Add latest changes from gitlab-org/gitlab@14-7-stable-eev14.7.0-rc42

13 files changed, 65 insertions, 73 deletions

diff --git a/app/finders/ci/runners_finder.rb b/app/finders/ci/runners_finder.rb
index 5d597f94f72..3ebf6bd1562 100644
--- a/app/finders/ci/runners_finder.rb
+++ b/app/finders/ci/runners_finder.rb
@@ -47,15 +47,19 @@ module Ci
     end
 
     def group_runners
-      raise Gitlab::Access::AccessDeniedError unless can?(@current_user, :admin_group, @group)
+      raise Gitlab::Access::AccessDeniedError unless can?(@current_user, :read_group_runners, @group)
 
       @runners = case @params[:membership]
                  when :direct
                    Ci::Runner.belonging_to_group(@group.id)
                  when :descendants, nil
-                   # Getting all runners from the group itself and all its descendant groups/projects
-                   descendant_projects = Project.for_group_and_its_subgroups(@group)
-                   Ci::Runner.belonging_to_group_or_project(@group.self_and_descendants, descendant_projects)
+                   if ::Feature.enabled?(:ci_find_runners_by_ci_mirrors, @group, default_enabled: :yaml)
+                     Ci::Runner.belonging_to_group_or_project_descendants(@group.id)
+                   else
+                     # Getting all runners from the group itself and all its descendant groups/projects
+                     descendant_projects = Project.for_group_and_its_subgroups(@group)
+                     Ci::Runner.legacy_belonging_to_group_or_project(@group.self_and_descendants, descendant_projects)
+                   end
                  else
                    raise ArgumentError, 'Invalid membership filter'
                  end
diff --git a/app/finders/environments/environments_by_deployments_finder.rb b/app/finders/environments/environments_by_deployments_finder.rb
index 2716c80ea6e..1a0d5ff0d5e 100644
--- a/app/finders/environments/environments_by_deployments_finder.rb
+++ b/app/finders/environments/environments_by_deployments_finder.rb
@@ -14,8 +14,7 @@ module Environments
     def execute
       deployments =
         if ref
-          deployments_query = params[:with_tags] ? 'ref = :ref OR tag IS TRUE' : 'ref = :ref'
-          Deployment.where(deployments_query, ref: ref.to_s)
+          Deployment.where(ref: ref.to_s)
         elsif commit
           Deployment.where(sha: commit.sha)
         else
diff --git a/app/finders/fork_targets_finder.rb b/app/finders/fork_targets_finder.rb
index 3a79b216853..0b5dfb16572 100644
--- a/app/finders/fork_targets_finder.rb
+++ b/app/finders/fork_targets_finder.rb
@@ -8,9 +8,9 @@ class ForkTargetsFinder
 
   # rubocop: disable CodeReuse/ActiveRecord
   def execute(options = {})
-    return ::Namespace.where(id: user.manageable_namespaces).sort_by_type unless options[:only_groups]
+    return ::Namespace.where(id: user.forkable_namespaces).sort_by_type unless options[:only_groups]
 
-    ::Group.where(id: user.manageable_groups)
+    ::Group.where(id: user.manageable_groups(include_groups_with_developer_maintainer_access: true))
   end
   # rubocop: enable CodeReuse/ActiveRecord
 
diff --git a/app/finders/group_descendants_finder.rb b/app/finders/group_descendants_finder.rb
index 7974710e67b..3d9b6e94cc6 100644
--- a/app/finders/group_descendants_finder.rb
+++ b/app/finders/group_descendants_finder.rb
@@ -87,13 +87,7 @@ class GroupDescendantsFinder
       visible_to_user = visible_to_user.or(authorized_to_user)
     end
 
