Add latest changes from gitlab-org/gitlab@16-2-stable-eev16.2.0-rc42

17 files changed, 133 insertions, 41 deletions

diff --git a/app/finders/award_emojis_finder.rb b/app/finders/award_emojis_finder.rb
index 709d3f3e593..2f34e6ec4d3 100644
--- a/app/finders/award_emojis_finder.rb
+++ b/app/finders/award_emojis_finder.rb
@@ -33,7 +33,7 @@ class AwardEmojisFinder
   def validate_params
     return unless params.present?
 
-    validate_name_param
+    validate_name_param unless Feature.enabled?(:custom_emoji)
     validate_awarded_by_param
   end
 
diff --git a/app/finders/ci/group_variables_finder.rb b/app/finders/ci/group_variables_finder.rb
new file mode 100644
index 00000000000..e4697b07e64
--- /dev/null
+++ b/app/finders/ci/group_variables_finder.rb
@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Ci
+  class GroupVariablesFinder
+    def initialize(project, sort_key = nil)
+      @project = project
+      @params = sort_to_params_map(sort_key)
+    end
+
+    def execute
+      variables = ::Ci::GroupVariable.for_groups(project.group&.self_and_ancestor_ids)
+
+      return Ci::GroupVariable.none if variables.empty?
+
+      sort(variables)
+    end
+
+    private
+
+    SORT_TO_PARAMS_MAP = {
+      created_desc: { order_by: 'created_at', sort: 'desc' },
+      created_asc: { order_by: 'created_at', sort: 'asc' },
+      key_desc: { order_by: 'key', sort: 'desc' },
+      key_asc: { order_by: 'key', sort: 'asc' }
+    }.freeze
+
+    def sort_to_params_map(sort_key)
+      SORT_TO_PARAMS_MAP[sort_key] || {}
+    end
+
+    def sort(variables)
+      return variables unless params[:order_by]
+
+      variables.sort_by_attribute("#{params[:order_by]}_#{params[:sort]}")
+    end
+
+    attr_reader :project, :params
+  end
+end
diff --git a/app/finders/ci/pipelines_finder.rb b/app/finders/ci/pipelines_finder.rb
index e52fc510628..6ba2ae91d6c 100644
--- a/app/finders/ci/pipelines_finder.rb
+++ b/app/finders/ci/pipelines_finder.rb
@@ -164,7 +164,7 @@ module Ci
                    :id
                  end
 
-      sort = if params[:sort] =~ /\A(ASC|DESC)\z/i
+      sort = if /\A(ASC|DESC)\z/i.match?(params[:sort])
                params[:sort]
              else
                :desc
diff --git a/app/finders/ci/runners_finder.rb b/app/finders/ci/runners_finder.rb
index 5f03ae77338..630be17e64b 100644
--- a/app/finders/ci/runners_finder.rb
+++ b/app/finders/ci/runners_finder.rb
@@ -4,7 +4,6 @@ module Ci
   class RunnersFinder < UnionFinder
     include Gitlab::Allowable
 
-    ALLOWED_SORTS = %w[contacted_asc contacted_desc created_at_asc created_at_desc created_date token_expires_at_asc token_expires_at_desc].freeze
     DEFAULT_SORT = 'created_at_desc'
 
     def initialize(current_user:, params:)
@@ -31,11 +30,17 @@ module Ci
     end
 
     def sort_key
-      ALLOWED_SORTS.include?(@params[:sort]) ? @params[:sort] : DEFAULT_SORT
+      allowed_sorts.include?(@params[:sort]) ? @params[:sort] : DEFAULT_SORT
     end
 
