Add latest changes from gitlab-org/gitlab@14-8-stable-eev14.8.0-rc42

17 files changed, 147 insertions, 47 deletions

diff --git a/app/finders/autocomplete/users_finder.rb b/app/finders/autocomplete/users_finder.rb
index a9fffd3f411..33d9a8a3dbc 100644
--- a/app/finders/autocomplete/users_finder.rb
+++ b/app/finders/autocomplete/users_finder.rb
@@ -62,7 +62,7 @@ module Autocomplete
       find_users
         .active
         .reorder_by_name
-        .optionally_search(search)
+        .optionally_search(search, use_minimum_char_limit: use_minimum_char_limit)
         .where_not_in(skip_users)
         .limit_to_todo_authors(
           user: current_user,
@@ -99,6 +99,12 @@ module Autocomplete
       ActiveRecord::Associations::Preloader.new.preload(items, :status)
     end
     # rubocop: enable CodeReuse/ActiveRecord
+
+    def use_minimum_char_limit
+      return if project.blank? && group.blank?  # We return nil so that we use the default defined in the User model
+
+      false
+    end
   end
 end
 
diff --git a/app/finders/ci/jobs_finder.rb b/app/finders/ci/jobs_finder.rb
index 4408c9cdb6d..5fc9c0e1778 100644
--- a/app/finders/ci/jobs_finder.rb
+++ b/app/finders/ci/jobs_finder.rb
@@ -4,10 +4,11 @@ module Ci
   class JobsFinder
     include Gitlab::Allowable
 
-    def initialize(current_user:, pipeline: nil, project: nil, params: {}, type: ::Ci::Build)
+    def initialize(current_user:, pipeline: nil, project: nil, runner: nil, params: {}, type: ::Ci::Build)
       @pipeline = pipeline
       @current_user = current_user
       @project = project
+      @runner = runner
       @params = params
       @type = type
       raise ArgumentError 'type must be a subclass of Ci::Processable' unless type < ::Ci::Processable
@@ -22,10 +23,10 @@ module Ci
 
     private
 
-    attr_reader :current_user, :pipeline, :project, :params, :type
+    attr_reader :current_user, :pipeline, :project, :runner, :params, :type
 
     def init_collection
-      pipeline_jobs || project_jobs || all_jobs
+      pipeline_jobs || project_jobs || runner_jobs || all_jobs
     end
 
     def all_jobs
@@ -34,6 +35,13 @@ module Ci
       type.all
     end
 
+    def runner_jobs
+      return unless runner
+      raise Gitlab::Access::AccessDeniedError unless can?(current_user, :read_builds, runner)
+
+      jobs_by_type(runner, type).relevant
+    end
+
     def project_jobs
       return unless project
       raise Gitlab::Access::AccessDeniedError unless can?(current_user, :read_build, project)
diff --git a/app/finders/ci/runners_finder.rb b/app/finders/ci/runners_finder.rb
index 3ebf6bd1562..356915722fe 100644
--- a/app/finders/ci/runners_finder.rb
+++ b/app/finders/ci/runners_finder.rb
@@ -4,7 +4,7 @@ module Ci
   class RunnersFinder < UnionFinder
     include Gitlab::Allowable
 
-    ALLOWED_SORTS = %w[contacted_asc contacted_desc created_at_asc created_at_desc created_date].freeze
+    ALLOWED_SORTS = %w[contacted_asc contacted_desc created_at_asc created_at_desc created_date token_expires_at_asc token_expires_at_desc].freeze
     DEFAULT_SORT = 'created_at_desc'
 
     def initialize(current_user:, params:)
@@ -53,13 +53,7 @@ module Ci
                  when :direct
                    Ci::Runner.belonging_to_group(@group.id)
                  when :descendants, nil
-                   if ::Feature.enabled?(:ci_find_runners_by_ci_mirrors, @group, default_enabled: :yaml)
-                     Ci::Runner.belonging_to_group_or_project_descendants(@group.id)
-                   else
-                     # Getting all runners from the group itself and all its descendant groups/projects
-                     descendant_projects = Project.for_group_and_its_subgroups(@group)
-                     Ci::Runner.legacy_belonging_to_group_or_project(@group.self_and_descendants, descendant_projects)
-                   end
+                   Ci::Runner.belonging_to_group_or_project_descendants(@group.id)
                  else
                    raise ArgumentError, 'Invalid membership filter'
                  end
diff --git a/app/finders/crm/contacts_finder.rb b/app/finders/crm/contacts_finder.rb
new file mode 100644
index 00000000000..c2d44bec27b
--- /dev/null
+++ b/app/finders/crm/contacts_finder.rb
@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+# Finder for retrieving contacts scoped to a group
+#
+# Arguments:
+#   current_user - user performing the action. Must have the correct permission level for the group.
+#   params:
+#     group: Group, required
+module Crm
+  class ContactsFinder
+    include Gitlab::Allowable
+    include Gitlab::Utils::StrongMemoize
+
+    attr_reader :params, :current_user
+
+    def initialize(current_user, params = {})
+      @current_user = current_user
+      @params = params
+    end
+
+    def execute
+      return CustomerRelations::Contact.none unless root_group
+
+      root_group.contacts
+    end
+
+    private
+
+    def root_group
+      strong_memoize(:root_group) do
+        group = params[:group]&.root_ancestor
+
+        next unless can?(@current_user, :read_crm_contact, group)
+
+        group
+      end
+    end
+  end
+end
diff --git a/app/finders/deployments_finder.rb b/app/finders/deployments_finder.rb
index bb9d204ab73..04b82ee04ec 100644
--- a/app/finders/deployments_finder.rb
+++ b/app/finders/deployments_finder.rb
@@ -49,6 +49,10 @@ class DeploymentsFinder
 
