Add latest changes from gitlab-org/gitlab@master

4 files changed, 15 insertions, 74 deletions

diff --git a/lib/gitlab/cleanup/personal_access_tokens.rb b/lib/gitlab/cleanup/personal_access_tokens.rb
index a1e4b5765c2..fbc8c24f3cc 100644
--- a/lib/gitlab/cleanup/personal_access_tokens.rb
+++ b/lib/gitlab/cleanup/personal_access_tokens.rb
@@ -56,13 +56,15 @@ module Gitlab
             .active
             .owner_is_human
             .created_before(cut_off_date)
-            .for_users(group.users)
+            .for_users(group.group_members.select(:user_id))
+            .allow_cross_joins_across_databases(url: "https://gitlab.com/gitlab-org/gitlab/-/issues/436661")
         else
           PersonalAccessToken
             .active
             .owner_is_human
             .last_used_before_or_unused(cut_off_date)
-            .for_users(group.users)
+            .for_users(group.group_members.select(:user_id))
+            .allow_cross_joins_across_databases(url: "https://gitlab.com/gitlab-org/gitlab/-/issues/436661")
         end
       end
 
@@ -72,9 +74,12 @@ module Gitlab
         # updated
         attrs = access_tokens.as_json(only: [:id, :user_id])
 
-        # Use `update_all` to bypass any validations which might
-        # prevent revocation. Manually specify updated_at.
-        affected_row_count = dry_run ? 0 : access_tokens.update_all(revoked: true, updated_at: @revocation_time)
+        cross_joins_issue = "https://gitlab.com/gitlab-org/gitlab/-/issues/436661"
+        affected_row_count = ::Gitlab::Database.allow_cross_joins_across_databases(url: cross_joins_issue) do
+          # Use `update_all` to bypass any validations which might
+          # prevent revocation. Manually specify updated_at.
+          dry_run ? 0 : access_tokens.update_all(revoked: true, updated_at: @revocation_time)
+        end
 
         message = {
           dry_run: dry_run,
diff --git a/lib/gitlab/hook_data/project_builder.rb b/lib/gitlab/hook_data/project_builder.rb
index 1f7459e57af..6e24f99a498 100644
--- a/lib/gitlab/hook_data/project_builder.rb
+++ b/lib/gitlab/hook_data/project_builder.rb
@@ -54,10 +54,10 @@ module Gitlab
         # Can be consolidate again once https://gitlab.com/gitlab-org/gitlab/-/issues/432606 is addressed
         if project.group
           project.group.all_owner_members.select(:id, :user_id)
-            .preload_user.find_each.map { |member| owner_data(member.user) if member.user }
+            .preload_users.find_each.map { |member| owner_data(member.user) if member.user }
         else
           data = []
-          project.project_authorizations.owners.preload_user.each_batch(column: :user_id) do |relation|
+          project.project_authorizations.owners.preload_users.each_batch(column: :user_id) do |relation|
             data.concat(relation.map { |member| owner_data(member.user) })
           end
           data |= Array.wrap(owner_data(project.owner)) if project.owner
diff --git a/lib/gitlab/project_authorizations.rb b/lib/gitlab/project_authorizations.rb
index 0fcb8321dae..a3a14439b74 100644
--- a/lib/gitlab/project_authorizations.rb
+++ b/lib/gitlab/project_authorizations.rb
@@ -12,46 +12,6 @@ module Gitlab
     end
 
     def calculate
-      if Feature.enabled?(:compare_project_authorization_linear_cte, user)
-        linear_relation = calculate_with_linear_query
-        recursive_relation = calculate_with_recursive_query
-        recursive_set = Set.new(recursive_relation.to_a.pluck(:project_id, :access_level))
-        linear_set = Set.new(linear_relation.to_a.pluck(:project_id, :access_level))
-        if linear_set == recursive_set
-          Gitlab::AppJsonLogger.info(event: 'linear_authorized_projects_check',
-                                     user_id: user.id,
-                                     matching_results: true)
-          return calculate_with_linear_query
-        else
-          Gitlab::AppJsonLogger.warn(event: 'linear_authorized_projects_check',
-                                     user_id: user.id,
-                                     matching_results: false)
-        end
-      end
-
-      Gitlab::AppJsonLogger.info(event: 'linear_authorized_projects_check_with_flag',
-                                 feature_flag_status: Feature.enabled?(:linear_project_authorization, user))
-
-      if Feature.enabled?(:linear_project_authorization, user)
-        calculate_with_linear_query
-      else
-        calculate_with_recursive_query
-      end
-    end
-
-    private
-
-    def calculate_with_linear_query
-      cte = linear_cte
-      cte_alias = cte.table.alias(Group.table_name)
-
-      ProjectAuthorization
-        .unscoped
-        .with(cte.to_arel)
-        .select_from_union(relations(cte_alias: cte_alias))
-    end
-
-    def calculate_with_recursive_query
       cte = recursive_cte
       cte_alias = cte.table.alias(Group.table_name)
 
@@ -62,6 +22,8 @@ module Gitlab
         .select_from_union(relations(cte_alias: cte_alias))
     end
 
+    private
+
     # Builds a recursive CTE that gets all the groups the current user has
     # access to, including any nested groups and any shared groups.
     def recursive_cte
@@ -97,32 +59,6 @@ module Gitlab
       cte
     end
 
-    def linear_cte
-      # Groups shared with user and their parent groups
-      shared_groups = Group
-        .select("namespaces.id, MAX(LEAST(members.access_level, group_group_links.group_access)) as access_level")
-        .joins("INNER JOIN group_group_links ON group_group_links.shared_group_id = namespaces.id
-               OR namespaces.traversal_ids @> ARRAY[group_group_links.shared_group_id::int]")
-        .joins("INNER JOIN members ON group_group_links.shared_with_group_id = members.source_id")
-        .merge(user.group_members)
-        .merge(GroupMember.active_state)
-        .group("namespaces.id")
-
-      # Groups the user is a member of and their parent groups.
-      lateral_query = Group.as_ids.where("namespaces.traversal_ids @> ARRAY [members.source_id]")
-      member_groups_with_ancestors = GroupMember.select("namespaces.id, MAX(members.access_level) as access_level")
-        .joins("CROSS JOIN LATERAL (#{lateral_query.to_sql}) as namespaces")
-        .group("namespaces.id")
-        .merge(user.group_members)
-        .merge(GroupMember.active_state)
-
-      union = Namespace
-        .select("namespaces.id, access_level")
-        .from_union([shared_groups, member_groups_with_ancestors])
-
-      Gitlab::SQL::CTE.new(:linear_namespaces_cte, union)
-    end
-
     # Builds a LEFT JOIN to join optional memberships onto the CTE.
     def join_members_on_namespaces
       members = Member.arel_table
diff --git a/lib/tasks/gitlab/seed/group_seed.rake b/lib/tasks/gitlab/seed/group_seed.rake
index cc9180d56a3..c9b901b92c5 100644
--- a/lib/tasks/gitlab/seed/group_seed.rake
+++ b/lib/tasks/gitlab/seed/group_seed.rake
@@ -147,7 +147,7 @@ class GroupSeeder
         epic_params = {
           title: FFaker::Lorem.sentence(6),
           description: FFaker::Lorem.paragraphs(3).join("\n\n"),
-          author: group.users.sample,
+          author: group.group_members.non_invite.sample.user,
           group: group
         }