Add latest changes from gitlab-org/gitlab@master

4 files changed, 35 insertions, 1 deletions

diff --git a/app/services/concerns/update_visibility_level.rb b/app/services/concerns/update_visibility_level.rb
index 4cd14a2fb53..debcff0295c 100644
--- a/app/services/concerns/update_visibility_level.rb
+++ b/app/services/concerns/update_visibility_level.rb
@@ -5,7 +5,7 @@ module UpdateVisibilityLevel
   def valid_visibility_level_change?(target, new_visibility)
     return true unless new_visibility
 
-    new_visibility_level = Gitlab::VisibilityLevel.level_value(new_visibility)
+    new_visibility_level = Gitlab::VisibilityLevel.level_value(new_visibility, fallback_value: nil)
 
     if new_visibility_level != target.visibility_level_value
       unless can?(current_user, :change_visibility_level, target) &&
diff --git a/app/services/grafana/proxy_service.rb b/app/services/grafana/proxy_service.rb
index ac4c3cc091c..37272c85638 100644
--- a/app/services/grafana/proxy_service.rb
+++ b/app/services/grafana/proxy_service.rb
@@ -15,6 +15,10 @@ module Grafana
     self.reactive_cache_work_type = :external_dependency
     self.reactive_cache_worker_finder = ->(_id, *args) { from_cache(*args) }
 
+    SUPPORTED_DATASOURCE_PATTERN = %r{\A\d+\z}.freeze
+
+    SUPPORTED_PROXY_PATH = Gitlab::Metrics::Dashboard::Stages::GrafanaFormatter::PROXY_PATH
+
     attr_accessor :project, :datasource_id, :proxy_path, :query_params
 
     # @param project_id [Integer] Project id for which grafana is configured.
@@ -38,6 +42,7 @@ module Grafana
     end
 
     def execute
+      return cannot_proxy_response unless can_proxy?
       return cannot_proxy_response unless client
 
       with_reactive_cache(*cache_key) { |result| result }
@@ -69,6 +74,11 @@ module Grafana
 
     private
 
+    def can_proxy?
+      SUPPORTED_PROXY_PATH == proxy_path &&
+        SUPPORTED_DATASOURCE_PATTERN.match?(datasource_id)
+    end
+
     def client
       project.grafana_integration&.client
     end
diff --git a/app/services/groups/destroy_service.rb b/app/services/groups/destroy_service.rb
index c88c139a22e..bcf3110ca21 100644
--- a/app/services/groups/destroy_service.rb
+++ b/app/services/groups/destroy_service.rb
@@ -35,6 +35,8 @@ module Groups
 
       user_ids_for_project_authorizations_refresh = obtain_user_ids_for_project_authorizations_refresh
 
+      destroy_group_bots
+
       group.destroy
 
       if user_ids_for_project_authorizations_refresh.present?
@@ -76,6 +78,19 @@ module Groups
 
       group.users_ids_of_direct_members
     end
+
+    # rubocop:disable CodeReuse/ActiveRecord
+    def destroy_group_bots
+      bot_ids = group.members_and_requesters.joins(:user).merge(User.project_bot).pluck(:user_id)
+      current_user_id = current_user.id
+
+      group.run_after_commit do
+        bot_ids.each do |user_id|
+          DeleteUserWorker.perform_async(current_user_id, user_id, skip_authorization: true)
+        end
+      end
+    end
+    # rubocop:enable CodeReuse/ActiveRecord
   end
 end
 
diff --git a/app/services/todos/destroy/entity_leave_service.rb b/app/services/todos/destroy/entity_leave_service.rb
index 1fe397d24e7..5b04d2fd3af 100644
--- a/app/services/todos/destroy/entity_leave_service.rb
+++ b/app/services/todos/destroy/entity_leave_service.rb
@@ -41,11 +41,20 @@ module Todos
       end
 
       def remove_confidential_resource_todos
+        # Deletes todos for confidential issues
         Todo
           .for_target(confidential_issues.select(:id))
           .for_type(Issue.name)
           .for_user(user)
           .delete_all
+
+        # Deletes todos for internal notes on unauthorized projects
+        Todo
+          .for_type(Issue.name)
+          .for_internal_notes
+          .for_project(non_authorized_reporter_projects) # Only Reporter+ can read internal notes
+          .for_user(user)
+          .delete_all
       end
 
       def remove_project_todos