Add latest changes from gitlab-org/gitlab@12-10-stable-ee

15 files changed, 293 insertions, 37 deletions

diff --git a/spec/controllers/explore/groups_controller_spec.rb b/spec/controllers/explore/groups_controller_spec.rb
index 5a32d8ca0d3..eccbd7fa14d 100644
--- a/spec/controllers/explore/groups_controller_spec.rb
+++ b/spec/controllers/explore/groups_controller_spec.rb
@@ -22,4 +22,18 @@ describe Explore::GroupsController do
 
     expect(assigns(:groups)).to contain_exactly(member_of_group, public_group)
   end
+
+  context 'restricted visibility level is public' do
+    before do
+      sign_out(user)
+
+      stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
+    end
+
+    it 'redirects to login page' do
+      get :index
+
+      expect(response).to redirect_to new_user_session_path
+    end
+  end
 end
diff --git a/spec/controllers/explore/projects_controller_spec.rb b/spec/controllers/explore/projects_controller_spec.rb
index c2cd29eb036..00cc2d5a81c 100644
--- a/spec/controllers/explore/projects_controller_spec.rb
+++ b/spec/controllers/explore/projects_controller_spec.rb
@@ -171,5 +171,17 @@ describe Explore::ProjectsController do
         get :index, params: { sort: sorting_param }
       end
     end
+
+    context 'restricted visibility level is public' do
+      before do
+        stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
+      end
+
+      it 'redirects to login page' do
+        get :index
+
+        expect(response).to redirect_to new_user_session_path
+      end
+    end
   end
 end
diff --git a/spec/controllers/help_controller_spec.rb b/spec/controllers/help_controller_spec.rb
index e010cac2f73..f03fee8d3ae 100644
--- a/spec/controllers/help_controller_spec.rb
+++ b/spec/controllers/help_controller_spec.rb
@@ -79,6 +79,20 @@ describe HelpController do
         expect(assigns[:help_index]).to eq '[protocol-relative](//example.com)'
       end
     end
+
+    context 'restricted visibility set to public' do
+      before do
+        sign_out(user)
+
+        stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
+      end
+
+      it 'redirects to sign_in path' do
+        get :index
+
+        expect(response).to redirect_to(new_user_session_path)
+      end
+    end
   end
 
   describe 'GET #show' do
diff --git a/spec/features/explore/groups_spec.rb b/spec/features/explore/groups_spec.rb
index eff63d6a788..50ec44580d2 100644
--- a/spec/features/explore/groups_spec.rb
+++ b/spec/features/explore/groups_spec.rb
@@ -89,5 +89,17 @@ describe 'Explore Groups', :js do
     end
 
     it_behaves_like 'renders group in public groups area'
+
+    context 'when visibility is restricted to public' do
+      before do
+        stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
+      end
+
+      it 'redirects to the sign in page' do
+        visit explore_groups_path
+
+        expect(page).to have_current_path(new_user_session_path)
+      end
+    end
   end
 end
diff --git a/spec/features/explore/user_explores_projects_spec.rb b/spec/features/explore/user_explores_projects_spec.rb
index c64709c0b55..6adf51a1cf6 100644
--- a/spec/features/explore/user_explores_projects_spec.rb
+++ b/spec/features/explore/user_explores_projects_spec.rb
@@ -16,6 +16,17 @@ describe 'User explores projects' do
 
       include_examples 'shows public projects'
     end
+
+    context 'when visibility is restricted to public' do
+      before do
+        stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
+        visit(explore_projects_path)
+      end
+
+      it 'redirects to login page' do
+        expect(page).to have_current_path(new_user_session_path)
+      end
+    end
   end
 
   context 'when signed in' do
diff --git a/spec/frontend/registry/settings/components/registry_settings_app_spec.js b/spec/frontend/registry/settings/components/registry_settings_app_spec.js
index c83cc0c00dd..95f784c9727 100644
--- a/spec/frontend/registry/settings/components/registry_settings_app_spec.js
+++ b/spec/frontend/registry/settings/components/registry_settings_app_spec.js
@@ -1,10 +1,11 @@
 import { shallowMount } from '@vue/test-utils';
-import { GlAlert } from '@gitlab/ui';
+import { GlAlert, GlSprintf, GlLink } from '@gitlab/ui';
 import component from '~/registry/settings/components/registry_settings_app.vue';
 import SettingsForm from '~/registry/settings/components/settings_form.vue';
 import { createStore } from '~/registry/settings/store/';
-import { SET_IS_DISABLED } from '~/registry/settings/store/mutation_types';
+import { SET_SETTINGS, SET_INITIAL_STATE } from '~/registry/settings/store/mutation_types';
 import { FETCH_SETTINGS_ERROR_MESSAGE } from '~/registry/shared/constants';
+import { stringifiedFormOptions } from '../../shared/mock_data';
 
