Add latest changes from gitlab-org/gitlab@15-9-stable-eev15.9.0-rc42

17 files changed, 366 insertions, 108 deletions

diff --git a/spec/finders/analytics/cycle_analytics/stage_finder_spec.rb b/spec/finders/analytics/cycle_analytics/stage_finder_spec.rb
index 0275205028a..3e10ed78ab9 100644
--- a/spec/finders/analytics/cycle_analytics/stage_finder_spec.rb
+++ b/spec/finders/analytics/cycle_analytics/stage_finder_spec.rb
@@ -7,7 +7,7 @@ RSpec.describe Analytics::CycleAnalytics::StageFinder do
 
   let(:stage_id) { { id: Gitlab::Analytics::CycleAnalytics::DefaultStages.names.first } }
 
-  subject { described_class.new(parent: project, stage_id: stage_id[:id]).execute }
+  subject { described_class.new(parent: project.project_namespace, stage_id: stage_id[:id]).execute }
 
   context 'when looking up in-memory default stage by name exists' do
     it { expect(subject).not_to be_persisted }
diff --git a/spec/finders/ci/freeze_periods_finder_spec.rb b/spec/finders/ci/freeze_periods_finder_spec.rb
index 6c58028a221..0aa73e698ed 100644
--- a/spec/finders/ci/freeze_periods_finder_spec.rb
+++ b/spec/finders/ci/freeze_periods_finder_spec.rb
@@ -44,7 +44,7 @@ RSpec.describe Ci::FreezePeriodsFinder, feature_category: :release_orchestration
       project.add_developer(user)
     end
 
-    it_behaves_like 'returns nothing'
+    it_behaves_like 'returns freeze_periods ordered by created_at asc'
   end
 
   context 'when user is not a project member' do
diff --git a/spec/finders/ci/pipeline_schedules_finder_spec.rb b/spec/finders/ci/pipeline_schedules_finder_spec.rb
index 535c684289e..4699592b6d4 100644
--- a/spec/finders/ci/pipeline_schedules_finder_spec.rb
+++ b/spec/finders/ci/pipeline_schedules_finder_spec.rb
@@ -15,8 +15,39 @@ RSpec.describe Ci::PipelineSchedulesFinder do
       let(:params) { { scope: nil } }
 
       it 'selects all pipeline schedules' do
-        expect(subject.count).to be(2)
-        expect(subject).to include(active_schedule, inactive_schedule)
+        expect(subject).to contain_exactly(active_schedule, inactive_schedule)
+      end
+    end
+
+    context 'when the id is nil' do
+      let(:params) { { ids: nil } }
+
+      it 'selects all pipeline schedules' do
+        expect(subject).to contain_exactly(active_schedule, inactive_schedule)
+      end
+    end
+
+    context 'when the id is a single pipeline schedule' do
+      let(:params) { { ids: active_schedule.id } }
+
+      it 'selects one pipeline schedule' do
+        expect(subject).to contain_exactly(active_schedule)
+      end
+    end
+
+    context 'when multiple ids are provided' do
+      let(:params) { { ids: [active_schedule.id, inactive_schedule.id] } }
+
+      it 'selects multiple pipeline schedules' do
+        expect(subject).to contain_exactly(active_schedule, inactive_schedule)
+      end
+    end
+
+    context 'when multiple ids are provided and a scope is set' do
+      let(:params) { { scope: 'active', ids: [active_schedule.id, inactive_schedule.id] } }
+
+      it 'selects one pipeline schedule' do
+        expect(subject).to contain_exactly(active_schedule)
       end
     end
 
@@ -24,9 +55,7 @@ RSpec.describe Ci::PipelineSchedulesFinder do
       let(:params) { { scope: 'active' } }
 
       it 'selects only active pipelines' do
-        expect(subject.count).to be(1)
-        expect(subject).to include(active_schedule)
-        expect(subject).not_to include(inactive_schedule)
+        expect(subject).to contain_exactly(active_schedule)
       end
     end
 
