diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-02 21:09:35 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-02 21:09:35 +0300 |
commit | ad05e1db038a2e983d25555144fa29063e060c50 (patch) | |
tree | 36f9c8b4d1d300b69e00c14793303c10cd020f2a /lib/gitlab/deploy_key_access.rb | |
parent | 1bdf79827c623cc92504223a1085f366115bbb3d (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/deploy_key_access.rb')
-rw-r--r-- | lib/gitlab/deploy_key_access.rb | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/lib/gitlab/deploy_key_access.rb b/lib/gitlab/deploy_key_access.rb new file mode 100644 index 00000000000..97fd6db407b --- /dev/null +++ b/lib/gitlab/deploy_key_access.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +module Gitlab + class DeployKeyAccess < UserAccess + def initialize(deploy_key, container: nil) + @deploy_key = deploy_key + @user = deploy_key.user + @container = container + end + + private + + attr_reader :deploy_key + + def protected_tag_accessible_to?(ref, action:) + assert_project! + + # a deploy key can always push a protected tag + # (which is not always the case when pushing to a protected branch) + true + end + + def can_collaborate?(_ref) + assert_project! + + project_has_active_user_keys? + end + + def project_has_active_user_keys? + user.can?(:read_project, project) && DeployKey.with_write_access_for_project(project).id_in(deploy_key.id).exists? + end + end +end |