 describe('Registry Settings App', () => {
   let wrapper;
@@ -13,14 +14,14 @@ describe('Registry Settings App', () => {
   const findSettingsComponent = () => wrapper.find(SettingsForm);
   const findAlert = () => wrapper.find(GlAlert);
 
-  const mountComponent = ({ dispatchMock = 'mockResolvedValue', isDisabled = false } = {}) => {
-    store = createStore();
-    store.commit(SET_IS_DISABLED, isDisabled);
+  const mountComponent = ({ dispatchMock = 'mockResolvedValue' } = {}) => {
     const dispatchSpy = jest.spyOn(store, 'dispatch');
-    if (dispatchMock) {
-      dispatchSpy[dispatchMock]();
-    }
+    dispatchSpy[dispatchMock]();
+
     wrapper = shallowMount(component, {
+      stubs: {
+        GlSprintf,
+      },
       mocks: {
         $toast: {
           show: jest.fn(),
@@ -30,11 +31,16 @@ describe('Registry Settings App', () => {
     });
   };
 
+  beforeEach(() => {
+    store = createStore();
+  });
+
   afterEach(() => {
     wrapper.destroy();
   });
 
   it('renders', () => {
+    store.commit(SET_SETTINGS, { foo: 'bar' });
     mountComponent();
     expect(wrapper.element).toMatchSnapshot();
   });
@@ -45,13 +51,15 @@ describe('Registry Settings App', () => {
   });
 
   it('renders the setting form', () => {
+    store.commit(SET_SETTINGS, { foo: 'bar' });
     mountComponent();
     expect(findSettingsComponent().exists()).toBe(true);
   });
 
-  describe('isDisabled', () => {
+  describe('the form is disabled', () => {
     beforeEach(() => {
-      mountComponent({ isDisabled: true });
+      store.commit(SET_SETTINGS, undefined);
+      mountComponent();
     });
 
     it('the form is hidden', () => {
@@ -59,9 +67,27 @@ describe('Registry Settings App', () => {
     });
 
     it('shows an alert', () => {
-      expect(findAlert().html()).toContain(
-        'Currently, the Container Registry tag expiration feature is not available',
+      const text = findAlert().text();
+      expect(text).toContain(
+        'The Container Registry tag expiration and retention policies for this project have not been enabled.',
       );
+      expect(text).toContain('Please contact your administrator.');
+    });
+
+    describe('an admin is visiting the page', () => {
+      beforeEach(() => {
+        store.commit(SET_INITIAL_STATE, {
+          ...stringifiedFormOptions,
+          isAdmin: true,
+          adminSettingsPath: 'foo',
+        });
+      });
+
+      it('shows the admin part of the alert message', () => {
+        const sprintf = findAlert().find(GlSprintf);
+        expect(sprintf.text()).toBe('administration settings');
+        expect(sprintf.find(GlLink).attributes('href')).toBe('foo');
+      });
     });
   });
 
diff --git a/spec/frontend/registry/settings/store/actions_spec.js b/spec/frontend/registry/settings/store/actions_spec.js
index 5038dc82416..f92d10d087f 100644
--- a/spec/frontend/registry/settings/store/actions_spec.js
+++ b/spec/frontend/registry/settings/store/actions_spec.js
@@ -20,7 +20,7 @@ describe('Actions Registry Store', () => {
   );
 
   describe('receiveSettingsSuccess', () => {
-    it('calls SET_SETTINGS when data is present', () => {
+    it('calls SET_SETTINGS', () => {
       testAction(
         actions.receiveSettingsSuccess,
         'foo',
@@ -29,15 +29,6 @@ describe('Actions Registry Store', () => {
         [],
       );
     });
-    it('calls SET_IS_DISABLED when data is not present', () => {
-      testAction(
-        actions.receiveSettingsSuccess,
-        null,
-        {},
-        [{ type: types.SET_IS_DISABLED, payload: true }],
-        [],
-      );
-    });
   });
 
