Add latest changes from gitlab-org/gitlab@14-6-stable-eev14.6.0-rc42

13 files changed, 190 insertions, 33 deletions

diff --git a/app/finders/ci/auth_job_finder.rb b/app/finders/ci/auth_job_finder.rb
index d207a522aa8..2dbdcb3c472 100644
--- a/app/finders/ci/auth_job_finder.rb
+++ b/app/finders/ci/auth_job_finder.rb
@@ -16,7 +16,7 @@ module Ci
 
         validate_job!(job)
 
-        if job.user && Feature.enabled?(:ci_scoped_job_token, job.project, default_enabled: :yaml)
+        if job.user
           job.user.set_ci_job_token_scope!(job)
         end
       end
diff --git a/app/finders/ci/runners_finder.rb b/app/finders/ci/runners_finder.rb
index 8bc2a47a024..5d597f94f72 100644
--- a/app/finders/ci/runners_finder.rb
+++ b/app/finders/ci/runners_finder.rb
@@ -15,6 +15,7 @@ module Ci
 
     def execute
       search!
+      filter_by_active!
       filter_by_status!
       filter_by_runner_type!
       filter_by_tag_list!
@@ -60,6 +61,10 @@ module Ci
                  end
     end
 
+    def filter_by_active!
+      @runners = @runners.active(@params[:active]) if @params.include?(:active)
+    end
+
     def filter_by_status!
       filter_by!(:status_status, Ci::Runner::AVAILABLE_STATUSES)
     end
diff --git a/app/finders/environments/environments_by_deployments_finder.rb b/app/finders/environments/environments_by_deployments_finder.rb
index a41cfcb37e4..2716c80ea6e 100644
--- a/app/finders/environments/environments_by_deployments_finder.rb
+++ b/app/finders/environments/environments_by_deployments_finder.rb
@@ -12,29 +12,18 @@ module Environments
 
     # rubocop: disable CodeReuse/ActiveRecord
     def execute
-      deployments = project.deployments
       deployments =
         if ref
           deployments_query = params[:with_tags] ? 'ref = :ref OR tag IS TRUE' : 'ref = :ref'
-          deployments.where(deployments_query, ref: ref.to_s)
+          Deployment.where(deployments_query, ref: ref.to_s)
         elsif commit
-          deployments.where(sha: commit.sha)
+          Deployment.where(sha: commit.sha)
         else
-          deployments.none
+          Deployment.none
         end
 
-      environments =
-        if Feature.enabled?(:environments_by_deployments_finder_exists_optimization, default_enabled: :yaml)
-          project.environments.available
-            .where('EXISTS (?)', deployments.where('environment_id = environments.id'))
-        else
-          environment_ids = deployments
-            .group(:environment_id)
-            .select(:environment_id)
-
-          project.environments.available
-            .where(id: environment_ids)
-        end
+      environments = project.environments.available
+                       .where('EXISTS (?)', deployments.where('environment_id = environments.id'))
 
       if params[:find_latest]
         find_one(environments.order_by_last_deployed_at_desc)
diff --git a/app/finders/group_descendants_finder.rb b/app/finders/group_descendants_finder.rb
index 18ccea330af..7974710e67b 100644
--- a/app/finders/group_descendants_finder.rb
+++ b/app/finders/group_descendants_finder.rb
@@ -87,9 +87,13 @@ class GroupDescendantsFinder
       visible_to_user = visible_to_user.or(authorized_to_user)
     end
 
-    hierarchy_for_parent
-      .descendants
-      .where(visible_to_user)
+    group_to_query = if Feature.enabled?(:linear_group_descendants_finder, current_user, default_enabled: :yaml)
+                       parent_group
+                     else
+                       hierarchy_for_parent
+                     end
+
+    group_to_query.descendants.where(visible_to_user)
     # rubocop: enable CodeReuse/Finder
   end
   # rubocop: enable CodeReuse/ActiveRecord
@@ -155,7 +159,13 @@ class GroupDescendantsFinder
   # rubocop: disable CodeReuse/ActiveRecord
   def projects_matching_filter
     # rubocop: disable CodeReuse/Finder
-    projects_nested_in_group = Project.where(namespace_id: hierarchy_for_parent.base_and_descendants.select(:id))
+    objects_in_hierarchy = if Feature.enabled?(:linear_group_descendants_finder, current_user, default_enabled: :yaml)
+                             parent_group.self_and_descendants.as_ids
+                           else
+                             hierarchy_for_parent.base_and_descendants.select(:id)
+                           end
+
+    projects_nested_in_group = Project.where(namespace_id: objects_in_hierarchy)
     params_with_search = params.merge(search: params[:filter])
 
     ProjectsFinder.new(params: params_with_search,
diff --git a/app/finders/groups_finder.rb b/app/finders/groups_finder.rb
index 7ea3362fba1..7e3cdd79a4c 100644
--- a/app/finders/groups_finder.rb
+++ b/app/finders/groups_finder.rb
@@ -52,7 +52,16 @@ class GroupsFinder < UnionFinder
     return [Group.all] if current_user&.can_read_all_resources? && all_available?
 
