Add latest changes from gitlab-org/gitlab@master

8 files changed, 256 insertions, 4 deletions

diff --git a/spec/features/merge_request/batch_comments_spec.rb b/spec/features/merge_request/batch_comments_spec.rb
index a5094be2bcf..1fcb40df491 100644
--- a/spec/features/merge_request/batch_comments_spec.rb
+++ b/spec/features/merge_request/batch_comments_spec.rb
@@ -24,7 +24,7 @@ RSpec.describe 'Merge request > Batch comments', :js do
     end
 
     it 'has review bar' do
-      expect(page).to have_css('.review-bar-component', visible: false)
+      expect(page).to have_selector('[data-testid="review_bar_component"]', visible: false)
     end
 
     it 'adds draft note' do
@@ -32,7 +32,7 @@ RSpec.describe 'Merge request > Batch comments', :js do
 
       expect(find('.draft-note-component')).to have_content('Line is wrong')
 
-      expect(page).to have_css('.review-bar-component')
+      expect(page).to have_selector('[data-testid="review_bar_component"]')
 
       expect(find('.review-bar-content .btn-confirm')).to have_content('1')
     end
diff --git a/spec/finders/merge_requests_finder_spec.rb b/spec/finders/merge_requests_finder_spec.rb
index 3b835d366db..c2ea918449c 100644
--- a/spec/finders/merge_requests_finder_spec.rb
+++ b/spec/finders/merge_requests_finder_spec.rb
@@ -520,6 +520,44 @@ RSpec.describe MergeRequestsFinder do
         end
       end
 
+      context 'filtering by approved by' do
+        let(:params) { { approved_by_usernames: user2.username } }
+
+        before do
+          create(:approval, merge_request: merge_request3, user: user2)
+        end
+
+        it 'returns merge requests approved by that user' do
+          merge_requests = described_class.new(user, params).execute
+
+          expect(merge_requests).to contain_exactly(merge_request3)
+        end
+
+        context 'not filter' do
+          let(:params) { { not: { approved_by_usernames: user2.username } } }
+
+          it 'returns merge requests not approved by that user' do
+            merge_requests = described_class.new(user, params).execute
+
+            expect(merge_requests).to contain_exactly(merge_request1, merge_request2, merge_request4, merge_request5)
+          end
+        end
+
+        context 'when filtering by author and not approved by' do
+          let(:params) { { not: { approved_by_usernames: user2.username }, author_username: user.username } }
+
+          before do
+            merge_request4.update!(author: user2)
+          end
+
+          it 'returns merge requests authored by user and not approved by user2' do
+            merge_requests = described_class.new(user, params).execute
+
+            expect(merge_requests).to contain_exactly(merge_request1, merge_request2, merge_request5)
+          end
+        end
+      end
+
       context 'filtering by created_at/updated_at' do
         let(:new_project) { create(:project, forked_from_project: project1) }
 
