Fix enabling project deploy key for adminssh-fix-issue-53783-ce

Admins would be prevented from adding a project deploy key since the
accessible keys would be restricted to the user's keys.

Also backports a spec for DeployKeysController from
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/8432.

2 files changed, 22 insertions, 5 deletions

diff --git a/app/services/projects/disable_deploy_key_service.rb b/app/services/projects/disable_deploy_key_service.rb
new file mode 100644
index 00000000000..e483c0708c4
--- /dev/null
+++ b/app/services/projects/disable_deploy_key_service.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Projects
+  class DisableDeployKeyService < BaseService
+    def execute
+      # rubocop: disable CodeReuse/ActiveRecord
+      deploy_key_project = project.deploy_keys_projects.find_by(deploy_key_id: params[:id])
+      # rubocop: enable CodeReuse/ActiveRecord
+
+      deploy_key_project&.destroy!
+    end
+  end
+end
diff --git a/app/services/projects/enable_deploy_key_service.rb b/app/services/projects/enable_deploy_key_service.rb
index 102088e9557..38219cacee9 100644
--- a/app/services/projects/enable_deploy_key_service.rb
+++ b/app/services/projects/enable_deploy_key_service.rb
@@ -2,9 +2,10 @@
 
 module Projects
   class EnableDeployKeyService < BaseService
-    # rubocop: disable CodeReuse/ActiveRecord
     def execute
-      key = accessible_keys.find_by(id: params[:key_id] || params[:id])
+      key_id = params[:key_id] || params[:id]
+      key = find_accessible_key(key_id)
+
       return unless key
 
       unless project.deploy_keys.include?(key)
@@ -13,12 +14,15 @@ module Projects
 
       key
     end
-    # rubocop: enable CodeReuse/ActiveRecord
 
     private
 
-    def accessible_keys
-      current_user.accessible_deploy_keys
+    def find_accessible_key(key_id)
+      if current_user.admin?
+        DeployKey.find_by_id(key_id)
+      else
+        current_user.accessible_deploy_keys.find_by_id(key_id)
+      end
     end
   end
 end