@@ -34,9 +63,7 @@ RSpec.describe Ci::PipelineSchedulesFinder do
       let(:params) { { scope: 'inactive' } }
 
       it 'selects only inactive pipelines' do
-        expect(subject.count).to be(1)
-        expect(subject).not_to include(active_schedule)
-        expect(subject).to include(inactive_schedule)
+        expect(subject).to contain_exactly(inactive_schedule)
       end
     end
   end
diff --git a/spec/finders/ci/pipelines_finder_spec.rb b/spec/finders/ci/pipelines_finder_spec.rb
index 9ce3becf013..8773fbccdfc 100644
--- a/spec/finders/ci/pipelines_finder_spec.rb
+++ b/spec/finders/ci/pipelines_finder_spec.rb
@@ -246,9 +246,9 @@ RSpec.describe Ci::PipelinesFinder do
       let_it_be(:pipeline) { create(:ci_pipeline, project: project, name: 'Build pipeline') }
       let_it_be(:pipeline_other) { create(:ci_pipeline, project: project, name: 'Some other pipeline') }
 
-      let(:params) { { name: 'build Pipeline' } }
+      let(:params) { { name: 'Build pipeline' } }
 
-      it 'performs case insensitive compare' do
+      it 'performs exact compare' do
         is_expected.to contain_exactly(pipeline)
       end
 
diff --git a/spec/finders/ci/runners_finder_spec.rb b/spec/finders/ci/runners_finder_spec.rb
index 1aba77f4d6e..77260bb4c5c 100644
--- a/spec/finders/ci/runners_finder_spec.rb
+++ b/spec/finders/ci/runners_finder_spec.rb
@@ -60,8 +60,8 @@ RSpec.describe Ci::RunnersFinder, feature_category: :runner_fleet do
               create(:ci_runner_version, version: 'a', status: :recommended)
             end
 
-            let_it_be(:runner_version_not_available) do
-              create(:ci_runner_version, version: 'b', status: :not_available)
+            let_it_be(:runner_version_unavailable) do
+              create(:ci_runner_version, version: 'b', status: :unavailable)
             end
 
             let_it_be(:runner_version_available) do
@@ -77,7 +77,7 @@ RSpec.describe Ci::RunnersFinder, feature_category: :runner_fleet do
                 let(:upgrade_status) { status }
 
                 it "calls with_upgrade_status scope with corresponding :#{status} status" do
-                  if [:available, :not_available, :recommended].include?(status)
+                  if [:available, :unavailable, :recommended].include?(status)
                     expected_result = Ci::Runner.with_upgrade_status(status)
                   end
 
diff --git a/spec/finders/concerns/finder_with_group_hierarchy_spec.rb b/spec/finders/concerns/finder_with_group_hierarchy_spec.rb
index 8c2026a00a1..c96e35372d6 100644
--- a/spec/finders/concerns/finder_with_group_hierarchy_spec.rb
+++ b/spec/finders/concerns/finder_with_group_hierarchy_spec.rb
@@ -40,7 +40,7 @@ RSpec.describe FinderWithGroupHierarchy do
   let_it_be(:private_group) { create(:group, :private) }
   let_it_be(:private_subgroup) { create(:group, :private, parent: private_group) }
 
