Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-06-02 00:08:14 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-06-02 00:08:14 +0300
commit: e2ef50dafcf51e811123dd71179334de2ea3edf9 (patch)
tree: 2aa7d999620a93d88081b40bd7b20ac127f99270 /spec
parent: 68d5cc2d9d162def465657d4696eb58e9b3906a7 (diff)
15 files changed, 180 insertions, 20 deletions
diff --git a/spec/controllers/projects/jobs_controller_spec.rb b/spec/controllers/projects/jobs_controller_spec.rb
index 5aafddd94da..107eb1ed3a3 100644
--- a/spec/controllers/projects/jobs_controller_spec.rb
+++ b/spec/controllers/projects/jobs_controller_spec.rb
@@ -183,7 +183,7 @@ RSpec.describe Projects::JobsController, :clean_gitlab_redis_shared_state do
         end
 
         context 'with web terminal' do
-          let(:job) { create(:ci_build, :running, :with_runner_session, pipeline: pipeline) }
+          let(:job) { create(:ci_build, :running, :with_runner_session, pipeline: pipeline, user: user) }
 
           it 'exposes the terminal path' do
             expect(response).to have_gitlab_http_status(:ok)
@@ -1303,7 +1303,7 @@ RSpec.describe Projects::JobsController, :clean_gitlab_redis_shared_state do
 
     context 'when job exists' do
       context 'and it has a terminal' do
-        let!(:job) { create(:ci_build, :running, :with_runner_session, pipeline: pipeline) }
+        let!(:job) { create(:ci_build, :running, :with_runner_session, pipeline: pipeline, user: user) }
 
         it 'has a job' do
           get_terminal(id: job.id)
@@ -1314,7 +1314,7 @@ RSpec.describe Projects::JobsController, :clean_gitlab_redis_shared_state do
       end
 
       context 'and does not have a terminal' do
-        let!(:job) { create(:ci_build, :running, pipeline: pipeline) }
+        let!(:job) { create(:ci_build, :running, pipeline: pipeline, user: user) }
 
         it 'returns not_found' do
           get_terminal(id: job.id)
@@ -1343,7 +1343,7 @@ RSpec.describe Projects::JobsController, :clean_gitlab_redis_shared_state do
   end
 
   describe 'GET #terminal_websocket_authorize' do
-    let!(:job) { create(:ci_build, :running, :with_runner_session, pipeline: pipeline) }
+    let!(:job) { create(:ci_build, :running, :with_runner_session, pipeline: pipeline, user: user) }
 
     before do
       project.add_developer(user)
diff --git a/spec/features/security/group/private_access_spec.rb b/spec/features/security/group/private_access_spec.rb
index fc1fb3e3848..f733145b5e3 100644
--- a/spec/features/security/group/private_access_spec.rb
+++ b/spec/features/security/group/private_access_spec.rb
@@ -97,7 +97,7 @@ RSpec.describe 'Private Group access' do
     it { is_expected.to be_allowed_for(:developer).of(group) }
     it { is_expected.to be_allowed_for(:reporter).of(group) }
     it { is_expected.to be_allowed_for(:guest).of(group) }
-    it { is_expected.to be_allowed_for(project_guest) }
+    it { is_expected.to be_denied_for(project_guest) }
     it { is_expected.to be_denied_for(:user) }
     it { is_expected.to be_denied_for(:external) }
     it { is_expected.to be_denied_for(:visitor) }
diff --git a/spec/frontend/gfm_auto_complete_spec.js b/spec/frontend/gfm_auto_complete_spec.js
index aa98b2774ea..552377e3381 100644
--- a/spec/frontend/gfm_auto_complete_spec.js
+++ b/spec/frontend/gfm_auto_complete_spec.js
@@ -868,4 +868,19 @@ describe('GfmAutoComplete', () => {
       );
     });
   });
+
+  describe('Contacts', () => {
+    it('escapes name and email correct', () => {
+      const xssPayload = '<script>alert(1)</script>';
+      const escapedPayload = '&lt;script&gt;alert(1)&lt;/script&gt;';
+
+      expect(
+        GfmAutoComplete.Contacts.templateFunction({
+          email: xssPayload,
+          firstName: xssPayload,
+          lastName: xssPayload,
+        }),
+      ).toBe(`<li><small>${escapedPayload} ${escapedPayload}</small> ${escapedPayload}</li>`);
+    });
+  });
 });
diff --git a/spec/frontend/runner/components/__snapshots__/runner_status_popover_spec.js.snap b/spec/frontend/runner/components/__snapshots__/runner_status_popover_spec.js.snap
index 80a04401760..b27a1adf01b 100644
--- a/spec/frontend/runner/components/__snapshots__/runner_status_popover_spec.js.snap
+++ b/spec/frontend/runner/components/__snapshots__/runner_status_popover_spec.js.snap
@@ -1,3 +1,3 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
-exports[`RunnerStatusPopover renders complete text 1`] = `"Never contacted: Runner has never contacted GitLab (when you register a runner, use gitlab-runner run to bring it online) Online: Runner has contacted GitLab within the last 2 hours Offline: Runner has not contacted GitLab in more than 2 hours Stale: Runner has not contacted GitLab in more than 2 months"`;
+exports[`RunnerStatusPopover renders complete text 1`] = `"Never contacted: Runner has never contacted GitLab (when you register a runner, use gitlab-runner run to bring it online) Online: Runner has contacted GitLab within the last 2 hours Offline: Runner has not contacted GitLab in more than 2 hours Stale: Runner has not contacted GitLab in more than 3 months"`;
diff --git a/spec/frontend/runner/mock_data.js b/spec/frontend/runner/mock_data.js
index 1c2333b552c..40854dae57a 100644
--- a/spec/frontend/runner/mock_data.js
+++ b/spec/frontend/runner/mock_data.js
@@ -19,7 +19,7 @@ import groupRunnersCountData from 'test_fixtures/graphql/runner/list/group_runne
 
