Allow creating protected branches that can't be pushed to

Review changes
Open in Workspace
Download
Patches
Plain diff

Allow creating protected branches that can't be pushed to

Timothy Andrewrequested to merge

18193-no-one-can-push into master Jul 05, 2016

Overview 115
Commits 23
Pipelines 1
Changes 35

What does this MR do?

Add "No one can push" as a setting to protected branches.
This applies to Masters (as well as all other users)

What are the relevant issue numbers?

Closes #18193 (closed)

Does this need an EE merge request?

Yes. gitlab-org/gitlab-ee!569

Screenshots

TODO

#18193 (closed) !5081 (merged) No one can push to protected branches
- Implementation
  - Model changes
    - Remove "developers_can_merge" and "developers_can_push"
    - Replace with ProtectedBranchPushAccess and ProtectedBranchMergeAccess
      - Reversible migration
      - Raise error on failure
      - MySQL
  - Backend changes
    - Creating a protected branch creates access rows
    - Add no_one as an access level
    - Enforce "no one can push"
    - Allow setting levels while creating protected branches?
  - Frontend
    - Replace checkboxes with selects
- Add tests
- GitPushService -> new projects' default branch protection
- Fix existing tests
- Refactor
- Test workflows by hand
  - from the Web UI
    - When "Allowed to Push" is "No one"
      - Developers can't push
      - Masters can't push
    - When "Allowed to Push" is "Developers + Masters"
      - Developers can push
      - Masters can push
    - When "Allowed to Push" is "Masters"
      - Developers can't push
      - Masters can push
    - When "Allowed to Merge" is "Masters" and "Allowed to Push" is "Masters"
      - Developers can't push
      - Developers can't merge
      - Masters can merge
      - Masters can push
    - When "Allowed to Merge" is "Developers + Masters" and "Allowed to Push" is "Masters"
      - Developers can't push
      - Developers can merge
      - Masters can merge
      - Masters can push
    - When "Allowed to Merge" is "Developers + Masters" and "Allowed to Push" is "No one"
      - Developers can't push
      - Developers can merge
      - Masters can merge
      - Masters can't push
    - When "Allowed to Merge" is "Masters" and "Allowed to Push" is "No one"
      - Developers can't push
      - Developers can't merge
      - Masters can merge
      - Masters can't push
  - from CLI
    - When "Allowed to Push" is "No one"
      - Developers can't push
      - Masters can't push
    - When "Allowed to Push" is "Developers + Masters"
      - Developers can push
      - Masters can push
    - When "Allowed to Push" is "Masters"
      - Developers can't push
      - Masters can push
    - When "Allowed to Merge" is "Masters" and "Allowed to Push" is "Masters"
      - Developers can't push
      - Developers can't merge
      - Masters can merge
      - Masters can push
    - When "Allowed to Merge" is "Developers + Masters" and "Allowed to Push" is "Masters"
      - Developers can't push
      - Developers can't merge
      - Masters can merge
      - Masters can push
    - When "Allowed to Merge" is "Developers + Masters" and "Allowed to Push" is "No one"
      - Developers can't push
      - Developers can't merge
      - Masters can't merge
      - Masters can't push
    - When "Allowed to Merge" is "Masters" and "Allowed to Push" is "No one"
      - Developers can't push
      - Developers can't merge
      - Masters can't merge
      - Masters can't push
- Add tests for owners and admins
- CHANGELOG
- Screenshots
- Documentation
- Wait for ~~!4665 (merged)~~ to be merged in
- Wait for ~~gitlab-org/gitlab-ce#19872~~ and ~~gitlab-org/gitlab-ee!564~~ to be closed
- Rebase against master instead of !4892 (merged)
- Make sure build is green
- Create EE MR
  - Cherry pick commits
  - Make sure build is green
- Address @axil's comments
- Assign to endboss
- Wait for @dbalexandre's review
- Address @dbalexandre's comments
- Address @axil's comments
  - Align dropdowns
  - No flash when protected branch is updated
- Resolve conflicts
- Implement protect/unprotect API
- Address @dbalexandre's comments
- Update EE MR
- Address @rymai's comments
  - Create/Update service should return a ProtectedBranch
  - Successfuly protected branch creation shouldn't load_protected_branches
  - Rename allowed_to_merge as #minimum_access_level_for_merge
  - Rename allowed_to_push as #minimum_access_level_for_push
  - Use inclusion and Gitlab::Access instead of an enum
  - Modify check_access to work with Gitlab::Access
  - Pass @protected_branch to #execute in UpdateService
  - simplify with a nested field protected_branch[push_access_level][access_level]
  - developers_can_{merge,push} should be handled in the API
  - Use can?(current_user, ...) instead of current_user.can?(...)
  - Instantiate ProtectedBranchesAccessSelect in dispatcher.js
  - constants regarding downtime migrations
  - Explicit #down for columns with default
- Update EE MR
- Wait for CE merge
- Wait for EE merge
- Create issue for UI changes proposed by @zyv

Merge request reports

Assignee Loading

Reviewers Loading

Request review from

Loading

Time tracking Loading

Loading