-  let(:user) { create(:user) }
+  let!(:user) { create(:user) }
 
   context 'when specifying group' do
     it 'returns only the group by default' do
@@ -109,4 +109,100 @@ RSpec.describe FinderWithGroupHierarchy do
       expect(finder.execute(skip_authorization: true)).to match_array([private_group.id, private_subgroup.id])
     end
   end
+
+  context 'with N+1 query check' do
+    def run_query(group)
+      finder_class
+        .new(user, group: group, include_descendant_groups: true)
+        .execute
+        .to_a
+
+      RequestStore.clear!
+    end
+
+    it 'does not produce N+1 query', :request_store do
+      private_group.add_developer(user)
+
+      run_query(private_subgroup) # warmup
+      control = ActiveRecord::QueryRecorder.new { run_query(private_subgroup) }
+
+      expect { run_query(private_group) }.not_to exceed_query_limit(control)
+    end
+  end
+
+  context 'when preload_max_access_levels_for_labels_finder is disabled' do
+    # All test cases were copied from above, these will be removed once the FF is removed.
+
+    before do
+      stub_feature_flags(preload_max_access_levels_for_labels_finder: false)
+    end
+
+    context 'when specifying group' do
+      it 'returns only the group by default' do
+        finder = finder_class.new(user, group: group)
+
+        expect(finder.execute).to match_array([group.id])
+      end
+    end
+
+    context 'when specifying group_id' do
+      it 'returns only the group by default' do
+        finder = finder_class.new(user, group_id: group.id)
+
+        expect(finder.execute).to match_array([group.id])
+      end
+    end
+
+    context 'when including items from group ancestors' do
+      before do
+        private_subgroup.add_developer(user)
+      end
+
+      it 'returns group and its ancestors' do
+        private_group.add_developer(user)
+
+        finder = finder_class.new(user, group: private_subgroup, include_ancestor_groups: true)
+
+        expect(finder.execute).to match_array([private_group.id, private_subgroup.id])
+      end
+
+      it 'ignores groups which user can not read' do
+        finder = finder_class.new(user, group: private_subgroup, include_ancestor_groups: true)
+
+        expect(finder.execute).to match_array([private_subgroup.id])
+      end
+
+      it 'returns them all when skip_authorization is true' do
+        finder = finder_class.new(user, group: private_subgroup, include_ancestor_groups: true)
+
+        expect(finder.execute(skip_authorization: true)).to match_array([private_group.id, private_subgroup.id])
+      end
+    end
+
+    context 'when including items from group descendants' do
+      before do
+        private_subgroup.add_developer(user)
+      end
+
+      it 'returns items from group and its descendants' do
+        private_group.add_developer(user)
+
+        finder = finder_class.new(user, group: private_group, include_descendant_groups: true)
+
+        expect(finder.execute).to match_array([private_group.id, private_subgroup.id])
+      end
+
+      it 'ignores items from groups which user can not read' do
+        finder = finder_class.new(user, group: private_group, include_descendant_groups: true)
+
+        expect(finder.execute).to match_array([private_subgroup.id])
+      end
+
+      it 'returns them all when skip_authorization is true' do
+        finder = finder_class.new(user, group: private_group, include_descendant_groups: true)
+
+        expect(finder.execute(skip_authorization: true)).to match_array([private_group.id, private_subgroup.id])
+      end
+    end
+  end
 end
diff --git a/spec/finders/fork_targets_finder_spec.rb b/spec/finders/fork_targets_finder_spec.rb
index 1acc38bb492..41651513f18 100644
--- a/spec/finders/fork_targets_finder_spec.rb
+++ b/spec/finders/fork_targets_finder_spec.rb
@@ -55,19 +55,5 @@ RSpec.describe ForkTargetsFinder do
         expect(finder.execute(search: maintained_group.path)).to eq([maintained_group])
       end
     end
-
-    context 'when searchable_fork_targets feature flag is disabled' do
-      before do
-        stub_feature_flags(searchable_fork_targets: false)
-      end
-
-      it_behaves_like 'returns namespaces and groups'
-
-      context 'when search is provided' do
-        it 'ignores the param and returns all user manageable namespaces' do
-          expect(finder.execute).to match_array([user.namespace, maintained_group, owned_group, project.namespace, developer_group])
-        end
-      end
-    end
   end
 end
diff --git a/spec/finders/group_members_finder_spec.rb b/spec/finders/group_members_finder_spec.rb
index 0d1b58e2636..4a5eb389906 100644
--- a/spec/finders/group_members_finder_spec.rb
+++ b/spec/finders/group_members_finder_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe GroupMembersFinder, '#execute' do
+RSpec.describe GroupMembersFinder, '#execute', feature_category: :subgroups do
   let_it_be(:group)                { create(:group) }
   let_it_be(:sub_group)            { create(:group, parent: group) }
   let_it_be(:sub_sub_group)        { create(:group, parent: sub_group) }
@@ -12,9 +12,9 @@ RSpec.describe GroupMembersFinder, '#execute' do
   let_it_be(:user2)                { create(:user) }
   let_it_be(:user3)                { create(:user) }
   let_it_be(:user4)                { create(:user) }
-  let_it_be(:user5)                { create(:user, :two_factor_via_otp) }
+  let_it_be(:user5_2fa)            { create(:user, :two_factor_via_otp) }
 
