11 files changed, 249 insertions, 5 deletions

diff --git a/spec/bin/changelog_spec.rb b/spec/bin/changelog_spec.rb
new file mode 100644
index 00000000000..8c8bc1b0f1c
--- /dev/null
+++ b/spec/bin/changelog_spec.rb
@@ -0,0 +1,77 @@
+require 'spec_helper'
+
+load File.expand_path('../../bin/changelog', __dir__)
+
+describe 'bin/changelog' do
+  describe ChangelogOptionParser do
+    it 'parses --ammend' do
+      options = described_class.parse(%w[foo bar --amend])
+
+      expect(options.amend).to eq true
+    end
+
+    it 'parses --force' do
+      options = described_class.parse(%w[foo --force bar])
+
+      expect(options.force).to eq true
+    end
+
+    it 'parses -f' do
+      options = described_class.parse(%w[foo -f bar])
+
+      expect(options.force).to eq true
+    end
+
+    it 'parses --merge-request' do
+      options = described_class.parse(%w[foo --merge-request 1234 bar])
+
+      expect(options.merge_request).to eq 1234
+    end
+
+    it 'parses -m' do
+      options = described_class.parse(%w[foo -m 4321 bar])
+
+      expect(options.merge_request).to eq 4321
+    end
+
+    it 'parses --dry-run' do
+      options = described_class.parse(%w[foo --dry-run bar])
+
+      expect(options.dry_run).to eq true
+    end
+
+    it 'parses -n' do
+      options = described_class.parse(%w[foo -n bar])
+
+      expect(options.dry_run).to eq true
+    end
+
+    it 'parses --git-username' do
+      allow(described_class).to receive(:git_user_name).and_return('Jane Doe')
+      options = described_class.parse(%w[foo --git-username bar])
+
+      expect(options.author).to eq 'Jane Doe'
+    end
+
+    it 'parses -u' do
+      allow(described_class).to receive(:git_user_name).and_return('John Smith')
+      options = described_class.parse(%w[foo -u bar])
+
+      expect(options.author).to eq 'John Smith'
+    end
+
+    it 'parses -h' do
+      expect do
+        $stdout = StringIO.new
+
+        described_class.parse(%w[foo -h bar])
+      end.to raise_error(SystemExit)
+    end
+
+    it 'assigns title' do
+      options = described_class.parse(%W[foo -m 1 bar\n -u baz\r\n --amend])
+
+      expect(options.title).to eq 'foo bar baz'
+    end
+  end
+end
diff --git a/spec/features/issues/filter_by_milestone_spec.rb b/spec/features/issues/filter_by_milestone_spec.rb
index 88e1549a22b..9dfa5d1de19 100644
--- a/spec/features/issues/filter_by_milestone_spec.rb
+++ b/spec/features/issues/filter_by_milestone_spec.rb
@@ -11,6 +11,7 @@ feature 'Issue filtering by Milestone', feature: true do
     visit_issues(project)
     filter_by_milestone(Milestone::None.title)
 
+    expect(page).to have_css('.milestone-filter .dropdown-toggle-text', text: 'No Milestone')
     expect(page).to have_css('.issue', count: 1)
   end
 
@@ -22,6 +23,7 @@ feature 'Issue filtering by Milestone', feature: true do
       visit_issues(project)
       filter_by_milestone(Milestone::Upcoming.title)
 
+      expect(page).to have_css('.milestone-filter .dropdown-toggle-text', text: 'Upcoming')
       expect(page).to have_css('.issue', count: 0)
     end
 
@@ -33,6 +35,7 @@ feature 'Issue filtering by Milestone', feature: true do
       visit_issues(project)
       filter_by_milestone(Milestone::Upcoming.title)
 
+      expect(page).to have_css('.milestone-filter .dropdown-toggle-text', text: 'Upcoming')
       expect(page).to have_css('.issue', count: 1)
     end
 