     groups = []
-    groups << Gitlab::ObjectHierarchy.new(groups_for_ancestors, groups_for_descendants).all_objects if current_user
+
+    if current_user
+      if Feature.enabled?(:use_traversal_ids_groups_finder, default_enabled: :yaml)
+        groups << current_user.authorized_groups.self_and_ancestors
+        groups << current_user.groups.self_and_descendants
+      else
+        groups << Gitlab::ObjectHierarchy.new(groups_for_ancestors, groups_for_descendants).all_objects
+      end
+    end
+
     groups << Group.unscoped.public_to_user(current_user) if include_public_groups?
     groups << Group.none if groups.empty?
     groups
@@ -72,9 +81,13 @@ class GroupsFinder < UnionFinder
       .groups
       .where('members.access_level >= ?', params[:min_access_level])
 
-    Gitlab::ObjectHierarchy
-      .new(groups)
-      .base_and_descendants
+    if Feature.enabled?(:use_traversal_ids_groups_finder, default_enabled: :yaml)
+      groups.self_and_descendants
+    else
+      Gitlab::ObjectHierarchy
+        .new(groups)
+        .base_and_descendants
+    end
   end
   # rubocop: enable CodeReuse/ActiveRecord
 
diff --git a/app/finders/issuable_finder.rb b/app/finders/issuable_finder.rb
index 7b0cd17a761..3e436f30971 100644
--- a/app/finders/issuable_finder.rb
+++ b/app/finders/issuable_finder.rb
@@ -35,6 +35,8 @@
 #     updated_before: datetime
 #     attempt_group_search_optimizations: boolean
 #     attempt_project_search_optimizations: boolean
+#     crm_contact_id: integer
+#     crm_organization_id: integer
 #
 class IssuableFinder
   prepend FinderWithCrossProjectAccess
@@ -59,6 +61,8 @@ class IssuableFinder
       assignee_username
       author_id
       author_username
+      crm_contact_id
+      crm_organization_id
       label_name
       milestone_title
       release_tag
@@ -138,7 +142,9 @@ class IssuableFinder
     items = by_milestone(items)
     items = by_release(items)
     items = by_label(items)
-    by_my_reaction_emoji(items)
+    items = by_my_reaction_emoji(items)
+    items = by_crm_contact(items)
+    by_crm_organization(items)
   end
 
   def should_filter_negated_args?
@@ -463,6 +469,14 @@ class IssuableFinder
     params[:non_archived].present? ? items.non_archived : items
   end
 
+  def by_crm_contact(items)
+    Issuables::CrmContactFilter.new(params: original_params).filter(items)
+  end
+
+  def by_crm_organization(items)
+    Issuables::CrmOrganizationFilter.new(params: original_params).filter(items)
+  end
+
   def or_filters_enabled?
     strong_memoize(:or_filters_enabled) do
       Feature.enabled?(:or_issuable_queries, feature_flag_scope, default_enabled: :yaml)
diff --git a/app/finders/issuables/crm_contact_filter.rb b/app/finders/issuables/crm_contact_filter.rb
new file mode 100644
index 00000000000..bea5f7d2bfa
--- /dev/null
+++ b/app/finders/issuables/crm_contact_filter.rb
@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Issuables
+  class CrmContactFilter < BaseFilter
+    def filter(issuables)
+      by_crm_contact(issuables)
+    end
+
+    # rubocop: disable CodeReuse/ActiveRecord
+    def by_crm_contact(issuables)
+      return issuables if params[:crm_contact_id].blank?
+
+      condition = CustomerRelations::IssueContact
+        .where(contact_id: params[:crm_contact_id])
+        .where(Arel.sql("issue_id = issues.id"))
+      issuables.where(condition.arel.exists)
+    end
+    # rubocop: enable CodeReuse/ActiveRecord
+  end
+end
diff --git a/app/finders/issuables/crm_organization_filter.rb b/app/finders/issuables/crm_organization_filter.rb
new file mode 100644
index 00000000000..f746049c405
--- /dev/null
+++ b/app/finders/issuables/crm_organization_filter.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Issuables
+  class CrmOrganizationFilter < BaseFilter
+    def filter(issuables)
+      by_crm_organization(issuables)
+    end
+
+    # rubocop: disable CodeReuse/ActiveRecord
+    def by_crm_organization(issuables)
+      return issuables if params[:crm_organization_id].blank?
+
+      condition = CustomerRelations::IssueContact
+        .joins(:contact)
+        .where(contact: { organization_id: params[:crm_organization_id] })
+        .where(Arel.sql("issue_id = issues.id"))
+      issuables.where(condition.arel.exists)
+    end
+    # rubocop: enable CodeReuse/ActiveRecord
+  end
+end
diff --git a/app/finders/merge_requests_finder.rb b/app/finders/merge_requests_finder.rb
index 13696add965..ba709d3bdfc 100644
--- a/app/finders/merge_requests_finder.rb
+++ b/app/finders/merge_requests_finder.rb
@@ -174,8 +174,8 @@ class MergeRequestsFinder < IssuableFinder
 
   def by_deployments(items)
     env = params[:environment]
-    before = params[:deployed_before]
-    after = params[:deployed_after]
+    before = parse_datetime(params[:deployed_before])
+    after = parse_datetime(params[:deployed_after])
     id = params[:deployment_id]
 
     return items if !env && !before && !after && !id
@@ -218,6 +218,13 @@ class MergeRequestsFinder < IssuableFinder
       items.none
     end
   end
+
+  def parse_datetime(input)
+    # To work around http://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
+    DateTime.parse(input.byteslice(0, 128)) if input
+  rescue Date::Error
+    nil
+  end
 end
 