   describe('fetchSettings', () => {
diff --git a/spec/frontend/registry/settings/store/getters_spec.js b/spec/frontend/registry/settings/store/getters_spec.js
index 44631b97a39..944057ebc9f 100644
--- a/spec/frontend/registry/settings/store/getters_spec.js
+++ b/spec/frontend/registry/settings/store/getters_spec.js
@@ -29,7 +29,7 @@ describe('Getters registry settings store', () => {
     });
   });
 
-  describe('getIsDisabled', () => {
+  describe('getIsEdited', () => {
     it('returns false when original is equal to settings', () => {
       const same = { foo: 'bar' };
       expect(getters.getIsEdited({ original: same, settings: same })).toBe(false);
@@ -41,4 +41,18 @@ describe('Getters registry settings store', () => {
       );
     });
   });
+
+  describe('getIsDisabled', () => {
+    it.each`
+      original          | enableHistoricEntries | result
+      ${undefined}      | ${false}              | ${true}
+      ${{ foo: 'bar' }} | ${undefined}          | ${false}
+      ${{}}             | ${false}              | ${false}
+    `(
+      'returns $result when original is $original and enableHistoricEntries is $enableHistoricEntries',
+      ({ original, enableHistoricEntries, result }) => {
+        expect(getters.getIsDisabled({ original, enableHistoricEntries })).toBe(result);
+      },
+    );
+  });
 });
diff --git a/spec/frontend/registry/settings/store/mutations_spec.js b/spec/frontend/registry/settings/store/mutations_spec.js
index 8ab0196fd4d..1d85e38eb36 100644
--- a/spec/frontend/registry/settings/store/mutations_spec.js
+++ b/spec/frontend/registry/settings/store/mutations_spec.js
@@ -12,14 +12,19 @@ describe('Mutations Registry Store', () => {
 
   describe('SET_INITIAL_STATE', () => {
     it('should set the initial state', () => {
-      const expectedState = { ...mockState, projectId: 'foo', formOptions };
-      mutations[types.SET_INITIAL_STATE](mockState, {
+      const payload = {
         projectId: 'foo',
+        enableHistoricEntries: false,
+        adminSettingsPath: 'foo',
+        isAdmin: true,
+      };
+      const expectedState = { ...mockState, ...payload, formOptions };
+      mutations[types.SET_INITIAL_STATE](mockState, {
+        ...payload,
         ...stringifiedFormOptions,
       });
 
-      expect(mockState.projectId).toEqual(expectedState.projectId);
-      expect(mockState.formOptions).toEqual(expectedState.formOptions);
+      expect(mockState).toEqual(expectedState);
     });
   });
 
@@ -41,6 +46,13 @@ describe('Mutations Registry Store', () => {
       expect(mockState.settings).toEqual(expectedState.settings);
       expect(mockState.original).toEqual(expectedState.settings);
     });
+
+    it('should keep the default state when settings is not present', () => {
+      const originalSettings = { ...mockState.settings };
+      mutations[types.SET_SETTINGS](mockState);
+      expect(mockState.settings).toEqual(originalSettings);
+      expect(mockState.original).toEqual(undefined);
+    });
   });
 
   describe('RESET_SETTINGS', () => {
@@ -50,6 +62,13 @@ describe('Mutations Registry Store', () => {
       mutations[types.RESET_SETTINGS](mockState);
       expect(mockState.settings).toEqual(mockState.original);
     });
+
+    it('if original is undefined it should initialize to empty object', () => {
+      mockState.settings = { foo: 'bar' };
+      mockState.original = undefined;
+      mutations[types.RESET_SETTINGS](mockState);
+      expect(mockState.settings).toEqual({});
+    });
   });
 
