diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb
index 42c00ec3cd5ad1e71e30fd710f142980307c51f1..5b08fc78cfc2b624dc9d1c312f46ed497de9af1a 100644
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -93,10 +93,10 @@ module ProjectsHelper
   end
 
   def project_for_deploy_key(deploy_key)
-    if deploy_key.projects.include?(@project)
+    if deploy_key.has_access_to?(@project)
       @project
     else
-      deploy_key.projects.find { |project| can?(current_user, :read_project, project) }
+      deploy_key.projects.find(&current_user.method(:has_access_to?))
     end
   end
 
diff --git a/app/models/deploy_key.rb b/app/models/deploy_key.rb
index 503398f5cca7d7aa4ad6b85b4f0fcb61f04a4271..aaacbd284705fa3642416b10b84601beb544190e 100644
--- a/app/models/deploy_key.rb
+++ b/app/models/deploy_key.rb
@@ -21,7 +21,11 @@ class DeployKey < Key
     self.private?
   end
 
+  def has_access_to?(project)
+    projects.include?(project)
+  end
+
   def can_push_to?(project)
-    can_push? && projects.include?(project)
+    can_push? && has_access_to?(project)
   end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index 3813df6684ea7955ac0cebc06cebb91b3d0c78f1..0e96ad886384bccfd260a9a7fc65f8890c249420 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -501,6 +501,10 @@ class User < ActiveRecord::Base
     several_namespaces? || admin
   end
 
+  def has_access_to?(project)
+    can?(:read_project, project)
+  end
+
   def can?(action, subject)
     Ability.allowed?(self, action, subject)
   end
diff --git a/lib/gitlab/auth/result.rb b/lib/gitlab/auth/result.rb
index 6be7f690676b0169dfb1f27e5c12032d5ece35bc..39b86c61a18f30da55fcc72fc9b0f7a4b68fcaad 100644
--- a/lib/gitlab/auth/result.rb
+++ b/lib/gitlab/auth/result.rb
@@ -9,8 +9,7 @@ module Gitlab
 
       def lfs_deploy_token?(for_project)
         type == :lfs_deploy_token &&
-          actor &&
-          actor.projects.include?(for_project)
+          actor.try(:has_access_to?, for_project)
       end
 
       def success?
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index 19bdfc878b17d52dedab6ecdfeaa9afc87fa821f..a7ad944e79e7817d7a8d8d148e47b52d9442f1c3 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -161,7 +161,7 @@ module Gitlab
 
     def can_read_project?
       if deploy_key
-        project.public? || deploy_key.projects.include?(project)
+        project.public? || deploy_key.has_access_to?(project)
       elsif user
         user_access.can_read_project?
       else