diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-14 00:09:57 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-14 00:09:57 +0000 |
commit | 9398d718d92a40a0a917040645a55dea51467a91 (patch) | |
tree | ce1242c69221f1e6abd701439631cf6e6d1b948d /app/services/auth | |
parent | 602ea42669779ec431bcaeb41fd95e079b1a7021 (diff) | |
download | gitlab-ce-9398d718d92a40a0a917040645a55dea51467a91.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/services/auth')
-rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 629c1cbdc5c..4a699fe3213 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -135,7 +135,7 @@ module Auth when 'pull' build_can_pull?(requested_project) || user_can_pull?(requested_project) || deploy_token_can_pull?(requested_project) when 'push' - build_can_push?(requested_project) || user_can_push?(requested_project) + build_can_push?(requested_project) || user_can_push?(requested_project) || deploy_token_can_push?(requested_project) when 'delete' build_can_delete?(requested_project) || user_can_admin?(requested_project) when '*' @@ -185,6 +185,13 @@ module Auth current_user.read_registry? end + def deploy_token_can_push?(requested_project) + has_authentication_ability?(:create_container_image) && + current_user.is_a?(DeployToken) && + current_user.has_access_to?(requested_project) && + current_user.write_registry? + end + ## # We still support legacy pipeline triggers which do not have associated # actor. New permissions model and new triggers are always associated with |