Guard editing of branch protection

Paulina Sedlak-Jakubowskarequested to merge
474084-guard-editing-protected-branches into master

What does this MR do and why?

This merge request aims to improve the logic for editing protected branches, making it independent of the edit_branch_rule feature flag.

Changes:

  1. Pass the admin_protected_branches value to the branch rule details page.
  2. Use this value to determine if editing options should be available for protected branches.

This is a result of the testing of !163767 (comment 2090876963). When selecting a deploy key for Allowed to push and merge, the error is thrown. I was not able to reproduce that error myself, but looking into a possible root cause, I realised the inconsistencies between Protected branches on Repository settings vs. on Branch rule details page.

In the Settings/Repository/Protected branches we use admin_protected_branches to guard adding the protection (see the file). I'm reusing the same value to limit the editing of the branch protection. It will still be possible to see it, as it is possible now.

Here you can read more about my investigation: !163767 (comment 2091562787)

This MR also partially fixes Guard Branch Rule Editing with permissions (#464039 - closed)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After
Screenshot 2024-09-05 at 16.19.45.png Screenshot 2024-09-05 at 16.19.45.png
Screenshot 2024-09-05 at 16.19.45.png Screenshot 2024-09-05 at 16.20.47.png

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. In rails console enable the experiment fully

    Feature.enable(:edit_branch_rules)

  2. Go to Project / Settings / Repository / Branch rules and click View details for a branch you protected OR create a new branch rule

  3. Make sure you can edit all the sections.

  4. Apply this patch to simulate canAdminProtectedBranches being false:

    diff --git a/app/assets/javascripts/projects/settings/branch_rules/mount_branch_rules.js b/app/assets/javascripts/projects/settings/branch_rules/mount_branch_rules.js
index 96d38e69fcd1..b66794f9d8c0 100644
--- a/app/assets/javascripts/projects/settings/branch_rules/mount_branch_rules.js
+++ b/app/assets/javascripts/projects/settings/branch_rules/mount_branch_rules.js
@@ -44,7 +44,7 @@ export default function mountBranchRules(el, store) {
       showStatusChecks: parseBoolean(showStatusChecks),
       showApprovers: parseBoolean(showApprovers),
       showCodeOwners: parseBoolean(showCodeOwners),
-      canAdminProtectedBranches: parseBoolean(canAdminProtectedBranches),
+      canAdminProtectedBranches: !parseBoolean(canAdminProtectedBranches),
     },
     render(h) {
       return h(View);
    1. Refresh the page. You should be able to edit some of the sections (delete the rule, change rule target). But Protect branch section should be in reading mode. The same as it is when you disable edit_branch_rules feature flag.

Related to #474084 (closed)

Edited by Paulina Sedlak-Jakubowska

Merge request reports