Move author validation to the PushRule model

app/models/push_rule.rb

@@ -58,6 +58,13 @@ class PushRule < ActiveRecord::Base
     commit.has_signature?
   end
 
+  def author_allowed?(committer_email, current_user_email)
+    return true unless available?(:commit_author_check)
+    return true unless commit_author_check
+
+    committer_email.casecmp(current_user_email) == 0
+  end
+
   def commit_message_allowed?(message)
     data_match?(message, commit_message_regex)
   end

lib/gitlab/checks/change_access.rb

@@ -213,6 +213,10 @@ module Gitlab
           return "Author's email '#{commit.author_email}' does not follow the pattern '#{push_rule.author_email_regex}'"
         end
 
+        unless push_rule.author_allowed?(commit.committer_email, user_access.user.email)
+          return "You can only push your own commits to this repository"
+        end
+
         if !updated_from_web? && !push_rule.commit_signature_allowed?(commit)
           return "Commit must be signed with a GPG key"
         end
@@ -230,12 +234,6 @@ module Gitlab
           end
         end
 
-        if push_rule.commit_author_check
-          unless commit.committer_email.casecmp(user_access.user.email) == 0
-            return "You can only push your own commits to this repository"
-          end
-        end
-
         nil
       end
 

spec/lib/gitlab/checks/change_access_spec.rb

@@ -442,6 +442,10 @@ describe Gitlab::Checks::ChangeAccess do
       end
 
       context 'Check commit author rules' do
+        before do
+          stub_licensed_features(commit_author_check: true)
+        end
+
         let(:push_rule) { create(:push_rule, commit_author_check: true) }
 
         context 'with a commit from the authenticated user' do