diff options
Diffstat (limited to 'lib/gitlab/deploy_key_access.rb')
-rw-r--r-- | lib/gitlab/deploy_key_access.rb | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/lib/gitlab/deploy_key_access.rb b/lib/gitlab/deploy_key_access.rb new file mode 100644 index 00000000000..ca16582d2b4 --- /dev/null +++ b/lib/gitlab/deploy_key_access.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +module Gitlab + class DeployKeyAccess < UserAccess + def initialize(deploy_key, container: nil) + @deploy_key = deploy_key + @user = deploy_key.user + @container = container + end + + def can_push_for_ref?(ref) + can_push_to_branch?(ref) + end + + private + + attr_reader :deploy_key + + def protected_tag_accessible_to?(ref, action:) + assert_project! + + # a deploy key can always push a protected tag + # (which is not always the case when pushing to a protected branch) + true + end + + def can_collaborate?(_ref) + assert_project! + + project_has_active_user_keys? + end + + def project_has_active_user_keys? + user.can?(:read_project, project) && DeployKey.with_write_access_for_project(project).id_in(deploy_key.id).exists? + end + end +end |