-  let!(:link) do
+  let_it_be(:link) do
     create(:group_group_link, shared_group: group,     shared_with_group: public_shared_group)
     create(:group_group_link, shared_group: sub_group, shared_with_group: private_shared_group)
   end
@@ -30,7 +30,7 @@ RSpec.describe GroupMembersFinder, '#execute' do
   end
 
   context 'relations' do
-    let!(:members) do
+    let_it_be(:members) do
       {
         user1_sub_sub_group: create(:group_member, :maintainer, group: sub_sub_group, user: user1),
         user1_sub_group: create(:group_member, :developer, group: sub_group, user: user1),
@@ -52,7 +52,7 @@ RSpec.describe GroupMembersFinder, '#execute' do
         user4_group: create(:group_member, :developer, group: group, user: user4, expires_at: 2.days.from_now),
         user4_public_shared_group: create(:group_member, :developer, group: public_shared_group, user: user4),
         user4_private_shared_group: create(:group_member, :developer,  group: private_shared_group, user: user4),
-        user5_private_shared_group: create(:group_member, :developer,  group: private_shared_group, user: user5)
+        user5_private_shared_group: create(:group_member, :developer,  group: private_shared_group, user: user5_2fa)
       }
     end
 
@@ -98,35 +98,31 @@ RSpec.describe GroupMembersFinder, '#execute' do
   end
 
   context 'search' do
-    it 'returns searched members if requested' do
+    before_all do
       group.add_maintainer(user2)
       group.add_developer(user3)
-      member = group.add_maintainer(user1)
+    end
+
+    let_it_be(:maintainer1) { group.add_maintainer(user1) }
 
+    it 'returns searched members if requested' do
       result = described_class.new(group, params: { search: user1.name }).execute
 
-      expect(result.to_a).to match_array([member])
+      expect(result.to_a).to match_array([maintainer1])
     end
 
     it 'returns nothing if search only in inherited relation' do
-      group.add_maintainer(user2)
-      group.add_developer(user3)
-      group.add_maintainer(user1)
-
       result = described_class.new(group, params: { search: user1.name }).execute(include_relations: [:inherited])
 
       expect(result.to_a).to match_array([])
     end
 
     it 'returns searched member only from sub_group if search only in inherited relation' do
-      group.add_maintainer(user2)
-      group.add_developer(user3)
       sub_group.add_maintainer(create(:user, name: user1.name))
-      member = group.add_maintainer(user1)
 
-      result = described_class.new(sub_group, params: { search: member.user.name }).execute(include_relations: [:inherited])
+      result = described_class.new(sub_group, params: { search: maintainer1.user.name }).execute(include_relations: [:inherited])
 
-      expect(result.to_a).to contain_exactly(member)
+      expect(result.to_a).to contain_exactly(maintainer1)
     end
   end
 
@@ -134,7 +130,7 @@ RSpec.describe GroupMembersFinder, '#execute' do
     it 'returns members with two-factor auth if requested by owner' do
       group.add_owner(user2)
       group.add_maintainer(user1)
-      member = group.add_maintainer(user5)
+      member = group.add_maintainer(user5_2fa)
 
       result = described_class.new(group, user2, params: { two_factor: 'enabled' }).execute
 
@@ -144,7 +140,7 @@ RSpec.describe GroupMembersFinder, '#execute' do
     it 'returns members without two-factor auth if requested by owner' do
       member1 = group.add_owner(user2)
       member2 = group.add_maintainer(user1)
-      member_with_2fa = group.add_maintainer(user5)
+      member_with_2fa = group.add_maintainer(user5_2fa)
 
       result = described_class.new(group, user2, params: { two_factor: 'disabled' }).execute
 
@@ -156,7 +152,7 @@ RSpec.describe GroupMembersFinder, '#execute' do
       group.add_owner(user1)
       group.add_maintainer(user2)
       sub_group.add_maintainer(user3)
-      member_with_2fa = sub_group.add_maintainer(user5)
+      member_with_2fa = sub_group.add_maintainer(user5_2fa)
 
       result = described_class.new(sub_group, user1, params: { two_factor: 'enabled' }).execute(include_relations: [:direct])
 
@@ -165,7 +161,7 @@ RSpec.describe GroupMembersFinder, '#execute' do
 
     it 'returns inherited members with two-factor auth if requested by owner' do
       group.add_owner(user1)
-      member_with_2fa = group.add_maintainer(user5)
+      member_with_2fa = group.add_maintainer(user5_2fa)
       sub_group.add_maintainer(user2)
       sub_group.add_maintainer(user3)
 
