Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-11-16 15:10:23 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-11-16 15:10:23 +0300
commit: dc9ff5fda1337883acd09fd4b98be2f6a41ad037 (patch)
tree: 0c720bccd583ddfb7ae355b81459d8e2ecde8ae8 /app
parent: 2c90b9b579fbfe3db191a032d2cb176761605a02 (diff)
19 files changed, 67 insertions, 51 deletions
diff --git a/app/assets/javascripts/repository/components/table/row.vue b/app/assets/javascripts/repository/components/table/row.vue
index 5010d60f374..bd06c064ab7 100644
--- a/app/assets/javascripts/repository/components/table/row.vue
+++ b/app/assets/javascripts/repository/components/table/row.vue
@@ -11,7 +11,6 @@ import {
   GlIntersectionObserver,
 } from '@gitlab/ui';
 import { escapeRegExp } from 'lodash';
-import filesQuery from 'shared_queries/repository/files.query.graphql';
 import paginatedTreeQuery from 'shared_queries/repository/paginated_tree.query.graphql';
 import { escapeFileUrl } from '~/lib/utils/url_utility';
 import { TREE_PAGE_SIZE } from '~/repository/constants';
@@ -178,8 +177,7 @@ export default {
       return this.isFolder ? this.loadFolder() : this.loadBlob();
     },
     loadFolder() {
-      const query = this.glFeatures.paginatedTreeGraphqlQuery ? paginatedTreeQuery : filesQuery;
-      this.apolloQuery(query, {
+      this.apolloQuery(paginatedTreeQuery, {
         projectPath: this.projectPath,
         ref: this.ref,
         path: this.path,
diff --git a/app/assets/javascripts/repository/components/tree_content.vue b/app/assets/javascripts/repository/components/tree_content.vue
index 16dfe3cfb14..ffe8d5531f8 100644
--- a/app/assets/javascripts/repository/components/tree_content.vue
+++ b/app/assets/javascripts/repository/components/tree_content.vue
@@ -1,5 +1,4 @@
 <script>
-import filesQuery from 'shared_queries/repository/files.query.graphql';
 import paginatedTreeQuery from 'shared_queries/repository/paginated_tree.query.graphql';
 import createFlash from '~/flash';
 import glFeatureFlagMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
@@ -72,9 +71,6 @@ export default {
     hasShowMore() {
       return !this.clickedShowMore && this.pageLimitReached;
     },
-    paginatedTreeEnabled() {
-      return this.glFeatures.paginatedTreeGraphqlQuery;
-    },
   },
 
   watch: {
@@ -101,7 +97,7 @@ export default {
 
       return this.$apollo
         .query({
-          query: this.paginatedTreeEnabled ? paginatedTreeQuery : filesQuery,
+          query: paginatedTreeQuery,
           variables: {
             projectPath: this.projectPath,
             ref: this.ref,
@@ -114,20 +110,19 @@ export default {
           if (data.errors) throw data.errors;
           if (!data?.project?.repository || originalPath !== (this.path || '/')) return;
 
-          const pageInfo = this.paginatedTreeEnabled
-            ? data.project.repository.paginatedTree.pageInfo
-            : this.hasNextPage(data.project.repository.tree);
+          const {
+            project: {
+              repository: {
+                paginatedTree: { pageInfo },
+              },
+            },
+          } = data;
 
