Validate `:push_code` before checking protected branches

12e68d62 · Bob Van Landuyt · d11fbccc · 12e68d62
隐藏空白更改
内联并排

Showing with 3 addition and 6 deletion

lib/gitlab/user_access.rb lib/gitlab/user_access.rb +3 -6

未找到文件。
--- a/lib/gitlab/user_access.rb
+++ b/lib/gitlab/user_access.rb
@@ -63,15 +63,12 @@ module Gitlab

    request_cache def can_push_to_branch?(ref)
      return false unless can_access_git?
+      return false unless user.can?(:push_code, project) || project.branch_allows_maintainer_push?(user, ref)

      if protected?(ProtectedBranch, project, ref)
-        return true if project.user_can_push_to_empty_repo?(user)
-
-        protected_branch_accessible_to?(ref, action: :push)
-      elsif user.can?(:push_code, project)
-        true
+        project.user_can_push_to_empty_repo?(user) || protected_branch_accessible_to?(ref, action: :push)
      else
-        project.branch_allows_maintainer_push?(user, ref)
+        true
      end
    end