Add latest changes from gitlab-org/security/gitlab@13-3-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-09-01 19:52:41 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-09-01 19:52:41 +0300
commit: a986819a7bce2002018dfafed3900dc3f2e8fb81 (patch)
tree: 15c063738d999a0aff035c4842885276a9ab6ac4 /lib/gitlab/git_access.rb
parent: 92d5172ad42ebc62eb78cac21b1e236ad6ace580 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index f3b53a2ba0b..b67b3a37440 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -98,6 +98,13 @@ module Gitlab
       Guest.can?(download_ability, container)
     end
 
+    def deploy_key_can_download_code?
+      authentication_abilities.include?(:download_code) &&
+        deploy_key? &&
+        deploy_key.has_access_to?(container) &&
+        (project? && project&.repository_access_level != ::Featurable::DISABLED)
+    end
+
     def user_can_download_code?
       authentication_abilities.include?(:download_code) &&
         user_access.can_do_action?(download_ability)
@@ -257,7 +264,7 @@ module Gitlab
     end
 
     def check_download_access!
-      passed = deploy_key? ||
+      passed = deploy_key_can_download_code? ||
         deploy_token? ||
         user_can_download_code? ||
         build_can_download_code? ||
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-09-01 19:52:41 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-09-01 19:52:41 +0300
commit	a986819a7bce2002018dfafed3900dc3f2e8fb81 (patch)
tree	15c063738d999a0aff035c4842885276a9ab6ac4 /lib/gitlab/git_access.rb
parent	92d5172ad42ebc62eb78cac21b1e236ad6ace580 (diff)