   describe('TOGGLE_LOADING', () => {
@@ -58,11 +77,4 @@ describe('Mutations Registry Store', () => {
       expect(mockState.isLoading).toEqual(true);
     });
   });
-
-  describe('SET_IS_DISABLED', () => {
-    it('should set isDisabled', () => {
-      mutations[types.SET_IS_DISABLED](mockState, true);
-      expect(mockState.isDisabled).toEqual(true);
-    });
-  });
 });
diff --git a/spec/lib/constraints/admin_constrainer_spec.rb b/spec/lib/constraints/admin_constrainer_spec.rb
new file mode 100644
index 00000000000..da178f9e71a
--- /dev/null
+++ b/spec/lib/constraints/admin_constrainer_spec.rb
@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+#
+require 'spec_helper'
+
+describe Constraints::AdminConstrainer, :do_not_mock_admin_mode do
+  let(:user) { create(:user) }
+
+  let(:session) { {} }
+  let(:env) { { 'warden' => double(:warden, authenticate?: true, user: user) } }
+  let(:request) { double(:request, session: session, env: env) }
+
+  around do |example|
+    Gitlab::Session.with_session(session) do
+      example.run
+    end
+  end
+
+  describe '#matches' do
+    context 'feature flag :user_mode_in_session is enabled' do
+      context 'when user is a regular user' do
+        it 'forbids access' do
+          expect(subject.matches?(request)).to be(false)
+        end
+      end
+
+      context 'when user is an admin' do
+        let(:user) { create(:admin) }
+
+        context 'admin mode is disabled' do
+          it 'forbids access' do
+            expect(subject.matches?(request)).to be(false)
+          end
+        end
+
+        context 'admin mode is enabled' do
+          before do
+            current_user_mode = Gitlab::Auth::CurrentUserMode.new(user)
+            current_user_mode.request_admin_mode!
+            current_user_mode.enable_admin_mode!(password: user.password)
+          end
+
+          it 'allows access' do
+            expect(subject.matches?(request)).to be(true)
+          end
+        end
+      end
+    end
+
+    context 'feature flag :user_mode_in_session is disabled' do
+      before do
+        stub_feature_flags(user_mode_in_session: false)
+      end
+
+      context 'when user is a regular user' do
+        it 'forbids access' do
+          expect(subject.matches?(request)).to be(false)
+        end
+      end
+
+      context 'when user is an admin' do
+        let(:user) { create(:admin) }
+
+        it 'allows access' do
+          expect(subject.matches?(request)).to be(true)
+        end
+      end
+    end
+  end
+end
diff --git a/spec/lib/gitlab/background_migration/backfill_push_rules_id_in_projects_spec.rb b/spec/lib/gitlab/background_migration/backfill_push_rules_id_in_projects_spec.rb
new file mode 100644
index 00000000000..f150ed4bd2e
--- /dev/null
+++ b/spec/lib/gitlab/background_migration/backfill_push_rules_id_in_projects_spec.rb
@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Gitlab::BackgroundMigration::BackfillPushRulesIdInProjects, :migration, schema: 2020_03_25_162730 do
+  let(:push_rules) { table(:push_rules) }
+  let(:projects) { table(:projects) }
+  let(:project_settings) { table(:project_settings) }
+  let(:namespace) { table(:namespaces).create(name: 'user', path: 'user') }
+
+  subject { described_class.new }
+
+  describe '#perform' do
+    it 'creates new project push_rules for all push rules in the range' do
+      project_1 = projects.create(id: 1, namespace_id: namespace.id)
+      project_2 = projects.create(id: 2, namespace_id: namespace.id)
+      project_3 = projects.create(id: 3, namespace_id: namespace.id)
+      project_settings_1 = project_settings.create(project_id: project_1.id)
+      project_settings_2 = project_settings.create(project_id: project_2.id)
+      project_settings_3 = project_settings.create(project_id: project_3.id)
+      push_rule_1 = push_rules.create(id: 5, is_sample: false, project_id: project_1.id)
+      push_rule_2 = push_rules.create(id: 6, is_sample: false, project_id: project_2.id)
+      push_rules.create(id: 8, is_sample: false, project_id: 3)
+
+      subject.perform(5, 7)
+
+      expect(project_settings_1.reload.push_rule_id).to eq(push_rule_1.id)
