Respect protected branches for manual actions
We should make sure that permissions for manual actions aligns with expectations of developers, especially for protect branches.
Treat manual actions like a repo write.
Example: If the
master branch is protected, only people with full permission to that branch can trigger a manual action on that branch.
Hiding any controls to whom is not allowed to
Show the action as disabled, and clearly let the user know why they can't do it with a tooltip.
Tooltip should state:
Action not possible due to protected branch
- From https://gitlab.com/gitlab-org/gitlab-ce/issues/17010#note_13272378
- Master issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/21911
Manual actions now require the same permissions as a repository write, allowing control over who can trigger manual actions. For example, triggering a manual deploy job to production from the master branch can now be restricted to a narrower set of users with access to commit.