 MergeRequestsFinder.prepend_mod_with('MergeRequestsFinder')
diff --git a/app/finders/packages/build_infos_finder.rb b/app/finders/packages/build_infos_finder.rb
new file mode 100644
index 00000000000..92ad5888eb9
--- /dev/null
+++ b/app/finders/packages/build_infos_finder.rb
@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+module Packages
+  class BuildInfosFinder
+    MAX_PAGE_SIZE = 100
+
+    def initialize(package, params)
+      @package = package
+      @params = params
+    end
+
+    def execute
+      build_infos = @package.build_infos.without_empty_pipelines
+      build_infos = apply_order(build_infos)
+      build_infos = apply_limit(build_infos)
+      apply_cursor(build_infos)
+    end
+
+    private
+
+    def apply_order(build_infos)
+      order_direction = :desc
+      order_direction = :asc if last
+
+      build_infos.order_by_pipeline_id(order_direction)
+    end
+
+    def apply_limit(build_infos)
+      limit = [first, last, max_page_size, MAX_PAGE_SIZE].compact.min
+      limit += 1 if support_next_page
+      build_infos.limit(limit)
+    end
+
+    def apply_cursor(build_infos)
+      if before
+        build_infos.with_pipeline_id_greater_than(before)
+      elsif after
+        build_infos.with_pipeline_id_less_than(after)
+      else
+        build_infos
+      end
+    end
+
+    def first
+      @params[:first]
+    end
+
+    def last
+      @params[:last]
+    end
+
+    def max_page_size
+      @params[:max_page_size]
+    end
+
+    def before
+      @params[:before]
+    end
+
+    def after
+      @params[:after]
+    end
+
+    def support_next_page
+      @params[:support_next_page]
+    end
+  end
+end
diff --git a/app/finders/packages/group_packages_finder.rb b/app/finders/packages/group_packages_finder.rb
index 2a62dd5c0e5..23b0e71d836 100644
--- a/app/finders/packages/group_packages_finder.rb
+++ b/app/finders/packages/group_packages_finder.rb
@@ -40,10 +40,14 @@ module Packages
       # access to packages is ruled by:
       # - project is public or the current user has access to it with at least the reporter level
       # - the repository feature is available to the current_user
-      ::Project
-        .in_namespace(groups)
-        .public_or_visible_to_user(current_user, Gitlab::Access::REPORTER)
-        .with_feature_available_for_user(:repository, current_user)
+      if current_user.is_a?(DeployToken)
+        current_user.accessible_projects
+      else
+        ::Project
+          .in_namespace(groups)
+          .public_or_visible_to_user(current_user, Gitlab::Access::REPORTER)
+          .with_feature_available_for_user(:repository, current_user)
+      end
     end
 
     def groups
diff --git a/app/finders/personal_projects_finder.rb b/app/finders/personal_projects_finder.rb
index e7094d73905..a01465a64d2 100644
--- a/app/finders/personal_projects_finder.rb
+++ b/app/finders/personal_projects_finder.rb
@@ -28,6 +28,7 @@ class PersonalProjectsFinder < UnionFinder
   private
 
   def all_projects(current_user)
+    return [@user.personal_projects] if current_user && current_user.can_read_all_resources?
     return [projects_with_min_access_level(current_user)] if current_user && min_access_level?
 
     projects = []
diff --git a/app/finders/user_group_notification_settings_finder.rb b/app/finders/user_group_notification_settings_finder.rb
index 4ad9d1d7bf4..c2af581dd14 100644
--- a/app/finders/user_group_notification_settings_finder.rb
+++ b/app/finders/user_group_notification_settings_finder.rb
@@ -8,7 +8,12 @@ class UserGroupNotificationSettingsFinder
 
   def execute
     # rubocop: disable CodeReuse/ActiveRecord
-    groups_with_ancestors = Gitlab::ObjectHierarchy.new(Group.where(id: groups.select(:id))).base_and_ancestors
+    selected_groups = Group.where(id: groups.select(:id))
+    groups_with_ancestors = if Feature.enabled?(:linear_user_group_notification_settings_finder_ancestors_scopes, user, default_enabled: :yaml)
+                              selected_groups.self_and_ancestors
+                            else
+                              Gitlab::ObjectHierarchy.new(selected_groups).base_and_ancestors
+                            end
     # rubocop: enable CodeReuse/ActiveRecord
 
     @loaded_groups_with_ancestors = groups_with_ancestors.index_by(&:id)