@@ -44,6 +47,7 @@ feature 'Issue filtering by Milestone', feature: true do
       visit_issues(project)
       filter_by_milestone(Milestone::Upcoming.title)
 
+      expect(page).to have_css('.milestone-filter .dropdown-toggle-text', text: 'Upcoming')
       expect(page).to have_css('.issue', count: 0)
     end
   end
@@ -55,6 +59,7 @@ feature 'Issue filtering by Milestone', feature: true do
     visit_issues(project)
     filter_by_milestone(milestone.title)
 
+    expect(page).to have_css('.milestone-filter .dropdown-toggle-text', text: milestone.title)
     expect(page).to have_css('.issue', count: 1)
   end
 
@@ -70,6 +75,7 @@ feature 'Issue filtering by Milestone', feature: true do
       visit_issues(project)
       filter_by_milestone(milestone.title)
 
+      expect(page).to have_css('.milestone-filter .dropdown-toggle-text', text: milestone.title)
       expect(page).to have_css('.issue', count: 1)
     end
   end
diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb
index a5aa387f4f7..62aa212f1f6 100644
--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
@@ -122,6 +122,14 @@ describe Gitlab::GitAccess, lib: true do
     describe 'build authentication_abilities permissions' do
       let(:authentication_abilities) { build_authentication_abilities }
 
+      describe 'owner' do
+        let(:project) { create(:project, namespace: user.namespace) }
+
+        context 'pull code' do
+          it { expect(subject).to be_allowed }
+        end
+      end
+
       describe 'reporter user' do
         before { project.team << [user, :reporter] }
 
diff --git a/spec/models/project_services/jira_service_spec.rb b/spec/models/project_services/jira_service_spec.rb
index a9f637147d1..a3e9adae4e2 100644
--- a/spec/models/project_services/jira_service_spec.rb
+++ b/spec/models/project_services/jira_service_spec.rb
@@ -1,4 +1,5 @@
 require 'spec_helper'
+include Gitlab::Routing.url_helpers
 
 describe JiraService, models: true do
   describe "Associations" do
@@ -66,6 +67,27 @@ describe JiraService, models: true do
       ).once
     end
 
+    it "references the GitLab commit/merge request" do
+      @jira_service.execute(merge_request, ExternalIssue.new("JIRA-123", project))
+
+      expect(WebMock).to have_requested(:post, @comment_url).with(
+        body: /#{Gitlab.config.gitlab.url}\/#{project.path_with_namespace}\/commit\/#{merge_request.diff_head_sha}/
+      ).once
+    end
+
+    it "references the GitLab commit/merge request (relative URL)" do
+      stub_config_setting(relative_url_root: '/gitlab')
+      stub_config_setting(url: Settings.send(:build_gitlab_url))
+
+      Project.default_url_options[:script_name] = "/gitlab"
+
+      @jira_service.execute(merge_request, ExternalIssue.new("JIRA-123", project))
+
+      expect(WebMock).to have_requested(:post, @comment_url).with(
+        body: /#{Gitlab.config.gitlab.url}\/#{project.path_with_namespace}\/commit\/#{merge_request.diff_head_sha}/
+      ).once
+    end
+
     it "calls the api with jira_issue_transition_id" do
       @jira_service.jira_issue_transition_id = 'this-is-a-custom-id'
       @jira_service.execute(merge_request, ExternalIssue.new("JIRA-123", project))
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index 658e3c13a73..96249a7d8c3 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -6,6 +6,7 @@ describe ProjectPolicy, models: true do
   let(:dev) { create(:user) }
   let(:master) { create(:user) }
   let(:owner) { create(:user) }
+  let(:admin) { create(:admin) }
   let(:project) { create(:empty_project, :public, namespace: owner.namespace) }
 
