Add latest changes from gitlab-org/gitlab@13-7-stable-eev13.7.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-12-17 14:59:07 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-12-17 14:59:07 +0300
commit: 8b573c94895dc0ac0e1d9d59cf3e8745e8b539ca (patch)
tree: 544930fb309b30317ae9797a9683768705d664c4 /lib/gitlab/deploy_key_access.rb
parent: 4b1de649d0168371549608993deac953eb692019 (diff)
1 files changed, 37 insertions, 0 deletions
diff --git a/lib/gitlab/deploy_key_access.rb b/lib/gitlab/deploy_key_access.rb
new file mode 100644
index 00000000000..ca16582d2b4
--- /dev/null
+++ b/lib/gitlab/deploy_key_access.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Gitlab
+  class DeployKeyAccess < UserAccess
+    def initialize(deploy_key, container: nil)
+      @deploy_key = deploy_key
+      @user = deploy_key.user
+      @container = container
+    end
+
+    def can_push_for_ref?(ref)
+      can_push_to_branch?(ref)
+    end
+
+    private
+
+    attr_reader :deploy_key
+
+    def protected_tag_accessible_to?(ref, action:)
+      assert_project!
+
+      # a deploy key can always push a protected tag
+      # (which is not always the case when pushing to a protected branch)
+      true
+    end
+
+    def can_collaborate?(_ref)
+      assert_project!
+
+      project_has_active_user_keys?
+    end
+
+    def project_has_active_user_keys?
+      user.can?(:read_project, project) && DeployKey.with_write_access_for_project(project).id_in(deploy_key.id).exists?
+    end
+  end
+end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-12-17 14:59:07 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-12-17 14:59:07 +0300
commit	8b573c94895dc0ac0e1d9d59cf3e8745e8b539ca (patch)
tree	544930fb309b30317ae9797a9683768705d664c4 /lib/gitlab/deploy_key_access.rb
parent	4b1de649d0168371549608993deac953eb692019 (diff)