Skip to content
Snippets Groups Projects

Remove admin override for ProtectedRef Access

Merged Joe Woodward requested to merge refactor/protected_ref_access-check_access into master
@@ -21,9 +21,7 @@ def type
def check_access(current_user)
super do
if deploy_key.present?
break current_user.can?(:read_project, project) && enabled_deploy_key_for_user?(deploy_key, current_user)
end
break enabled_deploy_key_for_user?(deploy_key, current_user) if deploy_key.present?
end
end
@@ -37,8 +35,9 @@ def validate_deploy_key_membership
errors.add(:deploy_key, 'is not enabled for this project')
end
def enabled_deploy_key_for_user?(deploy_key, user)
deploy_key.user_id == user.id &&
def enabled_deploy_key_for_user?(deploy_key, current_user)
current_user.can?(:read_project, project) &&
deploy_key.user_id == current_user.id &&
DeployKey.with_write_access_for_project(protected_tag.project, deploy_key: deploy_key).any?
end
end
Loading