Add latest changes from gitlab-org/gitlab@master

2020-02-03 00:09:03 +00:00 · 2020-02-03 00:09:03 +00:00 · a2a712139f
parent edfec24c1d
commit a2a712139f
9 changed files with 72 additions and 25 deletions
--- a/app/models/group_group_link.rb
+++ b/app/models/group_group_link.rb
@ -10,11 +10,11 @@ class GroupGroupLink < ApplicationRecord
  validates :shared_group_id, uniqueness: { scope: [:shared_with_group_id],
                                            message: _('The group has already been shared with this group') }
  validates :shared_with_group, presence: true
-  validates :group_access, inclusion: { in: Gitlab::Access.values },
+  validates :group_access, inclusion: { in: Gitlab::Access.all_values },
                           presence: true

  def self.access_options
-    Gitlab::Access.options
+    Gitlab::Access.options_with_owner
  end

  def self.default_access
--- a/app/views/shared/members/_group.html.haml
+++ b/app/views/shared/members/_group.html.haml
@ -31,7 +31,7 @@
          = dropdown_title(_("Change permissions"))
          .dropdown-content
            %ul
-              - Gitlab::Access.options.each do |role, role_id|
+              - Gitlab::Access.options_with_owner.each do |role, role_id|
                %li
                  = link_to role, '#',
                    class: ("is-active" if group_link.group_access == role_id),
--- a/changelogs/unreleased/198480-share_groups_with_groups_fix_owner_access.yml
+++ b/changelogs/unreleased/198480-share_groups_with_groups_fix_owner_access.yml
@ -0,0 +1,5 @@
+---
+title: Allow Owner access level for sharing groups with groups
+merge_request: 23868
+author:
+type: fixed
--- a/changelogs/unreleased/rubyzip-qa-update.yml
+++ b/changelogs/unreleased/rubyzip-qa-update.yml
@ -0,0 +1,5 @@
+---
+title: Update rubyzip gem in qa tests to 1.3.0 to fix CVE-2019-16892
+merge_request: 24119
+author:
+type: security
--- a/doc/user/admin_area/monitoring/convdev.md
+++ b/doc/user/admin_area/monitoring/convdev.md
@ -0,0 +1,5 @@
+---
+redirect_to: '../../instance_statistics/dev_ops_score.md'
+---
+
+Conversational Development Index was renamed to [DevOps Score](../../instance_statistics/dev_ops_score.md) in GitLab 12.6.
--- a/doc/user/project/merge_requests/merge_request_approvals.md
+++ b/doc/user/project/merge_requests/merge_request_approvals.md
@ -13,7 +13,7 @@ Merge request approvals enable multiple use cases:

 - Enforcing review of all code that gets merged into a repository.
 - Specifying reviewers for a given proposed code change, as well as a minimum number
-  of reviewers, through [Approval rules](#approval-rules)
+  of reviewers, through [Approval rules](#approval-rules).
 - Specifying categories of reviewers, such as backend, frontend, quality assurance,
  database, etc., for all proposed code changes.
 - Automatically designating [Code Owners as eligible approvers](#code-owners-as-eligible-approvers),
@ -24,10 +24,10 @@ Merge request approvals enable multiple use cases:
 ## Approval rules

 Approval rules define how many approvals a merge request must receive before it can
-be merged, and optionally which users should do the approving. This can be defined:
+be merged, and optionally which users should do the approving. Approvals can be defined:

- [As project defaults](#adding--editing-a-default-approval-rule)
- [Per merge request](#editing--overriding-approval-rules-per-merge-request)
+- [As project defaults](#adding--editing-a-default-approval-rule).
+- [Per merge request](#editing--overriding-approval-rules-per-merge-request).

 If no approval rules are defined, any user can approve a merge request, though the default
 minimum number of required approvers can still be set in the [project settings for merge request approvals](#merge-request-approvals-project-settings).
@ -90,7 +90,7 @@ Alternatively, you can **require**

 To add or edit the default merge request approval rule:

-1. Navigate to your project's **Settings > General** and expand **Merge request approvals**.
+1. Navigate to your project's **{settings}** **Settings > General** and expand **Merge request approvals**.

 1. Click **Add approval rule**, or **Edit**.
   - Add or change the **Rule name**.
@ -99,7 +99,7 @@ To add or edit the default merge request approval rule:
     merge requests and click the **Add** button to add them as approvers. Before typing
     in the search field, approvers will be suggested based on the previous authors of
     the files being changed by the merge request.
-   - (Optional) Click the **"trashcan"** button next to a group or user to delete it from
+   - (Optional) Click the **{remove}** **Remove** button next to a group or user to delete it from
     the rule.
 1. Click **Add approval rule** or **Update approval rule**.

@ -179,7 +179,7 @@ or a [failed CI/CD pipeline](merge_when_pipeline_succeeds.md).
 ## Merge request approvals project settings

 The project settings for Merge request approvals are found by going to
-**Settings > General** and expanding **Merge request approvals**.
+**{settings}** **Settings > General** and expanding **Merge request approvals**.

