push_to_branch?(@branch_name) "You are not allowed to push code to protected branches on this project." end end end def tag_checks - return if skip_authorization - return unless @tag_name if tag_exists? && user_access.cannot_do_action?(:admin_project) @@ -68,7 +93,8 @@ module Gitlab end def protected_tag_checks - return unless tag_protected? + return unless ProtectedTag.protected?(project, @tag_name) + return "Protected tags cannot be updated." if update? return "Protected tags cannot be deleted." if deletion? @@ -77,18 +103,6 @@ module Gitlab end end - def tag_protected? - ProtectedTag.protected?(project, @tag_name) - end - - def push_checks - return if skip_authorization - - if user_access.cannot_do_action?(:push_code) - "You are not allowed to push code to this project." - end - end - private def tag_exists? diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb index e46ff313654..3b922da7ced 100644 --- a/lib/gitlab/user_access.rb +++ b/lib/gitlab/user_access.rb @@ -38,6 +38,16 @@ module Gitlab end end + def can_delete_branch?(ref) + return false unless can_access_git? + + if ProtectedBranch.protected?(project, ref) + user.can?(:delete_protected_branch, project) + else + user.can?(:push_code, project) + end + end + def can_push_to_branch?(ref) return false unless can_access_git? -- cgit v1.2.3