diff options
Diffstat (limited to 'app/models/protected_branch/push_access_level.rb')
-rw-r--r-- | app/models/protected_branch/push_access_level.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/app/models/protected_branch/push_access_level.rb b/app/models/protected_branch/push_access_level.rb index 63d577a4866..f28440f2444 100644 --- a/app/models/protected_branch/push_access_level.rb +++ b/app/models/protected_branch/push_access_level.rb @@ -18,6 +18,14 @@ class ProtectedBranch::PushAccessLevel < ApplicationRecord end end + def check_access(user) + if Feature.enabled?(:deploy_keys_on_protected_branches, project) && user && deploy_key.present? + return true if user.can?(:read_project, project) && enabled_deploy_key_for_user?(deploy_key, user) + end + + super + end + private def validate_deploy_key_membership @@ -27,4 +35,8 @@ class ProtectedBranch::PushAccessLevel < ApplicationRecord self.errors.add(:deploy_key, 'is not enabled for this project') end end + + def enabled_deploy_key_for_user?(deploy_key, user) + deploy_key.user_id == user.id && DeployKey.with_write_access_for_project(protected_branch.project, deploy_key: deploy_key).any? + end end |