Add latest changes from gitlab-org/gitlab@master

7 files changed, 18 insertions, 18 deletions

diff --git a/app/models/group.rb b/app/models/group.rb
index ac843f392fd..1bfe68f414a 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -37,8 +37,8 @@ class Group < Namespace
 
   has_many :all_group_members, -> { non_request }, dependent: :destroy, as: :source, class_name: 'GroupMember' # rubocop:disable Cop/ActiveRecordDependent
   has_many :all_owner_members, -> { non_request.all_owners }, as: :source, class_name: 'GroupMember'
-  has_many :group_members, -> { non_request.where.not(members: { access_level: Gitlab::Access::MINIMAL_ACCESS }) }, dependent: :destroy, as: :source # rubocop:disable Cop/ActiveRecordDependent
-  has_many :namespace_members, -> { non_request.where.not(members: { access_level: Gitlab::Access::MINIMAL_ACCESS }).unscope(where: %i[source_id source_type]) },
+  has_many :group_members, -> { non_request.non_minimal_access }, dependent: :destroy, as: :source # rubocop:disable Cop/ActiveRecordDependent
+  has_many :namespace_members, -> { non_request.non_minimal_access.unscope(where: %i[source_id source_type]) },
     foreign_key: :member_namespace_id, inverse_of: :group, class_name: 'GroupMember'
   alias_method :members, :group_members
 
@@ -434,7 +434,7 @@ class Group < Namespace
   end
 
   def owned_by?(user)
-    owners.include?(user)
+    all_owner_members.exists?(user: user)
   end
 
   def add_members(users, access_level, current_user: nil, expires_at: nil)
@@ -593,6 +593,12 @@ class Group < Namespace
     end
   end
 
+  # Only for direct and not requested members with higher access level than MIMIMAL_ACCESS
+  # It returns true for non-active users
+  def has_user?(user)
+    group_members.exists?(user: user)
+  end
+
   def direct_members
     GroupMember.active_without_invites_and_requests
                .non_minimal_access
diff --git a/app/models/project.rb b/app/models/project.rb
index 7b996457c0d..738b9b1ef72 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -334,7 +334,7 @@ class Project < ApplicationRecord
   has_many :authorized_users, -> { allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/422045') },
     through: :project_authorizations, source: :user, class_name: 'User'
 
-  has_many :project_members, -> { where(requested_at: nil) },
+  has_many :project_members, -> { non_request },
     as: :source, dependent: :delete_all # rubocop:disable Cop/ActiveRecordDependent
   alias_method :members, :project_members
   has_many :namespace_members, ->(project) { where(requested_at: nil).unscope(where: %i[source_id source_type]) },
@@ -508,6 +508,7 @@ class Project < ApplicationRecord
     delegate :members, prefix: true
     delegate :add_member, :add_members, :member?
     delegate :add_guest, :add_reporter, :add_developer, :add_maintainer, :add_owner, :add_role
+    delegate :has_user?
   end
 
   with_options to: :namespace do
diff --git a/app/models/project_team.rb b/app/models/project_team.rb
index 5078642ea3a..e3791379b94 100644
--- a/app/models/project_team.rb
+++ b/app/models/project_team.rb
@@ -172,6 +172,11 @@ class ProjectTeam
     max_member_access(user.id) >= min_access_level
   end
 
+  # Only for direct and not invited members
+  def has_user?(user)
+    project.project_members.exists?(user: user)
+  end
+
   def human_max_access(user_id)
     Gitlab::Access.human_access(max_member_access(user_id))
   end
diff --git a/app/policies/organizations/organization_policy.rb b/app/policies/organizations/organization_policy.rb
index afd8c6e144f..d538b786f78 100644
--- a/app/policies/organizations/organization_policy.rb
+++ b/app/policies/organizations/organization_policy.rb
@@ -13,14 +13,12 @@ module Organizations
 
     rule { admin }.policy do
       enable :admin_organization
-      enable :create_group
       enable :read_organization
       enable :read_organization_user
     end
 
     rule { organization_user }.policy do
       enable :admin_organization
-      enable :create_group
       enable :read_organization
       enable :read_organization_user
     end
diff --git a/app/services/groups/create_service.rb b/app/services/groups/create_service.rb
index bb577b41fa8..21d3c6499a0 100644
--- a/app/services/groups/create_service.rb
+++ b/app/services/groups/create_service.rb
@@ -92,16 +92,6 @@ module Groups
         end
       end
 
-      if @group.organization && !can?(current_user, :create_group, @group.organization)
-        # We are unsetting this here to match behavior of invalid parent_id above and protect against possible
-        # committing to the database of a value that isn't allowed.
-        @group.organization = nil
-        message = s_("CreateGroup|You don't have permission to create a group in the provided organization.")
-        @group.errors.add(:organization_id, message)
-
-        return false
-      end
-
       true
     end
 
diff --git a/app/services/groups/transfer_service.rb b/app/services/groups/transfer_service.rb
index 79557dae14a..9fc1a05476e 100644
--- a/app/services/groups/transfer_service.rb
+++ b/app/services/groups/transfer_service.rb
@@ -236,7 +236,7 @@ module Groups
 
     def ensure_ownership
       return if @new_parent_group
-      return unless @group.owners.empty?
+      return unless @group.all_owner_members.empty?
 
       add_owner_on_transferred_group
     end
diff --git a/app/views/shared/groups/_group.html.haml b/app/views/shared/groups/_group.html.haml
index 38189786c24..cdcbee1bb72 100644
--- a/app/views/shared/groups/_group.html.haml
+++ b/app/views/shared/groups/_group.html.haml
@@ -22,7 +22,7 @@
 
     %span.gl-ml-5.has-tooltip{ title: _('Users') }
       = sprite_icon('users', css_class: 'gl-vertical-align-text-bottom')
-      = number_with_delimiter(group.users.count)
+      = number_with_delimiter(group.group_members.non_invite.count)
 
     %span.gl-ml-5.visibility-icon.has-tooltip{ data: { container: 'body', placement: 'left' }, title: visibility_icon_description(group) }
       = visibility_level_icon(group.visibility_level)