Selectable deploy keys contain master projects

5 files changed, 29 insertions, 4 deletions

diff --git a/app/controllers/deploy_keys_controller.rb b/app/controllers/deploy_keys_controller.rb
index 1c7e4c1b37a..35d28becd05 100644
--- a/app/controllers/deploy_keys_controller.rb
+++ b/app/controllers/deploy_keys_controller.rb
@@ -54,6 +54,6 @@ class DeployKeysController < ProjectResourceController
   protected
 
   def available_keys
-    @available_keys ||= current_user.owned_deploy_keys
+    @available_keys ||= current_user.accessible_deploy_keys
   end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 0aed0ada757..a1244f9a489 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -90,6 +90,8 @@ class User < ActiveRecord::Base
 
   has_many :personal_projects,        through: :namespace, source: :projects
   has_many :projects,                 through: :users_projects
+  has_many :master_projects,          through: :users_projects, source: :project,
+                                      conditions: { users_projects: { project_access: UsersProject::MASTER } }
   has_many :own_projects,             foreign_key: :creator_id, class_name: 'Project'
   has_many :owned_projects,           through: :namespaces, source: :projects
 
@@ -354,7 +356,7 @@ class User < ActiveRecord::Base
     extern_uid && provider == 'ldap'
   end
 
-  def owned_deploy_keys
-    DeployKey.in_projects(self.owned_projects).uniq
+  def accessible_deploy_keys
+    DeployKey.in_projects(self.master_projects).uniq
   end
 end
diff --git a/features/steps/project/deploy_keys.rb b/features/steps/project/deploy_keys.rb
index fd9dce7fe30..7f7492bfd6d 100644
--- a/features/steps/project/deploy_keys.rb
+++ b/features/steps/project/deploy_keys.rb
@@ -35,6 +35,7 @@ class Spinach::Features::ProjectDeployKeys < Spinach::FeatureSteps
 
   step 'other project has deploy key' do
     @second_project = create :project, namespace: current_user.namespace
+    @second_project.team << [current_user, :master]
     create(:deploy_keys_project, project: @second_project)
   end
 
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index 8b20a2fcb14..f0648c326d5 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -439,7 +439,7 @@ module API
           end
 
           # Check for available deploy keys in other projects
-          key = current_user.owned_deploy_keys.find_by_key(attrs[:key])
+          key = current_user.accessible_deploy_keys.find_by_key(attrs[:key])
           if key
             user_project.deploy_keys << key
             present key, with: Entities::SSHKey
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 9673854da53..f0a6012d0c2 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -106,11 +106,33 @@ describe User do
       ActiveRecord::Base.observers.enable(:user_observer)
       @user = create :user
       @project = create :project, namespace: @user.namespace
+      @project_2 = create :project # Grant MASTER access to the user
+      @project_3 = create :project # Grant DEVELOPER access to the user
+
+      UsersProject.add_users_into_projects(
+        [@project_2.id], [@user.id], UsersProject::MASTER
+      )
+      UsersProject.add_users_into_projects(
+        [@project_3.id], [@user.id], UsersProject::DEVELOPER
+      )
     end
 
     it { @user.authorized_projects.should include(@project) }
+    it { @user.authorized_projects.should include(@project_2) }
+    it { @user.authorized_projects.should include(@project_3) }
     it { @user.owned_projects.should include(@project) }
+    it { @user.owned_projects.should_not include(@project_2) }
+    it { @user.owned_projects.should_not include(@project_3) }
     it { @user.personal_projects.should include(@project) }
+    it { @user.personal_projects.should_not include(@project_2) }
+    it { @user.personal_projects.should_not include(@project_3) }
+
+    # master_projects doesn't check creator/namespace.
+    # In real case the users_projects relation will certainly be assigned
+    # when the project is created.
+    it { @user.master_projects.should_not include(@project) }
+    it { @user.master_projects.should include(@project_2) }
+    it { @user.master_projects.should_not include(@project_3) }
   end
 
   describe 'groups' do