 // Other mock data
 export const onlineContactTimeoutSecs = 2 * 60 * 60;
-export const staleTimeoutSecs = 5259492; // Ruby's `2.months`
+export const staleTimeoutSecs = 7889238; // Ruby's `3.months`
 
 export {
   runnersData,
diff --git a/spec/frontend/vue_shared/issuable/list/components/issuable_list_root_spec.js b/spec/frontend/vue_shared/issuable/list/components/issuable_list_root_spec.js
index 058cb30c1d5..66f71c0b028 100644
--- a/spec/frontend/vue_shared/issuable/list/components/issuable_list_root_spec.js
+++ b/spec/frontend/vue_shared/issuable/list/components/issuable_list_root_spec.js
@@ -1,9 +1,4 @@
-import {
-  GlAlert,
-  GlKeysetPagination,
-  GlDeprecatedSkeletonLoading as GlSkeletonLoading,
-  GlPagination,
-} from '@gitlab/ui';
+import { GlAlert, GlKeysetPagination, GlSkeletonLoader, GlPagination } from '@gitlab/ui';
 import { shallowMount } from '@vue/test-utils';
 import VueDraggable from 'vuedraggable';
 
@@ -263,7 +258,7 @@ describe('IssuableListRoot', () => {
     it('renders gl-loading-icon when `issuablesLoading` prop is true', () => {
       wrapper = createComponent({ props: { issuablesLoading: true } });
 
-      expect(wrapper.findAllComponents(GlSkeletonLoading)).toHaveLength(
+      expect(wrapper.findAllComponents(GlSkeletonLoader)).toHaveLength(
         wrapper.vm.skeletonItemCount,
       );
     });
diff --git a/spec/helpers/emails_helper_spec.rb b/spec/helpers/emails_helper_spec.rb
index 39b919fa925..969ef6cae7f 100644
--- a/spec/helpers/emails_helper_spec.rb
+++ b/spec/helpers/emails_helper_spec.rb
@@ -3,6 +3,8 @@
 require 'spec_helper'
 
 RSpec.describe EmailsHelper do
+  include EmailsHelperTestHelper
+
   describe 'closure_reason_text' do
     context 'when given a MergeRequest' do
       let(:merge_request) { create(:merge_request) }
@@ -238,17 +240,13 @@ RSpec.describe EmailsHelper do
       it 'returns the default header logo' do
         create :appearance, header_logo: nil
 
