From 26c3184b621c4349997b1fade462c3fb480ad976 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 15 Sep 2021 03:11:01 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 qa/qa/flow/login.rb         | 18 ++++++++++++------
 qa/qa/page/main/login.rb    |  2 +-
 qa/qa/resource/user.rb      |  3 ++-
 qa/qa/runtime/api/client.rb | 28 ++++++++++++++++++++--------
 qa/qa/runtime/user.rb       |  2 +-
 5 files changed, 36 insertions(+), 17 deletions(-)

(limited to 'qa')

diff --git a/qa/qa/flow/login.rb b/qa/qa/flow/login.rb
index d23d8eaf097..05a509588f1 100644
--- a/qa/qa/flow/login.rb
+++ b/qa/qa/flow/login.rb
@@ -5,10 +5,10 @@ module QA
     module Login
       module_function
 
-      def while_signed_in(as: nil, address: :gitlab)
+      def while_signed_in(as: nil, address: :gitlab, admin: false)
         Page::Main::Menu.perform(&:sign_out_if_signed_in)
 
-        sign_in(as: as, address: address)
+        sign_in(as: as, address: address, admin: admin)
 
         result = yield
 
@@ -17,19 +17,25 @@ module QA
       end
 
       def while_signed_in_as_admin(address: :gitlab)
-        while_signed_in(as: Runtime::User.admin, address: address) do
+        while_signed_in(address: address, admin: true) do
           yield
         end
       end
 
-      def sign_in(as: nil, address: :gitlab, skip_page_validation: false)
+      def sign_in(as: nil, address: :gitlab, skip_page_validation: false, admin: false)
         Page::Main::Menu.perform(&:sign_out) if Page::Main::Menu.perform(&:signed_in?)
         Runtime::Browser.visit(address, Page::Main::Login)
-        Page::Main::Login.perform { |login| login.sign_in_using_credentials(user: as, skip_page_validation: skip_page_validation) }
+        Page::Main::Login.perform do |login|
+          if admin
+            login.sign_in_using_admin_credentials
+          else
+            login.sign_in_using_credentials(user: as, skip_page_validation: skip_page_validation)
+          end
+        end
       end
 
       def sign_in_as_admin(address: :gitlab)
-        sign_in(as: Runtime::User.admin, address: address)
+        sign_in(as: Runtime::User.admin, address: address, admin: true)
       end
 
       def sign_in_unless_signed_in(as: nil, address: :gitlab)
diff --git a/qa/qa/page/main/login.rb b/qa/qa/page/main/login.rb
index 2c7ce69e4e5..c3170478733 100644
--- a/qa/qa/page/main/login.rb
+++ b/qa/qa/page/main/login.rb
@@ -53,7 +53,7 @@ module QA
             set_initial_password_if_present
 
             if Runtime::User.ldap_user? && user && user.username != Runtime::User.ldap_username
-              raise 'If an LDAP user is provided, it must be used for sign-in', QA::Resource::User::InvalidUserError
+              raise QA::Resource::User::InvalidUserError, 'If an LDAP user is provided, it must be used for sign-in'
             end
 
             if Runtime::User.ldap_user?
diff --git a/qa/qa/resource/user.rb b/qa/qa/resource/user.rb
index 01de1a73422..811ce5e0505 100644
--- a/qa/qa/resource/user.rb
+++ b/qa/qa/resource/user.rb
@@ -187,7 +187,8 @@ module QA
       end
 
       def fetching_own_data?
-        api_user&.username == username || Runtime::User.username == username
+        runtime_username = Runtime::User.ldap_user? ? Runtime::User.ldap_username : Runtime::User.username
+        api_user&.username == username || runtime_username == username
       end
     end
   end
diff --git a/qa/qa/runtime/api/client.rb b/qa/qa/runtime/api/client.rb
index 4126ff9ff5a..8a5e22fbc37 100644
--- a/qa/qa/runtime/api/client.rb
+++ b/qa/qa/runtime/api/client.rb
@@ -36,16 +36,28 @@ module QA
             if Runtime::Env.admin_personal_access_token
               Runtime::API::Client.new(:gitlab, personal_access_token: Runtime::Env.admin_personal_access_token)
             else
-              user = Resource::User.fabricate_via_api! do |user|
-                user.username = Runtime::User.admin_username
-                user.password = Runtime::User.admin_password
+              # To return an API client that has admin access, we need a user with admin access to confirm that
+              # the API client user has admin access.
+              client = nil
+              Flow::Login.while_signed_in_as_admin do
+                admin_token = Resource::PersonalAccessToken.fabricate! do |pat|
+                  pat.user = Runtime::User.admin
+                end.token
+
+                client = Runtime::API::Client.new(:gitlab, personal_access_token: admin_token)
+
+                user = QA::Resource::User.init do |user|
+                  user.username = QA::Runtime::User.admin_username
+                  user.password = QA::Runtime::User.admin_password
+                  user.api_client = client
+                end.reload!
+
+                unless user.admin? # rubocop: disable Cop/UserAdmin
+                  raise AuthorizationError, "User '#{user.username}' is not an administrator."
+                end
               end
 
-              unless user.admin?
-                raise AuthorizationError, "User '#{user.username}' is not an administrator."
-              end
-
-              Runtime::API::Client.new(:gitlab, user: user)
+              client
             end
           end
         end
diff --git a/qa/qa/runtime/user.rb b/qa/qa/runtime/user.rb
index a836206034d..0af42470a7c 100644
--- a/qa/qa/runtime/user.rb
+++ b/qa/qa/runtime/user.rb
@@ -34,7 +34,7 @@ module QA
       end
 
       def ldap_user?
-        Runtime::Env.ldap_username && Runtime::Env.ldap_password
+        Runtime::Env.ldap_username.present? && Runtime::Env.ldap_password.present?
       end
 
       def ldap_username
-- 
cgit v1.2.3