diff --git a/spec/models/concerns/approvable_base_spec.rb b/spec/models/concerns/approvable_base_spec.rb
index a9e944cf220..c7ea2631a24 100644
--- a/spec/models/concerns/approvable_base_spec.rb
+++ b/spec/models/concerns/approvable_base_spec.rb
@@ -59,4 +59,25 @@ RSpec.describe ApprovableBase do
       end
     end
   end
+
+  describe '.not_approved_by_users_with_usernames' do
+    subject { MergeRequest.not_approved_by_users_with_usernames([user.username, user2.username]) }
+
+    let!(:merge_request2) { create(:merge_request) }
+    let!(:merge_request3) { create(:merge_request) }
+    let!(:merge_request4) { create(:merge_request) }
+    let(:user2) { create(:user) }
+    let(:user3) { create(:user) }
+
+    before do
+      create(:approval, merge_request: merge_request, user: user)
+      create(:approval, merge_request: merge_request2, user: user2)
+      create(:approval, merge_request: merge_request2, user: user3)
+      create(:approval, merge_request: merge_request4, user: user3)
+    end
+
+    it 'has the merge request that is not approved at all and not approved by either user' do
+      expect(subject).to contain_exactly(merge_request3, merge_request4)
+    end
+  end
 end
diff --git a/spec/models/plan_limits_spec.rb b/spec/models/plan_limits_spec.rb
index 9078d72e044..72fda2280e5 100644
--- a/spec/models/plan_limits_spec.rb
+++ b/spec/models/plan_limits_spec.rb
@@ -185,7 +185,7 @@ RSpec.describe PlanLimits do
         ci_max_artifact_size_junit
         ci_max_artifact_size_sast
         ci_max_artifact_size_dast
-        ci_max_artifact_size_running_container_scanning
+        ci_max_artifact_size_cluster_image_scanning
         ci_max_artifact_size_codequality
         ci_max_artifact_size_license_management
         ci_max_artifact_size_performance
diff --git a/spec/services/projects/protect_default_branch_service_spec.rb b/spec/services/projects/protect_default_branch_service_spec.rb
index a485a64ca35..c8aa421cdd4 100644
--- a/spec/services/projects/protect_default_branch_service_spec.rb
+++ b/spec/services/projects/protect_default_branch_service_spec.rb
@@ -99,6 +99,53 @@ RSpec.describe Projects::ProtectDefaultBranchService do
           .not_to have_received(:create_protected_branch)
       end
     end
+
+    context 'when protected branch does not exist' do
+      before do
+        allow(service)
+          .to receive(:protected_branch_exists?)
+                .and_return(false)
+        allow(service)
+          .to receive(:protect_branch?)
+                .and_return(true)
+      end
+
+      it 'changes the HEAD of the project' do
+        service.protect_default_branch
+
+        expect(project)
+          .to have_received(:change_head)
+      end
+
+      it 'protects the default branch' do
+        service.protect_default_branch
+
+        expect(service)
+          .to have_received(:create_protected_branch)
+      end
+    end
+
+    context 'when protected branch already exists' do
+      before do
+        allow(service)
+          .to receive(:protected_branch_exists?)
+                .and_return(true)
+      end
+
+      it 'changes the HEAD of the project' do
+        service.protect_default_branch
+
+        expect(project)
+          .to have_received(:change_head)
+      end
+
+      it 'does not protect the default branch' do
+        service.protect_default_branch
+
+        expect(service)
+          .not_to have_received(:create_protected_branch)
+      end
+    end
   end
 
   describe '#create_protected_branch' do
diff --git a/spec/views/groups/_home_panel.html.haml_spec.rb b/spec/views/groups/_home_panel.html.haml_spec.rb
index b8168b20450..e76862cdaea 100644
--- a/spec/views/groups/_home_panel.html.haml_spec.rb
+++ b/spec/views/groups/_home_panel.html.haml_spec.rb
@@ -14,4 +14,30 @@ RSpec.describe 'groups/_home_panel' do
 
     expect(rendered).to have_content("Group ID: #{group.id}")
   end
+
+  context 'admin area link' do
+    it 'renders admin area link for admin' do
+      allow(view).to receive(:current_user).and_return(create(:admin))
+
+      render
+
+      expect(rendered).to have_link(href: admin_group_path(group))
+    end
+
+    it 'does not render admin area link for non-admin' do
+      allow(view).to receive(:current_user).and_return(create(:user))
+
+      render
+
+      expect(rendered).not_to have_link(href: admin_group_path(group))
+    end
+
+    it 'does not render admin area link for anonymous' do
+      allow(view).to receive(:current_user).and_return(nil)
+
+      render
+
+      expect(rendered).not_to have_link(href: admin_group_path(group))
+    end
+  end
 end
diff --git a/spec/views/projects/_home_panel.html.haml_spec.rb b/spec/views/projects/_home_panel.html.haml_spec.rb
index d329c57af00..78131937d3c 100644
--- a/spec/views/projects/_home_panel.html.haml_spec.rb
+++ b/spec/views/projects/_home_panel.html.haml_spec.rb
@@ -5,6 +5,38 @@ require 'spec_helper'
 RSpec.describe 'projects/_home_panel' do
   include ProjectForksHelper
 
