diff options
| author | James Edwards-Jones <jedwardsjones@gitlab.com> | 2017-03-31 19:57:29 +0300 |
|---|---|---|
| committer | James Edwards-Jones <jedwardsjones@gitlab.com> | 2017-03-31 21:37:38 +0300 |
| commit | e3fbcd0093b07bbc084061992bb8ae6bd4343d52 (patch) | |
| tree | e61b5e5c446979ee627d0fa18bf52d7b0e4d3ca4 /lib/gitlab/user_access.rb | |
| parent | b5fce1d5ac87546e8f31fb0ef6f6c4d514670198 (diff) | |
Protected Tags enforced over git
Diffstat (limited to 'lib/gitlab/user_access.rb')
| -rw-r--r-- | lib/gitlab/user_access.rb | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb index f260c0c535f..921159d91ef 100644 --- a/lib/gitlab/user_access.rb +++ b/lib/gitlab/user_access.rb @@ -28,6 +28,22 @@ module Gitlab true end + #TODO: Test this + #TODO move most to ProtectedTag::AccessChecker. Or maybe UserAccess::Protections::Tag + #TODO: then consider removing method, if it turns out can_access_git? and can?(:push_code are checked in change_access + def can_push_tag?(ref) + return false unless can_access_git? + + if project.protected_tag?(ref) + access_levels = project.protected_tags.matching(ref).map(&:push_access_levels).flatten + has_access = access_levels.any? { |access_level| access_level.check_access(user) } + + has_access + else + user.can?(:push_code, project) + end + end + def can_push_to_branch?(ref) return false unless can_access_git? |