Limit queries to a user-branch combination

The query becomes a lot simpler if we can check the branch name as
well instead of having to load all branch names.

2 files changed, 7 insertions, 4 deletions

diff --git a/lib/gitlab/checks/change_access.rb b/lib/gitlab/checks/change_access.rb
index 87e9e47b21a..51ba09aa129 100644
--- a/lib/gitlab/checks/change_access.rb
+++ b/lib/gitlab/checks/change_access.rb
@@ -47,7 +47,7 @@ module Gitlab
       protected
 
       def push_checks
-        if user_access.cannot_do_action?(:push_to_repo)
+        unless can_push?
           raise GitAccess::UnauthorizedError, ERROR_MESSAGES[:push_code]
         end
       end
@@ -183,6 +183,11 @@ module Gitlab
       def commits
         @commits ||= project.repository.new_commits(newrev)
       end
+
+      def can_push?
+        user_access.can_do_action?(:push_code) ||
+          user_access.can_push_to_branch?(branch_name)
+      end
     end
   end
 end
diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb
index fa32776d9f8..fd68b9f2b48 100644
--- a/lib/gitlab/user_access.rb
+++ b/lib/gitlab/user_access.rb
@@ -70,10 +70,8 @@ module Gitlab
         protected_branch_accessible_to?(ref, action: :push)
       elsif user.can?(:push_code, project)
         true
-      elsif user.can?(:push_single_branch, project)
-        project.branches_allowing_maintainer_access_to_user(user).include?(ref)
       else
-        false
+        project.branch_allows_maintainer_push?(user, ref)
       end
     end