Verify that deploy token has valid access when pulling container registry image

author: Mayra Cabrera <mcabrera@gitlab.com> 2018-04-10 07:31:30 +0000
committer: Kamil Trzciński <ayufan@ayufan.eu> 2018-04-10 07:31:30 +0000
commit: 3e35f65394fad201a9277667772f3ad9c6940d07 (patch)
tree: a29edb1313437b8a242d01142a8a00c94dc6cd2f /app/services/auth
parent: bc841c7db9c37f6ea91911cb921db07608d8bdec (diff)
download: gitlab-ce-3e35f65394fad201a9277667772f3ad9c6940d07.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb
index 8f050072f74..f28cddb2af3 100644
--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -149,7 +149,8 @@ module Auth
     def deploy_token_can_pull?(requested_project)
       has_authentication_ability?(:read_container_image) &&
         current_user.is_a?(DeployToken) &&
-        current_user.has_access_to?(requested_project)
+        current_user.has_access_to?(requested_project) &&
+        current_user.read_registry?
     end
 
     ##
author	Mayra Cabrera <mcabrera@gitlab.com>	2018-04-10 07:31:30 +0000
committer	Kamil Trzciński <ayufan@ayufan.eu>	2018-04-10 07:31:30 +0000
commit	3e35f65394fad201a9277667772f3ad9c6940d07 (patch)
tree	a29edb1313437b8a242d01142a8a00c94dc6cd2f /app/services/auth
parent	bc841c7db9c37f6ea91911cb921db07608d8bdec (diff)
download	gitlab-ce-3e35f65394fad201a9277667772f3ad9c6940d07.tar.gz