     private
 
+    attr_reader :group, :project
+
+    def allowed_sorts
+      %w[contacted_asc contacted_desc created_at_asc created_at_desc created_date token_expires_at_asc token_expires_at_desc]
+    end
+
     def search!
       if @project
         project_runners
@@ -128,3 +133,5 @@ module Ci
     end
   end
 end
+
+Ci::RunnersFinder.prepend_mod
diff --git a/app/finders/deployments_finder.rb b/app/finders/deployments_finder.rb
index 5241a3b3907..800158dfd0a 100644
--- a/app/finders/deployments_finder.rb
+++ b/app/finders/deployments_finder.rb
@@ -128,6 +128,7 @@ class DeploymentsFinder
 
   def build_sort_params
     order_by = ALLOWED_SORT_VALUES.include?(params[:order_by]) ? params[:order_by] : DEFAULT_SORT_VALUE
+    order_by = DEFAULT_SORT_VALUE if order_by == 'ref' && Feature.enabled?(:remove_deployments_api_ref_sort)
     order_direction = ALLOWED_SORT_DIRECTIONS.include?(params[:sort]) ? params[:sort] : DEFAULT_SORT_DIRECTION
 
     { order_by => order_direction }
diff --git a/app/finders/events_finder.rb b/app/finders/events_finder.rb
index 4ed447a90ce..7bccfe453ab 100644
--- a/app/finders/events_finder.rb
+++ b/app/finders/events_finder.rb
@@ -61,6 +61,7 @@ class EventsFinder
   def by_current_user_access(events)
     events.merge(Project.public_or_visible_to_user(current_user))
       .joins(:project)
+      .allow_cross_joins_across_databases(url: "https://gitlab.com/gitlab-org/gitlab/-/issues/417462")
   end
   # rubocop: enable CodeReuse/ActiveRecord
 
diff --git a/app/finders/group_descendants_finder.rb b/app/finders/group_descendants_finder.rb
index 07f39f98b12..72ab30cf567 100644
--- a/app/finders/group_descendants_finder.rb
+++ b/app/finders/group_descendants_finder.rb
@@ -109,11 +109,7 @@ class GroupDescendantsFinder
     group_ids = base_for_ancestors.except(:select, :sort).select(:id)
     groups = Group.where(id: group_ids)
 
-    if Feature.enabled?(:linear_group_descendants_finder_upto, current_user)
-      groups.self_and_ancestors(upto: parent_group.id)
-    else
-      Gitlab::ObjectHierarchy.new(groups).base_and_ancestors(upto: parent_group.id)
-    end
+    groups.self_and_ancestors(upto: parent_group.id)
   end
   # rubocop: enable CodeReuse/ActiveRecord
 
diff --git a/app/finders/group_projects_finder.rb b/app/finders/group_projects_finder.rb
index 00b700a101e..db8a0f14fbc 100644
--- a/app/finders/group_projects_finder.rb
+++ b/app/finders/group_projects_finder.rb
@@ -24,6 +24,7 @@
 #     with_issues_enabled: boolean
 #     with_merge_requests_enabled: boolean
 #     min_access_level: int
+#     owned: boolean
 #
 class GroupProjectsFinder < ProjectsFinder
   DEFAULT_PROJECTS_LIMIT = 100
@@ -83,7 +84,9 @@ class GroupProjectsFinder < ProjectsFinder
 
   def filter_by_visibility(relation)
     if current_user
-      if min_access_level?
+      if owned_projects?
+        relation.visible_to_user_and_access_level(current_user, Gitlab::Access::OWNER)
+      elsif min_access_level?
         relation.visible_to_user_and_access_level(current_user, params[:min_access_level])
       else
         relation.public_or_visible_to_user(current_user)
@@ -105,6 +108,10 @@ class GroupProjectsFinder < ProjectsFinder
     options.fetch(:only_owned, false)
   end
 
