5 files changed, 27 insertions, 68 deletions

diff --git a/app/services/groups/group_links/create_service.rb b/app/services/groups/group_links/create_service.rb
index 8c3ba0a63f2..56ddf3ec0b4 100644
--- a/app/services/groups/group_links/create_service.rb
+++ b/app/services/groups/group_links/create_service.rb
@@ -3,50 +3,35 @@
 module Groups
   module GroupLinks
     class CreateService < Groups::BaseService
-      def initialize(shared_group, shared_with_group, user, params)
-        @shared_group = shared_group
-        super(shared_with_group, user, params)
-      end
-
-      def execute
-        unless shared_with_group && shared_group &&
-               can?(current_user, :admin_group_member, shared_group) &&
-               can?(current_user, :read_group, shared_with_group) &&
-               sharing_allowed?
-          return error('Not Found', 404)
-        end
+      include GroupLinkable
 
-        link = GroupGroupLink.new(
-          shared_group: shared_group,
-          shared_with_group: shared_with_group,
-          group_access: params[:shared_group_access],
-          expires_at: params[:expires_at]
-        )
+      def initialize(group, shared_with_group, user, params)
+        @shared_with_group = shared_with_group
 
-        if link.save
-          shared_with_group.refresh_members_authorized_projects(blocking: false, direct_members_only: true)
-          success(link: link)
-        else
-          error(link.errors.full_messages.to_sentence, 409)
-        end
+        super(group, user, params)
       end
 
       private
 
-      attr_reader :shared_group
+      delegate :root_ancestor, to: :group
 
-      alias_method :shared_with_group, :group
-
-      def sharing_allowed?
-        sharing_outside_hierarchy_allowed? || within_hierarchy?
+      def valid_to_create?
+        can?(current_user, :admin_group_member, group) &&
+          can?(current_user, :read_group, shared_with_group) &&
+          sharing_allowed?
       end
 
-      def sharing_outside_hierarchy_allowed?
-        !shared_group.root_ancestor.namespace_settings.prevent_sharing_groups_outside_hierarchy
+      def build_link
+        @link = GroupGroupLink.new(
+          shared_group: group,
+          shared_with_group: shared_with_group,
+          group_access: params[:shared_group_access],
+          expires_at: params[:expires_at]
+        )
       end
 
-      def within_hierarchy?
-        shared_group.root_ancestor.self_and_descendants_ids.include?(shared_with_group.id)
+      def setup_authorizations
+        shared_with_group.refresh_members_authorized_projects(blocking: false, direct_members_only: true)
       end
     end
   end
diff --git a/app/services/groups/import_export/export_service.rb b/app/services/groups/import_export/export_service.rb
index ea26ebec20b..2bfd5a5ebab 100644
--- a/app/services/groups/import_export/export_service.rb
+++ b/app/services/groups/import_export/export_service.rb
@@ -78,7 +78,7 @@ module Groups
       end
 
       def ndjson?
-        ::Feature.enabled?(:group_export_ndjson, group&.parent, default_enabled: :yaml)
+        ::Feature.enabled?(:group_export_ndjson, group&.parent)
       end
 
       def version_saver
diff --git a/app/services/groups/import_export/import_service.rb b/app/services/groups/import_export/import_service.rb
index c8c2124078d..f026f1698a9 100644
--- a/app/services/groups/import_export/import_service.rb
+++ b/app/services/groups/import_export/import_service.rb
@@ -72,7 +72,7 @@ module Groups
       end
 
       def ndjson?
-        ::Feature.enabled?(:group_import_ndjson, group&.parent, default_enabled: true) &&
+        ::Feature.enabled?(:group_import_ndjson, group&.parent) &&
           File.exist?(File.join(shared.export_path, 'tree/groups/_all.ndjson'))
       end
 
