Add latest changes from gitlab-org/gitlab@15-8-stable-eev15.8.0-rc42

12 files changed, 75 insertions, 31 deletions

diff --git a/app/finders/access_requests_finder.rb b/app/finders/access_requests_finder.rb
index 9b1407e2971..65e1934a39f 100644
--- a/app/finders/access_requests_finder.rb
+++ b/app/finders/access_requests_finder.rb
@@ -18,7 +18,11 @@ class AccessRequestsFinder
   def execute!(current_user)
     raise Gitlab::Access::AccessDeniedError unless can_see_access_requests?(current_user)
 
-    source.requesters
+    if Feature.enabled?(:project_members_index_by_project_namespace, source)
+      source.namespace_requesters
+    else
+      source.requesters
+    end
   end
 
   private
diff --git a/app/finders/branches_finder.rb b/app/finders/branches_finder.rb
index a62d47071d4..dc7b9f6a0ce 100644
--- a/app/finders/branches_finder.rb
+++ b/app/finders/branches_finder.rb
@@ -6,11 +6,12 @@ class BranchesFinder < GitRefsFinder
   end
 
   def execute(gitaly_pagination: false)
-    if gitaly_pagination && names.blank? && search.blank?
+    if gitaly_pagination && names.blank? && search.blank? && regex.blank?
       repository.branches_sorted_by(sort, pagination_params)
     else
       branches = repository.branches_sorted_by(sort)
       branches = by_search(branches)
+      branches = by_regex(branches)
       by_names(branches)
     end
   end
@@ -29,6 +30,11 @@ class BranchesFinder < GitRefsFinder
     @params[:per_page].presence
   end
 
+  def regex
+    @params[:regex].to_s.presence
+  end
+  strong_memoize_attr :regex
+
   def page_token
     "#{Gitlab::Git::BRANCH_REF_PREFIX}#{@params[:page_token]}" if @params[:page_token]
   end
@@ -45,4 +51,14 @@ class BranchesFinder < GitRefsFinder
       branch_names.include?(branch.name)
     end
   end
+
+  def by_regex(branches)
+    return branches unless regex
+
+    branch_filter = ::Gitlab::UntrustedRegexp.new(regex)
+
+    branches.select do |branch|
+      branch_filter.match?(branch.name)
+    end
+  end
 end
diff --git a/app/finders/ci/pipelines_finder.rb b/app/finders/ci/pipelines_finder.rb
index 4c47517299a..a2d1805286d 100644
--- a/app/finders/ci/pipelines_finder.rb
+++ b/app/finders/ci/pipelines_finder.rb
@@ -155,8 +155,7 @@ module Ci
 
     def by_name(items)
       return items unless
-        Feature.enabled?(:pipeline_name, project) &&
-          Feature.enabled?(:pipeline_name_search, project) &&
+        Feature.enabled?(:pipeline_name_search, project) &&
           params[:name].present?
 
       items.for_name(params[:name])
diff --git a/app/finders/ci/runners_finder.rb b/app/finders/ci/runners_finder.rb
index 136d23939e2..bc1dcb3ad5f 100644
--- a/app/finders/ci/runners_finder.rb
+++ b/app/finders/ci/runners_finder.rb
@@ -37,7 +37,7 @@ module Ci
     private
 
     def search!
-      if @project && Feature.enabled?(:on_demand_scans_runner_tags, @project)
+      if @project
         project_runners
       elsif @group
         group_runners
diff --git a/app/finders/git_refs_finder.rb b/app/finders/git_refs_finder.rb
index 0492dd9934f..3c8d53051d6 100644
--- a/app/finders/git_refs_finder.rb
+++ b/app/finders/git_refs_finder.rb
@@ -49,7 +49,7 @@ class GitRefsFinder
   def regex_search?
     Regexp.union('^', '$', '*') === search
   end
-  strong_memoize_attr :regex_search?, :regex_search
+  strong_memoize_attr :regex_search?
 
