From 9aabd8fd5ecb4090515db48692f3d064624aec0a Mon Sep 17 00:00:00 2001
From: Bob Van Landuyt <bob@vanlanduyt.co>
Date: Tue, 6 Mar 2018 23:30:47 +0100
Subject: Limit queries to a user-branch combination

The query becomes a lot simpler if we can check the branch name as
well instead of having to load all branch names.
---
 lib/gitlab/checks/change_access.rb | 7 ++++++-
 lib/gitlab/user_access.rb          | 4 +---
 2 files changed, 7 insertions(+), 4 deletions(-)

(limited to 'lib/gitlab')

diff --git a/lib/gitlab/checks/change_access.rb b/lib/gitlab/checks/change_access.rb
index 87e9e47b21a..51ba09aa129 100644
--- a/lib/gitlab/checks/change_access.rb
+++ b/lib/gitlab/checks/change_access.rb
@@ -47,7 +47,7 @@ module Gitlab
       protected
 
       def push_checks
-        if user_access.cannot_do_action?(:push_to_repo)
+        unless can_push?
           raise GitAccess::UnauthorizedError, ERROR_MESSAGES[:push_code]
         end
       end
@@ -183,6 +183,11 @@ module Gitlab
       def commits
         @commits ||= project.repository.new_commits(newrev)
       end
+
+      def can_push?
+        user_access.can_do_action?(:push_code) ||
+          user_access.can_push_to_branch?(branch_name)
+      end
     end
   end
 end
diff --git a/lib/gitlab/user_access.rb b/lib/gitlab/user_access.rb
index fa32776d9f8..fd68b9f2b48 100644
--- a/lib/gitlab/user_access.rb
+++ b/lib/gitlab/user_access.rb
@@ -70,10 +70,8 @@ module Gitlab
         protected_branch_accessible_to?(ref, action: :push)
       elsif user.can?(:push_code, project)
         true
-      elsif user.can?(:push_single_branch, project)
-        project.branches_allowing_maintainer_access_to_user(user).include?(ref)
       else
-        false
+        project.branch_allows_maintainer_push?(user, ref)
       end
     end
 
-- 
cgit v1.2.1