@@ -178,7 +174,7 @@ RSpec.describe GroupMembersFinder, '#execute' do
       group.add_owner(user1)
       group.add_maintainer(user2)
       member3 = sub_group.add_maintainer(user3)
-      sub_group.add_maintainer(user5)
+      sub_group.add_maintainer(user5_2fa)
 
       result = described_class.new(sub_group, user1, params: { two_factor: 'disabled' }).execute(include_relations: [:direct])
 
@@ -187,7 +183,7 @@ RSpec.describe GroupMembersFinder, '#execute' do
 
     it 'returns inherited members without two-factor auth if requested by owner' do
       member1 = group.add_owner(user1)
-      group.add_maintainer(user5)
+      group.add_maintainer(user5_2fa)
       sub_group.add_maintainer(user2)
       sub_group.add_maintainer(user3)
 
@@ -198,10 +194,10 @@ RSpec.describe GroupMembersFinder, '#execute' do
   end
 
   context 'filter by access levels' do
-    let!(:owner1) { group.add_owner(user2) }
-    let!(:owner2) { group.add_owner(user3) }
-    let!(:maintainer1) { group.add_maintainer(user4) }
-    let!(:maintainer2) { group.add_maintainer(user5) }
+    let_it_be(:owner1) { group.add_owner(user2) }
+    let_it_be(:owner2) { group.add_owner(user3) }
+    let_it_be(:maintainer1) { group.add_maintainer(user4) }
+    let_it_be(:maintainer2) { group.add_maintainer(user5_2fa) }
 
     subject(:by_access_levels) { described_class.new(group, user1, params: { access_levels: access_levels }).execute }
 
diff --git a/spec/finders/groups_finder_spec.rb b/spec/finders/groups_finder_spec.rb
index 123df418f8d..25f9331005d 100644
--- a/spec/finders/groups_finder_spec.rb
+++ b/spec/finders/groups_finder_spec.rb
@@ -262,6 +262,18 @@ RSpec.describe GroupsFinder do
       end
     end
 
+    context 'with filter_group_ids' do
+      let_it_be(:group_one) { create(:group, :public, name: 'group_one') }
+      let_it_be(:group_two) { create(:group, :public, name: 'group_two') }
+      let_it_be(:group_three) { create(:group, :public, name: 'group_three') }
+
+      subject { described_class.new(user, { filter_group_ids: [group_one.id, group_three.id] }).execute }
+
+      it 'returns only the groups listed in the filter' do
+        is_expected.to contain_exactly(group_one, group_three)
+      end
+    end
+
     context 'with include_ancestors' do
       let_it_be(:user) { create(:user) }
 
diff --git a/spec/finders/merge_request_target_project_finder_spec.rb b/spec/finders/merge_request_target_project_finder_spec.rb
index bf735152d99..4b6c729dab7 100644
--- a/spec/finders/merge_request_target_project_finder_spec.rb
+++ b/spec/finders/merge_request_target_project_finder_spec.rb
@@ -85,4 +85,28 @@ RSpec.describe MergeRequestTargetProjectFinder do
       expect(finder.execute).to contain_exactly(other_fork, base_project)
     end
   end
+
+  context 'searching' do
+    let(:base_project) { create(:project, :private, path: 'base') }
+    let(:forked_project) { fork_project(base_project, base_project.first_owner) }
+    let(:other_fork) { fork_project(base_project) }
+
+    before do
+      base_project.add_developer(user)
+      forked_project.add_developer(user)
+      other_fork.add_developer(user)
+    end
+
+    it 'returns all projects with empty search' do
+      expect(finder.execute(search: '')).to match_array([base_project, forked_project, other_fork])
+    end
+
+    it 'returns forked project with search string' do
+      expect(finder.execute(search: forked_project.full_path)).to match_array([forked_project])
+    end
+
+    it 'returns no projects with search for project that does no exist' do
+      expect(finder.execute(search: 'root')).to match_array([])
+    end
+  end
 end
diff --git a/spec/finders/merge_requests_finder_spec.rb b/spec/finders/merge_requests_finder_spec.rb
index e58ec0cd59e..e8099924638 100644
--- a/spec/finders/merge_requests_finder_spec.rb
+++ b/spec/finders/merge_requests_finder_spec.rb
@@ -774,28 +774,10 @@ RSpec.describe MergeRequestsFinder, feature_category: :code_review_workflow do
 
         let(:params) { { project_id: project1.id, search: 'tanuki' } }
 
-        context 'with anonymous user' do
-          let(:merge_requests) { described_class.new(nil, params).execute }
-
-          context 'with disable_anonymous_search feature flag enabled' do
-            before do
-              stub_feature_flags(disable_anonymous_search: true)
-            end
-
-            it 'does not perform search' do
-              expect(merge_requests).to contain_exactly(merge_request1, merge_request2, merge_request6)
-            end
-          end
-
-          context 'with disable_anonymous_search feature flag disabled' do
-            before do
-              stub_feature_flags(disable_anonymous_search: false)
-            end
+        it 'returns matching merge requests' do
+          merge_requests = described_class.new(user, params).execute
 
