Clean up user access checks for git access
The following discussion from !36345 (merged) should be addressed:
-
@nick.thomas started a discussion: (+4 comments) Naively, I'd expect
project_has_active_user_keys?
to require theref
as well. Can you walk me through how we do the permissions check successfully without it?
Right now, Gitlab::UserAccess
has a range of checks, some of which require the ref
to be successful, others of which don't. It's not clear how it all fits together, and this is security-critical code, so we should consider cleaning it up to be more obvious.