Add latest changes from gitlab-org/gitlab@master

6 files changed, 126 insertions, 33 deletions

diff --git a/spec/controllers/projects/pipelines_controller_spec.rb b/spec/controllers/projects/pipelines_controller_spec.rb
index 0c97f11090d..00866ca118f 100644
--- a/spec/controllers/projects/pipelines_controller_spec.rb
+++ b/spec/controllers/projects/pipelines_controller_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe Projects::PipelinesController do
+RSpec.describe Projects::PipelinesController, feature_category: :continuous_integration do
   include ApiHelpers
 
   let_it_be(:user) { create(:user) }
@@ -52,21 +52,6 @@ RSpec.describe Projects::PipelinesController do
           expect(stages.count).to eq 3
         end
       end
-
-      it 'does not execute N+1 queries', quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/345470' do
-        get_pipelines_index_json
-
-        control_count = ActiveRecord::QueryRecorder.new do
-          get_pipelines_index_json
-        end.count
-
-        create_all_pipeline_types
-
-        # There appears to be one extra query for Pipelines#has_warnings? for some reason
-        expect { get_pipelines_index_json }.not_to exceed_query_limit(control_count + 1)
-        expect(response).to have_gitlab_http_status(:ok)
-        expect(json_response['pipelines'].count).to eq 12
-      end
     end
 
     it 'does not include coverage data for the pipelines' do
diff --git a/spec/controllers/registrations_controller_spec.rb b/spec/controllers/registrations_controller_spec.rb
index b217b100349..51a26c351c3 100644
--- a/spec/controllers/registrations_controller_spec.rb
+++ b/spec/controllers/registrations_controller_spec.rb
@@ -8,7 +8,6 @@ RSpec.describe RegistrationsController, feature_category: :user_profile do
 
   before do
     stub_application_setting(require_admin_approval_after_user_signup: false)
-    stub_feature_flags(arkose_labs_signup_challenge: false)
   end
 
   describe '#new' do
diff --git a/spec/features/admin/admin_settings_spec.rb b/spec/features/admin/admin_settings_spec.rb
index 6642bd7ac61..34025e9dd14 100644
--- a/spec/features/admin/admin_settings_spec.rb
+++ b/spec/features/admin/admin_settings_spec.rb
@@ -24,7 +24,7 @@ RSpec.describe 'Admin updates settings', feature_category: :not_owned do
       end
 
       it 'change visibility settings' do
-        page.within('.as-visibility-access') do
+        page.within('[data-testid="admin-visibility-access-settings"]') do
           choose "application_setting_default_project_visibility_20"
           click_button 'Save changes'
         end
@@ -33,23 +33,29 @@ RSpec.describe 'Admin updates settings', feature_category: :not_owned do
       end
 
       it 'uncheck all restricted visibility levels' do
-        page.within('.as-visibility-access') do
-          find('#application_setting_restricted_visibility_levels_0').set(false)
-          find('#application_setting_restricted_visibility_levels_10').set(false)
-          find('#application_setting_restricted_visibility_levels_20').set(false)
+        page.within('[data-testid="restricted-visibility-levels"]') do
+          uncheck s_('VisibilityLevel|Public')
+          uncheck s_('VisibilityLevel|Internal')
+          uncheck s_('VisibilityLevel|Private')
+        end
+
+        page.within('[data-testid="admin-visibility-access-settings"]') do
           click_button 'Save changes'
         end
 
         expect(page).to have_content "Application settings saved successfully"
-        expect(find('#application_setting_restricted_visibility_levels_0')).not_to be_checked
-        expect(find('#application_setting_restricted_visibility_levels_10')).not_to be_checked
-        expect(find('#application_setting_restricted_visibility_levels_20')).not_to be_checked
+
+        page.within('[data-testid="restricted-visibility-levels"]') do
+          expect(find_field(s_('VisibilityLevel|Public'))).not_to be_checked
+          expect(find_field(s_('VisibilityLevel|Internal'))).not_to be_checked
+          expect(find_field(s_('VisibilityLevel|Private'))).not_to be_checked
+        end
       end
 
       it 'modify import sources' do
         expect(current_settings.import_sources).not_to be_empty
 