+      expect(project_settings_2.reload.push_rule_id).to eq(push_rule_2.id)
+      expect(project_settings_3.reload.push_rule_id).to be_nil
+    end
+  end
+end
diff --git a/spec/lib/gitlab/import_export/group/tree_saver_spec.rb b/spec/lib/gitlab/import_export/group/legacy_tree_saver_spec.rb
index eb790662d8c..a0490c255aa 100644
--- a/spec/lib/gitlab/import_export/group/tree_saver_spec.rb
+++ b/spec/lib/gitlab/import_export/group/legacy_tree_saver_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe Gitlab::ImportExport::Group::TreeSaver do
+describe Gitlab::ImportExport::Group::LegacyTreeSaver do
   describe 'saves the group tree into a json object' do
     let(:shared) { Gitlab::ImportExport::Shared.new(group) }
     let(:group_tree_saver) { described_class.new(group: group, current_user: user, shared: shared) }
@@ -28,7 +28,7 @@ describe Gitlab::ImportExport::Group::TreeSaver do
     # except:
     # context 'with description override' do
     # context 'group members' do
-    # ^ These are specific for the Group::TreeSaver
+    # ^ These are specific for the Group::LegacyTreeSaver
     context 'JSON' do
       let(:saved_group_json) do
         group_tree_saver.save
diff --git a/spec/migrations/schedule_backfill_push_rules_id_in_projects_spec.rb b/spec/migrations/schedule_backfill_push_rules_id_in_projects_spec.rb
new file mode 100644
index 00000000000..77648f5c64a
--- /dev/null
+++ b/spec/migrations/schedule_backfill_push_rules_id_in_projects_spec.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+require Rails.root.join('db', 'post_migrate', '20200325162730_schedule_backfill_push_rules_id_in_projects.rb')
+
+describe ScheduleBackfillPushRulesIdInProjects do
+  let(:push_rules) { table(:push_rules) }
+
+  it 'adds global rule association to application settings' do
+    application_settings = table(:application_settings)
+    setting = application_settings.create!
+    sample_rule = push_rules.create!(is_sample: true)
+
+    Sidekiq::Testing.fake! do
+      disable_migrations_output { migrate! }
+    end
+
+    setting.reload
+    expect(setting.push_rule_id).to eq(sample_rule.id)
+  end
+
+  it 'schedules worker to migrate project push rules' do
+    rule_1 = push_rules.create!
+    rule_2 = push_rules.create!
+
+    Sidekiq::Testing.fake! do
+      disable_migrations_output { migrate! }
+
+      expect(BackgroundMigrationWorker.jobs.size).to eq(1)
+      expect(described_class::MIGRATION)
+        .to be_scheduled_delayed_migration(5.minutes, rule_1.id, rule_2.id)
+    end
+  end
+end
diff --git a/spec/requests/api/issues/post_projects_issues_spec.rb b/spec/requests/api/issues/post_projects_issues_spec.rb
index be48113c215..1444f43003f 100644
--- a/spec/requests/api/issues/post_projects_issues_spec.rb
+++ b/spec/requests/api/issues/post_projects_issues_spec.rb
@@ -381,6 +381,20 @@ describe API::Issues do
         end.not_to change { project.labels.count }
       end
     end
+
+    context 'when request exceeds the rate limit' do
+      before do
+        allow(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).and_return(true)
+      end
+
+      it 'prevents users from creating more issues' do
+        post api("/projects/#{project.id}/issues", user),
+        params: { title: 'new issue', labels: 'label, label2', weight: 3, assignee_ids: [user2.id] }
+
+        expect(response).to have_gitlab_http_status(:too_many_requests)
+        expect(json_response['message']['error']).to eq('This endpoint has been requested too many times. Try again later.')
+      end
+    end
   end
 
   describe 'POST /projects/:id/issues with spam filtering' do
diff --git a/spec/services/groups/import_export/export_service_spec.rb b/spec/services/groups/import_export/export_service_spec.rb
index e026d2166d6..56c7121cc34 100644
--- a/spec/services/groups/import_export/export_service_spec.rb
+++ b/spec/services/groups/import_export/export_service_spec.rb
@@ -50,7 +50,7 @@ describe Groups::ImportExport::ExportService do
     end
 
     it 'saves the models' do
-      expect(Gitlab::ImportExport::Group::TreeSaver).to receive(:new).and_call_original
+      expect(Gitlab::ImportExport::Group::LegacyTreeSaver).to receive(:new).and_call_original
 
       service.execute
     end