Add latest changes from gitlab-org/gitlab@master

3 files changed, 15 insertions, 18 deletions

diff --git a/lib/api/members.rb b/lib/api/members.rb
index faa2ff45441..f4e38207aca 100644
--- a/lib/api/members.rb
+++ b/lib/api/members.rb
@@ -104,7 +104,7 @@ module API
         end
         params do
           requires :access_level, type: Integer, desc: 'A valid access level (defaults: `30`, developer access level)'
-          requires :user_id, types: Array[Integer], coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'The user ID of the new member or multiple IDs separated by commas.'
+          requires :user_id, types: [Integer, String], desc: 'The user ID of the new member or multiple IDs separated by commas.'
           optional :expires_at, type: DateTime, desc: 'Date string in the format YEAR-MONTH-DAY'
           optional :invite_source, type: String, desc: 'Source that triggered the member creation process', default: 'members-api'
           optional :tasks_to_be_done, type: Array[String], coerce_with: Validations::Types::CommaSeparatedToArray.coerce, desc: 'Tasks the inviter wants the member to do'
diff --git a/lib/api/pypi_packages.rb b/lib/api/pypi_packages.rb
index 1f27fcce879..a2386411524 100644
--- a/lib/api/pypi_packages.rb
+++ b/lib/api/pypi_packages.rb
@@ -95,9 +95,9 @@ module API
         find_authorized_group!
       end
 
-      def ensure_project!
+      def project!(action: :read_package)
         find_project(params[:id]) || not_found!
-        authorized_user_project
+        authorized_user_project(action: action)
       end
     end
 
@@ -161,10 +161,6 @@ module API
     end
 
     resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
-      before do
-        ensure_project!
-      end
-
       namespace ':id/packages/pypi' do
         desc 'The PyPi package download endpoint' do
           detail 'This feature was introduced in GitLab 12.10'
@@ -176,8 +172,7 @@ module API
 
         route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
         get 'files/:sha256/*file_identifier' do
-          project = authorized_user_project
-          authorize_read_package!(project)
+          project = project!
 
           filename = "#{params[:file_identifier]}.#{params[:format]}"
           package = Packages::Pypi::PackageFinder.new(current_user, project, { filename: filename, sha256: params[:sha256] }).execute
@@ -196,7 +191,7 @@ module API
         # PyPi simple API returns a list of packages as a simple HTML file.
         route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
         get 'simple', format: :txt do
-          present_simple_index(authorized_user_project)
+          present_simple_index(project!)
         end
 
         desc 'The PyPi Simple Project Package Endpoint' do
@@ -211,7 +206,7 @@ module API
         # PyPi simple API returns the package descriptor as a simple HTML file.
         route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
         get 'simple/*package_name', format: :txt do
-          present_simple_package(authorized_user_project)
+          present_simple_package(project!)
         end
 
         desc 'The PyPi Package upload endpoint' do
@@ -229,15 +224,16 @@ module API
 
         route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
         post do
-          authorize_upload!(authorized_user_project)
-          bad_request!('File is too large') if authorized_user_project.actual_limits.exceeded?(:pypi_max_file_size, params[:content].size)
+          project = project!(action: :read_project)
+          authorize_upload!(project)
+          bad_request!('File is too large') if project.actual_limits.exceeded?(:pypi_max_file_size, params[:content].size)
 
-          track_package_event('push_package', :pypi, project: authorized_user_project, user: current_user, namespace: authorized_user_project.namespace)
+          track_package_event('push_package', :pypi, project: project, user: current_user, namespace: project.namespace)
 
           unprocessable_entity! if Gitlab::FIPS.enabled? && declared_params[:md5_digest].present?
 
           ::Packages::Pypi::CreatePackageService
-            .new(authorized_user_project, current_user, declared_params.merge(build: current_authenticated_job))
+            .new(project, current_user, declared_params.merge(build: current_authenticated_job))
             .execute
 
           created!
@@ -249,10 +245,11 @@ module API
 
         route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true, job_token_allowed: :basic_auth
         post 'authorize' do
+          project = project!(action: :read_project)
           authorize_workhorse!(
-            subject: authorized_user_project,
+            subject: project,
             has_length: false,
-            maximum_size: authorized_user_project.actual_limits.pypi_max_file_size
+            maximum_size: project.actual_limits.pypi_max_file_size
           )
         end
       end
diff --git a/lib/tasks/gitlab/tw/codeowners.rake b/lib/tasks/gitlab/tw/codeowners.rake
index 19337f50f1b..4dc129949c4 100644
--- a/lib/tasks/gitlab/tw/codeowners.rake
+++ b/lib/tasks/gitlab/tw/codeowners.rake
@@ -66,7 +66,7 @@ namespace :tw do
       CodeOwnerRule.new('Redirect', 'Redirect'),
       CodeOwnerRule.new('Release', '@rdickenson'),
       CodeOwnerRule.new('Respond', '@msedlakjakubowski'),
-      CodeOwnerRule.new('Runner', '@sselhorn'),
+      CodeOwnerRule.new('Runner', '@fneill'),
       CodeOwnerRule.new('Pods', '@jglassman1'),
       CodeOwnerRule.new('Security Policies', '@claytoncornell'),
       CodeOwnerRule.new('Source Code', '@aqualls'),