diff options
Diffstat (limited to 'app/models/concerns/protected_ref.rb')
-rw-r--r-- | app/models/concerns/protected_ref.rb | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/app/models/concerns/protected_ref.rb b/app/models/concerns/protected_ref.rb index 65195a8d5aa..cf23a27244c 100644 --- a/app/models/concerns/protected_ref.rb +++ b/app/models/concerns/protected_ref.rb @@ -40,20 +40,26 @@ module ProtectedRef end def protected_ref_accessible_to?(ref, user, project:, action:, protected_refs: nil) - access_levels_for_ref(ref, action: action, protected_refs: protected_refs).any? do |access_level| + all_matching_rules_allow?(ref, action: action, protected_refs: protected_refs) do |access_level| access_level.check_access(user) end end def developers_can?(action, ref, protected_refs: nil) - access_levels_for_ref(ref, action: action, protected_refs: protected_refs).any? do |access_level| + all_matching_rules_allow?(ref, action: action, protected_refs: protected_refs) do |access_level| access_level.access_level == Gitlab::Access::DEVELOPER end end - def access_levels_for_ref(ref, action:, protected_refs: nil) - self.matching(ref, protected_refs: protected_refs) - .flat_map(&:"#{action}_access_levels") + def all_matching_rules_allow?(ref, action:, protected_refs: nil, &block) + access_levels_groups = + self.matching(ref, protected_refs: protected_refs).map(&:"#{action}_access_levels") + + return false if access_levels_groups.blank? + + access_levels_groups.all? do |access_levels| + access_levels.any?(&block) + end end # Returns all protected refs that match the given ref name. |