Update protected branches spec to work with the `select`s.

app/assets/javascripts/protected_branches_access_select.js.coffee

@@ -34,6 +34,7 @@ class @ProtectedBranchesAccessSelect
         success: ->
           row = $(e.target)
           row.closest('tr').effect('highlight')
+          new Flash("Updated protected branch!", "notice")
 
         error: ->
           new Flash("Failed to update branch!", "alert")

app/views/projects/protected_branches/_protected_branch.html.haml

@@ -16,10 +16,14 @@
         (branch was removed from repository)
   %td
     = hidden_field_tag "allowed_to_merge_#{protected_branch.id}", protected_branch.merge_access_level.access_level
-    = dropdown_tag(protected_branch.merge_access_level.access_level.humanize, options: { title: "Allowed To Merge", toggle_class: 'allowed-to-merge', dropdown_class: 'dropdown-menu-selectable', data: { field_name: "allowed_to_merge_#{protected_branch.id}", url: url, id: protected_branch.id, type: "allowed_to_merge" }})
+    = dropdown_tag(protected_branch.merge_access_level.access_level.humanize,
+                   options: { title: "Allowed To Merge", toggle_class: 'allowed-to-merge', dropdown_class: 'dropdown-menu-selectable merge',
+                   data: { field_name: "allowed_to_merge_#{protected_branch.id}", url: url, id: protected_branch.id, type: "allowed_to_merge" }})
   %td
     = hidden_field_tag "allowed_to_push_#{protected_branch.id}", protected_branch.push_access_level.access_level
-    = dropdown_tag(protected_branch.push_access_level.access_level.humanize, options: { title: "Allowed To Push", toggle_class: 'allowed-to-push', dropdown_class: 'dropdown-menu-selectable', data: { field_name: "allowed_to_push_#{protected_branch.id}", url: url, id: protected_branch.id, type: "allowed_to_push" }})
+    = dropdown_tag(protected_branch.push_access_level.access_level.humanize,
+                   options: { title: "Allowed To Push", toggle_class: 'allowed-to-push', dropdown_class: 'dropdown-menu-selectable push',
+                   data: { field_name: "allowed_to_push_#{protected_branch.id}", url: url, id: protected_branch.id, type: "allowed_to_push" }})
   - if can_admin_project
     %td
       = link_to 'Unprotect', [@project.namespace.becomes(Namespace), @project, protected_branch], data: { confirm: 'Branch will be writable for developers. Are you sure?' }, method: :delete, class: "btn btn-warning btn-sm pull-right"

spec/features/protected_branches_spec.rb

@@ -81,4 +81,79 @@ feature 'Projected Branches', feature: true, js: true do
       end
     end
   end
+
+  describe "access control" do
+    [
+      ['developers', 'Developers + Masters'],
+      ['masters', 'Masters'],
+      ['no_one', 'No one']
+    ].each do |access_type_id, access_type_name|
+      it "allows creating protected branches that #{access_type_name} can push to" do
+        visit namespace_project_protected_branches_path(project.namespace, project)
+        set_protected_branch_name('master')
+        within('.new_protected_branch') do
+          find(".allowed-to-push").click
+          click_on access_type_name
+        end
+        click_on "Protect"
+
+        expect(ProtectedBranch.count).to eq(1)
+        expect(ProtectedBranch.last.allowed_to_push).to eq(access_type_id)
+      end
+
+      # This spec fails on PhantomJS versions below 2.0, which don't support `PATCH` requests.
+      # https://github.com/ariya/phantomjs/issues/11384
+      it "allows updating protected branches so that #{access_type_name} can push to them" do
+        visit namespace_project_protected_branches_path(project.namespace, project)
+        set_protected_branch_name('master')
+        click_on "Protect"
+
+        expect(ProtectedBranch.count).to eq(1)
+
+        within(".protected-branches-list") do
+          find(".allowed-to-push").click
+          within('.dropdown-menu.push') { click_on access_type_name }
+        end
+
+        expect(page).to have_content "Updated protected branch"
+        expect(ProtectedBranch.last.allowed_to_push).to eq(access_type_id)
+      end
+    end
+
+    [
+      ['developers', 'Developers + Masters'],
+      ['masters', 'Masters']
+    ].each do |access_type_id, access_type_name|
+      it "allows creating protected branches that #{access_type_name} can merge to" do
+        visit namespace_project_protected_branches_path(project.namespace, project)
+        set_protected_branch_name('master')
+        within('.new_protected_branch') do
+          find(".allowed-to-merge").click
+          click_on access_type_name
+        end
+        click_on "Protect"
+
+        expect(ProtectedBranch.count).to eq(1)
+        expect(ProtectedBranch.last.allowed_to_merge).to eq(access_type_id)
+      end
+
+      # This spec fails on PhantomJS versions below 2.0, which don't support `PATCH` requests.
+      # https://github.com/ariya/phantomjs/issues/11384
+      it "allows updating protected branches so that #{access_type_name} can merge to them" do
+        visit namespace_project_protected_branches_path(project.namespace, project)
+        set_protected_branch_name('master')
+        click_on "Protect"
+
+        expect(ProtectedBranch.count).to eq(1)
+
+        within(".protected-branches-list") do
+          find(".allowed-to-merge").click
+          within('.dropdown-menu.merge') { click_on access_type_name }
+        end
+
+        expect(page).to have_content "Updated protected branch"
+        expect(ProtectedBranch.last.allowed_to_merge).to eq(access_type_id)
+      end
+    end
+  end
 end