summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/api/merge_requests.rb8
-rw-r--r--lib/gitlab/git_access.rb9
2 files changed, 11 insertions, 6 deletions
diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb
index 81038d05f12..2a5b10c6f52 100644
--- a/lib/api/merge_requests.rb
+++ b/lib/api/merge_requests.rb
@@ -167,13 +167,9 @@ module API
put ":id/merge_request/:merge_request_id/merge" do
merge_request = user_project.merge_requests.find(params[:merge_request_id])
- action = if user_project.protected_branch?(merge_request.target_branch)
- :push_code_to_protected_branches
- else
- :push_code
- end
+ allowed = ::Gitlab::GitAccess.can_push_to_branch?(current_user, user_project, merge_request.target_branch)
- if can?(current_user, action, user_project)
+ if allowed
if merge_request.unchecked?
merge_request.check_if_can_be_merged
end
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index d47ef61fd11..c7bf2efc628 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -5,6 +5,15 @@ module Gitlab
attr_reader :params, :project, :git_cmd, :user
+ def self.can_push_to_branch?(user, project, ref)
+ if project.protected_branch?(ref) &&
+ !(project.developers_can_push_to_protected_branch?(ref) && project.team.developer?(user))
+ user.can?(:push_code_to_protected_branches, project)
+ else
+ user.can?(:push_code, project)
+ end
+ end
+
def check(actor, cmd, project, changes = nil)
case cmd
when *DOWNLOAD_COMMANDS
View Lorry Controller Status