+  context 'admin area link' do
+    let(:project) { create(:project) }
+
+    before do
+      assign(:project, project)
+    end
+
+    it 'renders admin area link for admin' do
+      allow(view).to receive(:current_user).and_return(create(:admin))
+
+      render
+
+      expect(rendered).to have_link(href: admin_project_path(project))
+    end
+
+    it 'does not render admin area link for non-admin' do
+      allow(view).to receive(:current_user).and_return(create(:user))
+
+      render
+
+      expect(rendered).not_to have_link(href: admin_project_path(project))
+    end
+
+    it 'does not render admin area link for anonymous' do
+      allow(view).to receive(:current_user).and_return(nil)
+
+      render
+
+      expect(rendered).not_to have_link(href: admin_project_path(project))
+    end
+  end
+
   context 'notifications' do
     let(:project) { create(:project) }
 
diff --git a/spec/workers/authorized_project_update/user_refresh_from_replica_worker_spec.rb b/spec/workers/authorized_project_update/user_refresh_from_replica_worker_spec.rb
index cdf2cb493b0..198a16bc22e 100644
--- a/spec/workers/authorized_project_update/user_refresh_from_replica_worker_spec.rb
+++ b/spec/workers/authorized_project_update/user_refresh_from_replica_worker_spec.rb
@@ -3,9 +3,97 @@
 require 'spec_helper'
 
 RSpec.describe AuthorizedProjectUpdate::UserRefreshFromReplicaWorker do
+  let_it_be(:project) { create(:project) }
+  let_it_be(:user) { project.namespace.owner }
+
+  let(:execute_worker) { subject.perform(user.id) }
+
   it 'is labeled as low urgency' do
     expect(described_class.get_urgency).to eq(:low)
   end
 
-  it_behaves_like "refreshes user's project authorizations"
+  it_behaves_like 'worker with data consistency',
+                  described_class,
+                  data_consistency: :delayed
+
+  describe '#perform' do
+    it 'checks if a project_authorization refresh is needed for the user' do
+      expect(AuthorizedProjectUpdate::FindRecordsDueForRefreshService).to(
+        receive(:new).with(user).and_call_original)
+
+      execute_worker
+    end
+
+    context 'when there are project authorization records due for either removal or addition for a specific user' do
+      before do
+        user.project_authorizations.delete_all
+      end
+
+      it 'enqueues a new project authorization update job for the user' do
+        expect(AuthorizedProjectUpdate::UserRefreshWithLowUrgencyWorker).to receive(:perform_async).with(user.id)
+
+        execute_worker
+      end
+
+      context 'setting `meta.caller_id` as `meta.related_class` in the context of the newly enqueued `UserRefreshWithLowUrgencyWorker` job' do
+        context 'when the `UserRefreshFromReplicaWorker` job has a `caller_id` set' do
+          it 'sets the same `caller_id` as `related_class`' do
+            expect(AuthorizedProjectUpdate::UserRefreshWithLowUrgencyWorker).to receive(:perform_async).with(user.id) do
+              expect(Gitlab::ApplicationContext.current).to include('meta.related_class' => 'Foo')
+            end
+
+            Gitlab::ApplicationContext.with_context(caller_id: 'Foo') do
+              execute_worker
+            end
+          end
+        end
+
+        context 'when the `UserRefreshFromReplicaWorker` job does not have a `caller_id` set' do
+          it 'does not set the value of `related_class`' do
+            expect(AuthorizedProjectUpdate::UserRefreshWithLowUrgencyWorker).to receive(:perform_async).with(user.id) do
+              expect(Gitlab::ApplicationContext.current).not_to include('meta.related_class')
+            end
+
+            execute_worker
+          end
+        end
+      end
+    end
+
+    context 'when there are no additions or removals to be made to project authorizations for a specific user' do
+      it 'does not enqueue a new project authorization update job for the user' do
+        expect(AuthorizedProjectUpdate::UserRefreshWithLowUrgencyWorker).not_to receive(:perform_async)
+
+        execute_worker
+      end
+    end
+
+    context 'when the feature flag `user_refresh_from_replica_worker_uses_replica_db` is disabled' do
+      before do
+        stub_feature_flags(user_refresh_from_replica_worker_uses_replica_db: false)
+      end
+
+      context 'when load balancing is enabled' do
+        before do
+          allow(Gitlab::Database::LoadBalancing).to receive(:enable?).and_return(true)
+        end
+
+        it 'reads from the primary database' do
+          expect(Gitlab::Database::LoadBalancing::Session.current)
+            .to receive(:use_primary!)
+
+          execute_worker
+        end
+      end
+
+      it 'calls Users::RefreshAuthorizedProjectsService' do
+        source = 'AuthorizedProjectUpdate::UserRefreshFromReplicaWorker'
+        expect_next_instance_of(Users::RefreshAuthorizedProjectsService, user, { source: source }) do |service|
+          expect(service).to receive(:execute)
+        end
+
+        execute_worker
+      end
+    end
+  end
 end