+  def owned_projects?
+    params.fetch(:owned, false)
+  end
+
   def only_shared?
     options.fetch(:only_shared, false)
   end
diff --git a/app/finders/issuable_finder.rb b/app/finders/issuable_finder.rb
index 478a2ba622c..bbbf14bb0d0 100644
--- a/app/finders/issuable_finder.rb
+++ b/app/finders/issuable_finder.rb
@@ -346,8 +346,7 @@ class IssuableFinder
 
   def use_full_text_search?
     klass.try(:pg_full_text_searchable_columns).present? &&
-      params[:search] =~ FULL_TEXT_SEARCH_TERM_REGEX &&
-      Feature.enabled?(:issues_full_text_search, params.project || params.group)
+      params[:search] =~ FULL_TEXT_SEARCH_TERM_REGEX
   end
 
   def filter_by_full_text_search(items)
diff --git a/app/finders/issuables/assignee_filter.rb b/app/finders/issuables/assignee_filter.rb
index 2e58a6b34c9..c97fdffd32e 100644
--- a/app/finders/issuables/assignee_filter.rb
+++ b/app/finders/issuables/assignee_filter.rb
@@ -5,6 +5,8 @@ module Issuables
     def filter(issuables)
       filtered = by_assignee(issuables)
       filtered = by_assignee_union(filtered)
+      # Cross Joins Fails tests in bin/rspec spec/requests/api/graphql/boards/board_list_issues_query_spec.rb
+      filtered = filtered.allow_cross_joins_across_databases(url: "https://gitlab.com/gitlab-org/gitlab/-/issues/417462")
       by_negated_assignee(filtered)
     end
 
diff --git a/app/finders/members_finder.rb b/app/finders/members_finder.rb
index 3c0714441b2..6348bceb157 100644
--- a/app/finders/members_finder.rb
+++ b/app/finders/members_finder.rb
@@ -90,8 +90,10 @@ class MembersFinder
 
     # enumerate the columns here since we are enumerating them in the union and want to be immune to
     # column caching issues when adding/removing columns
-    Member.select(*Member.column_names)
+    members = Member.select(*Member.column_names)
           .includes(:user).from([Arel.sql("(#{sql}) AS #{Member.table_name}")]) # rubocop: disable CodeReuse/ActiveRecord
+    # The left join with the table users in the method distinct_on needs to be resolved
+    members.allow_cross_joins_across_databases(url: "https://gitlab.com/gitlab-org/gitlab/-/issues/417456")
   end
 
   def distinct_on(union)
diff --git a/app/finders/merge_requests_finder.rb b/app/finders/merge_requests_finder.rb
index f7ee90ab870..95b5b267089 100644
--- a/app/finders/merge_requests_finder.rb
+++ b/app/finders/merge_requests_finder.rb
@@ -73,6 +73,7 @@ class MergeRequestsFinder < IssuableFinder
     items = by_deployments(items)
     items = by_reviewer(items)
     items = by_source_project_id(items)
+    items = items.allow_cross_joins_across_databases(url: "https://gitlab.com/gitlab-org/gitlab/-/issues/417462")
 
     by_approved(items)
   end
diff --git a/app/finders/packages/ml_model/package_finder.rb b/app/finders/packages/ml_model/package_finder.rb
new file mode 100644
index 00000000000..a550ad0fa34
--- /dev/null
+++ b/app/finders/packages/ml_model/package_finder.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Packages
+  module MlModel
+    class PackageFinder
+      def initialize(project)
+        @project = project
+      end
+
+      def execute!(package_name, package_version)
+        project
+          .packages
+          .installable
+          .ml_model
+          .by_name_and_version!(package_name, package_version)
+      end
+
+      private
+
+      attr_reader :project
+    end
+  end
+end
diff --git a/app/finders/packages/npm/package_finder.rb b/app/finders/packages/npm/package_finder.rb
index 953e8299138..339b3f531c6 100644
--- a/app/finders/packages/npm/package_finder.rb
+++ b/app/finders/packages/npm/package_finder.rb
@@ -5,27 +5,16 @@ module Packages
       delegate :find_by_version, to: :execute
       delegate :last, to: :execute
 