           this.isLoadingFiles = false;
           this.entries = Object.keys(this.entries).reduce(
             (acc, key) => ({
               ...acc,
-              [key]: this.normalizeData(
-                key,
-                this.paginatedTreeEnabled
-                  ? data.project.repository.paginatedTree.nodes[0][key]
-                  : data.project.repository.tree[key].edges,
-              ),
+              [key]: this.normalizeData(key, data.project.repository.paginatedTree.nodes[0][key]),
             }),
             {},
           );
@@ -149,9 +144,7 @@ export default {
         });
     },
     normalizeData(key, data) {
-      return this.entries[key].concat(
-        this.paginatedTreeEnabled ? data.nodes : data.map(({ node }) => node),
-      );
+      return this.entries[key].concat(data.nodes);
     },
     hasNextPage(data) {
       return []
diff --git a/app/assets/javascripts/repository/mixins/preload.js b/app/assets/javascripts/repository/mixins/preload.js
index a2ddcbf0e4c..30c36dee48f 100644
--- a/app/assets/javascripts/repository/mixins/preload.js
+++ b/app/assets/javascripts/repository/mixins/preload.js
@@ -1,4 +1,3 @@
-import filesQuery from 'shared_queries/repository/files.query.graphql';
 import paginatedTreeQuery from 'shared_queries/repository/paginated_tree.query.graphql';
 import projectPathQuery from '../queries/project_path.query.graphql';
 import getRefMixin from './get_ref';
@@ -22,7 +21,7 @@ export default {
 
       return this.$apollo
         .query({
-          query: gon.features.paginatedTreeGraphqlQuery ? paginatedTreeQuery : filesQuery,
+          query: paginatedTreeQuery,
           variables: {
             projectPath: this.projectPath,
             ref: this.ref,
diff --git a/app/assets/javascripts/vue_shared/components/blob_viewers/simple_viewer.vue b/app/assets/javascripts/vue_shared/components/blob_viewers/simple_viewer.vue
index 40044e518c3..2c74d56f617 100644
--- a/app/assets/javascripts/vue_shared/components/blob_viewers/simple_viewer.vue
+++ b/app/assets/javascripts/vue_shared/components/blob_viewers/simple_viewer.vue
@@ -1,5 +1,5 @@
 <script>
-import { GlIcon } from '@gitlab/ui';
+import { GlIcon, GlSafeHtmlDirective } from '@gitlab/ui';
 import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
 import { HIGHLIGHT_CLASS_NAME } from './constants';
 import ViewerMixin from './mixins';
@@ -9,6 +9,9 @@ export default {
   components: {
     GlIcon,
   },
+  directives: {
+    SafeHtml: GlSafeHtmlDirective,
+  },
   mixins: [ViewerMixin, glFeatureFlagsMixin()],
   inject: ['blobHash'],
   data() {
@@ -65,7 +68,7 @@ export default {
       <div class="blob-content">
         <pre
           class="code highlight"
-        ><code :data-blob-hash="blobHash" v-html="content /* eslint-disable-line vue/no-v-html */"></code></pre>
+        ><code v-safe-html="content" :data-blob-hash="blobHash"></code></pre>
       </div>
     </div>
   </div>
diff --git a/app/controllers/projects/releases_controller.rb b/app/controllers/projects/releases_controller.rb
index be2abc5cddf..7fba6cc5bf4 100644
--- a/app/controllers/projects/releases_controller.rb
+++ b/app/controllers/projects/releases_controller.rb
@@ -5,9 +5,6 @@ class Projects::ReleasesController < Projects::ApplicationController
   before_action :require_non_empty_project, except: [:index]
   before_action :release, only: %i[edit show update downloads]
   before_action :authorize_read_release!
-  # We have to check `download_code` permission because detail URL path
-  # contains git-tag name.
-  before_action :authorize_download_code!, except: [:index]
   before_action :authorize_update_release!, only: %i[edit update]
   before_action :authorize_create_release!, only: :new
   before_action only: :index do
diff --git a/app/controllers/projects/tree_controller.rb b/app/controllers/projects/tree_controller.rb
index c36b30e198b..f8f2c1f0836 100644
--- a/app/controllers/projects/tree_controller.rb
+++ b/app/controllers/projects/tree_controller.rb
@@ -17,7 +17,6 @@ class Projects::TreeController < Projects::ApplicationController
 