   def unescape_regex_operators(regex_string)
     regex_string.sub('\^', '^').gsub('\*', '.*?').sub('\$', '$')
diff --git a/app/finders/issuable_finder.rb b/app/finders/issuable_finder.rb
index 5fcb81949ee..13b7137da48 100644
--- a/app/finders/issuable_finder.rb
+++ b/app/finders/issuable_finder.rb
@@ -248,7 +248,10 @@ class IssuableFinder
   end
 
   def init_collection
-    klass.all
+    return klass.all if params.user_can_see_all_issuables?
+
+    # Only admins and auditors can see hidden issuables, for other users we filter out hidden issuables
+    klass.without_hidden
   end
 
   def default_or_simple_sort?
@@ -407,7 +410,8 @@ class IssuableFinder
       Issuables::LabelFilter.new(
         params: original_params,
         project: params.project,
-        group: params.group
+        group: params.group,
+        or_filters_enabled: or_filters_enabled?
       )
     end
   end
diff --git a/app/finders/issuable_finder/params.rb b/app/finders/issuable_finder/params.rb
index 32d50802537..e59c2224594 100644
--- a/app/finders/issuable_finder/params.rb
+++ b/app/finders/issuable_finder/params.rb
@@ -195,6 +195,11 @@ class IssuableFinder
       project || group
     end
 
+    def user_can_see_all_issuables?
+      Ability.allowed?(current_user, :read_all_resources)
+    end
+    strong_memoize_attr :user_can_see_all_issuables?
+
     private
 
     def projects_public_or_visible_to_user
diff --git a/app/finders/issuables/label_filter.rb b/app/finders/issuables/label_filter.rb
index 4e9c964e51c..81b86a1de32 100644
--- a/app/finders/issuables/label_filter.rb
+++ b/app/finders/issuables/label_filter.rb
@@ -14,6 +14,7 @@ module Issuables
 
     def filter(issuables)
       filtered = by_label(issuables)
+      filtered = by_label_union(filtered)
       by_negated_label(filtered)
     end
 
@@ -27,18 +28,29 @@ module Issuables
     def by_label(issuables)
       return issuables unless label_names_from_params.present?
 
-      target_model = issuables.base_class
-
       if filter_by_no_label?
-        issuables.where(label_link_query(target_model).arel.exists.not)
+        issuables.where(label_link_query(issuables).arel.exists.not)
       elsif filter_by_any_label?
-        issuables.where(label_link_query(target_model).arel.exists)
+        issuables.where(label_link_query(issuables).arel.exists)
       else
         issuables_with_selected_labels(issuables, label_names_from_params)
       end
     end
     # rubocop: enable CodeReuse/ActiveRecord
 
+    # rubocop: disable CodeReuse/ActiveRecord
+    def by_label_union(issuables)
+      return issuables unless or_filters_enabled? && label_names_from_or_params.present?
+
+      if root_namespace
+        all_label_ids = find_label_ids(label_names_from_or_params).flatten
+        issuables.where(label_link_query(issuables, label_ids: all_label_ids).arel.exists)
+      else
+        issuables.where(label_link_query(issuables, label_names: label_names_from_or_params).arel.exists)
+      end
+    end
+    # rubocop: enable CodeReuse/ActiveRecord
+
     def by_negated_label(issuables)
       return issuables unless label_names_from_not_params.present?
 
@@ -55,19 +67,17 @@ module Issuables
 
     # rubocop: disable CodeReuse/ActiveRecord
     def issuables_with_selected_labels(issuables, label_names)
-      target_model = issuables.base_class
-
       if root_namespace
         all_label_ids = find_label_ids(label_names)
         # Found less labels in the DB than we were searching for. Return nothing.
         return issuables.none if all_label_ids.size != label_names.size
 
         all_label_ids.each do |label_ids|
-          issuables = issuables.where(label_link_query(target_model, label_ids: label_ids).arel.exists)
+          issuables = issuables.where(label_link_query(issuables, label_ids: label_ids).arel.exists)
         end
       else
         label_names.each do |label_name|
-          issuables = issuables.where(label_link_query(target_model, label_names: label_name).arel.exists)
+          issuables = issuables.where(label_link_query(issuables, label_names: label_name).arel.exists)
         end
       end
 
@@ -77,16 +87,14 @@ module Issuables
 
     # rubocop: disable CodeReuse/ActiveRecord
     def issuables_without_selected_labels(issuables, label_names)
-      target_model = issuables.base_class
-
       if root_namespace
         label_ids = find_label_ids(label_names).flatten(1)
 
         return issuables if label_ids.empty?
 
