summaryrefslogtreecommitdiff
path: root/app/models/protected_branch/push_access_level.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/models/protected_branch/push_access_level.rb')
-rw-r--r--app/models/protected_branch/push_access_level.rb12
1 files changed, 12 insertions, 0 deletions
diff --git a/app/models/protected_branch/push_access_level.rb b/app/models/protected_branch/push_access_level.rb
index 63d577a4866..f28440f2444 100644
--- a/app/models/protected_branch/push_access_level.rb
+++ b/app/models/protected_branch/push_access_level.rb
@@ -18,6 +18,14 @@ class ProtectedBranch::PushAccessLevel < ApplicationRecord
end
end
+ def check_access(user)
+ if Feature.enabled?(:deploy_keys_on_protected_branches, project) && user && deploy_key.present?
+ return true if user.can?(:read_project, project) && enabled_deploy_key_for_user?(deploy_key, user)
+ end
+
+ super
+ end
+
private
def validate_deploy_key_membership
@@ -27,4 +35,8 @@ class ProtectedBranch::PushAccessLevel < ApplicationRecord
self.errors.add(:deploy_key, 'is not enabled for this project')
end
end
+
+ def enabled_deploy_key_for_user?(deploy_key, user)
+ deploy_key.user_id == user.id && DeployKey.with_write_access_for_project(protected_branch.project, deploy_key: deploy_key).any?
+ end
end
View Lorry Controller Status