 ### Prevent overriding default approvals

@ -188,7 +188,7 @@ the approval rules for all new merge requests will be determined by the
 [default approval rules](#adding--editing-a-default-approval-rule). To disable this feature:

 1. Uncheck the **Can override approvers and approvals required per merge request** checkbox.
-1. Click **Save changes**
+1. Click **Save changes**.

 ### Resetting approvals on push

@ -198,7 +198,7 @@ even if there are changes added to the merge request. To enable this feature:

 1. Check the **Remove all approvals in a merge request when new commits are pushed to its source branch**
   checkbox.
-1. Click **Save changes**
+1. Click **Save changes**.

 NOTE: **Note:**
 Approvals do not get reset when [rebasing a merge request](fast_forward_merge.md)
--- a/qa/Gemfile.lock
+++ b/qa/Gemfile.lock
@ -94,7 +94,7 @@ GEM
      rspec-core (>= 2, < 4, != 2.12.0)
    ruby-debug-ide (0.7.0)
      rake (>= 0.8.1)
-    rubyzip (1.2.2)
+    rubyzip (1.3.0)
    selenium-webdriver (3.142.6)
      childprocess (>= 0.5, < 4.0)
      rubyzip (>= 1.2.2)
--- a/qa/qa/runtime/search.rb
+++ b/qa/qa/runtime/search.rb
@ -35,6 +35,8 @@ module QA
            )
          end

+          verify_search_engine_ok(search_term)
+
          find_commit(commit, "commit*#{search_term}")
          find_project(project, "to-search*#{search_term}")
        end
@ -74,9 +76,7 @@ module QA
      end

      def search(scope, term)
-        QA::Runtime::Logger.debug("Search scope '#{scope}' for '#{term}'...")
-        request = Runtime::API::Request.new(api_client, "/search?scope=#{scope}&search=#{term}")
-        response = get(request.url)
+        response = get_response(scope, term)

        unless response.code == singleton_class::HTTP_STATUS_OK
          msg = "Search attempt failed. Request returned (#{response.code}): `#{response}`."
@ -87,6 +87,19 @@ module QA
        parse_body(response)
      end

+      def get_response(scope, term)
+        QA::Runtime::Logger.debug("Search scope '#{scope}' for '#{term}'...")
+        request = Runtime::API::Request.new(api_client, "/search?scope=#{scope}&search=#{term}")
+        get(request.url)
+      end
+
+      def verify_search_engine_ok(search_term)
+        response = get_response('commits', search_term)
+        if response.code.to_s =~ /5[0-9][0-9]/
+          raise ElasticSearchServerError, "elasticsearch attempt returned code #{response.code}. Check that search was conducted on the appropriate url and port."
+        end
+      end
+
      def api_client
        @api_client ||= Runtime::API::Client.new(:gitlab)
      end
--- a/spec/controllers/groups/group_links_controller_spec.rb
+++ b/spec/controllers/groups/group_links_controller_spec.rb
@ -13,12 +13,30 @@ describe Groups::GroupLinksController do

  describe '#create' do
    let(:shared_with_group_id) { shared_with_group.id }
+    let(:shared_group_access) { GroupGroupLink.default_access }

    subject do
      post(:create,
           params: { group_id: shared_group,
                     shared_with_group_id: shared_with_group_id,
-                     shared_group_access: GroupGroupLink.default_access })
+                     shared_group_access: shared_group_access })
+    end
+
+    shared_examples 'creates group group link' do
+      it 'links group with selected group' do
+        expect { subject }.to change { shared_with_group.shared_groups.include?(shared_group) }.from(false).to(true)
+      end
+
+      it 'redirects to group links page' do
+        subject
+
+        expect(response).to(redirect_to(group_group_members_path(shared_group)))
+      end
+
+      it 'allows access for group member' do
+        expect { subject }.to(
+          change { group_member.can?(:read_group, shared_group) }.from(false).to(true))
+      end
    end

    context 'when user has correct access to both groups' do
@ -31,18 +49,19 @@ describe Groups::GroupLinksController do
        shared_with_group.add_developer(group_member)
      end

-      it 'links group with selected group' do
-        expect { subject }.to change { shared_with_group.shared_groups.include?(shared_group) }.from(false).to(true)
+      context 'when default access level is requested' do
+        include_examples 'creates group group link'
      end

-      it 'redirects to group links page' do
-        subject
+      context 'when owner access is requested' do
+        let(:shared_group_access) { Gitlab::Access::OWNER }

-        expect(response).to(redirect_to(group_group_members_path(shared_group)))
-      end
+        include_examples 'creates group group link'

-      it 'allows access for group member' do
-        expect { subject }.to change { group_member.can?(:read_group, shared_group) }.from(false).to(true)
+        it 'allows admin access for group member' do
+          expect { subject }.to(
+            change { group_member.can?(:admin_group, shared_group) }.from(false).to(true))
+        end
      end

      context 'when shared with group id is not present' do