Add latest changes from gitlab-org/gitlab@master

7 files changed, 313 insertions, 38 deletions

diff --git a/spec/controllers/projects/deploy_keys_controller_spec.rb b/spec/controllers/projects/deploy_keys_controller_spec.rb
index ccad76eaddd..8b1ca2efab2 100644
--- a/spec/controllers/projects/deploy_keys_controller_spec.rb
+++ b/spec/controllers/projects/deploy_keys_controller_spec.rb
@@ -5,6 +5,7 @@ require 'spec_helper'
 describe Projects::DeployKeysController do
   let(:project) { create(:project, :repository) }
   let(:user) { create(:user) }
+  let(:admin) { create(:admin) }
 
   before do
     project.add_maintainer(user)
@@ -37,7 +38,7 @@ describe Projects::DeployKeysController do
         create(:deploy_keys_project, project: project2, deploy_key: deploy_key_internal)
       end
 
-      let!(:deploy_keys_actual_project) do
+      let!(:deploy_keys_project_actual) do
         create(:deploy_keys_project, project: project, deploy_key: deploy_key_actual)
       end
 
@@ -154,7 +155,7 @@ describe Projects::DeployKeysController do
 
     context 'with admin' do
       before do
-        sign_in(create(:admin))
+        sign_in(admin)
       end
 
       it 'returns 302' do
@@ -219,7 +220,7 @@ describe Projects::DeployKeysController do
 
     context 'with admin' do
       before do
-        sign_in(create(:admin))
+        sign_in(admin)
       end
 
       it 'returns 302' do
@@ -234,4 +235,80 @@ describe Projects::DeployKeysController do
       end
     end
   end
+
+  describe 'PUT update' do
+    let(:extra_params) { {} }
+
+    subject do
+      put :update, params: extra_params.reverse_merge(id: deploy_key.id,
+                                                      namespace_id: project.namespace,
+                                                      project_id: project)
+    end
+
+    def deploy_key_params(title, can_push)
+      deploy_keys_projects_attributes = { '0' => { id: deploy_keys_project, can_push: can_push } }
+      { deploy_key: { title: title, deploy_keys_projects_attributes: deploy_keys_projects_attributes } }
+    end
+
+    let(:deploy_key) { create(:deploy_key, public: true) }
+    let(:project) { create(:project) }
+    let!(:deploy_keys_project) do
+      create(:deploy_keys_project, project: project, deploy_key: deploy_key)
+    end
+
+    context 'with project maintainer' do
+      before do
+        project.add_maintainer(user)
+      end
+
+      context 'public deploy key attached to project' do
+        let(:extra_params) { deploy_key_params('updated title', '1') }
+
+        it 'does not update the title of the deploy key' do
+          expect { subject }.not_to change { deploy_key.reload.title }
+        end
+
+        it 'updates can_push of deploy_keys_project' do
+          expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
+        end
+      end
+    end
+
+    context 'with admin' do
+      before do
+        sign_in(admin)
+      end
+
+      context 'public deploy key attached to project' do
+        let(:extra_params) { deploy_key_params('updated title', '1') }
+
+        it 'updates the title of the deploy key' do
+          expect { subject }.to change { deploy_key.reload.title }.to('updated title')
+        end
+
+        it 'updates can_push of deploy_keys_project' do
+          expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
+        end
+      end
+    end
+
+    context 'with admin as project maintainer' do
+      before do
+        sign_in(admin)
+        project.add_maintainer(admin)
+      end
+
+      context 'public deploy key attached to project' do
+        let(:extra_params) { deploy_key_params('updated title', '1') }
+
+        it 'updates the title of the deploy key' do
+          expect { subject }.to change { deploy_key.reload.title }.to('updated title')
+        end
+
+        it 'updates can_push of deploy_keys_project' do
+          expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
+        end
+      end
+    end
+  end
 end
diff --git a/spec/features/projects/settings/repository_settings_spec.rb b/spec/features/projects/settings/repository_settings_spec.rb
index 1294c8822b6..18031a40f15 100644
--- a/spec/features/projects/settings/repository_settings_spec.rb
+++ b/spec/features/projects/settings/repository_settings_spec.rb
@@ -66,6 +66,19 @@ describe 'Projects > Settings > Repository settings' do
         expect(page).to have_content('Write access allowed')
       end
 