   private
 
+  def raise_for_inefficient_updated_at_query?
+    params.fetch(:raise_for_inefficient_updated_at_query, Rails.env.development? || Rails.env.test?)
+  end
+
   def validate!
     if filter_by_updated_at? && filter_by_finished_at?
       raise InefficientQueryError, 'Both `updated_at` filter and `finished_at` filter can not be specified'
@@ -57,9 +61,11 @@ class DeploymentsFinder
     # Currently, the inefficient parameters are allowed in order to avoid breaking changes in Deployment API.
     # We'll switch to a hard error in https://gitlab.com/gitlab-org/gitlab/-/issues/328500.
     if (filter_by_updated_at? && !order_by_updated_at?) || (!filter_by_updated_at? && order_by_updated_at?)
-      Gitlab::ErrorTracking.track_and_raise_for_dev_exception(
-        InefficientQueryError.new('`updated_at` filter and `updated_at` sorting must be paired')
-      )
+      error = InefficientQueryError.new('`updated_at` filter and `updated_at` sorting must be paired')
+
+      Gitlab::ErrorTracking.log_exception(error)
+
+      raise error if raise_for_inefficient_updated_at_query?
     end
 
     if (filter_by_finished_at? && !order_by_finished_at?) || (!filter_by_finished_at? && order_by_finished_at?)
diff --git a/app/finders/environments/environments_by_deployments_finder.rb b/app/finders/environments/environments_by_deployments_finder.rb
index 1a0d5ff0d5e..bffd0c9a319 100644
--- a/app/finders/environments/environments_by_deployments_finder.rb
+++ b/app/finders/environments/environments_by_deployments_finder.rb
@@ -15,8 +15,8 @@ module Environments
       deployments =
         if ref
           Deployment.where(ref: ref.to_s)
-        elsif commit
-          Deployment.where(sha: commit.sha)
+        elsif sha
+          Deployment.where(sha: sha)
         else
           Deployment.none
         end
@@ -47,7 +47,7 @@ module Environments
       return false unless Ability.allowed?(current_user, :read_environment, environment)
 
       return false if ref && params[:recently_updated] && !environment.recently_updated_on_branch?(ref)
-      return false if ref && commit && !environment.includes_commit?(commit)
+      return false if ref && sha && !environment.includes_commit?(sha)
 
       true
     end
@@ -56,8 +56,8 @@ module Environments
       params[:ref].try(:to_s)
     end
 
-    def commit
-      params[:commit]
+    def sha
+      params[:sha] || params[:commit]&.id
     end
   end
 end
diff --git a/app/finders/git_refs_finder.rb b/app/finders/git_refs_finder.rb
index 11af659d37c..dbe0060d8ae 100644
--- a/app/finders/git_refs_finder.rb
+++ b/app/finders/git_refs_finder.rb
@@ -11,11 +11,11 @@ class GitRefsFinder
   attr_reader :repository, :params
 
   def search
-    @params[:search].presence
+    @params[:search].to_s.presence
   end
 
   def sort
-    @params[:sort].presence || 'name'
+    @params[:sort].to_s.presence || 'name'
   end
 
   def by_search(refs)
diff --git a/app/finders/group_descendants_finder.rb b/app/finders/group_descendants_finder.rb
index 3d9b6e94cc6..40d6be03a17 100644
--- a/app/finders/group_descendants_finder.rb
+++ b/app/finders/group_descendants_finder.rb
@@ -25,7 +25,7 @@ class GroupDescendantsFinder
   def initialize(current_user: nil, parent_group:, params: {})
     @current_user = current_user
     @parent_group = parent_group
-    @params = params.reverse_merge(non_archived: params[:archived].blank?)
+    @params = params.reverse_merge(non_archived: params[:archived].blank?, not_aimed_for_deletion: true)
   end
 