-        expect(header_logo).to match(
-          %r{<img alt="GitLab" src="/images/mailers/gitlab_logo\.(?:gif|png)" width="\d+" height="\d+" />}
-        )
+        expect(header_logo).to match(default_header_logo)
       end
     end
 
     context 'there is no brand item' do
       it 'returns the default header logo' do
-        expect(header_logo).to match(
-          %r{<img alt="GitLab" src="/images/mailers/gitlab_logo\.(?:gif|png)" width="\d+" height="\d+" />}
-        )
+        expect(header_logo).to match(default_header_logo)
       end
     end
   end
diff --git a/spec/lib/sidebars/projects/menus/monitor_menu_spec.rb b/spec/lib/sidebars/projects/menus/monitor_menu_spec.rb
index 9d5845d20e5..b11c9db4e46 100644
--- a/spec/lib/sidebars/projects/menus/monitor_menu_spec.rb
+++ b/spec/lib/sidebars/projects/menus/monitor_menu_spec.rb
@@ -82,6 +82,20 @@ RSpec.describe Sidebars::Projects::Menus::MonitorMenu do
       end
     end
 
+    describe 'Tracing' do
+      let(:item_id) { :tracing }
+
+      it_behaves_like 'access rights checks'
+
+      context 'when feature disabled' do
+        before do
+          stub_feature_flags(monitor_tracing: false)
+        end
+
+        specify { is_expected.to be_nil }
+      end
+    end
+
     describe 'Error Tracking' do
       let(:item_id) { :error_tracking }
 
diff --git a/spec/policies/ci/build_policy_spec.rb b/spec/policies/ci/build_policy_spec.rb
index 1ec749fb394..fee4d76ca8f 100644
--- a/spec/policies/ci/build_policy_spec.rb
+++ b/spec/policies/ci/build_policy_spec.rb
@@ -405,4 +405,52 @@ RSpec.describe Ci::BuildPolicy do
       end
     end
   end
+
+  describe 'ability :create_build_terminal' do
+    let(:project) { create(:project, :private) }
+
+    subject { described_class.new(user, build) }
+
+    context 'when user can update_build' do
+      before do
+        project.add_maintainer(user)
+      end
+
+      context 'when job has terminal' do
+        before do
+          allow(build).to receive(:has_terminal?).and_return(true)
+        end
+
+        context 'when current user is the job owner' do
+          before do
+            build.update!(user: user)
+          end
+
+          it { expect_allowed(:create_build_terminal) }
+        end
+
+        context 'when current user is not the job owner' do
+          it { expect_disallowed(:create_build_terminal) }
+        end
+      end
+
+      context 'when job does not have terminal' do
+        before do
+          allow(build).to receive(:has_terminal?).and_return(false)
+          build.update!(user: user)
+        end
+
+        it { expect_disallowed(:create_build_terminal) }
+      end
+    end
+
+    context 'when user cannot update build' do
+      before do
+        project.add_guest(user)
+        allow(build).to receive(:has_terminal?).and_return(true)
+      end
+
+      it { expect_disallowed(:create_build_terminal) }
+    end
+  end
 end
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index ce97fc0c77e..d9316344474 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -396,6 +396,36 @@ RSpec.describe ProjectPolicy do
     end
   end
 
+  context 'importing members from another project' do
+    %w(maintainer owner).each do |role|
+      context "with #{role}" do
+        let(:current_user) { send(role) }
+
+        it { is_expected.to be_allowed(:import_project_members_from_another_project) }
+      end
+    end
+
+    %w(guest reporter developer anonymous).each do |role|
+      context "with #{role}" do
+        let(:current_user) { send(role) }
+
+        it { is_expected.to be_disallowed(:import_project_members_from_another_project) }
+      end
+    end
+
+    context 'with an admin' do
+      let(:current_user) { admin }
+
+      context 'when admin mode is enabled', :enable_admin_mode do
+        it { expect_allowed(:import_project_members_from_another_project) }
+      end
+
+      context 'when admin mode is disabled' do
+        it { expect_disallowed(:import_project_members_from_another_project) }
+      end
+    end
+  end
+
   context 'reading usage quotas' do
     %w(maintainer owner).each do |role|
       context "with #{role}" do
diff --git a/spec/requests/api/members_spec.rb b/spec/requests/api/members_spec.rb
index 94f1bf13830..e4c2f17af47 100644
--- a/spec/requests/api/members_spec.rb
+++ b/spec/requests/api/members_spec.rb
@@ -185,6 +185,21 @@ RSpec.describe API::Members do
       expect(json_response).to be_an Array
       expect(json_response.map { |u| u['id'] }).to match_array [maintainer.id, developer.id, nested_user.id]
     end
+
+    context 'with a subgroup' do
+      let(:group) { create(:group, :private)}
+      let(:subgroup) { create(:group, :private, parent: group)}
+      let(:project) { create(:project, group: subgroup) }
+
+      before do
+        subgroup.add_developer(developer)
+      end
+
+      it 'subgroup member cannot get parent group members list' do
+        get api("/groups/#{group.id}/members/all", developer)
+        expect(response).to have_gitlab_http_status(:forbidden)
+      end
+    end
   end
 
