Skip hooks for UserMergeToRef RPC
We've noticed at https://gitlab.com/gitlab-org/gitlab-ce/issues/63101 that even though we've skipped authorization checks for the MergeToRefService
on gitlab-rails, hooks still trigger extra checks at Gitlab::GitAccess#check_change_access!
. That leads to problems as we were lazily updating the merge-ref upon user access to the MR page, and not necessarily the given user will have writing access to the repository.
The user shouldn't play any role here beside being the author of the commit to the ref.
We reverted https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/28513 given this was leading to problems for users that send MRs from forks to projects they're not a member of (i.e. merge_request.author
doesn't have writing access).
Extra bit of info: We also skip hooks for Repository#fetch_source_branch!
.