Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2023-10-10 12:08:01 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2023-10-10 12:08:01 +0300
commit: 0e6368a09e498dd3f2a02dd99dfac53036bb15f6 (patch)
tree: 78088025c2672216f8984ab607a4d20c0d44e077 /app/models
parent: 3669bcfaaa7cd18b6b6f890bdd6f75c13e74b830 (diff)
9 files changed, 18 insertions, 59 deletions
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index c7088908de8..79b1718233f 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -305,7 +305,7 @@ class ApplicationSetting < MainClusterwide::ApplicationRecord
     if: :auto_devops_enabled?
 
   validates :enabled_git_access_protocol,
-    inclusion: { in: %w[ssh http], allow_blank: true }
+    inclusion: { in: ->(_) { enabled_git_access_protocol_values }, allow_blank: true }
 
   validates :domain_denylist,
     presence: { message: 'Domain denylist cannot be empty if denylist is enabled.' },
@@ -959,6 +959,10 @@ class ApplicationSetting < MainClusterwide::ApplicationRecord
     HUMANIZED_ATTRIBUTES[attribute.to_sym] || super
   end
 
+  def self.enabled_git_access_protocol_values
+    %w[ssh http]
+  end
+
   def parsed_grafana_url
     @parsed_grafana_url ||= Gitlab::Utils.parse_url(grafana_url)
   end
diff --git a/app/models/group.rb b/app/models/group.rb
index 9330ffef156..8ce8b745b35 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -694,7 +694,7 @@ class Group < Namespace
     return GroupMember::NO_ACCESS unless user
     return GroupMember::OWNER if user.can_admin_all_resources? && !only_concrete_membership
 
-    max_member_access([user.id])[user.id]
+    max_member_access(user)
   end
 
   def mattermost_team_params
@@ -953,16 +953,16 @@ class Group < Namespace
     end
   end
 
-  def max_member_access(user_ids)
-    ::Gitlab::Database.allow_cross_joins_across_databases(url: "https://gitlab.com/gitlab-org/gitlab/-/issues/417455") do
-      Gitlab::SafeRequestLoader.execute(
-        resource_key: max_member_access_for_resource_key(User),
-        resource_ids: user_ids,
-        default_value: Gitlab::Access::NO_ACCESS
-      ) do |user_ids|
-        members_with_parents.where(user_id: user_ids).group(:user_id).maximum(:access_level)
-      end
-    end
+  def max_member_access(user)
+    Gitlab::SafeRequestLoader.execute(
+      resource_key: max_member_access_for_resource_key(User),
+      resource_ids: [user.id],
+      default_value: Gitlab::Access::NO_ACCESS
+    ) do |_|
+      next {} unless user.active?
+
+      members_with_parents(only_active_users: false).where(user_id: user.id).group(:user_id).maximum(:access_level)
+    end.fetch(user.id)
   end
 
   def update_two_factor_requirement
diff --git a/app/models/namespace_setting.rb b/app/models/namespace_setting.rb
index 8d5d788c738..3befcdeaec5 100644
--- a/app/models/namespace_setting.rb
+++ b/app/models/namespace_setting.rb
@@ -10,7 +10,7 @@ class NamespaceSetting < ApplicationRecord
   belongs_to :namespace, inverse_of: :namespace_settings
 
   enum jobs_to_be_done: { basics: 0, move_repository: 1, code_storage: 2, exploring: 3, ci: 4, other: 5 }, _suffix: true
-  enum enabled_git_access_protocol: { all: 0, ssh: 1, http: 2 }, _suffix: true
+  enum enabled_git_access_protocol: { all: 0, ssh: 1, http: 2, ssh_certificates: 3 }, _suffix: true
 
   attribute :default_branch_protection_defaults, default: -> { {} }
 
diff --git a/app/models/namespaces/traversal/linear.rb b/app/models/namespaces/traversal/linear.rb
index 1ca3c8e85f3..c3348c49ea1 100644
--- a/app/models/namespaces/traversal/linear.rb
+++ b/app/models/namespaces/traversal/linear.rb
@@ -61,8 +61,6 @@ module Namespaces
         # INPUT: [[4909902], [4909902,51065789], [4909902,51065793], [7135830], [15599674, 1], [15599674, 1, 3], [15599674, 2]]
         # RESULT: [[4909902], [7135830], [15599674, 1], [15599674, 2]]
         def shortest_traversal_ids_prefixes
-          raise ArgumentError, 'Feature not supported since the `:use_traversal_ids` is disabled' unless use_traversal_ids?
-
           prefixes = []
 
           # The array needs to be sorted (O(nlogn)) to ensure shortest elements are always first
@@ -91,8 +89,6 @@ module Namespaces
       end
 
       def use_traversal_ids?
-        return false unless Feature.enabled?(:use_traversal_ids)
-
         traversal_ids.present?
       end
 
diff --git a/app/models/namespaces/traversal/linear_scopes.rb b/app/models/namespaces/traversal/linear_scopes.rb
index d152ca412f8..c63639e721a 100644
--- a/app/models/namespaces/traversal/linear_scopes.rb
+++ b/app/models/namespaces/traversal/linear_scopes.rb
@@ -12,14 +12,10 @@ module Namespaces
         # list of namespace IDs, it can be faster to reference the ID in
         # traversal_ids than the primary key ID column.
         def as_ids
-          return super unless use_traversal_ids?
-
           select(Arel.sql('namespaces.traversal_ids[array_length(namespaces.traversal_ids, 1)]').as('id'))
         end
 