-        page.within('.as-visibility-access') do
+        page.within('[data-testid="admin-visibility-access-settings"]') do
           Gitlab::ImportSources.options.map do |name, _|
             uncheck name
           end
@@ -60,7 +66,7 @@ RSpec.describe 'Admin updates settings', feature_category: :not_owned do
         expect(page).to have_content "Application settings saved successfully"
         expect(current_settings.import_sources).to be_empty
 
-        page.within('.as-visibility-access') do
+        page.within('[data-testid="admin-visibility-access-settings"]') do
           check "Repository by URL"
           click_button 'Save changes'
         end
@@ -70,7 +76,7 @@ RSpec.describe 'Admin updates settings', feature_category: :not_owned do
       end
 
       it 'change Visibility and Access Controls' do
-        page.within('.as-visibility-access') do
+        page.within('[data-testid="admin-visibility-access-settings"]') do
           page.within('[data-testid="project-export"]') do
             uncheck 'Enabled'
           end
@@ -88,7 +94,7 @@ RSpec.describe 'Admin updates settings', feature_category: :not_owned do
       end
 
       it 'change Keys settings' do
-        page.within('.as-visibility-access') do
+        page.within('[data-testid="admin-visibility-access-settings"]') do
           select 'Are forbidden', from: 'RSA SSH keys'
           select 'Are allowed', from: 'DSA SSH keys'
           select 'Must be at least 384 bits', from: 'ECDSA SSH keys'
diff --git a/spec/helpers/application_settings_helper_spec.rb b/spec/helpers/application_settings_helper_spec.rb
index 914c866c464..19cb970553b 100644
--- a/spec/helpers/application_settings_helper_spec.rb
+++ b/spec/helpers/application_settings_helper_spec.rb
@@ -3,6 +3,14 @@
 require 'spec_helper'
 
 RSpec.describe ApplicationSettingsHelper do
+  include Devise::Test::ControllerHelpers
+
+  let_it_be(:current_user) { create(:admin) }
+
+  before do
+    allow(helper).to receive(:current_user).and_return(current_user)
+  end
+
   context 'when all protocols in use' do
     before do
       stub_application_setting(enabled_git_access_protocol: '')
@@ -360,13 +368,10 @@ RSpec.describe ApplicationSettingsHelper do
   end
 
   describe '#instance_clusters_enabled?', :request_store do
-    let_it_be(:user) { create(:user) }
-
     subject { helper.instance_clusters_enabled? }
 
     before do
-      allow(helper).to receive(:current_user).and_return(user)
-      allow(helper).to receive(:can?).with(user, :read_cluster, instance_of(Clusters::Instance)).and_return(true)
+      allow(helper).to receive(:can?).with(current_user, :read_cluster, instance_of(Clusters::Instance)).and_return(true)
     end
 