+      it 'edit an existing public deploy key to be writable' do
+        project.deploy_keys << public_deploy_key
+        visit project_settings_repository_path(project)
+
+        find('.deploy-key', text: public_deploy_key.title).find('.ic-pencil').click
+
+        check 'deploy_key_deploy_keys_projects_attributes_0_can_push'
+        click_button 'Save changes'
+
+        expect(page).to have_content('public_deploy_key')
+        expect(page).to have_content('Write access allowed')
+      end
+
       it 'edit a deploy key from projects user has access to' do
         project2 = create(:project_empty_repo)
         project2.add_role(user, role)
diff --git a/spec/features/search/user_searches_for_code_spec.rb b/spec/features/search/user_searches_for_code_spec.rb
index 9451ee6eb15..9949595fddf 100644
--- a/spec/features/search/user_searches_for_code_spec.rb
+++ b/spec/features/search/user_searches_for_code_spec.rb
@@ -94,6 +94,13 @@ describe 'User searches for code' do
 
         expect(page).to have_selector('.results', text: 'path = gitlab-grack')
       end
+
+      it 'persist refs over browser tabs' do
+        ref = 'feature'
+        find('.js-project-refs-dropdown').click
+        link = find_link(ref)[:href]
+        expect(link.include?("repository_ref=" + ref)).to be(true)
+      end
     end
 
     it 'no ref switcher shown in issue result summary', :js do
diff --git a/spec/models/snippet_spec.rb b/spec/models/snippet_spec.rb
index 3524cdae3b8..15dcccb37d9 100644
--- a/spec/models/snippet_spec.rb
+++ b/spec/models/snippet_spec.rb
@@ -133,6 +133,32 @@ describe Snippet do
     end
   end
 
+  describe 'when default snippet visibility set to internal' do
+    using RSpec::Parameterized::TableSyntax
+
+    before do
+      stub_application_setting(default_snippet_visibility: Gitlab::VisibilityLevel::INTERNAL)
+    end
+
+    where(:attribute_name, :value) do
+      :visibility | 'private'
+      :visibility_level | Gitlab::VisibilityLevel::PRIVATE
+      'visibility' | 'private'
+      'visibility_level' | Gitlab::VisibilityLevel::PRIVATE
+    end
+
+    with_them do
+      it 'sets the visibility level' do
+        snippet = described_class.new(attribute_name => value, title: 'test', file_name: 'test.rb', content: 'test data')
+
+        expect(snippet.visibility_level).to eq(Gitlab::VisibilityLevel::PRIVATE)
+        expect(snippet.title).to eq('test')
+        expect(snippet.file_name).to eq('test.rb')
+        expect(snippet.content).to eq('test data')
+      end
+    end
+  end
+
   describe '.with_optional_visibility' do
     context 'when a visibility level is provided' do
       it 'returns snippets with the given visibility' do
diff --git a/spec/policies/deploy_keys_project_policy_spec.rb b/spec/policies/deploy_keys_project_policy_spec.rb
new file mode 100644
index 00000000000..952da86b7a7
--- /dev/null
+++ b/spec/policies/deploy_keys_project_policy_spec.rb
@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe DeployKeysProjectPolicy do
+  subject { described_class.new(current_user, deploy_key.deploy_keys_project_for(project)) }
+
+  describe 'updating a deploy_keys_project' do
+    context 'when a project maintainer' do
+      let(:current_user) { create(:user) }
+
+      context 'tries to update private deploy key attached to project' do
+        let(:deploy_key) { create(:deploy_key, public: false) }
+        let(:project) { create(:project_empty_repo) }
+
+        before do
+          project.add_maintainer(current_user)
+          project.deploy_keys << deploy_key
+        end
+
+        it { is_expected.to be_disallowed(:update_deploy_keys_project) }
+      end
+
+      context 'tries to update public deploy key attached to project' do
+        let(:deploy_key) { create(:deploy_key, public: true) }
+        let(:project) { create(:project_empty_repo) }
+
+        before do
+          project.add_maintainer(current_user)
+          project.deploy_keys << deploy_key
+        end
+
+        it { is_expected.to be_allowed(:update_deploy_keys_project) }
+      end
+    end
+
+    context 'when a non-maintainer project member' do
+      let(:current_user) { create(:user) }
+      let(:project) { create(:project_empty_repo) }
+
+      before do
+        project.add_developer(current_user)
+        project.deploy_keys << deploy_key
+      end
+
+      context 'tries to update private deploy key attached to project' do
+        let(:deploy_key) { create(:deploy_key, public: false) }
+
+        it { is_expected.to be_disallowed(:update_deploy_keys_project) }
+      end
+
+      context 'tries to update public deploy key attached to project' do
+        let(:deploy_key) { create(:deploy_key, public: true) }
+
+        it { is_expected.to be_disallowed(:update_deploy_keys_project) }
+      end
+    end
+
+    context 'when a user is not a project member' do
+      let(:current_user) { create(:user) }
+      let(:project) { create(:project_empty_repo) }
+      let(:deploy_key) { create(:deploy_key, public: true) }
+
+      before do
+        project.deploy_keys << deploy_key
+      end
+
+      context 'tries to update public deploy key attached to project' do
+        it { is_expected.to be_disallowed(:update_deploy_keys_project) }
+      end
+    end
+  end
+end
diff --git a/spec/requests/api/deploy_keys_spec.rb b/spec/requests/api/deploy_keys_spec.rb
index b93ee148736..e0cc18abcca 100644
--- a/spec/requests/api/deploy_keys_spec.rb
+++ b/spec/requests/api/deploy_keys_spec.rb
@@ -2,6 +2,7 @@ require 'spec_helper'
 