   def execute
@@ -110,8 +110,13 @@ class GroupDescendantsFinder
   # rubocop: disable CodeReuse/ActiveRecord
   def ancestors_of_groups(base_for_ancestors)
     group_ids = base_for_ancestors.except(:select, :sort).select(:id)
-    Gitlab::ObjectHierarchy.new(Group.where(id: group_ids))
-      .base_and_ancestors(upto: parent_group.id)
+    groups = Group.where(id: group_ids)
+
+    if Feature.enabled?(:linear_group_descendants_finder_upto, current_user, default_enabled: :yaml)
+      groups.self_and_ancestors(upto: parent_group.id)
+    else
+      Gitlab::ObjectHierarchy.new(groups).base_and_ancestors(upto: parent_group.id)
+    end
   end
   # rubocop: enable CodeReuse/ActiveRecord
 
diff --git a/app/finders/group_projects_finder.rb b/app/finders/group_projects_finder.rb
index d3c26fd845c..00b700a101e 100644
--- a/app/finders/group_projects_finder.rb
+++ b/app/finders/group_projects_finder.rb
@@ -13,6 +13,7 @@
 #     only_shared: boolean
 #     limit: integer
 #     include_subgroups: boolean
+#     include_ancestor_groups: boolean
 #   params:
 #     sort: string
 #     visibility_level: int
@@ -113,12 +114,19 @@ class GroupProjectsFinder < ProjectsFinder
     options.fetch(:include_subgroups, false)
   end
 
+  # ancestor groups are supported only for owned projects not for shared
+  def include_ancestor_groups?
+    options.fetch(:include_ancestor_groups, false)
+  end
+
   def owned_projects
-    if include_subgroups?
-      Project.for_group_and_its_subgroups(group)
-    else
-      group.projects
-    end
+    return group.projects unless include_subgroups? || include_ancestor_groups?
+
+    union_relations = []
+    union_relations << Project.for_group_and_its_subgroups(group) if include_subgroups?
+    union_relations << Project.for_group_and_its_ancestor_groups(group) if include_ancestor_groups?
+
+    Project.from_union(union_relations)
   end
 
   def shared_projects
diff --git a/app/finders/issues_finder.rb b/app/finders/issues_finder.rb
index de750b49c6a..a7eaaddd187 100644
--- a/app/finders/issues_finder.rb
+++ b/app/finders/issues_finder.rb
@@ -108,8 +108,14 @@ class IssuesFinder < IssuableFinder
 
     if params.filter_by_no_due_date?
       items.without_due_date
+    elsif params.filter_by_any_due_date?
+      items.with_due_date
     elsif params.filter_by_overdue?
       items.due_before(Date.today)
+    elsif params.filter_by_due_today?
+      items.due_today
+    elsif params.filter_by_due_tomorrow?
+      items.due_tomorrow
     elsif params.filter_by_due_this_week?
       items.due_between(Date.today.beginning_of_week, Date.today.end_of_week)
     elsif params.filter_by_due_this_month?
diff --git a/app/finders/issues_finder/params.rb b/app/finders/issues_finder/params.rb
index 02b89f08f9e..57bfb35f1b8 100644
--- a/app/finders/issues_finder/params.rb
+++ b/app/finders/issues_finder/params.rb
@@ -10,6 +10,10 @@ class IssuesFinder
       user_can_see_all_issues?
     end
 
+    def filter_by_any_due_date?
+      due_date? && params[:due_date] == Issue::AnyDueDate.name
+    end
+
     def filter_by_no_due_date?
       due_date? && params[:due_date] == Issue::NoDueDate.name
     end
@@ -18,6 +22,14 @@ class IssuesFinder
       due_date? && params[:due_date] == Issue::Overdue.name
     end
 
+    def filter_by_due_today?
+      due_date? && params[:due_date] == Issue::DueToday.name
+    end
+
+    def filter_by_due_tomorrow?
+      due_date? && params[:due_date] == Issue::DueTomorrow.name
+    end
+
     def filter_by_due_this_week?
       due_date? && params[:due_date] == Issue::DueThisWeek.name
     end
diff --git a/app/finders/merge_requests_finder.rb b/app/finders/merge_requests_finder.rb
index 81e4ab7014d..06feefb9059 100644
--- a/app/finders/merge_requests_finder.rb
+++ b/app/finders/merge_requests_finder.rb
@@ -44,7 +44,8 @@ class MergeRequestsFinder < IssuableFinder
       :reviewer_id,
       :reviewer_username,
       :target_branch,
-      :wip
+      :wip,
+      :attention
     ]
   end
 