   before_action do
     push_frontend_feature_flag(:lazy_load_commits, @project, default_enabled: :yaml)
-    push_frontend_feature_flag(:paginated_tree_graphql_query, @project, default_enabled: :yaml)
     push_frontend_feature_flag(:new_dir_modal, @project, default_enabled: :yaml)
     push_frontend_feature_flag(:refactor_blob_viewer, @project, default_enabled: :yaml)
   end
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index a5fa1807cc9..5b17b75a963 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -37,7 +37,6 @@ class ProjectsController < Projects::ApplicationController
     push_frontend_feature_flag(:refactor_blob_viewer, @project, default_enabled: :yaml)
     push_frontend_feature_flag(:refactor_text_viewer, @project, default_enabled: :yaml)
     push_frontend_feature_flag(:increase_page_size_exponentially, @project, default_enabled: :yaml)
-    push_frontend_feature_flag(:paginated_tree_graphql_query, @project, default_enabled: :yaml)
     push_frontend_feature_flag(:new_dir_modal, @project, default_enabled: :yaml)
   end
 
diff --git a/app/finders/issuables/label_filter.rb b/app/finders/issuables/label_filter.rb
index 98e98c0d44e..9a6ca107b19 100644
--- a/app/finders/issuables/label_filter.rb
+++ b/app/finders/issuables/label_filter.rb
@@ -135,11 +135,7 @@ module Issuables
 
     # rubocop: disable CodeReuse/ActiveRecord
     def label_link_query(target_model, label_ids: nil, label_names: nil)
-      relation = LabelLink
-        .where(target_type: target_model.name)
-        .where(LabelLink.arel_table['target_id'].eq(target_model.arel_table['id']))
-
-      relation = relation.where(label_id: label_ids) if label_ids
+      relation = LabelLink.by_target_for_exists_query(target_model.name, target_model.arel_table['id'], label_ids)
       relation = relation.joins(:label).where(labels: { name: label_names }) if label_names
 
       relation
diff --git a/app/graphql/types/project_type.rb b/app/graphql/types/project_type.rb
index dd73fb8dceb..b6cb9cd3302 100644
--- a/app/graphql/types/project_type.rb
+++ b/app/graphql/types/project_type.rb
@@ -306,7 +306,7 @@ module Types
           null: true,
           description: 'A single release of the project.',
           resolver: Resolvers::ReleasesResolver.single,
-          authorize: :download_code
+          authorize: :read_release
 
     field :container_expiration_policy,
           Types::ContainerExpirationPolicyType,
diff --git a/app/graphql/types/release_links_type.rb b/app/graphql/types/release_links_type.rb
index 7830e29f3cd..37ad52ce6d0 100644
--- a/app/graphql/types/release_links_type.rb
+++ b/app/graphql/types/release_links_type.rb
@@ -4,7 +4,7 @@ module Types
   class ReleaseLinksType < BaseObject
     graphql_name 'ReleaseLinks'
 
-    authorize :download_code
+    authorize :read_release
 
     alias_method :release, :object
 
@@ -16,14 +16,19 @@ module Types
           description: "HTTP URL of the release's edit page.",
           authorize: :update_release
     field :opened_merge_requests_url, GraphQL::Types::String, null: true,
-          description: 'HTTP URL of the merge request page, filtered by this release and `state=open`.'
+          description: 'HTTP URL of the merge request page, filtered by this release and `state=open`.',
+          authorize: :download_code
     field :merged_merge_requests_url, GraphQL::Types::String, null: true,
-          description: 'HTTP URL of the merge request page , filtered by this release and `state=merged`.'
+          description: 'HTTP URL of the merge request page , filtered by this release and `state=merged`.',
+          authorize: :download_code
     field :closed_merge_requests_url, GraphQL::Types::String, null: true,
-          description: 'HTTP URL of the merge request page , filtered by this release and `state=closed`.'
+          description: 'HTTP URL of the merge request page , filtered by this release and `state=closed`.',
+          authorize: :download_code
     field :opened_issues_url, GraphQL::Types::String, null: true,
-          description: 'HTTP URL of the issues page, filtered by this release and `state=open`.'
+          description: 'HTTP URL of the issues page, filtered by this release and `state=open`.',
+          authorize: :download_code
     field :closed_issues_url, GraphQL::Types::String, null: true,
-          description: 'HTTP URL of the issues page, filtered by this release and `state=closed`.'
+          description: 'HTTP URL of the issues page, filtered by this release and `state=closed`.',
+          authorize: :download_code
   end
 end
diff --git a/app/graphql/types/release_type.rb b/app/graphql/types/release_type.rb
index 6dda93c7329..fcc9ec49252 100644
--- a/app/graphql/types/release_type.rb
+++ b/app/graphql/types/release_type.rb
@@ -14,8 +14,7 @@ module Types
     present_using ReleasePresenter
 
