diff --git a/lib/gitlab/checks/branch_check.rb b/lib/gitlab/checks/branch_check.rb index 1dbd564fb6f401b9046e277f38c25ef06a5f4920..4ddc1c718c7c8963771267670ea76822a8237201 100644 --- a/lib/gitlab/checks/branch_check.rb +++ b/lib/gitlab/checks/branch_check.rb @@ -48,7 +48,7 @@ module Gitlab if project.empty_repo? protected_branch_push_checks - elsif creation? && protected_branch_creation_enabled? + elsif creation? protected_branch_creation_checks elsif deletion? protected_branch_deletion_checks @@ -124,10 +124,6 @@ module Gitlab Gitlab::Routing.url_helpers.project_project_members_url(project) end - def protected_branch_creation_enabled? - Feature.enabled?(:protected_branch_creation, project, default_enabled: true) - end - def matching_merge_request? Checks::MatchingMergeRequest.new(newrev, branch_name, project).match? end diff --git a/spec/lib/gitlab/checks/branch_check_spec.rb b/spec/lib/gitlab/checks/branch_check_spec.rb index 8d5ab27a17c4a09e09ecd1ab8cb12de89f9e11db..71b64a3b9df498718200eada96a7679686a84f01 100644 --- a/spec/lib/gitlab/checks/branch_check_spec.rb +++ b/spec/lib/gitlab/checks/branch_check_spec.rb @@ -77,117 +77,85 @@ describe Gitlab::Checks::BranchCheck do let(:oldrev) { '0000000000000000000000000000000000000000' } let(:ref) { 'refs/heads/feature' } - context 'protected branch creation feature is disabled' do + context 'user can push to branch' do before do - stub_feature_flags(protected_branch_creation: false) + allow(user_access) + .to receive(:can_push_to_branch?) + .with('feature') + .and_return(true) end - context 'user is not allowed to push to protected branch' do - before do - allow(user_access) - .to receive(:can_push_to_branch?) - .and_return(false) - end - - it 'raises an error' do - expect { subject.validate! }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'You are not allowed to push code to protected branches on this project.') - end + it 'does not raise an error' do + expect { subject.validate! }.not_to raise_error end + end - context 'user is allowed to push to protected branch' do - before do - allow(user_access) - .to receive(:can_push_to_branch?) - .and_return(true) - end - - it 'does not raise an error' do - expect { subject.validate! }.not_to raise_error - end + context 'user cannot push to branch' do + before do + allow(user_access) + .to receive(:can_push_to_branch?) + .with('feature') + .and_return(false) end - end - context 'protected branch creation feature is enabled' do - context 'user can push to branch' do + context 'user cannot merge to branch' do before do allow(user_access) - .to receive(:can_push_to_branch?) + .to receive(:can_merge_to_branch?) .with('feature') - .and_return(true) + .and_return(false) end - it 'does not raise an error' do - expect { subject.validate! }.not_to raise_error + it 'raises an error' do + expect { subject.validate! }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'You are not allowed to create protected branches on this project.') end end - context 'user cannot push to branch' do + context 'user can merge to branch' do before do allow(user_access) - .to receive(:can_push_to_branch?) + .to receive(:can_merge_to_branch?) .with('feature') - .and_return(false) + .and_return(true) + + allow(project.repository) + .to receive(:branch_names_contains_sha) + .with(newrev) + .and_return(['branch']) end - context 'user cannot merge to branch' do + context "newrev isn't in any protected branches" do before do - allow(user_access) - .to receive(:can_merge_to_branch?) - .with('feature') + allow(ProtectedBranch) + .to receive(:any_protected?) + .with(project, ['branch']) .and_return(false) end it 'raises an error' do - expect { subject.validate! }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'You are not allowed to create protected branches on this project.') + expect { subject.validate! }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'You can only use an existing protected branch ref as the basis of a new protected branch.') end end - context 'user can merge to branch' do + context 'newrev is included in a protected branch' do before do - allow(user_access) - .to receive(:can_merge_to_branch?) - .with('feature') + allow(ProtectedBranch) + .to receive(:any_protected?) + .with(project, ['branch']) .and_return(true) - - allow(project.repository) - .to receive(:branch_names_contains_sha) - .with(newrev) - .and_return(['branch']) end - context "newrev isn't in any protected branches" do - before do - allow(ProtectedBranch) - .to receive(:any_protected?) - .with(project, ['branch']) - .and_return(false) - end + context 'via web interface' do + let(:protocol) { 'web' } - it 'raises an error' do - expect { subject.validate! }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'You can only use an existing protected branch ref as the basis of a new protected branch.') + it 'allows branch creation' do + expect { subject.validate! }.not_to raise_error end end - context 'newrev is included in a protected branch' do - before do - allow(ProtectedBranch) - .to receive(:any_protected?) - .with(project, ['branch']) - .and_return(true) - end - - context 'via web interface' do - let(:protocol) { 'web' } - - it 'allows branch creation' do - expect { subject.validate! }.not_to raise_error - end - end - - context 'via SSH' do - it 'raises an error' do - expect { subject.validate! }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'You can only create protected branches using the web interface and API.') - end + context 'via SSH' do + it 'raises an error' do + expect { subject.validate! }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'You can only create protected branches using the web interface and API.') end end end