@@ -69,6 +70,7 @@ class MergeRequestsFinder < IssuableFinder
     items = by_approvals(items)
     items = by_deployments(items)
     items = by_reviewer(items)
+    items = by_attention(items)
 
     by_source_project_id(items)
   end
@@ -218,6 +220,12 @@ class MergeRequestsFinder < IssuableFinder
     end
   end
 
+  def by_attention(items)
+    return items unless params.attention?
+
+    items.attention(params.attention)
+  end
+
   def parse_datetime(input)
     # To work around http://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
     DateTime.parse(input.byteslice(0, 128)) if input
diff --git a/app/finders/merge_requests_finder/params.rb b/app/finders/merge_requests_finder/params.rb
index e44e96054d3..1c6a425c8af 100644
--- a/app/finders/merge_requests_finder/params.rb
+++ b/app/finders/merge_requests_finder/params.rb
@@ -21,5 +21,11 @@ class MergeRequestsFinder
         end
       end
     end
+
+    def attention
+      strong_memoize(:attention) do
+        User.find_by_username(params[:attention])
+      end
+    end
   end
 end
diff --git a/app/finders/packages/package_file_finder.rb b/app/finders/packages/package_file_finder.rb
index 55dc4be2001..786302d65b1 100644
--- a/app/finders/packages/package_file_finder.rb
+++ b/app/finders/packages/package_file_finder.rb
@@ -19,13 +19,7 @@ class Packages::PackageFileFinder
   private
 
   def package_files
-    files = if Feature.enabled?(:packages_installable_package_files, default_enabled: :yaml)
-              package.installable_package_files
-            else
-              package.package_files
-            end
-
-    by_file_name(files)
+    by_file_name(package.installable_package_files)
   end
 
   def by_file_name(files)
diff --git a/app/finders/projects_finder.rb b/app/finders/projects_finder.rb
index 7245bb36ac9..f6db150c5d8 100644
--- a/app/finders/projects_finder.rb
+++ b/app/finders/projects_finder.rb
@@ -27,6 +27,7 @@
 #     last_activity_before: datetime
 #     repository_storage: string
 #     without_deleted: boolean
+#     not_aimed_for_deletion: boolean
 #
 class ProjectsFinder < UnionFinder
   include CustomAttributesFilter
@@ -84,6 +85,7 @@ class ProjectsFinder < UnionFinder
     collection = by_archived(collection)
     collection = by_custom_attributes(collection)
     collection = by_deleted_status(collection)
+    collection = by_not_aimed_for_deletion(collection)
     collection = by_last_activity_after(collection)
     collection = by_last_activity_before(collection)
     by_repository_storage(collection)
@@ -203,6 +205,10 @@ class ProjectsFinder < UnionFinder
     params[:without_deleted].present? ? items.without_deleted : items
   end
 
+  def by_not_aimed_for_deletion(items)
+    params[:not_aimed_for_deletion].present? ? items.not_aimed_for_deletion : items
+  end
+
   def by_last_activity_after(items)
     if params[:last_activity_after].present?
       items.where("last_activity_at > ?", params[:last_activity_after]) # rubocop: disable CodeReuse/ActiveRecord
diff --git a/app/finders/releases_finder.rb b/app/finders/releases_finder.rb
index 0cfa4310ab7..0d72d6ffc6b 100644
--- a/app/finders/releases_finder.rb
+++ b/app/finders/releases_finder.rb
@@ -38,19 +38,17 @@ class ReleasesFinder
       if parent.is_a?(Project)
         Ability.allowed?(current_user, :read_release, parent) ? [parent] : []
       elsif parent.is_a?(Group)
-        accessible_projects
+        Ability.allowed?(current_user, :read_release, parent) ? accessible_projects : []
       end
     end
   end
 
   def accessible_projects
-    projects = if include_subgroups?
-                 Project.for_group_and_its_subgroups(parent)
-               else
-                 parent.projects
-               end
-
-    projects.select { |project| Ability.allowed?(current_user, :read_release, project) }
+    if include_subgroups?
+      Project.for_group_and_its_subgroups(parent)
+    else
+      parent.projects
+    end
   end
 
   # rubocop: disable CodeReuse/ActiveRecord
diff --git a/app/finders/users_finder.rb b/app/finders/users_finder.rb
index 2b4ce615090..b983882b272 100644
--- a/app/finders/users_finder.rb
+++ b/app/finders/users_finder.rb
@@ -32,7 +32,7 @@ class UsersFinder
   end
 
   def execute
-    users = User.all.order_id_desc
+    users = base_scope
     users = by_username(users)
     users = by_id(users)
     users = by_admins(users)
@@ -53,6 +53,10 @@ class UsersFinder
 
   private
 
+  def base_scope
+    User.all.order_id_desc
+  end
+
   def by_username(users)
     return users unless params[:username]