diff options
author | Stan Hu <stanhu@gmail.com> | 2018-11-16 21:59:17 -0800 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2018-11-16 23:18:06 -0800 |
commit | 7be7f570dc9d8bf482d8a1e548b3bd21cccdc39d (patch) | |
tree | 09c3e305a6af2aac3f2ee5eb58e5eba85e124079 /app/services | |
parent | 6494467a191f119af31ce3e8d3f32885c1244bdc (diff) | |
download | gitlab-ce-7be7f570dc9d8bf482d8a1e548b3bd21cccdc39d.tar.gz |
Fix enabling project deploy key for adminssh-fix-issue-53783-ce
Admins would be prevented from adding a project deploy key since the
accessible keys would be restricted to the user's keys.
Also backports a spec for DeployKeysController from
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/8432.
Diffstat (limited to 'app/services')
-rw-r--r-- | app/services/projects/disable_deploy_key_service.rb | 13 | ||||
-rw-r--r-- | app/services/projects/enable_deploy_key_service.rb | 14 |
2 files changed, 22 insertions, 5 deletions
diff --git a/app/services/projects/disable_deploy_key_service.rb b/app/services/projects/disable_deploy_key_service.rb new file mode 100644 index 00000000000..e483c0708c4 --- /dev/null +++ b/app/services/projects/disable_deploy_key_service.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +module Projects + class DisableDeployKeyService < BaseService + def execute + # rubocop: disable CodeReuse/ActiveRecord + deploy_key_project = project.deploy_keys_projects.find_by(deploy_key_id: params[:id]) + # rubocop: enable CodeReuse/ActiveRecord + + deploy_key_project&.destroy! + end + end +end diff --git a/app/services/projects/enable_deploy_key_service.rb b/app/services/projects/enable_deploy_key_service.rb index 102088e9557..38219cacee9 100644 --- a/app/services/projects/enable_deploy_key_service.rb +++ b/app/services/projects/enable_deploy_key_service.rb @@ -2,9 +2,10 @@ module Projects class EnableDeployKeyService < BaseService - # rubocop: disable CodeReuse/ActiveRecord def execute - key = accessible_keys.find_by(id: params[:key_id] || params[:id]) + key_id = params[:key_id] || params[:id] + key = find_accessible_key(key_id) + return unless key unless project.deploy_keys.include?(key) @@ -13,12 +14,15 @@ module Projects key end - # rubocop: enable CodeReuse/ActiveRecord private - def accessible_keys - current_user.accessible_deploy_keys + def find_accessible_key(key_id) + if current_user.admin? + DeployKey.find_by_id(key_id) + else + current_user.accessible_deploy_keys.find_by_id(key_id) + end end end end |