lib/gitlab/access/branch_protection.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

# frozen_string_literal: true

module Gitlab
  module Access
    # A wrapper around Integer based branch protection levels.
    #
    # This wrapper can be used to work with branch protection levels without
    # having to directly refer to the constants. For example, instead of this:
    #
    #     if access_level == Gitlab::Access::PROTECTION_DEV_CAN_PUSH
    #       ...
    #     end
    #
    # You can write this instead:
    #
    #     protection = BranchProtection.new(access_level)
    #
    #     if protection.developer_can_push?
    #       ...
    #     end
    class BranchProtection
      attr_reader :level

      # @param [Integer] level The branch protection level as an Integer.
      def initialize(level)
        @level = level
      end

      def any?
        level != PROTECTION_NONE
      end

      def developer_can_push?
        level == PROTECTION_DEV_CAN_PUSH
      end

      def developer_can_initial_push?
        level == PROTECTION_DEV_CAN_INITIAL_PUSH
      end

      def developer_can_merge?
        level == PROTECTION_DEV_CAN_MERGE
      end

      def fully_protected?
        level == PROTECTION_FULL
      end

      def to_hash
        # translate the original integer values into a json payload
        # that matches the protected branches API:
        # https://docs.gitlab.com/ee/api/protected_branches.html#update-a-protected-branch
        case level
        when PROTECTION_NONE
          self.class.protection_none
        when PROTECTION_DEV_CAN_PUSH
          self.class.protection_partial
        when PROTECTION_FULL
          self.class.protected_fully
        when PROTECTION_DEV_CAN_MERGE
          self.class.protected_against_developer_pushes
        when PROTECTION_DEV_CAN_INITIAL_PUSH
          self.class.protected_after_initial_push
        end
      end

      class << self
        def protection_none
          {
            allowed_to_push: [{ 'access_level' => Gitlab::Access::DEVELOPER }],
            allowed_to_merge: [{ 'access_level' => Gitlab::Access::DEVELOPER }],
            allow_force_push: true
          }
        end

        def protection_partial
          protection_none.merge(allow_force_push: false)
        end

        def protected_fully
          {
            allowed_to_push: [{ 'access_level' => Gitlab::Access::MAINTAINER }],
            allowed_to_merge: [{ 'access_level' => Gitlab::Access::MAINTAINER }],
            allow_force_push: false
          }
        end

        def protected_against_developer_pushes
          {
            allowed_to_push: [{ 'access_level' => Gitlab::Access::MAINTAINER }],
            allowed_to_merge: [{ 'access_level' => Gitlab::Access::DEVELOPER }],
            allow_force_push: true
          }
        end

        def protected_after_initial_push
          {
            allowed_to_push: [{ 'access_level' => Gitlab::Access::MAINTAINER }],
            allowed_to_merge: [{ 'access_level' => Gitlab::Access::DEVELOPER }],
            allow_force_push: true,
            developer_can_initial_push: true
          }
        end
      end
    end
  end
end