-            it 'returns matching merge requests' do
-              expect(merge_requests).to contain_exactly(merge_request6)
-            end
-          end
+          expect(merge_requests).to contain_exactly(merge_request6)
         end
       end
     end
diff --git a/spec/finders/namespaces/projects_finder_spec.rb b/spec/finders/namespaces/projects_finder_spec.rb
index 0f48aa6a9f4..040cdf33b87 100644
--- a/spec/finders/namespaces/projects_finder_spec.rb
+++ b/spec/finders/namespaces/projects_finder_spec.rb
@@ -8,8 +8,8 @@ RSpec.describe Namespaces::ProjectsFinder do
   let_it_be(:subgroup) { create(:group, parent: namespace) }
   let_it_be(:project_1) { create(:project, :public, group: namespace, path: 'project', name: 'Project') }
   let_it_be(:project_2) { create(:project, :public, group: namespace, path: 'test-project', name: 'Test Project') }
-  let_it_be(:project_3) { create(:project, :public, path: 'sub-test-project', group: subgroup, name: 'Sub Test Project') }
-  let_it_be(:project_4) { create(:project, :public, path: 'test-project-2', group: namespace, name: 'Test Project 2') }
+  let_it_be(:project_3) { create(:project, :public, :issues_disabled, path: 'sub-test-project', group: subgroup, name: 'Sub Test Project') }
+  let_it_be(:project_4) { create(:project, :public, :merge_requests_disabled, path: 'test-project-2', group: namespace, name: 'Test Project 2') }
 
   let(:params) { {} }
 
@@ -55,6 +55,22 @@ RSpec.describe Namespaces::ProjectsFinder do
         end
       end
 
+      context 'when with_issues_enabled is true' do
+        let(:params) { { with_issues_enabled: true, include_subgroups: true } }
+
+        it 'returns the projects that have issues enabled' do
+          expect(projects).to contain_exactly(project_1, project_2, project_4)
+        end
+      end
+
+      context 'when with_merge_requests_enabled is true' do
+        let(:params) { { with_merge_requests_enabled: true } }
+
+        it 'returns the projects that have merge requests enabled' do
+          expect(projects).to contain_exactly(project_1, project_2)
+        end
+      end
+
       context 'when sort is similarity' do
         let(:params) { { sort: :similarity, search: 'test' } }
 
