7be7f570dc
Admins would be prevented from adding a project deploy key since the accessible keys would be restricted to the user's keys. Also backports a spec for DeployKeysController from https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/8432.
28 lines
549 B
Ruby
28 lines
549 B
Ruby
# frozen_string_literal: true
|
|
|
|
module Projects
|
|
class EnableDeployKeyService < BaseService
|
|
def execute
|
|
key_id = params[:key_id] || params[:id]
|
|
key = find_accessible_key(key_id)
|
|
|
|
return unless key
|
|
|
|
unless project.deploy_keys.include?(key)
|
|
project.deploy_keys << key
|
|
end
|
|
|
|
key
|
|
end
|
|
|
|
private
|
|
|
|
def find_accessible_key(key_id)
|
|
if current_user.admin?
|
|
DeployKey.find_by_id(key_id)
|
|
else
|
|
current_user.accessible_deploy_keys.find_by_id(key_id)
|
|
end
|
|
end
|
|
end
|
|
end
|