1 files changed, 16 insertions, 0 deletions

diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb
index f260c0c535f..921159d91ef 100644
--- a/lib/gitlab/user_access.rb
+++ b/lib/gitlab/user_access.rb
@@ -28,6 +28,22 @@ module Gitlab
       true
     end
 
+    #TODO: Test this
+    #TODO move most to ProtectedTag::AccessChecker. Or maybe UserAccess::Protections::Tag
+    #TODO: then consider removing method, if it turns out can_access_git? and can?(:push_code are checked in change_access
+    def can_push_tag?(ref)
+      return false unless can_access_git?
+
+      if project.protected_tag?(ref)
+        access_levels = project.protected_tags.matching(ref).map(&:push_access_levels).flatten
+        has_access = access_levels.any? { |access_level| access_level.check_access(user) }
+
+        has_access
+      else
+        user.can?(:push_code, project)
+      end
+    end
+
     def can_push_to_branch?(ref)
       return false unless can_access_git?