Add latest changes from gitlab-org/gitlab@13-6-stable-eev13.6.0-rc42

1 files changed, 25 insertions, 0 deletions

diff --git a/app/models/protected_branch/push_access_level.rb b/app/models/protected_branch/push_access_level.rb
index bde1d29ad7f..63d577a4866 100644
--- a/app/models/protected_branch/push_access_level.rb
+++ b/app/models/protected_branch/push_access_level.rb
@@ -2,4 +2,29 @@
 
 class ProtectedBranch::PushAccessLevel < ApplicationRecord
   include ProtectedBranchAccess
+
+  belongs_to :deploy_key
+
+  validates :access_level, uniqueness: { scope: :protected_branch_id, if: :role?,
+                                         conditions: -> { where(user_id: nil, group_id: nil, deploy_key_id: nil) } }
+  validates :deploy_key_id, uniqueness: { scope: :protected_branch_id, allow_nil: true }
+  validate :validate_deploy_key_membership
+
+  def type
+    if self.deploy_key.present?
+      :deploy_key
+    else
+      super
+    end
+  end
+
+  private
+
+  def validate_deploy_key_membership
+    return unless deploy_key
+
+    unless project.deploy_keys_projects.where(deploy_key: deploy_key).exists?
+      self.errors.add(:deploy_key, 'is not enabled for this project')
+    end
+  end
 end