     field :tag_name, GraphQL::Types::String, null: true, method: :tag,
-          description: 'Name of the tag associated with the release.',
-          authorize: :download_code
+          description: 'Name of the tag associated with the release.'
     field :tag_path, GraphQL::Types::String, null: true,
           description: 'Relative web path to the tag associated with the release.',
           authorize: :download_code
diff --git a/app/graphql/types/repository_type.rb b/app/graphql/types/repository_type.rb
index 63d1eef5b59..fc9860900c9 100644
--- a/app/graphql/types/repository_type.rb
+++ b/app/graphql/types/repository_type.rb
@@ -16,8 +16,7 @@ module Types
           description: 'Tree of the repository.'
     field :paginated_tree, Types::Tree::TreeType.connection_type, null: true, resolver: Resolvers::PaginatedTreeResolver, calls_gitaly: true,
           max_page_size: 100,
-          description: 'Paginated tree of the repository.',
-          feature_flag: :paginated_tree_graphql_query
+          description: 'Paginated tree of the repository.'
     field :blobs, Types::Repository::BlobType.connection_type, null: true, resolver: Resolvers::BlobsResolver, calls_gitaly: true,
           description: 'Blobs contained within the repository'
     field :branch_names, [GraphQL::Types::String], null: true, calls_gitaly: true,
diff --git a/app/models/analytics/cycle_analytics/issue_stage_event.rb b/app/models/analytics/cycle_analytics/issue_stage_event.rb
index 099bb671f10..837eb35c839 100644
--- a/app/models/analytics/cycle_analytics/issue_stage_event.rb
+++ b/app/models/analytics/cycle_analytics/issue_stage_event.rb
@@ -20,6 +20,10 @@ module Analytics
       def self.issuable_id_column
         :issue_id
       end
+
+      def self.issuable_model
+        ::Issue
+      end
     end
   end
 end
diff --git a/app/models/analytics/cycle_analytics/merge_request_stage_event.rb b/app/models/analytics/cycle_analytics/merge_request_stage_event.rb
index 632b7079b2e..0dfa322b2c3 100644
--- a/app/models/analytics/cycle_analytics/merge_request_stage_event.rb
+++ b/app/models/analytics/cycle_analytics/merge_request_stage_event.rb
@@ -20,6 +20,10 @@ module Analytics
       def self.issuable_id_column
         :merge_request_id
       end
+
+      def self.issuable_model
+        ::MergeRequest
+      end
     end
   end
 end
diff --git a/app/models/concerns/analytics/cycle_analytics/stage_event_model.rb b/app/models/concerns/analytics/cycle_analytics/stage_event_model.rb
index cca1a0b41cc..324e0fb57cb 100644
--- a/app/models/concerns/analytics/cycle_analytics/stage_event_model.rb
+++ b/app/models/concerns/analytics/cycle_analytics/stage_event_model.rb
@@ -18,6 +18,10 @@ module Analytics
         scope :end_event_is_not_happened_yet, -> { where(end_event_timestamp: nil) }
       end
 
+      def issuable_id
+        attributes[self.class.issuable_id_column.to_s]
+      end
+
       class_methods do
         def upsert_data(data)
           upsert_values = data.map do |row|
@@ -26,8 +30,8 @@ module Analytics
               :issuable_id,
               :group_id,
               :project_id,
-              :author_id,
               :milestone_id,
+              :author_id,
               :state_id,
               :start_event_timestamp,
               :end_event_timestamp
diff --git a/app/models/label_link.rb b/app/models/label_link.rb
index 4fb5fd8c58a..d326b07ad31 100644
--- a/app/models/label_link.rb
+++ b/app/models/label_link.rb
@@ -11,4 +11,16 @@ class LabelLink < ApplicationRecord
   validates :label, presence: true, unless: :importing?
 
