Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2023-05-12 00:12:55 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2023-05-12 00:12:55 +0000
commit: 4e65fc3589914bc328539943f1164f4aff2b8d58 (patch)
tree: 0bdfcd44063ce9148fc121a2635bc05a6186f0eb /app/models
parent: 9643359dd3a54154ecf0cb8efab39599529aa90c (diff)
download: gitlab-ce-4e65fc3589914bc328539943f1164f4aff2b8d58.tar.gz
5 files changed, 73 insertions, 10 deletions
diff --git a/app/models/achievements/user_achievement.rb b/app/models/achievements/user_achievement.rb
index 844780c6164..08ebadaa6b0 100644
--- a/app/models/achievements/user_achievement.rb
+++ b/app/models/achievements/user_achievement.rb
@@ -15,6 +15,7 @@ module Achievements
       optional: true
 
     scope :not_revoked, -> { where(revoked_by_user_id: nil) }
+    scope :order_by_id_asc, -> { order(id: :asc) }
 
     def revoked?
       revoked_by_user_id.present?
diff --git a/app/models/concerns/issuable.rb b/app/models/concerns/issuable.rb
index 6594884ca0a..b1ec6b8ba32 100644
--- a/app/models/concerns/issuable.rb
+++ b/app/models/concerns/issuable.rb
@@ -174,6 +174,10 @@ module Issuable
       end
     end
 
+    def issuable_type
+      self.class.name.underscore
+    end
+
     # We want to use optimistic lock for cases when only title or description are involved
     # http://api.rubyonrails.org/classes/ActiveRecord/Locking/Optimistic.html
     def locking_enabled?
@@ -197,15 +201,15 @@ module Issuable
     end
 
     def supports_severity?
-      incident?
+      incident_type_issue?
     end
 
     def supports_escalation?
-      incident?
+      incident_type_issue?
     end
 
-    def incident?
-      is_a?(Issue) && super
+    def incident_type_issue?
+      is_a?(Issue) && work_item_type&.incident?
     end
 
     def supports_issue_type?
diff --git a/app/models/concerns/protected_ref_access.rb b/app/models/concerns/protected_ref_access.rb
index b841211c811..c1c670db543 100644
--- a/app/models/concerns/protected_ref_access.rb
+++ b/app/models/concerns/protected_ref_access.rb
@@ -6,18 +6,24 @@ module ProtectedRefAccess
   class_methods do
     def human_access_levels
       {
-        Gitlab::Access::DEVELOPER => "Developers + Maintainers",
-        Gitlab::Access::MAINTAINER => "Maintainers",
-        Gitlab::Access::NO_ACCESS => "No one"
-      }
+        Gitlab::Access::DEVELOPER => 'Developers + Maintainers',
+        Gitlab::Access::MAINTAINER => 'Maintainers',
+        Gitlab::Access::ADMIN => 'Instance admins',
+        Gitlab::Access::NO_ACCESS => 'No one'
+      }.slice(*allowed_access_levels)
     end
 
     def allowed_access_levels
-      [
-        Gitlab::Access::MAINTAINER,
+      levels = [
         Gitlab::Access::DEVELOPER,
+        Gitlab::Access::MAINTAINER,
+        Gitlab::Access::ADMIN,
         Gitlab::Access::NO_ACCESS
       ]
+
+      return levels unless Gitlab.com?
+
+      levels.excluding(Gitlab::Access::ADMIN)
     end
 
     def humanize(access_level)
@@ -47,6 +53,7 @@ module ProtectedRefAccess
 
   def check_access(current_user)
     return false if current_user.nil? || no_access?
+    return current_user.admin? if admin_access?
 
     yield if block_given?
 
