From 881435f2a3eeca1b5b544ad7c7510481b1773d1b Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Thu, 19 Oct 2023 12:11:29 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 app/services/boards/lists/move_service.rb           | 7 +++++--
 app/services/packages/npm/create_package_service.rb | 8 ++++++++
 app/services/verify_pages_domain_service.rb         | 2 +-
 3 files changed, 14 insertions(+), 3 deletions(-)

(limited to 'app/services')

diff --git a/app/services/boards/lists/move_service.rb b/app/services/boards/lists/move_service.rb
index 4bb7b4dbc6d..4715f1276e3 100644
--- a/app/services/boards/lists/move_service.rb
+++ b/app/services/boards/lists/move_service.rb
@@ -22,8 +22,11 @@ module Boards
       attr_reader :board, :old_position, :new_position
 
       def valid_move?
-        new_position.present? && new_position != old_position &&
-          new_position >= 0 && new_position <= board.lists.movable.last.position
+        new_position.present? && new_position != old_position && new_position.between?(0, max_position)
+      end
+
+      def max_position
+        board.lists.movable.maximum(:position)
       end
 
       def reorder_intermediate_lists
diff --git a/app/services/packages/npm/create_package_service.rb b/app/services/packages/npm/create_package_service.rb
index d599cecc8da..0f0dc297e9a 100644
--- a/app/services/packages/npm/create_package_service.rb
+++ b/app/services/packages/npm/create_package_service.rb
@@ -12,6 +12,7 @@ module Packages
         return error('Version is empty.', 400) if version.blank?
         return error('Attachment data is empty.', 400) if attachment['data'].blank?
         return error('Package already exists.', 403) if current_package_exists?
+        return error('Package protected.', 403) if current_package_protected?
         return error('File is too large.', 400) if file_size_exceeded?
 
         package = try_obtain_lease do
@@ -56,6 +57,13 @@ module Packages
                .exists?
       end
 
+      def current_package_protected?
+        return false if Feature.disabled?(:packages_protected_packages, project)
+
+        user_project_authorization_access_level = current_user.max_member_access_for_project(project.id)
+        project.package_protection_rules.push_protected_from?(access_level: user_project_authorization_access_level, package_name: name, package_type: :npm)
+      end
+
       def name
         params[:name]
       end
diff --git a/app/services/verify_pages_domain_service.rb b/app/services/verify_pages_domain_service.rb
index 59c73aa929c..f5dfe13539b 100644
--- a/app/services/verify_pages_domain_service.rb
+++ b/app/services/verify_pages_domain_service.rb
@@ -79,7 +79,7 @@ class VerifyPagesDomainService < BaseService
 
   # A domain is only expired until `disable!` has been called
   def expired?
-    domain.enabled_until && domain.enabled_until < Time.current
+    domain.enabled_until&.past?
   end
 
   def dns_record_present?
-- 
cgit v1.2.3