   scope :for_target, -> (target_id, target_type) { where(target_id: target_id, target_type: target_type) }
+
+  # Example: Issues has at least one label within a project
+  # > Issue.where(project_id: 100) # or any scope on issues
+  # >  .where(LabelLink.by_target_for_exists_query('Issue', Issue.arel_table[:id]).arel.exists)
+  scope :by_target_for_exists_query, -> (target_type, arel_join_column, label_ids = nil) do
+    relation = LabelLink
+      .where(target_type: target_type)
+      .where(arel_table['target_id'].eq(arel_join_column))
+
+    relation = relation.where(label_id: label_ids) if label_ids
+    relation
+  end
 end
diff --git a/app/models/webauthn_registration.rb b/app/models/webauthn_registration.rb
index 76f8faa11c7..71b50192e29 100644
--- a/app/models/webauthn_registration.rb
+++ b/app/models/webauthn_registration.rb
@@ -5,7 +5,8 @@
 class WebauthnRegistration < ApplicationRecord
   belongs_to :user
 
-  validates :credential_xid, :public_key, :name, :counter, presence: true
+  validates :credential_xid, :public_key, :counter, presence: true
+  validates :name, length: { minimum: 0, allow_nil: false }
   validates :counter,
             numericality: { only_integer: true, greater_than_or_equal_to: 0, less_than_or_equal_to: 2**32 - 1 }
 end
diff --git a/app/presenters/release_presenter.rb b/app/presenters/release_presenter.rb
index c919c7f4c60..dac42af38bf 100644
--- a/app/presenters/release_presenter.rb
+++ b/app/presenters/release_presenter.rb
@@ -22,8 +22,6 @@ class ReleasePresenter < Gitlab::View::Presenter::Delegated
   end
 
   def self_url
-    return unless can_download_code?
-
     project_release_url(project, release)
   end
 
@@ -64,7 +62,7 @@ class ReleasePresenter < Gitlab::View::Presenter::Delegated
 
   delegator_override :name
   def name
-    can_download_code? ? release.name : "Release-#{release.id}"
+    release.name
   end
 
   def download_url(filepath)
diff --git a/app/services/packages/npm/create_package_service.rb b/app/services/packages/npm/create_package_service.rb
index 6945c94e0bb..ae9c92a3d3a 100644
--- a/app/services/packages/npm/create_package_service.rb
+++ b/app/services/packages/npm/create_package_service.rb
@@ -4,6 +4,8 @@ module Packages
     class CreatePackageService < ::Packages::CreatePackageService
       include Gitlab::Utils::StrongMemoize
 
+      PACKAGE_JSON_NOT_ALLOWED_FIELDS = %w[readme readmeFilename].freeze
+
       def execute
         return error('Version is empty.', 400) if version.blank?
         return error('Package already exists.', 403) if current_package_exists?
@@ -22,7 +24,7 @@ module Packages
         ::Packages::Npm::CreateTagService.new(package, dist_tag).execute
 
         if Feature.enabled?(:packages_npm_abbreviated_metadata, project, default_enabled: :yaml)
-          package.create_npm_metadatum!(package_json: version_data)
+          package.create_npm_metadatum!(package_json: package_json)
         end
 
         package
@@ -50,6 +52,10 @@ module Packages
         params[:versions][version]
       end
 
+      def package_json
+        version_data.except(*PACKAGE_JSON_NOT_ALLOWED_FIELDS)
+      end
+
       def dist_tag
         params['dist-tags'].each_key.first
       end
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-11-16 15:10:23 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-11-16 15:10:23 +0300
commit	dc9ff5fda1337883acd09fd4b98be2f6a41ad037 (patch)
tree	0c720bccd583ddfb7ae355b81459d8e2ecde8ae8 /app
parent	2c90b9b579fbfe3db191a032d2cb176761605a02 (diff)