-      # /!\ CAUTION: don't use last_of_each_version: false with find_by_version. Ordering is not
-      # guaranteed!
-      def initialize(package_name, project: nil, namespace: nil, last_of_each_version: true)
+      def initialize(package_name, project: nil, namespace: nil)
         @package_name = package_name
         @project = project
         @namespace = namespace
-        @last_of_each_version = last_of_each_version
       end
 
       def execute
-        result = base.npm
-                     .with_name(@package_name)
-                     .installable
-
-        return result unless @last_of_each_version
-
-        if Feature.enabled?(:npm_allow_packages_in_multiple_projects)
-          Packages::Package.id_in(result.last_of_each_version_ids)
-        else
-          result.last_of_each_version
-        end
+        base.npm
+            .with_name(@package_name)
+            .installable
       end
 
       private
diff --git a/app/finders/projects/ml/model_finder.rb b/app/finders/projects/ml/model_finder.rb
new file mode 100644
index 00000000000..9ef5dacb551
--- /dev/null
+++ b/app/finders/projects/ml/model_finder.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Projects
+  module Ml
+    class ModelFinder
+      def initialize(project)
+        @project = project
+      end
+
+      def execute
+        @project
+          .packages
+          .installable
+          .ml_model
+          .order_name_desc_version_desc
+          .select_only_first_by_name
+          .limit(100) # This is a temporary limit before we add pagination
+      end
+    end
+  end
+end
diff --git a/app/finders/projects_finder.rb b/app/finders/projects_finder.rb
index 57a9538db15..e6ee4355fd4 100644
--- a/app/finders/projects_finder.rb
+++ b/app/finders/projects_finder.rb
@@ -53,6 +53,10 @@ class ProjectsFinder < UnionFinder
         init_collection
       end
 
+    if Feature.enabled?(:hide_projects_of_banned_users)
+      collection = without_created_and_owned_by_banned_user(collection)
+    end
+
     use_cte = params.delete(:use_cte)
     collection = Project.wrap_with_cte(collection) if use_cte
     collection = filter_projects(collection)
@@ -282,6 +286,12 @@ class ProjectsFinder < UnionFinder
 
     { min_access_level: params[:min_access_level] }
   end
+
+  def without_created_and_owned_by_banned_user(projects)
+    return projects if current_user&.can?(:admin_all_resources)
+
+    projects.without_created_and_owned_by_banned_user
+  end
 end
 
 ProjectsFinder.prepend_mod_with('ProjectsFinder')
diff --git a/app/finders/users_finder.rb b/app/finders/users_finder.rb
index 57dbeca5c51..88ba635e20b 100644
--- a/app/finders/users_finder.rb
+++ b/app/finders/users_finder.rb
@@ -80,15 +80,11 @@ class UsersFinder
   def by_search(users)
     return users unless params[:search].present?
 
-    if Feature.enabled?(:autocomplete_users_use_search_service)
-      users.search(
-        params[:search],
-        with_private_emails: current_user&.can_admin_all_resources?,
-        use_minimum_char_limit: params[:use_minimum_char_limit]
-      )
-    else
-      users.search(params[:search], with_private_emails: current_user&.can_admin_all_resources?)
-    end
+    users.search(
+      params[:search],
+      with_private_emails: current_user&.can_admin_all_resources?,
+      use_minimum_char_limit: params[:use_minimum_char_limit]
+    )
   end
 
   def by_blocked(users)
@@ -103,13 +99,11 @@ class UsersFinder
     users.active
   end
 
-  # rubocop: disable CodeReuse/ActiveRecord
   def by_external_identity(users)
-    return users unless current_user&.can_admin_all_resources? && params[:extern_uid] && params[:provider]
+    return users unless params[:extern_uid] && params[:provider]
 
-    users.joins(:identities).merge(Identity.with_extern_uid(params[:provider], params[:extern_uid]))
+    users.by_provider_and_extern_uid(params[:provider], params[:extern_uid])
   end
-  # rubocop: enable CodeReuse/ActiveRecord
 
   # rubocop: disable CodeReuse/ActiveRecord
   def by_external(users)