-    group_to_query = if Feature.enabled?(:linear_group_descendants_finder, current_user, default_enabled: :yaml)
-                       parent_group
-                     else
-                       hierarchy_for_parent
-                     end
-
-    group_to_query.descendants.where(visible_to_user)
+    parent_group.descendants.where(visible_to_user)
     # rubocop: enable CodeReuse/Finder
   end
   # rubocop: enable CodeReuse/ActiveRecord
@@ -159,13 +153,7 @@ class GroupDescendantsFinder
   # rubocop: disable CodeReuse/ActiveRecord
   def projects_matching_filter
     # rubocop: disable CodeReuse/Finder
-    objects_in_hierarchy = if Feature.enabled?(:linear_group_descendants_finder, current_user, default_enabled: :yaml)
-                             parent_group.self_and_descendants.as_ids
-                           else
-                             hierarchy_for_parent.base_and_descendants.select(:id)
-                           end
-
-    projects_nested_in_group = Project.where(namespace_id: objects_in_hierarchy)
+    projects_nested_in_group = Project.where(namespace_id: parent_group.self_and_descendants.as_ids)
     params_with_search = params.merge(search: params[:filter])
 
     ProjectsFinder.new(params: params_with_search,
diff --git a/app/finders/group_members_finder.rb b/app/finders/group_members_finder.rb
index 75623d33ef5..fff17098c7b 100644
--- a/app/finders/group_members_finder.rb
+++ b/app/finders/group_members_finder.rb
@@ -1,14 +1,15 @@
 # frozen_string_literal: true
 
 class GroupMembersFinder < UnionFinder
-  RELATIONS = %i(direct inherited descendants).freeze
+  RELATIONS = %i(direct inherited descendants shared_from_groups).freeze
   DEFAULT_RELATIONS = %i(direct inherited).freeze
   INVALID_RELATION_TYPE_ERROR_MSG = "is not a valid relation type. Valid relation types are #{RELATIONS.join(', ')}."
 
   RELATIONS_DESCRIPTIONS = {
     direct: 'Members in the group itself',
     inherited: "Members in the group's ancestor groups",
-    descendants: "Members in the group's subgroups"
+    descendants: "Members in the group's subgroups",
+    shared_from_groups: "Invited group's members"
   }.freeze
 
   include CreatedAtFilter
@@ -28,11 +29,7 @@ class GroupMembersFinder < UnionFinder
   end
 
   def execute(include_relations: DEFAULT_RELATIONS)
-    return filter_members(group_members_list) if include_relations == [:direct]
-
     groups = groups_by_relations(include_relations)
-    return GroupMember.none unless groups
-
     members = all_group_members(groups).distinct_on_user_with_max_access_level
 
     filter_members(members)
@@ -45,22 +42,14 @@ class GroupMembersFinder < UnionFinder
   def groups_by_relations(include_relations)
     check_relation_arguments!(include_relations)
 
-    case include_relations.sort
-    when [:inherited]
-      group.ancestors
-    when [:descendants]
-      group.descendants
-    when [:direct, :inherited]
-      group.self_and_ancestors
-    when [:descendants, :direct]
-      group.self_and_descendants
-    when [:descendants, :inherited]
-      find_union([group.ancestors, group.descendants], Group)
-    when [:descendants, :direct, :inherited]
-      group.self_and_hierarchy
-    else
-      nil
-    end
+    related_groups = []
+
+    related_groups << Group.by_id(group.id) if include_relations&.include?(:direct)
+    related_groups << group.ancestors if include_relations&.include?(:inherited)
+    related_groups << group.descendants if include_relations&.include?(:descendants)
+    related_groups << group.shared_with_groups.public_or_visible_to_user(user) if include_relations&.include?(:shared_from_groups)
+
+    find_union(related_groups, Group)
   end
 
   def filter_members(members)
diff --git a/app/finders/groups/user_groups_finder.rb b/app/finders/groups/user_groups_finder.rb
index 5946e3a8933..f4aed413867 100644
--- a/app/finders/groups/user_groups_finder.rb
+++ b/app/finders/groups/user_groups_finder.rb
@@ -53,8 +53,7 @@ module Groups
     end
 
     def permission_scope_create_projects?
-      params[:permission_scope] == :create_projects &&
-        Feature.enabled?(:paginatable_namespace_drop_down_for_project_creation, current_user, default_enabled: :yaml)
+      params[:permission_scope] == :create_projects
     end
   end
 end
diff --git a/app/finders/groups_finder.rb b/app/finders/groups_finder.rb
index 7e3cdd79a4c..7cb3e7a5d7f 100644
--- a/app/finders/groups_finder.rb
+++ b/app/finders/groups_finder.rb
@@ -54,7 +54,7 @@ class GroupsFinder < UnionFinder
     groups = []
 
