Merge remote-tracking branch 'dev/16-2-stable' into 16-2-stable

11 files changed, 63 insertions, 16 deletions

diff --git a/app/assets/javascripts/diffs/store/mutations.js b/app/assets/javascripts/diffs/store/mutations.js
index 4855ca87e91..f90e0a24d0e 100644
--- a/app/assets/javascripts/diffs/store/mutations.js
+++ b/app/assets/javascripts/diffs/store/mutations.js
@@ -167,7 +167,7 @@ export default {
       originalStartLineCode,
       ...(discussion.line_codes || []),
     ];
-    const fileHash = discussion.diff_file.file_hash;
+    const fileHash = discussion.diff_file?.file_hash;
     const lineCheck = (line) =>
       discussionLineCodes.some(
         (discussionLineCode) =>
diff --git a/app/assets/javascripts/diffs/utils/diff_file.js b/app/assets/javascripts/diffs/utils/diff_file.js
index f2a3224d332..98e1c1cc849 100644
--- a/app/assets/javascripts/diffs/utils/diff_file.js
+++ b/app/assets/javascripts/diffs/utils/diff_file.js
@@ -77,7 +77,7 @@ export function prepareRawDiffFile({ file, allFiles, meta = false, index = -1 })
 }
 
 export function collapsedType(file) {
-  const isManual = typeof file.viewer?.manuallyCollapsed === 'boolean';
+  const isManual = typeof file?.viewer?.manuallyCollapsed === 'boolean';
 
   return isManual ? DIFF_FILE_MANUAL_COLLAPSE : DIFF_FILE_AUTOMATIC_COLLAPSE;
 }
@@ -85,8 +85,8 @@ export function collapsedType(file) {
 export function isCollapsed(file) {
   const type = collapsedType(file);
   const collapsedStates = {
-    [DIFF_FILE_AUTOMATIC_COLLAPSE]: file.viewer?.automaticallyCollapsed || false,
-    [DIFF_FILE_MANUAL_COLLAPSE]: file.viewer?.manuallyCollapsed,
+    [DIFF_FILE_AUTOMATIC_COLLAPSE]: file?.viewer?.automaticallyCollapsed || false,
+    [DIFF_FILE_MANUAL_COLLAPSE]: file?.viewer?.manuallyCollapsed,
   };
 
   return collapsedStates[type];
diff --git a/app/assets/javascripts/notes/components/diff_with_note.vue b/app/assets/javascripts/notes/components/diff_with_note.vue
index db32079e6b9..b1a2ab77fa8 100644
--- a/app/assets/javascripts/notes/components/diff_with_note.vue
+++ b/app/assets/javascripts/notes/components/diff_with_note.vue
@@ -41,7 +41,7 @@ export default {
       return getDiffMode(this.discussion.diff_file);
     },
     diffViewerMode() {
-      return this.discussion.diff_file.viewer.name;
+      return this.discussion.diff_file?.viewer.name;
     },
     fileDiffRefs() {
       return this.discussion.diff_file.diff_refs;
@@ -96,6 +96,7 @@ export default {
 <template>
   <div :class="{ 'text-file': isTextFile }" class="diff-file file-holder">
     <diff-file-header
+      v-if="discussion.diff_file"
       :discussion-path="discussion.discussion_path"
       :diff-file="discussion.diff_file"
       :can-current-user-fork="false"
diff --git a/app/assets/javascripts/notes/components/noteable_discussion.vue b/app/assets/javascripts/notes/components/noteable_discussion.vue
index a5939e1023c..7e79edfea15 100644
--- a/app/assets/javascripts/notes/components/noteable_discussion.vue
+++ b/app/assets/javascripts/notes/components/noteable_discussion.vue
@@ -169,7 +169,7 @@ export default {
       return !this.discussionResolved ? this.discussion.resolve_with_issue_path : '';
     },
     canShowReplyActions() {
-      if (this.shouldRenderDiffs && !this.discussion.diff_file.diff_refs) {
+      if (this.shouldRenderDiffs && !this.discussion.diff_file?.diff_refs) {
         return false;
       }
 
diff --git a/app/controllers/projects/pipeline_schedules_controller.rb b/app/controllers/projects/pipeline_schedules_controller.rb
index 4fd307b5105..96c9aa89953 100644
--- a/app/controllers/projects/pipeline_schedules_controller.rb
+++ b/app/controllers/projects/pipeline_schedules_controller.rb
@@ -21,7 +21,6 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
   end
 
   def new
-    @schedule = project.pipeline_schedules.new
   end
 
   def create
@@ -113,6 +112,15 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
         variables_attributes: [:id, :variable_type, :key, :secret_value, :_destroy])
   end
 
+  def new_schedule
+    # We need the `ref` here for `authorize_create_pipeline_schedule!`
+    @schedule ||= project.pipeline_schedules.new(ref: params.dig(:schedule, :ref))
+  end
+
+  def authorize_create_pipeline_schedule!
+    return access_denied! unless can?(current_user, :create_pipeline_schedule, new_schedule)
+  end
+
   def authorize_play_pipeline_schedule!
     return access_denied! unless can?(current_user, :play_pipeline_schedule, schedule)
   end
diff --git a/app/models/project.rb b/app/models/project.rb
index 931f4db3a54..8959eccbd1f 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -579,6 +579,8 @@ class Project < ApplicationRecord
   validates :max_artifacts_size, numericality: { only_integer: true, greater_than: 0, allow_nil: true }
   validates :suggestion_commit_message, length: { maximum: MAX_SUGGESTIONS_TEMPLATE_LENGTH }
 
