blob: ca16582d2b4fd3aa50e469bb748ab20e8a69aacf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
# frozen_string_literal: true
module Gitlab
class DeployKeyAccess < UserAccess
def initialize(deploy_key, container: nil)
@deploy_key = deploy_key
@user = deploy_key.user
@container = container
end
def can_push_for_ref?(ref)
can_push_to_branch?(ref)
end
private
attr_reader :deploy_key
def protected_tag_accessible_to?(ref, action:)
assert_project!
# a deploy key can always push a protected tag
# (which is not always the case when pushing to a protected branch)
true
end
def can_collaborate?(_ref)
assert_project!
project_has_active_user_keys?
end
def project_has_active_user_keys?
user.can?(:read_project, project) && DeployKey.with_write_access_for_project(project).id_in(deploy_key.id).exists?
end
end
end
|