@@ -78,6 +94,20 @@ RSpec.describe Namespaces::ProjectsFinder do
           expect(projects).to contain_exactly(project_2, project_4)
         end
       end
+
+      context 'when sort parameter is ACTIVITY_DESC' do
+        let(:params) { { sort: :latest_activity_desc } }
+
+        before do
+          project_2.update!(last_activity_at: 10.minutes.ago)
+          project_1.update!(last_activity_at: 5.minutes.ago)
+          project_4.update!(last_activity_at: 1.minute.ago)
+        end
+
+        it 'returns projects sorted by latest activity' do
+          expect(projects).to eq([project_4, project_1, project_2])
+        end
+      end
     end
   end
 end
diff --git a/spec/finders/projects/ml/candidate_finder_spec.rb b/spec/finders/projects/ml/candidate_finder_spec.rb
new file mode 100644
index 00000000000..967d563c090
--- /dev/null
+++ b/spec/finders/projects/ml/candidate_finder_spec.rb
@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Projects::Ml::CandidateFinder, feature_category: :mlops do
+  let_it_be(:experiment) { create(:ml_experiments, user: nil) }
+
+  let_it_be(:candidates) do
+    %w[c a da b].zip([3, 2, 4, 1]).map do |name, auc|
+      make_candidate_and_metric(name, auc, experiment)
+    end
+  end
+
+  let_it_be(:another_candidate) { create(:ml_candidates) }
+  let_it_be(:first_candidate) { candidates.first }
+
+  let(:finder) { described_class.new(experiment, params) }
+  let(:page) { 1 }
+  let(:default_params) { { page: page } }
+  let(:params) { default_params }
+
+  subject { finder.execute }
+
+  describe '.execute' do
+    describe 'by name' do
+      context 'when params has no name' do
+        it 'fetches all candidates in the experiment' do
+          expect(subject).to match_array(candidates)
+        end
+
+        it 'does not fetch candidate not in experiment' do
+          expect(subject).not_to include(another_candidate)
+        end
+      end
+
+      context 'when name is included in params' do
+        let(:params) { { name: 'a' } }
+
+        it 'fetches the correct candidates' do
+          expect(subject).to match_array(candidates.values_at(2, 1))
+        end
+      end
+    end
+
+    describe 'sorting' do
+      using RSpec::Parameterized::TableSyntax
+
+      where(:test_case, :order_by, :order_by_type, :direction, :expected_order) do
+        'default params' | nil | nil |  nil | [3, 2, 1, 0]
+        'ascending order' | nil | nil | 'ASC' | [0, 1, 2, 3]
+        'column is passed' | 'name' | 'column' | 'ASC' | [1, 3, 0, 2]
+        'column is a metric' | 'auc' | 'metric' | nil | [2, 0, 1, 3]
+        'invalid sort' | nil | nil | 'INVALID' | [3, 2, 1, 0]
+        'invalid order by' | 'INVALID' | 'column' | 'desc' | [3, 2, 1, 0]
+        'invalid order by metric' | nil | 'metric' | 'desc' | []
+      end
+      with_them do
+        let(:params) { { order_by: order_by, order_by_type: order_by_type, sort: direction } }
+
+        it { expect(subject).to eq(candidates.values_at(*expected_order)) }
+      end
+    end
+
+    context 'when name and sort by metric is passed' do
+      let(:params) { { order_by: 'auc', order_by_type: 'metric', sort: 'DESC', name: 'a' } }
+
+      it { expect(subject).to eq(candidates.values_at(2, 1)) }
+    end
+  end
+
+  private
+
+  def make_candidate_and_metric(name, auc_value, experiment)
+    create(:ml_candidates, name: name, experiment: experiment, user: nil).tap do |c|
+      create(:ml_candidate_metrics, name: 'auc', candidate_id: c.id, value: 10)
+      create(:ml_candidate_metrics, name: 'auc', candidate_id: c.id, value: auc_value)
+    end
+  end
+end
diff --git a/spec/finders/projects_finder_spec.rb b/spec/finders/projects_finder_spec.rb
index 9fecbfb71fc..297c6f84cef 100644
--- a/spec/finders/projects_finder_spec.rb
+++ b/spec/finders/projects_finder_spec.rb
@@ -14,11 +14,11 @@ RSpec.describe ProjectsFinder do
     end
 
     let_it_be(:internal_project) do
-      create(:project, :internal, group: group, name: 'B', path: 'B')
+      create(:project, :internal, :merge_requests_disabled, group: group, name: 'B', path: 'B')
     end
 
     let_it_be(:public_project) do
-      create(:project, :public, group: group, name: 'C', path: 'C')
+      create(:project, :public, :merge_requests_enabled, :issues_disabled, group: group, name: 'C', path: 'C')
     end
 
     let_it_be(:shared_project) do
@@ -399,14 +399,18 @@ RSpec.describe ProjectsFinder do
         let(:params) { { language: ruby.id } }
 
         it { is_expected.to match_array([internal_project]) }
+      end
 
-        context 'when project_language_search feature flag disabled' do
-          before do
-            stub_feature_flags(project_language_search: false)
-          end
+      describe 'when with_issues_enabled is true' do
+        let(:params) { { with_issues_enabled: true } }
 
-          it { is_expected.to match_array([internal_project, public_project]) }
-        end
+        it { is_expected.to match_array([internal_project]) }
+      end
+
+      describe 'when with_merge_requests_enabled is true' do
+        let(:params) { { with_merge_requests_enabled: true } }
+
+        it { is_expected.to match_array([public_project]) }
       end
 
       describe 'sorting' do
diff --git a/spec/finders/protected_branches_finder_spec.rb b/spec/finders/protected_branches_finder_spec.rb
index 487d1be697a..5926891ac9d 100644
--- a/spec/finders/protected_branches_finder_spec.rb
+++ b/spec/finders/protected_branches_finder_spec.rb
@@ -3,35 +3,57 @@
 require 'spec_helper'
 