   shared_examples 'GET /:source_type/:id/members/(all/):user_id' do |source_type, all|
diff --git a/spec/services/ci/pipeline_trigger_service_spec.rb b/spec/services/ci/pipeline_trigger_service_spec.rb
index a794dedc658..4b3e774ff3c 100644
--- a/spec/services/ci/pipeline_trigger_service_spec.rb
+++ b/spec/services/ci/pipeline_trigger_service_spec.rb
@@ -56,6 +56,15 @@ RSpec.describe Ci::PipelineTriggerService do
         end
       end
 
+      context 'when trigger owner does not have a permission to read a project' do
+        let(:params) { { token: trigger.token, ref: 'master', variables: nil } }
+        let(:trigger) { create(:ci_trigger, project: project, owner: create(:user)) }
+
+        it 'does nothing' do
+          expect { result }.not_to change { Ci::Pipeline.count }
+        end
+      end
+
       context 'when params have an existing trigger token' do
         context 'when params have an existing ref' do
           let(:params) { { token: trigger.token, ref: 'master', variables: nil } }
diff --git a/spec/support/helpers/emails_helper_test_helper.rb b/spec/support/helpers/emails_helper_test_helper.rb
new file mode 100644
index 00000000000..ea7dbc89ebd
--- /dev/null
+++ b/spec/support/helpers/emails_helper_test_helper.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module EmailsHelperTestHelper
+  def default_header_logo
+    %r{<img alt="GitLab" src="/images/mailers/gitlab_logo\.(?:gif|png)" width="\d+" height="\d+" />}
+  end
+end
+
+EmailsHelperTestHelper.prepend_mod
diff --git a/spec/support/shared_contexts/navbar_structure_context.rb b/spec/support/shared_contexts/navbar_structure_context.rb
index 50e6d4aad1b..d277a45584d 100644
--- a/spec/support/shared_contexts/navbar_structure_context.rb
+++ b/spec/support/shared_contexts/navbar_structure_context.rb
@@ -84,6 +84,7 @@ RSpec.shared_context 'project navbar structure' do
         nav_sub_items: [
           _('Metrics'),
           _('Logs'),
+          _('Tracing'),
           _('Error Tracking'),
           _('Alerts'),
           _('Incidents'),
diff --git a/spec/views/layouts/nav/sidebar/_project.html.haml_spec.rb b/spec/views/layouts/nav/sidebar/_project.html.haml_spec.rb
index 7f961b3a4e9..3943355bffd 100644
--- a/spec/views/layouts/nav/sidebar/_project.html.haml_spec.rb
+++ b/spec/views/layouts/nav/sidebar/_project.html.haml_spec.rb
@@ -437,6 +437,32 @@ RSpec.describe 'layouts/nav/sidebar/_project' do
       end
     end
 
+    describe 'Tracing' do
+      it 'has a link to the tracing page' do
+        render
+
+        expect(rendered).to have_link('Tracing', href: project_tracing_path(project))
+      end
+
+      context 'without project.tracing_external_url' do
+        it 'has a link to the tracing page' do
+          render
+
+          expect(rendered).to have_link('Tracing', href: project_tracing_path(project))
+        end
+      end
+
+      describe 'when the user does not have access' do
+        let(:user) { nil }
+
+        it 'does not have a link to the tracing page' do
+          render
+
+          expect(rendered).not_to have_text 'Tracing'
+        end
+      end
+    end
+
     describe 'Error Tracking' do
       it 'has a link to the error tracking page' do
         render
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-06-02 00:08:14 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-06-02 00:08:14 +0300
commit	e2ef50dafcf51e811123dd71179334de2ea3edf9 (patch)
tree	2aa7d999620a93d88081b40bd7b20ac127f99270 /spec
parent	68d5cc2d9d162def465657d4696eb58e9b3906a7 (diff)