Add latest changes from gitlab-org/gitlab@master

6 files changed, 89 insertions, 4 deletions

diff --git a/app/finders/projects_finder.rb b/app/finders/projects_finder.rb
index 2a781c037f6..57eea577419 100644
--- a/app/finders/projects_finder.rb
+++ b/app/finders/projects_finder.rb
@@ -29,7 +29,7 @@
 #     repository_storage: string
 #     not_aimed_for_deletion: boolean
 #     full_paths: string[]
-#     organization_id: int
+#     organization: Scope the groups to the Organizations::Organization
 #
 class ProjectsFinder < UnionFinder
   include CustomAttributesFilter
@@ -96,7 +96,7 @@ class ProjectsFinder < UnionFinder
     collection = by_language(collection)
     collection = by_feature_availability(collection)
     collection = by_updated_at(collection)
-    collection = by_organization_id(collection)
+    collection = by_organization(collection)
     by_repository_storage(collection)
   end
 
@@ -295,8 +295,11 @@ class ProjectsFinder < UnionFinder
     items
   end
 
-  def by_organization_id(items)
-    params[:organization_id].present? ? items.in_organization(params[:organization_id]) : items
+  def by_organization(items)
+    organization = params[:organization]
+    return items unless organization
+
+    items.in_organization(organization)
   end
 
   def finder_params
diff --git a/app/graphql/mutations/branch_rules/create.rb b/app/graphql/mutations/branch_rules/create.rb
new file mode 100644
index 00000000000..c478d981c33
--- /dev/null
+++ b/app/graphql/mutations/branch_rules/create.rb
@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module Mutations
+  module BranchRules
+    class Create < BaseMutation
+      graphql_name 'BranchRuleCreate'
+
+      argument :project_path, GraphQL::Types::ID,
+        required: true,
+        description: 'Full path to the project that the branch is associated with.'
+
+      argument :name, GraphQL::Types::String,
+        required: true,
+        description: 'Branch name, with wildcards, for the branch rules.'
+
+      field :branch_rule,
+        Types::Projects::BranchRuleType,
+        null: true,
+        description: 'Branch rule after mutation.'
+
+      def resolve(project_path:, name:)
+        project = Project.find_by_full_path(project_path)
+
+        service_params = protected_branch_params(name)
+        protected_branch = ::ProtectedBranches::CreateService.new(project, current_user, service_params).execute
+
+        if protected_branch.persisted?
+          {
+            branch_rule: ::Projects::BranchRule.new(project, protected_branch),
+            errors: []
+          }
+        else
+          { errors: errors_on_object(protected_branch) }
+        end
+      rescue Gitlab::Access::AccessDeniedError
+        raise_resource_not_available_error!
+      end
+
+      def protected_branch_params(name)
+        {
+          name: name,
+          push_access_levels_attributes: access_level_attributes(:push),
+          merge_access_levels_attributes: access_level_attributes(:merge)
+        }
+      end
+
+      def access_level_attributes(type)
+        ::ProtectedRefs::AccessLevelParams.new(
+          type,
+          {},
+          with_defaults: true
+        ).access_levels
+      end
+    end
+  end
+end
diff --git a/app/graphql/resolvers/organizations/projects_resolver.rb b/app/graphql/resolvers/organizations/projects_resolver.rb
new file mode 100644
index 00000000000..836fe0ae059
--- /dev/null
+++ b/app/graphql/resolvers/organizations/projects_resolver.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Resolvers
+  module Organizations
+    class ProjectsResolver < BaseResolver
+      include Gitlab::Graphql::Authorize::AuthorizeResource
+
+      type Types::ProjectType, null: true
+
+      authorize :read_project
+
+      alias_method :organization, :object
+
+      def resolve
+        ::ProjectsFinder.new(current_user: current_user, params: { organization: organization }).execute
+      end
+    end
+  end
+end
diff --git a/app/graphql/types/mutation_type.rb b/app/graphql/types/mutation_type.rb
index 590bc0ed282..4c987c657ef 100644
--- a/app/graphql/types/mutation_type.rb
+++ b/app/graphql/types/mutation_type.rb
@@ -111,6 +111,7 @@ module Types
     mount_mutation Mutations::Projects::SyncFork, calls_gitaly: true, alpha: { milestone: '15.9' }
     mount_mutation Mutations::Projects::Star, alpha: { milestone: '16.7' }
     mount_mutation Mutations::BranchRules::Update, alpha: { milestone: '16.7' }
+    mount_mutation Mutations::BranchRules::Create, alpha: { milestone: '16.7' }
     mount_mutation Mutations::Releases::Create
     mount_mutation Mutations::Releases::Update
     mount_mutation Mutations::Releases::Delete
diff --git a/app/graphql/types/organizations/organization_type.rb b/app/graphql/types/organizations/organization_type.rb
index 379bf9956a3..d36c92541ef 100644
--- a/app/graphql/types/organizations/organization_type.rb
+++ b/app/graphql/types/organizations/organization_type.rb
@@ -43,6 +43,10 @@ module Types
         null: false,
         description: 'Path of the organization.',
         alpha: { milestone: '16.4' }
+      field :projects, Types::ProjectType.connection_type, null: false,
+        description: 'Projects within this organization that the user has access to.',
+        alpha: { milestone: '16.8' },
+        resolver: ::Resolvers::Organizations::ProjectsResolver
       field :web_url,
         GraphQL::Types::String,
         null: false,
diff --git a/app/models/integrations/squash_tm.rb b/app/models/integrations/squash_tm.rb
index 1b4ab152b1d..7aaef0c22cc 100644
--- a/app/models/integrations/squash_tm.rb
+++ b/app/models/integrations/squash_tm.rb
@@ -7,12 +7,14 @@ module Integrations
     field :url,
       placeholder: 'https://your-instance.squashcloud.io/squash/plugin/xsquash4gitlab/webhook/issue',
       title: -> { s_('SquashTmIntegration|Squash TM webhook URL') },
+      description: -> { s_('URL of the Squash TM webhook.') },
       exposes_secrets: true,
       required: true
 
     field :token,
       type: :password,
       title: -> { s_('SquashTmIntegration|Secret token (optional)') },
+      description: -> { s_('Secret token.') },
       non_empty_password_title: -> { s_('ProjectService|Enter new token') },
       non_empty_password_help: -> { s_('ProjectService|Leave blank to use your current token.') },
       required: false