diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-17 14:59:07 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-17 14:59:07 +0300 |
commit | 8b573c94895dc0ac0e1d9d59cf3e8745e8b539ca (patch) | |
tree | 544930fb309b30317ae9797a9683768705d664c4 /lib/gitlab/deploy_key_access.rb | |
parent | 4b1de649d0168371549608993deac953eb692019 (diff) |
Add latest changes from gitlab-org/gitlab@13-7-stable-eev13.7.0-rc42
Diffstat (limited to 'lib/gitlab/deploy_key_access.rb')
-rw-r--r-- | lib/gitlab/deploy_key_access.rb | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/lib/gitlab/deploy_key_access.rb b/lib/gitlab/deploy_key_access.rb new file mode 100644 index 00000000000..ca16582d2b4 --- /dev/null +++ b/lib/gitlab/deploy_key_access.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +module Gitlab + class DeployKeyAccess < UserAccess + def initialize(deploy_key, container: nil) + @deploy_key = deploy_key + @user = deploy_key.user + @container = container + end + + def can_push_for_ref?(ref) + can_push_to_branch?(ref) + end + + private + + attr_reader :deploy_key + + def protected_tag_accessible_to?(ref, action:) + assert_project! + + # a deploy key can always push a protected tag + # (which is not always the case when pushing to a protected branch) + true + end + + def can_collaborate?(_ref) + assert_project! + + project_has_active_user_keys? + end + + def project_has_active_user_keys? + user.can?(:read_project, project) && DeployKey.with_write_access_for_project(project).id_in(deploy_key.id).exists? + end + end +end |