 RSpec.describe ProtectedBranchesFinder do
-  let(:project) { create(:project) }
-  let!(:protected_branch) { create(:protected_branch, project: project) }
-  let!(:another_protected_branch) { create(:protected_branch, project: project) }
+  let_it_be(:group) { create(:group) }
+  let_it_be(:project) { create(:project, namespace: group) }
+
+  let!(:project_protected_branch) { create(:protected_branch, project: project) }
+  let!(:another_project_protected_branch) { create(:protected_branch, project: project) }
+  let!(:group_protected_branch) { create(:protected_branch, project: nil, group: group) }
+  let!(:another_group_protected_branch) { create(:protected_branch, project: nil, group: group) }
   let!(:other_protected_branch) { create(:protected_branch) }
+
   let(:params) { {} }
 
+  subject { described_class.new(entity, params).execute }
+
   describe '#execute' do
-    subject { described_class.new(project, params).execute }
+    shared_examples 'execute by entity' do
+      it 'returns all protected branches of project by default' do
+        expect(subject).to match_array(expected_branches)
+      end
 
-    it 'returns all protected branches of project by default' do
-      expect(subject).to match_array([protected_branch, another_protected_branch])
-    end
+      context 'when search param is present' do
+        let(:params) { { search: group_protected_branch.name } }
 
-    context 'when search param is present' do
-      let(:params) { { search: protected_branch.name } }
+        it 'filters by search param' do
+          expect(subject).to eq([group_protected_branch])
+        end
+      end
+
+      context 'when there are more protected branches than the limit' do
+        before do
+          stub_const("#{described_class}::LIMIT", 1)
+        end
 
-      it 'filters by search param' do
-        expect(subject).to eq([protected_branch])
+        it 'returns limited protected branches of project' do
+          expect(subject.count).to eq(1)
+        end
       end
     end
 
-    context 'when there are more protected branches than the limit' do
-      before do
-        stub_const("#{described_class}::LIMIT", 1)
+    it_behaves_like 'execute by entity' do
+      let(:entity) { project }
+      let(:expected_branches) do
+        [
+          project_protected_branch, another_project_protected_branch,
+          group_protected_branch, another_group_protected_branch
+        ]
       end
+    end
 
-      it 'returns limited protected branches of project' do
-        expect(subject.count).to eq(1)
-      end
+    it_behaves_like 'execute by entity' do
+      let(:entity) { group }
+      let(:expected_branches) { [group_protected_branch, another_group_protected_branch] }
     end
   end
 end
diff --git a/spec/finders/releases/group_releases_finder_spec.rb b/spec/finders/releases/group_releases_finder_spec.rb
index 5eac6f4fbdc..c47477eb3d5 100644
--- a/spec/finders/releases/group_releases_finder_spec.rb
+++ b/spec/finders/releases/group_releases_finder_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe Releases::GroupReleasesFinder do
+RSpec.describe Releases::GroupReleasesFinder, feature_category: :subgroups do
   let(:user)  { create(:user) }
   let(:group) { create(:group) }
   let(:project) { create(:project, :repository, group: group) }
diff --git a/spec/finders/todos_finder_spec.rb b/spec/finders/todos_finder_spec.rb
index bcead6b0170..c0203dd6132 100644
--- a/spec/finders/todos_finder_spec.rb
+++ b/spec/finders/todos_finder_spec.rb
@@ -327,9 +327,9 @@ RSpec.describe TodosFinder do
     it 'returns the expected types' do
       expected_result =
         if Gitlab.ee?
-          %w[Epic Issue WorkItem MergeRequest DesignManagement::Design AlertManagement::Alert]
+          %w[Epic Issue WorkItem MergeRequest DesignManagement::Design AlertManagement::Alert Namespace Project]
         else
-          %w[Issue WorkItem MergeRequest DesignManagement::Design AlertManagement::Alert]
+          %w[Issue WorkItem MergeRequest DesignManagement::Design AlertManagement::Alert Namespace Project]
         end
 
       expect(described_class.todo_types).to contain_exactly(*expected_result)