   let(:guest_permissions) do
@@ -155,6 +156,19 @@ describe ProjectPolicy, models: true do
       it do
         is_expected.to include(*guest_permissions)
         is_expected.to include(*reporter_permissions)
+        is_expected.to include(*team_member_reporter_permissions)
+        is_expected.to include(*developer_permissions)
+        is_expected.to include(*master_permissions)
+        is_expected.to include(*owner_permissions)
+      end
+    end
+
+    context 'admin' do
+      let(:current_user) { admin }
+
+      it do
+        is_expected.to include(*guest_permissions)
+        is_expected.to include(*reporter_permissions)
         is_expected.not_to include(*team_member_reporter_permissions)
         is_expected.to include(*developer_permissions)
         is_expected.to include(*master_permissions)
diff --git a/spec/rake_helper.rb b/spec/rake_helper.rb
new file mode 100644
index 00000000000..9b5b4bf9fea
--- /dev/null
+++ b/spec/rake_helper.rb
@@ -0,0 +1,19 @@
+require 'spec_helper'
+require 'rake'
+
+RSpec.configure do |config|
+  config.include RakeHelpers
+
+  # Redirect stdout so specs don't have so much noise
+  config.before(:all) do
+    $stdout = StringIO.new
+
+    Rake.application.rake_require 'tasks/gitlab/task_helpers'
+    Rake::Task.define_task :environment
+  end
+
+  # Reset stdout
+  config.after(:all) do
+    $stdout = STDOUT
+  end
+end
diff --git a/spec/requests/api/project_hooks_spec.rb b/spec/requests/api/project_hooks_spec.rb
index cfcdcad74cd..5f39329a1b8 100644
--- a/spec/requests/api/project_hooks_spec.rb
+++ b/spec/requests/api/project_hooks_spec.rb
@@ -88,6 +88,7 @@ describe API::API, 'ProjectHooks', api: true do
       expect do
         post api("/projects/#{project.id}/hooks", user), url: "http://example.com", issues_events: true
       end.to change {project.hooks.count}.by(1)
+
       expect(response).to have_http_status(201)
       expect(json_response['url']).to eq('http://example.com')
       expect(json_response['issues_events']).to eq(true)
@@ -99,6 +100,24 @@ describe API::API, 'ProjectHooks', api: true do
       expect(json_response['pipeline_events']).to eq(false)
       expect(json_response['wiki_page_events']).to eq(false)
       expect(json_response['enable_ssl_verification']).to eq(true)
+      expect(json_response).not_to include('token')
+    end
+
+    it "adds the token without including it in the response" do
+      token = "secret token"
+
+      expect do
+        post api("/projects/#{project.id}/hooks", user), url: "http://example.com", token: token
+      end.to change {project.hooks.count}.by(1)
+
+      expect(response).to have_http_status(201)
+      expect(json_response["url"]).to eq("http://example.com")
+      expect(json_response).not_to include("token")
+
+      hook = project.hooks.find(json_response["id"])
+
+      expect(hook.url).to eq("http://example.com")
+      expect(hook.token).to eq(token)
     end
 
     it "returns a 400 error if url not given" do
@@ -129,6 +148,19 @@ describe API::API, 'ProjectHooks', api: true do
       expect(json_response['enable_ssl_verification']).to eq(hook.enable_ssl_verification)
     end
 
+    it "adds the token without including it in the response" do
+      token = "secret token"
+
+      put api("/projects/#{project.id}/hooks/#{hook.id}", user), url: "http://example.org", token: token
+
+      expect(response).to have_http_status(200)
+      expect(json_response["url"]).to eq("http://example.org")
+      expect(json_response).not_to include("token")
+
+      expect(hook.reload.url).to eq("http://example.org")
+      expect(hook.reload.token).to eq(token)
+    end
+
     it "returns 404 error if hook id not found" do
       put api("/projects/#{project.id}/hooks/1234", user), url: 'http://example.org'
       expect(response).to have_http_status(404)
diff --git a/spec/requests/lfs_http_spec.rb b/spec/requests/lfs_http_spec.rb
index dbdf83a0dff..9bfc84c7425 100644
--- a/spec/requests/lfs_http_spec.rb
+++ b/spec/requests/lfs_http_spec.rb
@@ -284,7 +284,17 @@ describe 'Git LFS API and storage' do
           let(:authorization) { authorize_ci_project }
 