     if current_user
-      if Feature.enabled?(:use_traversal_ids_groups_finder, default_enabled: :yaml)
+      if Feature.enabled?(:use_traversal_ids_groups_finder, current_user, default_enabled: :yaml)
         groups << current_user.authorized_groups.self_and_ancestors
         groups << current_user.groups.self_and_descendants
       else
@@ -81,7 +81,7 @@ class GroupsFinder < UnionFinder
       .groups
       .where('members.access_level >= ?', params[:min_access_level])
 
-    if Feature.enabled?(:use_traversal_ids_groups_finder, default_enabled: :yaml)
+    if Feature.enabled?(:use_traversal_ids_groups_finder, current_user, default_enabled: :yaml)
       groups.self_and_descendants
     else
       Gitlab::ObjectHierarchy
diff --git a/app/finders/issues_finder.rb b/app/finders/issues_finder.rb
index 21a19aa22a1..de750b49c6a 100644
--- a/app/finders/issues_finder.rb
+++ b/app/finders/issues_finder.rb
@@ -27,7 +27,7 @@
 #     updated_after: datetime
 #     updated_before: datetime
 #     confidential: boolean
-#     issue_types: array of strings (one of WorkItem::Type.base_types)
+#     issue_types: array of strings (one of WorkItems::Type.base_types)
 #
 class IssuesFinder < IssuableFinder
   CONFIDENTIAL_ACCESS_LEVEL = Gitlab::Access::REPORTER
@@ -124,13 +124,13 @@ class IssuesFinder < IssuableFinder
   def by_issue_types(items)
     issue_type_params = Array(params[:issue_types]).map(&:to_s)
     return items if issue_type_params.blank?
-    return Issue.none unless (WorkItem::Type.base_types.keys & issue_type_params).sort == issue_type_params.sort
+    return Issue.none unless (WorkItems::Type.base_types.keys & issue_type_params).sort == issue_type_params.sort
 
     items.with_issue_type(params[:issue_types])
   end
 
   def by_negated_issue_types(items)
-    issue_type_params = Array(not_params[:issue_types]).map(&:to_s) & WorkItem::Type.base_types.keys
+    issue_type_params = Array(not_params[:issue_types]).map(&:to_s) & WorkItems::Type.base_types.keys
     return items if issue_type_params.blank?
 
     items.without_issue_type(issue_type_params)
diff --git a/app/finders/merge_requests_finder.rb b/app/finders/merge_requests_finder.rb
index ba709d3bdfc..81e4ab7014d 100644
--- a/app/finders/merge_requests_finder.rb
+++ b/app/finders/merge_requests_finder.rb
@@ -140,14 +140,13 @@ class MergeRequestsFinder < IssuableFinder
 
   # rubocop: disable CodeReuse/ActiveRecord
   def by_draft(items)
-    draft_param = params[:draft] || params[:wip]
+    draft_param = Gitlab::Utils.to_boolean(params.fetch(:draft) { params.fetch(:wip, nil) })
+    return items if draft_param.nil?
 
-    if draft_param == 'yes'
+    if draft_param
       items.where(wip_match(items.arel_table))
-    elsif draft_param == 'no'
-      items.where.not(wip_match(items.arel_table))
     else
-      items
+      items.where.not(wip_match(items.arel_table))
     end
   end
   # rubocop: enable CodeReuse/ActiveRecord
diff --git a/app/finders/packages/package_file_finder.rb b/app/finders/packages/package_file_finder.rb
index 792ffa0591b..55dc4be2001 100644
--- a/app/finders/packages/package_file_finder.rb
+++ b/app/finders/packages/package_file_finder.rb
@@ -19,7 +19,11 @@ class Packages::PackageFileFinder
   private
 
   def package_files
-    files = package.package_files
+    files = if Feature.enabled?(:packages_installable_package_files, default_enabled: :yaml)
+              package.installable_package_files
+            else
+              package.package_files
+            end
 
