diff options
author | Lin Jen-Shin <godfat@godfat.org> | 2016-11-17 22:48:23 +0300 |
---|---|---|
committer | Lin Jen-Shin <godfat@godfat.org> | 2016-11-17 22:48:23 +0300 |
commit | 8c1a01e05fd3c6e1621242aaf31a0ce2789ad546 (patch) | |
tree | 2d59e5858f9a3b1c9ade86c944e1670bfcb572dc /lib/gitlab/checks | |
parent | 2489332297b441b3ebc0c3df2e8ff14dc88a72cf (diff) |
We never check user privilege if it's a deploy key
Diffstat (limited to 'lib/gitlab/checks')
-rw-r--r-- | lib/gitlab/checks/change_access.rb | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/gitlab/checks/change_access.rb b/lib/gitlab/checks/change_access.rb index cb1065223d4..6b6a86ffde9 100644 --- a/lib/gitlab/checks/change_access.rb +++ b/lib/gitlab/checks/change_access.rb @@ -1,13 +1,15 @@ module Gitlab module Checks class ChangeAccess - attr_reader :user_access, :project + attr_reader :user_access, :project, :skip_authorization - def initialize(change, user_access:, project:) + def initialize( + change, user_access:, project:, skip_authorization: false) @oldrev, @newrev, @ref = change.values_at(:oldrev, :newrev, :ref) @branch_name = Gitlab::Git.branch_name(@ref) @user_access = user_access @project = project + @skip_authorization = skip_authorization end def exec @@ -23,6 +25,7 @@ module Gitlab protected def protected_branch_checks + return if skip_authorization return unless @branch_name return unless project.protected_branch?(@branch_name) @@ -48,6 +51,8 @@ module Gitlab end def tag_checks + return if skip_authorization + tag_ref = Gitlab::Git.tag_name(@ref) if tag_ref && protected_tag?(tag_ref) && user_access.cannot_do_action?(:admin_project) @@ -56,6 +61,8 @@ module Gitlab end def push_checks + return if skip_authorization + if user_access.cannot_do_action?(:push_code) "You are not allowed to push code to this project." end |