diff --git a/app/services/groups/open_issues_count_service.rb b/app/services/groups/open_issues_count_service.rb
index c18d239998b..17cf3d38987 100644
--- a/app/services/groups/open_issues_count_service.rb
+++ b/app/services/groups/open_issues_count_service.rb
@@ -3,15 +3,11 @@
 module Groups
   # Service class for counting and caching the number of open issues of a group.
   class OpenIssuesCountService < Groups::CountService
-    # TOTAL_COUNT_KEY includes confidential and hidden issues (admin)
-    # TOTAL_COUNT_WITHOUT_HIDDEN_KEY includes confidential issues but not hidden issues (reporter and above)
-    # PUBLIC_COUNT_WITHOUT_HIDDEN_KEY does not include confidential or hidden issues (guest)
-    TOTAL_COUNT_KEY = 'group_open_issues_including_hidden_count'
-    TOTAL_COUNT_WITHOUT_HIDDEN_KEY = 'group_open_issues_without_hidden_count'
-    PUBLIC_COUNT_WITHOUT_HIDDEN_KEY = 'group_open_public_issues_without_hidden_count'
+    PUBLIC_COUNT_KEY = 'group_public_open_issues_count'
+    TOTAL_COUNT_KEY = 'group_total_open_issues_count'
 
     def clear_all_cache_keys
-      [cache_key(TOTAL_COUNT_KEY), cache_key(TOTAL_COUNT_WITHOUT_HIDDEN_KEY), cache_key(PUBLIC_COUNT_WITHOUT_HIDDEN_KEY)].each do |key|
+      [cache_key(PUBLIC_COUNT_KEY), cache_key(TOTAL_COUNT_KEY)].each do |key|
         Rails.cache.delete(key)
       end
     end
@@ -19,19 +15,7 @@ module Groups
     private
 
     def cache_key_name
-      if include_hidden?
-        TOTAL_COUNT_KEY
-      elsif public_only?
-        PUBLIC_COUNT_WITHOUT_HIDDEN_KEY
-      else
-        TOTAL_COUNT_WITHOUT_HIDDEN_KEY
-      end
-    end
-
-    def include_hidden?
-      strong_memoize(:user_is_admin) do
-        user&.can_admin_all_resources?
-      end
+      public_only? ? PUBLIC_COUNT_KEY : TOTAL_COUNT_KEY
     end
 
     def public_only?
@@ -51,8 +35,7 @@ module Groups
         state: 'opened',
         non_archived: true,
         include_subgroups: true,
-        public_only: public_only?,
-        include_hidden: include_hidden?
+        public_only: public_only?
       ).execute
     end
 
diff --git a/app/services/groups/transfer_service.rb b/app/services/groups/transfer_service.rb
index f2e959396bc..a0021ae2ccb 100644
--- a/app/services/groups/transfer_service.rb
+++ b/app/services/groups/transfer_service.rb
@@ -191,18 +191,9 @@ module Groups
     end
 
     def refresh_project_authorizations
-      projects_to_update = Set.new
+      project_ids = Groups::ProjectsRequiringAuthorizationsRefresh::OnTransferFinder.new(@group).execute
 
-      # All projects in this hierarchy need to have their project authorizations recalculated
-      @group.all_projects.each_batch { |prjs| projects_to_update.merge(prjs.ids) } # rubocop: disable CodeReuse/ActiveRecord
-
-      # When a group is transferred, it also affects who gets access to the projects shared to
-      # the subgroups within its hierarchy, so we also schedule jobs that refresh authorizations for all such shared projects.
-      ProjectGroupLink.in_group(@group.self_and_descendants.select(:id)).each_batch do |project_group_links|
-        projects_to_update.merge(project_group_links.pluck(:project_id)) # rubocop: disable CodeReuse/ActiveRecord
-      end
-
-      AuthorizedProjectUpdate::ProjectAccessChangedService.new(projects_to_update.to_a).execute unless projects_to_update.empty?
+      AuthorizedProjectUpdate::ProjectAccessChangedService.new(project_ids).execute
     end
 
     def raise_transfer_error(message)