     by_file_name(files)
   end
diff --git a/app/finders/projects/members/effective_access_level_finder.rb b/app/finders/projects/members/effective_access_level_finder.rb
index d238679f2fb..4538fc4c855 100644
--- a/app/finders/projects/members/effective_access_level_finder.rb
+++ b/app/finders/projects/members/effective_access_level_finder.rb
@@ -27,13 +27,9 @@ module Projects
       attr_reader :project
 
       def generate_from_statement(user_ids_and_access_levels)
-        "(VALUES #{generate_values_expression(user_ids_and_access_levels)}) members (user_id, access_level)"
-      end
+        values_list = Arel::Nodes::ValuesList.new(user_ids_and_access_levels).to_sql
 
-      def generate_values_expression(user_ids_and_access_levels)
-        user_ids_and_access_levels.map do |user_id, access_level|
-          "(#{user_id}, #{access_level})"
-        end.join(",")
+        "(#{values_list}) members (user_id, access_level)"
       end
 
       def no_members?
diff --git a/app/finders/user_group_notification_settings_finder.rb b/app/finders/user_group_notification_settings_finder.rb
index c2af581dd14..c6a1a6b36d1 100644
--- a/app/finders/user_group_notification_settings_finder.rb
+++ b/app/finders/user_group_notification_settings_finder.rb
@@ -7,15 +7,7 @@ class UserGroupNotificationSettingsFinder
   end
 
   def execute
-    # rubocop: disable CodeReuse/ActiveRecord
-    selected_groups = Group.where(id: groups.select(:id))
-    groups_with_ancestors = if Feature.enabled?(:linear_user_group_notification_settings_finder_ancestors_scopes, user, default_enabled: :yaml)
-                              selected_groups.self_and_ancestors
-                            else
-                              Gitlab::ObjectHierarchy.new(selected_groups).base_and_ancestors
-                            end
-    # rubocop: enable CodeReuse/ActiveRecord
-
+    groups_with_ancestors = groups.self_and_ancestors
     @loaded_groups_with_ancestors = groups_with_ancestors.index_by(&:id)
     @loaded_notification_settings = user.notification_settings_for_groups(groups_with_ancestors).preload_source_route.index_by(&:source_id)
 
diff --git a/app/finders/user_recent_events_finder.rb b/app/finders/user_recent_events_finder.rb
index 596a413782e..96120d9412f 100644
--- a/app/finders/user_recent_events_finder.rb
+++ b/app/finders/user_recent_events_finder.rb
@@ -47,6 +47,24 @@ class UserRecentEventsFinder
   end
 
   # rubocop: disable CodeReuse/ActiveRecord
+  def execute_optimized_multi(users)
+    Gitlab::Pagination::Keyset::InOperatorOptimization::QueryBuilder.new(
+      scope: Event.reorder(id: :desc),
+      array_scope: User.select(:id).where(id: users),
+      # Event model has a default scope { reorder(nil) }
+      # When a relation is rordered and used as a target when merging scope,
+      # its order takes a precedence and _overwrites_ the original scope's order.
+      # Thus we have to explicitly provide `reorder` for array_mapping_scope here.
+      array_mapping_scope: -> (author_id_expression) { Event.where(Event.arel_table[:author_id].eq(author_id_expression)).reorder(id: :desc) },
+      finder_query: -> (id_expression) { Event.where(Event.arel_table[:id].eq(id_expression)) }
+    )
+    .execute
+    .limit(limit)
+    .offset(params[:offset] || 0)
+  end
+  # rubocop: enable CodeReuse/ActiveRecord
+
+  # rubocop: disable CodeReuse/ActiveRecord
   def execute_multi
     users = []
     @target_user.each do |user|
@@ -55,7 +73,11 @@ class UserRecentEventsFinder
 
     return Event.none if users.empty?
 
-    event_filter.apply_filter(Event.where(author: users).limit_recent(limit, params[:offset] || 0))
+    if event_filter.filter == EventFilter::ALL
+      execute_optimized_multi(users)
+    else
+      event_filter.apply_filter(Event.where(author: users).limit_recent(limit, params[:offset] || 0))
+    end
   end
   # rubocop: enable CodeReuse/ActiveRecord