-        issuables.where(label_link_query(target_model, label_ids: label_ids).arel.exists.not)
+        issuables.where(label_link_query(issuables, label_ids: label_ids).arel.exists.not)
       else
-        issuables.where(label_link_query(target_model, label_names: label_names).arel.exists.not)
+        issuables.where(label_link_query(issuables, label_names: label_names).arel.exists.not)
       end
     end
     # rubocop: enable CodeReuse/ActiveRecord
@@ -134,7 +142,9 @@ module Issuables
     # rubocop: enable CodeReuse/ActiveRecord
 
     # rubocop: disable CodeReuse/ActiveRecord
-    def label_link_query(target_model, label_ids: nil, label_names: nil)
+    def label_link_query(issuables, label_ids: nil, label_names: nil)
+      target_model = issuables.base_class
+
       relation = LabelLink.by_target_for_exists_query(target_model.name, target_model.arel_table['id'], label_ids)
       relation = relation.joins(:label).where(labels: { name: label_names }) if label_names
 
@@ -150,6 +160,14 @@ module Issuables
       end
     end
 
+    def label_names_from_or_params
+      return if or_params.blank? || or_params[:label_name].blank?
+
+      strong_memoize(:label_names_from_or_params) do
+        split_label_names(or_params[:label_name])
+      end
+    end
+
     def label_names_from_not_params
       return if not_params.blank? || not_params[:label_name].blank?
 
diff --git a/app/finders/issues_finder.rb b/app/finders/issues_finder.rb
index e12dce744b5..bd81f06f93b 100644
--- a/app/finders/issues_finder.rb
+++ b/app/finders/issues_finder.rb
@@ -49,7 +49,7 @@ class IssuesFinder < IssuableFinder
 
   # rubocop: disable CodeReuse/ActiveRecord
   def with_confidentiality_access_check
-    return model_class.all if params.user_can_see_all_issues?
+    return model_class.all if params.user_can_see_all_issuables?
 
     # Only admins can see hidden issues, so for non-admins, we filter out any hidden issues
     issues = model_class.without_hidden
diff --git a/app/finders/issues_finder/params.rb b/app/finders/issues_finder/params.rb
index 7f8acb79ed6..786bfbd4113 100644
--- a/app/finders/issues_finder/params.rb
+++ b/app/finders/issues_finder/params.rb
@@ -44,7 +44,7 @@ class IssuesFinder
         if parent
           Ability.allowed?(current_user, :read_confidential_issues, parent)
         else
-          user_can_see_all_issues?
+          user_can_see_all_issuables?
         end
       end
     end
@@ -54,12 +54,6 @@ class IssuesFinder
 
       current_user.blank?
     end
-
-    def user_can_see_all_issues?
-      strong_memoize(:user_can_see_all_issues) do
-        Ability.allowed?(current_user, :read_all_resources)
-      end
-    end
   end
 end
 
diff --git a/app/finders/members_finder.rb b/app/finders/members_finder.rb
index de6eacbb1e0..de2a4ce3518 100644
--- a/app/finders/members_finder.rb
+++ b/app/finders/members_finder.rb
@@ -31,7 +31,11 @@ class MembersFinder
   attr_reader :project, :current_user, :group
 
   def find_members(include_relations)
-    project_members = project.project_members
+    project_members = if Feature.enabled?(:project_members_index_by_project_namespace, project)
+                        project.namespace_members
+                      else
+                        project.project_members
+                      end
 
     if params[:active_without_invites_and_requests].present?
       project_members = project_members.active_without_invites_and_requests
diff --git a/app/finders/packages/go/version_finder.rb b/app/finders/packages/go/version_finder.rb
index 8500a441fb7..902c4a00a21 100644
--- a/app/finders/packages/go/version_finder.rb
+++ b/app/finders/packages/go/version_finder.rb
@@ -15,7 +15,7 @@ module Packages
         @mod.project.repository.tags
           .filter { |tag| semver_tag? tag }
           .map    { |tag| @mod.version_by(ref: tag) }
-          .filter { |ver| ver.valid? }
+          .filter(&:valid?)
       end
 
       def find(target)