         def roots
-          return super unless use_traversal_ids?
-
           root_ids = all.select("#{quoted_table_name}.traversal_ids[1]").distinct
           unscoped.where(id: root_ids)
         end
@@ -37,20 +33,14 @@ module Namespaces
         end
 
         def self_and_descendants(include_self: true)
-          return super unless use_traversal_ids?
-
           self_and_descendants_with_comparison_operators(include_self: include_self)
         end
 
         def self_and_descendant_ids(include_self: true)
-          return super unless use_traversal_ids?
-
           self_and_descendants(include_self: include_self).as_ids
         end
 
         def self_and_hierarchy
-          return super unless use_traversal_ids?
-
           unscoped.from_union([all.self_and_ancestors, all.self_and_descendants(include_self: false)])
         end
 
@@ -74,10 +64,6 @@ module Namespaces
 
         private
 
-        def use_traversal_ids?
-          Feature.enabled?(:use_traversal_ids)
-        end
-
         def self_and_ancestors_from_inner_join(include_self: true, upto: nil, hierarchy_order: nil)
           base_cte = all.reselect('namespaces.traversal_ids').as_cte(:base_ancestors_cte)
 
diff --git a/app/models/preloaders/group_root_ancestor_preloader.rb b/app/models/preloaders/group_root_ancestor_preloader.rb
index 29c60e90964..410f48c8176 100644
--- a/app/models/preloaders/group_root_ancestor_preloader.rb
+++ b/app/models/preloaders/group_root_ancestor_preloader.rb
@@ -8,8 +8,6 @@ module Preloaders
     end
 
     def execute
-      return unless ::Feature.enabled?(:use_traversal_ids)
-
       # type == 'Group' condition located on subquery to prevent a filter in the query
       root_query = Namespace.joins("INNER JOIN (#{join_sql}) as root_query ON root_query.root_id = namespaces.id")
                         .select('namespaces.*, root_query.id as source_id')
diff --git a/app/models/preloaders/project_root_ancestor_preloader.rb b/app/models/preloaders/project_root_ancestor_preloader.rb
index ccb9d2eab98..1e96e139f94 100644
--- a/app/models/preloaders/project_root_ancestor_preloader.rb
+++ b/app/models/preloaders/project_root_ancestor_preloader.rb
@@ -10,7 +10,6 @@ module Preloaders
 
     def execute
       return unless @projects.is_a?(ActiveRecord::Relation)
-      return unless ::Feature.enabled?(:use_traversal_ids)
 
       root_query = Namespace.joins("INNER JOIN (#{join_sql}) as root_query ON root_query.root_id = namespaces.id")
                         .select('namespaces.*, root_query.id as source_id')
diff --git a/app/models/preloaders/user_max_access_level_in_groups_preloader.rb b/app/models/preloaders/user_max_access_level_in_groups_preloader.rb
index 16d46facb96..aaa54e0228b 100644
--- a/app/models/preloaders/user_max_access_level_in_groups_preloader.rb
+++ b/app/models/preloaders/user_max_access_level_in_groups_preloader.rb
@@ -10,27 +10,11 @@ module Preloaders
     end
 
     def execute
-      if ::Feature.enabled?(:use_traversal_ids)
-        preload_with_traversal_ids
-      else
-        preload_direct_memberships
-      end
+      preload_with_traversal_ids
     end
 
     private
 
-    def preload_direct_memberships
-      group_memberships = GroupMember.active_without_invites_and_requests
-                                     .where(user: @user, source_id: @groups)
-                                     .group(:source_id)
-                                     .maximum(:access_level)
-
-      @groups.each do |group|
-        access_level = group_memberships[group.id]
-        group.merge_value_to_request_store(User, @user.id, access_level) if access_level.present?
-      end
-    end
-
     def preload_with_traversal_ids
       # Diagrammatic representation of this step:
       # https://gitlab.com/gitlab-org/gitlab/-/merge_requests/111157#note_1271550140
diff --git a/app/models/user.rb b/app/models/user.rb
index b76d19240f8..bebd8316352 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -2509,14 +2509,6 @@ class User < MainClusterwide::ApplicationRecord
   def ci_namespace_mirrors_for_group_members(level)
     search_members = group_members.where('access_level >= ?', level)
 
-    # This reduces searched prefixes to only shortest ones
-    # to avoid querying descendants since they are already covered
-    # by ancestor namespaces. If the FF is not available fallback to
-    # inefficient search: https://gitlab.com/gitlab-org/gitlab/-/issues/336436
-    unless Feature.enabled?(:use_traversal_ids)
-      return Ci::NamespaceMirror.contains_any_of_namespaces(search_members.pluck(:source_id))
-    end
-
     traversal_ids = Group.joins(:all_group_members)
       .merge(search_members)
       .shortest_traversal_ids_prefixes
author	GitLab Bot <gitlab-bot@gitlab.com>	2023-10-10 12:08:01 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2023-10-10 12:08:01 +0300
commit	0e6368a09e498dd3f2a02dd99dfac53036bb15f6 (patch)
tree	78088025c2672216f8984ab607a4d20c0d44e077 /app/models
parent	3669bcfaaa7cd18b6b6f890bdd6f75c13e74b830 (diff)