 describe API::DeployKeys do
   let(:user)        { create(:user) }
+  let(:maintainer)  { create(:user) }
   let(:admin)       { create(:admin) }
   let(:project)     { create(:project, creator_id: user.id) }
   let(:project2)    { create(:project, creator_id: user.id) }
@@ -124,45 +125,109 @@ describe API::DeployKeys do
   end
 
   describe 'PUT /projects/:id/deploy_keys/:key_id' do
-    let(:private_deploy_key) { create(:another_deploy_key, public: false) }
-    let(:project_private_deploy_key) do
-      create(:deploy_keys_project, project: project, deploy_key: private_deploy_key)
+    let(:extra_params) { {} }
+
+    subject do
+      put api("/projects/#{project.id}/deploy_keys/#{deploy_key.id}", api_user), params: extra_params
     end
 
-    it 'updates a public deploy key as admin' do
-      expect do
-        put api("/projects/#{project.id}/deploy_keys/#{deploy_key.id}", admin), params: { title: 'new title' }
-      end.not_to change(deploy_key, :title)
+    context 'with non-admin' do
+      let(:api_user) { user }
 
-      expect(response).to have_gitlab_http_status(200)
+      it 'does not update a public deploy key' do
+        expect { subject }.not_to change(deploy_key, :title)
+
+        expect(response).to have_gitlab_http_status(404)
+      end
     end
 
-    it 'does not update a public deploy key as non admin' do
-      expect do
-        put api("/projects/#{project.id}/deploy_keys/#{deploy_key.id}", user), params: { title: 'new title' }
-      end.not_to change(deploy_key, :title)
+    context 'with admin' do
+      let(:api_user) { admin }
 
-      expect(response).to have_gitlab_http_status(404)
+      context 'public deploy key attached to project' do
+        let(:extra_params) { { title: 'new title', can_push: true } }
+
+        it 'updates the title of the deploy key' do
+          expect { subject }.to change { deploy_key.reload.title }.to 'new title'
+          expect(response).to have_gitlab_http_status(200)
+        end
+
+        it 'updates can_push of deploy_keys_project' do
+          expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
+          expect(response).to have_gitlab_http_status(200)
+        end
+      end
+
+      context 'private deploy key' do
+        let(:deploy_key) { create(:another_deploy_key, public: false) }
+        let(:deploy_keys_project) do
+          create(:deploy_keys_project, project: project, deploy_key: deploy_key)
+        end
+        let(:extra_params) { { title: 'new title', can_push: true } }
+
+        it 'updates the title of the deploy key' do
+          expect { subject }.to change { deploy_key.reload.title }.to 'new title'
+          expect(response).to have_gitlab_http_status(200)
+        end
+
+        it 'updates can_push of deploy_keys_project' do
+          expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
+          expect(response).to have_gitlab_http_status(200)
+        end
+
+        context 'invalid title' do
+          let(:extra_params) { { title: '' } }
+
+          it 'does not update the title of the deploy key' do
+            expect { subject }.not_to change { deploy_key.reload.title }
+            expect(response).to have_gitlab_http_status(400)
+          end
+        end
+      end
     end
 