+  validate :path_availability, if: :path_changed?
+
   # Scopes
   scope :pending_delete, -> { where(pending_delete: true) }
   scope :without_deleted, -> { where(pending_delete: false) }
@@ -3221,6 +3223,15 @@ class Project < ApplicationRecord
     group.crm_enabled?
   end
 
+  def path_availability
+    base, _, host = path.partition('.')
+
+    return unless host == Gitlab.config.pages&.dig('host')
+    return unless ProjectSetting.where(pages_unique_domain: base).exists?
+
+    errors.add(:path, s_('Project|already in use'))
+  end
+
   private
 
   # overridden in EE
diff --git a/app/models/project_setting.rb b/app/models/project_setting.rb
index 7ca74d4e970..aeefa5c8dcd 100644
--- a/app/models/project_setting.rb
+++ b/app/models/project_setting.rb
@@ -59,6 +59,8 @@ class ProjectSetting < ApplicationRecord
 
   validate :validates_mr_default_target_self
 
+  validate :pages_unique_domain_availability, if: :pages_unique_domain_changed?
+
   attribute :legacy_open_source_license_available, default: -> do
     Feature.enabled?(:legacy_open_source_license_available, type: :ops)
   end
@@ -109,6 +111,15 @@ class ProjectSetting < ApplicationRecord
     pages_unique_domain_enabled ||
       pages_unique_domain_in_database.present?
   end
+
+  def pages_unique_domain_availability
+    host = Gitlab.config.pages&.dig('host')
+
+    return if host.blank?
+    return unless Project.where(path: "#{pages_unique_domain}.#{host}").exists?
+
+    errors.add(:pages_unique_domain, s_('ProjectSetting|already in use'))
+  end
 end
 
 ProjectSetting.prepend_mod
diff --git a/app/policies/ci/pipeline_schedule_policy.rb b/app/policies/ci/pipeline_schedule_policy.rb
index 7b0d484f9f7..cbc60c4a30a 100644
--- a/app/policies/ci/pipeline_schedule_policy.rb
+++ b/app/policies/ci/pipeline_schedule_policy.rb
@@ -5,7 +5,18 @@ module Ci
     alias_method :pipeline_schedule, :subject
 
     condition(:protected_ref) do
-      ref_protected?(@user, @subject.project, @subject.project.repository.tag_exists?(@subject.ref), @subject.ref)
+      if full_ref?(@subject.ref)
+        is_tag = Gitlab::Git.tag_ref?(@subject.ref)
+        ref_name = Gitlab::Git.ref_name(@subject.ref)
+      else
+        # NOTE: this block should not be removed
+        # until the full ref validation is in place
+        # and all old refs are updated and validated
+        is_tag = @subject.project.repository.tag_exists?(@subject.ref)
+        ref_name = @subject.ref
+      end
+
+      ref_protected?(@user, @subject.project, is_tag, ref_name)
     end
 
     condition(:owner_of_schedule) do
@@ -31,6 +42,15 @@ module Ci
       enable :take_ownership_pipeline_schedule
     end
 
-    rule { protected_ref }.prevent :play_pipeline_schedule
+    rule { protected_ref }.policy do
+      prevent :play_pipeline_schedule
+      prevent :create_pipeline_schedule
+    end
+
+    private
+
+    def full_ref?(ref)
+      Gitlab::Git.tag_ref?(ref) || Gitlab::Git.branch_ref?(ref)
+    end
   end
 end
diff --git a/app/services/bulk_imports/archive_extraction_service.rb b/app/services/bulk_imports/archive_extraction_service.rb
index 4485b19035b..bce2a67218a 100644
--- a/app/services/bulk_imports/archive_extraction_service.rb
+++ b/app/services/bulk_imports/archive_extraction_service.rb
@@ -49,11 +49,7 @@ module BulkImports
     end
 
     def validate_symlink
-      raise(BulkImports::Error, 'Invalid file') if symlink?(filepath)
-    end
-
-    def symlink?(filepath)
-      File.lstat(filepath).symlink?
+      raise(BulkImports::Error, 'Invalid file') if Gitlab::Utils::FileInfo.linked?(filepath)
     end
 
     def extract_archive
diff --git a/app/services/bulk_imports/file_decompression_service.rb b/app/services/bulk_imports/file_decompression_service.rb
index 94573f6bb13..77638f10f54 100644
--- a/app/services/bulk_imports/file_decompression_service.rb
+++ b/app/services/bulk_imports/file_decompression_service.rb
@@ -53,7 +53,7 @@ module BulkImports
     end
 
     def validate_symlink(filepath)
-      raise(ServiceError, 'Invalid file') if File.lstat(filepath).symlink?
+      raise(ServiceError, 'Invalid file') if Gitlab::Utils::FileInfo.linked?(filepath)
     end
 
     def decompress_file
diff --git a/app/services/discussions/capture_diff_note_positions_service.rb b/app/services/discussions/capture_diff_note_positions_service.rb
index 3684a3f679a..f9b31e0f2f1 100644
--- a/app/services/discussions/capture_diff_note_positions_service.rb
+++ b/app/services/discussions/capture_diff_note_positions_service.rb
@@ -26,7 +26,7 @@ module Discussions
       active_diff_discussions = merge_request.notes.new_diff_notes.discussions.select do |discussion|
         discussion.active?(merge_request.diff_refs)
       end
-      paths = active_diff_discussions.flat_map { |n| n.diff_file.paths }
+      paths = active_diff_discussions.flat_map { |n| n.diff_file&.paths }
 
       [active_diff_discussions, paths]
     end