@@ -55,6 +62,10 @@ module ProtectedRefAccess
 
   private
 
+  def admin_access?
+    role? && access_level == ::Gitlab::Access::ADMIN
+  end
+
   def no_access?
     role? && access_level == Gitlab::Access::NO_ACCESS
   end
diff --git a/app/models/issue.rb b/app/models/issue.rb
index 0d33c6a71aa..b7125617034 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -40,6 +40,7 @@ class Issue < ApplicationRecord
   DueNextMonthAndPreviousTwoWeeks = DueDateStruct.new('Due Next Month And Previous Two Weeks', 'next_month_and_previous_two_weeks').freeze
 
   IssueTypeOutOfSyncError = Class.new(StandardError)
+  ForbiddenColumnUsed = Class.new(StandardError)
 
   SORTING_PREFERENCE_FIELD = :issues_sort
   MAX_BRANCH_TEMPLATE = 255
@@ -139,6 +140,28 @@ class Issue < ApplicationRecord
 
   enum issue_type: WorkItems::Type.base_types
 
+  # TODO: Remove with https://gitlab.com/gitlab-org/gitlab/-/issues/402699
+  WorkItems::Type.base_types.each do |base_type, _value|
+    define_method "#{base_type}?".to_sym do
+      error_message = <<~ERROR
+        `#{base_type}?` uses the `issue_type` column underneath. As we want to remove the column,
+        its usage is forbidden. You should use the `work_item_types` table instead.
+
+        # Before
+
+        issue.requirement? => true
+
+        # After
+
+        issue.work_item_type.requirement? => true
+
+        More details in https://gitlab.com/groups/gitlab-org/-/epics/10529
+      ERROR
+
+      raise ForbiddenColumnUsed, error_message
+    end
+  end
+
   alias_method :issuing_parent, :project
   alias_attribute :issuing_parent_id, :project_id
 
diff --git a/app/models/personal_access_token.rb b/app/models/personal_access_token.rb
index 3ebb2126f4d..75afff6a2fa 100644
--- a/app/models/personal_access_token.rb
+++ b/app/models/personal_access_token.rb
@@ -15,6 +15,7 @@ class PersonalAccessToken < ApplicationRecord
 
   # PATs are 20 characters + optional configurable settings prefix (0..20)
   TOKEN_LENGTH_RANGE = (20..40).freeze
+  MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS = 365
 
   serialize :scopes, Array # rubocop:disable Cop/ActiveRecordSerialize
 
@@ -48,6 +49,7 @@ class PersonalAccessToken < ApplicationRecord
 
   validates :scopes, presence: true
   validate :validate_scopes
+  validate :expires_at_before_instance_max_expiry_date, on: :create
 
   def revoke!
     update!(revoked: true)
@@ -57,6 +59,19 @@ class PersonalAccessToken < ApplicationRecord
     !revoked? && !expired?
   end
 
+  # fall back to default value until background migration has updated all
+  # existing PATs and we can add a validation
+  # https://gitlab.com/gitlab-org/gitlab/-/issues/369123
+  def expires_at=(value)
+    datetime = if Feature.enabled?(:default_pat_expiration)
+                 value.presence || MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now
+               else
+                 value
+               end
+
+    super(datetime)
+  end
+
   override :simple_sorts
   def self.simple_sorts
     super.merge(
@@ -108,6 +123,15 @@ class PersonalAccessToken < ApplicationRecord
   def prefix_from_application_current_settings
     self.class.token_prefix
   end
+
+  def expires_at_before_instance_max_expiry_date
+    return unless Feature.enabled?(:default_pat_expiration)
+    return unless expires_at
+
+    if expires_at > MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now
+      errors.add(:expires_at, _('must expire in 365 days'))
+    end
+  end
 end
 
 PersonalAccessToken.prepend_mod_with('PersonalAccessToken')
author	GitLab Bot <gitlab-bot@gitlab.com>	2023-05-12 00:12:55 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2023-05-12 00:12:55 +0000
commit	4e65fc3589914bc328539943f1164f4aff2b8d58 (patch)
tree	0bdfcd44063ce9148fc121a2635bc05a6186f0eb /app/models
parent	9643359dd3a54154ecf0cb8efab39599529aa90c (diff)
download	gitlab-ce-4e65fc3589914bc328539943f1164f4aff2b8d58.tar.gz