Skip change access check for deploy keys

2018-12-20 17:39:20 +01:00 · 2018-12-20 17:39:20 +01:00 · 551e84c2cb
parent bc7a1affe3
commit 551e84c2cb
2 changed files with 4 additions and 5 deletions
--- a/lib/gitlab/checks/change_access.rb
+++ b/lib/gitlab/checks/change_access.rb
@ -10,7 +10,7 @@ module Gitlab
      attr_reader(*ATTRIBUTES)

      def initialize(
-        change, user_access:, project:, skip_authorization: false,
+        change, user_access:, project:,
        skip_lfs_integrity_check: false, protocol:, logger:
      )
        @oldrev, @newrev, @ref = change.values_at(:oldrev, :newrev, :ref)
@ -18,7 +18,6 @@ module Gitlab
        @tag_name = Gitlab::Git.tag_name(@ref)
        @user_access = user_access
        @project = project
-        @skip_authorization = skip_authorization
        @skip_lfs_integrity_check = skip_lfs_integrity_check
        @protocol = protocol

@ -27,8 +26,6 @@ module Gitlab
      end

      def exec
-        return true if skip_authorization
-
        ref_level_checks
        # Check of commits should happen as the last step
        # given they're expensive in terms of performance
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@ -266,6 +266,9 @@ module Gitlab
    end

    def check_change_access!
+      # Deploy keys with write access can push anything
+      return if deploy_key?
+
      # If there are worktrees with a HEAD pointing to a non-existent object,
      # calls to `git rev-list --all` will fail in git 2.15+. This should also
      # clear stale lock files.
@ -286,7 +289,6 @@ module Gitlab
        change,
        user_access: user_access,
        project: project,
-        skip_authorization: deploy_key?,
        skip_lfs_integrity_check: skip_lfs_integrity_check,
        protocol: protocol,
        logger: logger