     it { is_expected.to be_truthy }
@@ -379,4 +384,52 @@ RSpec.describe ApplicationSettingsHelper do
       it { is_expected.to be_falsey }
     end
   end
+
+  describe '#restricted_level_checkboxes' do
+    let_it_be(:application_setting) { create(:application_setting) }
+
+    before do
+      allow(current_user).to receive(:can_admin_all_resources?).and_return(true)
+      stub_application_setting(
+        restricted_visibility_levels: [
+          Gitlab::VisibilityLevel::PUBLIC,
+          Gitlab::VisibilityLevel::INTERNAL,
+          Gitlab::VisibilityLevel::PRIVATE
+        ]
+      )
+    end
+
+    it 'returns restricted level checkboxes with correct label, description, and HTML attributes' do
+      helper.gitlab_ui_form_for(application_setting, url: '/admin/application_settings/general') do |form|
+        result = helper.restricted_level_checkboxes(form)
+
+        expect(result[0]).to have_checked_field(s_('VisibilityLevel|Private'), with: Gitlab::VisibilityLevel::PRIVATE)
+        expect(result[0]).to have_selector('[data-testid="lock-icon"]')
+        expect(result[0]).to have_content(
+          s_(
+            'AdminSettings|If selected, only administrators are able to create private groups, projects, and ' \
+            'snippets.'
+          )
+        )
+
+        expect(result[1]).to have_checked_field(s_('VisibilityLevel|Internal'), with: Gitlab::VisibilityLevel::INTERNAL)
+        expect(result[1]).to have_selector('[data-testid="shield-icon"]')
+        expect(result[1]).to have_content(
+          s_(
+            'AdminSettings|If selected, only administrators are able to create internal groups, projects, and ' \
+            'snippets.'
+          )
+        )
+
+        expect(result[2]).to have_checked_field(s_('VisibilityLevel|Public'), with: Gitlab::VisibilityLevel::PUBLIC)
+        expect(result[2]).to have_selector('[data-testid="earth-icon"]')
+        expect(result[2]).to have_content(
+          s_(
+            'AdminSettings|If selected, only administrators are able to create public groups, projects, ' \
+            'and snippets. Also, profiles are only visible to authenticated users.'
+          )
+        )
+      end
+    end
+  end
 end
diff --git a/spec/models/ci/job_token/project_scope_link_spec.rb b/spec/models/ci/job_token/project_scope_link_spec.rb
index 30ae8bc6d88..310f9b550f4 100644
--- a/spec/models/ci/job_token/project_scope_link_spec.rb
+++ b/spec/models/ci/job_token/project_scope_link_spec.rb
@@ -28,6 +28,30 @@ RSpec.describe Ci::JobToken::ProjectScopeLink, feature_category: :continuous_int
     end
   end
 
+  describe '.create' do
+    let_it_be(:target) { create(:project) }
+    let(:new_link) { described_class.create(source_project: project, target_project: target) } # rubocop:disable Rails/SaveBang
+
+    context 'when there are more than PROJECT_LINK_DIRECTIONAL_LIMIT existing links' do
+      before do
+        create_list(:ci_job_token_project_scope_link, 5, source_project: project)
+        stub_const("#{described_class}::PROJECT_LINK_DIRECTIONAL_LIMIT", 3)
+      end
+
+      it 'invalidates new links and prevents them from being created' do
+        expect { new_link }.not_to change { described_class.count }
+        expect(new_link).not_to be_persisted
+        expect(new_link.errors.full_messages)
+          .to include('Source project exceeds the allowable number of project links in this direction')
+      end
+
+      it 'does not invalidate existing links' do
+        expect(described_class.count).to be > described_class::PROJECT_LINK_DIRECTIONAL_LIMIT
+        expect(described_class.all).to all(be_valid)
+      end
+    end
+  end
+
   describe 'validations' do
     it 'must have a source project', :aggregate_failures do
       link = build(:ci_job_token_project_scope_link, source_project: nil)
diff --git a/spec/requests/projects/pipelines_controller_spec.rb b/spec/requests/projects/pipelines_controller_spec.rb
index 7f185ade339..73e002b63b1 100644
--- a/spec/requests/projects/pipelines_controller_spec.rb
+++ b/spec/requests/projects/pipelines_controller_spec.rb
@@ -19,6 +19,32 @@ RSpec.describe Projects::PipelinesController, feature_category: :continuous_inte
     login_as(user)
   end
 
+  describe "GET index.json" do
+    it 'does not execute N+1 queries' do
+      get_pipelines_index
+
+      control_count = ActiveRecord::QueryRecorder.new do
+        get_pipelines_index
+      end.count
+
+      %w[pending running success failed canceled].each do |status|
+        create(:ci_pipeline, project: project, status: status)
+      end
+
+      # There appears to be one extra query for Pipelines#has_warnings? for some reason
+      expect { get_pipelines_index }.not_to exceed_query_limit(control_count + 1)
+      expect(response).to have_gitlab_http_status(:ok)
+      expect(json_response['pipelines'].count).to eq 6
+    end
+
+    def get_pipelines_index
+      get namespace_project_pipelines_path(
+        namespace_id: project.namespace.to_param,
+        project_id: project.to_param,
+        format: :json)
+    end
+  end
+
   describe "GET stages.json" do
     it 'does not execute N+1 queries' do
       request_build_stage