-    it 'does not update a private key with invalid title' do
-      project_private_deploy_key
+    context 'with admin as project maintainer' do
+      let(:api_user) { admin }
 
-      expect do
-        put api("/projects/#{project.id}/deploy_keys/#{private_deploy_key.id}", admin), params: { title: '' }
-      end.not_to change(deploy_key, :title)
+      before do
+        project.add_maintainer(admin)
+      end
 
-      expect(response).to have_gitlab_http_status(400)
+      context 'public deploy key attached to project' do
+        let(:extra_params) { { title: 'new title', can_push: true } }
+
+        it 'updates the title of the deploy key' do
+          expect { subject }.to change { deploy_key.reload.title }.to 'new title'
+          expect(response).to have_gitlab_http_status(200)
+        end
+
+        it 'updates can_push of deploy_keys_project' do
+          expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
+          expect(response).to have_gitlab_http_status(200)
+        end
+      end
     end
 
-    it 'updates a private ssh key with correct attributes' do
-      project_private_deploy_key
+    context 'with maintainer' do
+      let(:api_user) { maintainer }
 
-      put api("/projects/#{project.id}/deploy_keys/#{private_deploy_key.id}", admin), params: { title: 'new title', can_push: true }
+      before do
+        project.add_maintainer(maintainer)
+      end
 
-      expect(json_response['id']).to eq(private_deploy_key.id)
-      expect(json_response['title']).to eq('new title')
-      expect(json_response['can_push']).to eq(true)
+      context 'public deploy key attached to project' do
+        let(:extra_params) { { title: 'new title', can_push: true } }
+
+        it 'does not update the title of the deploy key' do
+          expect { subject }.not_to change { deploy_key.reload.title }
+          expect(response).to have_gitlab_http_status(200)
+        end
+
+        it 'updates can_push of deploy_keys_project' do
+          expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
+          expect(response).to have_gitlab_http_status(200)
+        end
+      end
     end
   end
 
diff --git a/spec/serializers/deploy_key_entity_spec.rb b/spec/serializers/deploy_key_entity_spec.rb
index 9e76d36c302..607adfc2488 100644
--- a/spec/serializers/deploy_key_entity_spec.rb
+++ b/spec/serializers/deploy_key_entity_spec.rb
@@ -8,14 +8,15 @@ describe DeployKeyEntity do
   let(:user) { create(:user) }
   let(:project) { create(:project, :internal)}
   let(:project_private) { create(:project, :private)}
-  let!(:project_pending_delete) { create(:project, :internal, pending_delete: true) }
   let(:deploy_key) { create(:deploy_key) }
-  let!(:deploy_key_internal) { create(:deploy_keys_project, project: project, deploy_key: deploy_key) }
-  let!(:deploy_key_private)  { create(:deploy_keys_project, project: project_private, deploy_key: deploy_key) }
-  let!(:deploy_key_pending_delete) { create(:deploy_keys_project, project: project_pending_delete, deploy_key: deploy_key) }
 
   let(:entity) { described_class.new(deploy_key, user: user) }
 
+  before do
+    project.deploy_keys << deploy_key
+    project_private.deploy_keys << deploy_key
+  end
+
   describe 'returns deploy keys with projects a user can read' do
     let(:expected_result) do
       {
@@ -46,17 +47,30 @@ describe DeployKeyEntity do
     it { expect(entity.as_json).to eq(expected_result) }
   end
 
-  describe 'returns can_edit true if user is a maintainer of project' do
+  context 'user is an admin' do
+    let(:user) { create(:user, :admin) }
+
+    it { expect(entity.as_json).to include(can_edit: true) }
+  end
+
+  context 'user is a project maintainer' do
     before do
       project.add_maintainer(user)
     end
 
-    it { expect(entity.as_json).to include(can_edit: true) }
-  end
+    context 'project deploy key' do
+      it { expect(entity.as_json).to include(can_edit: true) }
+    end
 
-  describe 'returns can_edit true if a user admin' do
-    let(:user) { create(:user, :admin) }
+    context 'public deploy key' do
+      let(:deploy_key_public) { create(:deploy_key, public: true) }
+      let(:entity_public) { described_class.new(deploy_key_public, { user: user, project: project }) }
 
-    it { expect(entity.as_json).to include(can_edit: true) }
+      before do
+        project.deploy_keys << deploy_key_public
+      end
+
+      it { expect(entity_public.as_json).to include(can_edit: true) }
+    end
   end
 end