diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/models/deploy_token.rb | 2 | ||||
-rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/app/models/deploy_token.rb b/app/models/deploy_token.rb index b47b2ff4c3f..8dae821a10e 100644 --- a/app/models/deploy_token.rb +++ b/app/models/deploy_token.rb @@ -34,7 +34,7 @@ class DeployToken < ActiveRecord::Base end def has_access_to?(requested_project) - project == requested_project + active? && project == requested_project end # This is temporal. Currently we limit DeployToken diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 8f050072f74..f28cddb2af3 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -149,7 +149,8 @@ module Auth def deploy_token_can_pull?(requested_project) has_authentication_ability?(:read_container_image) && current_user.is_a?(DeployToken) && - current_user.has_access_to?(requested_project) + current_user.has_access_to?(requested_project) && + current_user.read_registry? end ## |