Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

GitLab.org
GitLab FOSS
Merge requests
!5081

Allow creating protected branches that can't be pushed to

Review changes
Download
Patches
Plain diff

Timothy Andrew requested to merge 18193-no-one-can-push into master Jul 05, 2016

Overview 115
Commits 23
Pipelines 1
Changes 35

What does this MR do?

Add "No one can push" as a setting to protected branches.
This applies to Masters (as well as all other users)

What are the relevant issue numbers?

Closes #18193 (closed)

Does this need an EE merge request?

Yes. gitlab-org/gitlab-ee!569

Screenshots

TODO

#18193 (closed) !5081 (merged) No one can push to protected branches
- Implementation
  - Model changes
    - Remove "developers_can_merge" and "developers_can_push"
    - Replace with ProtectedBranchPushAccess and ProtectedBranchMergeAccess
      - Reversible migration
      - Raise error on failure
      - MySQL
  - Backend changes
    - Creating a protected branch creates access rows
    - Add no_one as an access level
    - Enforce "no one can push"
    - Allow setting levels while creating protected branches?
  - Frontend
    - Replace checkboxes with selects
- Add tests
- GitPushService -> new projects' default branch protection
- Fix existing tests
- Refactor
- Test workflows by hand
  - from the Web UI
    - When "Allowed to Push" is "No one"
      - Developers can't push
      - Masters can't push
    - When "Allowed to Push" is "Developers + Masters"
      - Developers can push
      - Masters can push
    - When "Allowed to Push" is "Masters"
      - Developers can't push
      - Masters can push
    - When "Allowed to Merge" is "Masters" and "Allowed to Push" is "Masters"
      - Developers can't push
      - Developers can't merge
      - Masters can merge
      - Masters can push
    - When "Allowed to Merge" is "Developers + Masters" and "Allowed to Push" is "Masters"
      - Developers can't push
      - Developers can merge
      - Masters can merge
      - Masters can push
    - When "Allowed to Merge" is "Developers + Masters" and "Allowed to Push" is "No one"
      - Developers can't push
      - Developers can merge
      - Masters can merge
      - Masters can't push
    - When "Allowed to Merge" is "Masters" and "Allowed to Push" is "No one"
      - Developers can't push
      - Developers can't merge
      - Masters can merge
      - Masters can't push
  - from CLI
    - When "Allowed to Push" is "No one"
      - Developers can't push
      - Masters can't push
    - When "Allowed to Push" is "Developers + Masters"
      - Developers can push
      - Masters can push
    - When "Allowed to Push" is "Masters"
      - Developers can't push
      - Masters can push
    - When "Allowed to Merge" is "Masters" and "Allowed to Push" is "Masters"
      - Developers can't push
      - Developers can't merge
      - Masters can merge
      - Masters can push
    - When "Allowed to Merge" is "Developers + Masters" and "Allowed to Push" is "Masters"
      - Developers can't push
      - Developers can't merge
      - Masters can merge
      - Masters can push
    - When "Allowed to Merge" is "Developers + Masters" and "Allowed to Push" is "No one"
      - Developers can't push
      - Developers can't merge
      - Masters can't merge
      - Masters can't push
    - When "Allowed to Merge" is "Masters" and "Allowed to Push" is "No one"
      - Developers can't push
      - Developers can't merge
      - Masters can't merge
      - Masters can't push
- Add tests for owners and admins
- CHANGELOG
- Screenshots
- Documentation
- Wait for ~~!4665 (merged)~~ to be merged in
- Wait for ~~gitlab-org/gitlab-ce#19872~~ and ~~gitlab-org/gitlab-ee!564~~ to be closed
- Rebase against master instead of !4892 (merged)
- Make sure build is green
- Create EE MR
  - Cherry pick commits
  - Make sure build is green
- Address @axil's comments
- Assign to endboss
- Wait for @dbalexandre's review
- Address @dbalexandre's comments
- Address @axil's comments
  - Align dropdowns
  - No flash when protected branch is updated
- Resolve conflicts
- Implement protect/unprotect API
- Address @dbalexandre's comments
- Update EE MR
- Address @rymai's comments
  - Create/Update service should return a ProtectedBranch
  - Successfuly protected branch creation shouldn't load_protected_branches
  - Rename allowed_to_merge as #minimum_access_level_for_merge
  - Rename allowed_to_push as #minimum_access_level_for_push
  - Use inclusion and Gitlab::Access instead of an enum
  - Modify check_access to work with Gitlab::Access
  - Pass @protected_branch to #execute in UpdateService
  - simplify with a nested field protected_branch[push_access_level][access_level]
  - developers_can_{merge,push} should be handled in the API
  - Use can?(current_user, ...) instead of current_user.can?(...)
  - Instantiate ProtectedBranchesAccessSelect in dispatcher.js
  - constants regarding downtime migrations
  - Explicit #down for columns with default
- Update EE MR
- Wait for CE merge
- Wait for EE merge
- Create issue for UI changes proposed by @zyv

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking