40 lines
947 B
Ruby
40 lines
947 B
Ruby
# frozen_string_literal: true
|
|
|
|
module Gitlab
|
|
class DeployKeyAccess < UserAccess
|
|
def initialize(deploy_key, container: nil)
|
|
@deploy_key = deploy_key
|
|
@user = deploy_key.user
|
|
@container = container
|
|
end
|
|
|
|
def can_push_for_ref?(ref)
|
|
can_push_to_branch?(ref)
|
|
end
|
|
|
|
private
|
|
|
|
attr_reader :deploy_key
|
|
|
|
def protected_tag_accessible_to?(ref, action:)
|
|
if Feature.enabled?(:deploy_key_for_protected_tags, project)
|
|
super
|
|
else
|
|
assert_project!
|
|
# a deploy key can always push a protected tag
|
|
# (which is not always the case when pushing to a protected branch)
|
|
true
|
|
end
|
|
end
|
|
|
|
def can_collaborate?(_ref)
|
|
assert_project!
|
|
|
|
project_has_active_user_keys?
|
|
end
|
|
|
|
def project_has_active_user_keys?
|
|
user.can?(:read_project, project) && DeployKey.with_write_access_for_project(project).id_in(deploy_key.id).exists?
|
|
end
|
|
end
|
|
end
|