           shared_examples 'can download LFS only from own projects' do
-            context 'for own project' do
+            context 'for owned project' do
+              let(:project) { create(:empty_project, namespace: user.namespace) }
+
+              let(:update_permissions) do
+                project.lfs_objects << lfs_object
+              end
+
+              it_behaves_like 'responds with a file'
+            end
+
+            context 'for member of project' do
               let(:pipeline) { create(:ci_empty_pipeline, project: project) }
 
               let(:update_permissions) do
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb
index c64df4979b0..bb26513103d 100644
--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -245,6 +245,12 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
 
             it_behaves_like 'a pullable'
           end
+
+          context 'when you are owner' do
+            let(:project) { create(:empty_project, namespace: current_user.namespace) }
+
+            it_behaves_like 'a pullable'
+          end
         end
 
         context 'for private' do
@@ -266,6 +272,12 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
 
               it_behaves_like 'a pullable'
             end
+
+            context 'when you are owner' do
+              let(:project) { create(:empty_project, namespace: current_user.namespace) }
+
+              it_behaves_like 'a pullable'
+            end
           end
         end
       end
@@ -276,13 +288,21 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
         end
 
         context 'disallow for all' do
-          let(:project) { create(:empty_project, :public) }
+          context 'when you are member' do
+            let(:project) { create(:empty_project, :public) }
 
-          before do
-            project.team << [current_user, :developer]
+            before do
+              project.team << [current_user, :developer]
+            end
+
+            it_behaves_like 'an inaccessible'
           end
 
-          it_behaves_like 'an inaccessible'
+          context 'when you are owner' do
+            let(:project) { create(:empty_project, :public, namespace: current_user.namespace) }
+
+            it_behaves_like 'an inaccessible'
+          end
         end
       end
     end
diff --git a/spec/support/rake_helpers.rb b/spec/support/rake_helpers.rb
new file mode 100644
index 00000000000..52d80c69835
--- /dev/null
+++ b/spec/support/rake_helpers.rb
@@ -0,0 +1,10 @@
+module RakeHelpers
+  def run_rake_task(task_name)
+    Rake::Task[task_name].reenable
+    Rake.application.invoke_task task_name
+  end
+
+  def stub_warn_user_is_not_gitlab
+    allow_any_instance_of(Object).to receive(:warn_user_is_not_gitlab)
+  end
+end
diff --git a/spec/tasks/gitlab/shell_rake_spec.rb b/spec/tasks/gitlab/shell_rake_spec.rb
new file mode 100644
index 00000000000..226d34fe2c9
--- /dev/null
+++ b/spec/tasks/gitlab/shell_rake_spec.rb
@@ -0,0 +1,26 @@
+require 'rake_helper'
+
+describe 'gitlab:shell rake tasks' do
+  before do
+    Rake.application.rake_require 'tasks/gitlab/shell'
+
+    stub_warn_user_is_not_gitlab
+  end
+
+  describe 'install task' do
+    it 'invokes create_hooks task' do
+      expect(Rake::Task['gitlab:shell:create_hooks']).to receive(:invoke)
+
+      run_rake_task('gitlab:shell:install')
+    end
+  end
+
+  describe 'create_hooks task' do
+    it 'calls gitlab-shell bin/create_hooks' do
+      expect_any_instance_of(Object).to receive(:system)
+        .with("#{Gitlab.config.gitlab_shell.path}/bin/create-hooks", *repository_storage_paths_args)
+
+      run_rake_task('gitlab:shell:create_hooks')
+    end
+  end
+end