diff --git a/app/models/group_group_link.rb b/app/models/group_group_link.rb index 5a0d9b08cb0..58c188369da 100644 --- a/app/models/group_group_link.rb +++ b/app/models/group_group_link.rb @@ -10,11 +10,11 @@ class GroupGroupLink < ApplicationRecord validates :shared_group_id, uniqueness: { scope: [:shared_with_group_id], message: _('The group has already been shared with this group') } validates :shared_with_group, presence: true - validates :group_access, inclusion: { in: Gitlab::Access.values }, + validates :group_access, inclusion: { in: Gitlab::Access.all_values }, presence: true def self.access_options - Gitlab::Access.options + Gitlab::Access.options_with_owner end def self.default_access diff --git a/app/views/shared/members/_group.html.haml b/app/views/shared/members/_group.html.haml index 4aeeac87f3c..1d7d18d2ab6 100644 --- a/app/views/shared/members/_group.html.haml +++ b/app/views/shared/members/_group.html.haml @@ -31,7 +31,7 @@ = dropdown_title(_("Change permissions")) .dropdown-content %ul - - Gitlab::Access.options.each do |role, role_id| + - Gitlab::Access.options_with_owner.each do |role, role_id| %li = link_to role, '#', class: ("is-active" if group_link.group_access == role_id), diff --git a/changelogs/unreleased/198480-share_groups_with_groups_fix_owner_access.yml b/changelogs/unreleased/198480-share_groups_with_groups_fix_owner_access.yml new file mode 100644 index 00000000000..76389baac62 --- /dev/null +++ b/changelogs/unreleased/198480-share_groups_with_groups_fix_owner_access.yml @@ -0,0 +1,5 @@ +--- +title: Allow Owner access level for sharing groups with groups +merge_request: 23868 +author: +type: fixed diff --git a/changelogs/unreleased/rubyzip-qa-update.yml b/changelogs/unreleased/rubyzip-qa-update.yml new file mode 100644 index 00000000000..f84776dc22a --- /dev/null +++ b/changelogs/unreleased/rubyzip-qa-update.yml @@ -0,0 +1,5 @@ +--- +title: Update rubyzip gem in qa tests to 1.3.0 to fix CVE-2019-16892 +merge_request: 24119 +author: +type: security diff --git a/doc/user/admin_area/monitoring/convdev.md b/doc/user/admin_area/monitoring/convdev.md new file mode 100644 index 00000000000..2ba28d4bc1c --- /dev/null +++ b/doc/user/admin_area/monitoring/convdev.md @@ -0,0 +1,5 @@ +--- +redirect_to: '../../instance_statistics/dev_ops_score.md' +--- + +Conversational Development Index was renamed to [DevOps Score](../../instance_statistics/dev_ops_score.md) in GitLab 12.6. diff --git a/doc/user/project/merge_requests/merge_request_approvals.md b/doc/user/project/merge_requests/merge_request_approvals.md index fa294b82fef..1a61b0b8633 100644 --- a/doc/user/project/merge_requests/merge_request_approvals.md +++ b/doc/user/project/merge_requests/merge_request_approvals.md @@ -13,7 +13,7 @@ Merge request approvals enable multiple use cases: - Enforcing review of all code that gets merged into a repository. - Specifying reviewers for a given proposed code change, as well as a minimum number - of reviewers, through [Approval rules](#approval-rules) + of reviewers, through [Approval rules](#approval-rules). - Specifying categories of reviewers, such as backend, frontend, quality assurance, database, etc., for all proposed code changes. - Automatically designating [Code Owners as eligible approvers](#code-owners-as-eligible-approvers), @@ -24,10 +24,10 @@ Merge request approvals enable multiple use cases: ## Approval rules Approval rules define how many approvals a merge request must receive before it can -be merged, and optionally which users should do the approving. This can be defined: +be merged, and optionally which users should do the approving. Approvals can be defined: -- [As project defaults](#adding--editing-a-default-approval-rule) -- [Per merge request](#editing--overriding-approval-rules-per-merge-request) +- [As project defaults](#adding--editing-a-default-approval-rule). +- [Per merge request](#editing--overriding-approval-rules-per-merge-request). If no approval rules are defined, any user can approve a merge request, though the default minimum number of required approvers can still be set in the [project settings for merge request approvals](#merge-request-approvals-project-settings). @@ -90,7 +90,7 @@ Alternatively, you can **require** To add or edit the default merge request approval rule: -1. Navigate to your project's **Settings > General** and expand **Merge request approvals**. +1. Navigate to your project's **{settings}** **Settings > General** and expand **Merge request approvals**. 1. Click **Add approval rule**, or **Edit**. - Add or change the **Rule name**. @@ -99,7 +99,7 @@ To add or edit the default merge request approval rule: merge requests and click the **Add** button to add them as approvers. Before typing in the search field, approvers will be suggested based on the previous authors of the files being changed by the merge request. - - (Optional) Click the **"trashcan"** button next to a group or user to delete it from + - (Optional) Click the **{remove}** **Remove** button next to a group or user to delete it from the rule. 1. Click **Add approval rule** or **Update approval rule**. @@ -179,7 +179,7 @@ or a [failed CI/CD pipeline](merge_when_pipeline_succeeds.md). ## Merge request approvals project settings The project settings for Merge request approvals are found by going to -**Settings > General** and expanding **Merge request approvals**. +**{settings}** **Settings > General** and expanding **Merge request approvals**. ### Prevent overriding default approvals @@ -188,7 +188,7 @@ the approval rules for all new merge requests will be determined by the [default approval rules](#adding--editing-a-default-approval-rule). To disable this feature: 1. Uncheck the **Can override approvers and approvals required per merge request** checkbox. -1. Click **Save changes** +1. Click **Save changes**. ### Resetting approvals on push @@ -198,7 +198,7 @@ even if there are changes added to the merge request. To enable this feature: 1. Check the **Remove all approvals in a merge request when new commits are pushed to its source branch** checkbox. -1. Click **Save changes** +1. Click **Save changes**. NOTE: **Note:** Approvals do not get reset when [rebasing a merge request](fast_forward_merge.md) diff --git a/qa/Gemfile.lock b/qa/Gemfile.lock index 6d48a9449a5..cd73e1b6539 100644 --- a/qa/Gemfile.lock +++ b/qa/Gemfile.lock @@ -94,7 +94,7 @@ GEM rspec-core (>= 2, < 4, != 2.12.0) ruby-debug-ide (0.7.0) rake (>= 0.8.1) - rubyzip (1.2.2) + rubyzip (1.3.0) selenium-webdriver (3.142.6) childprocess (>= 0.5, < 4.0) rubyzip (>= 1.2.2) diff --git a/qa/qa/runtime/search.rb b/qa/qa/runtime/search.rb index 74402301098..29a71b2815c 100644 --- a/qa/qa/runtime/search.rb +++ b/qa/qa/runtime/search.rb @@ -35,6 +35,8 @@ module QA ) end + verify_search_engine_ok(search_term) + find_commit(commit, "commit*#{search_term}") find_project(project, "to-search*#{search_term}") end @@ -74,9 +76,7 @@ module QA end def search(scope, term) - QA::Runtime::Logger.debug("Search scope '#{scope}' for '#{term}'...") - request = Runtime::API::Request.new(api_client, "/search?scope=#{scope}&search=#{term}") - response = get(request.url) + response = get_response(scope, term) unless response.code == singleton_class::HTTP_STATUS_OK msg = "Search attempt failed. Request returned (#{response.code}): `#{response}`." @@ -87,6 +87,19 @@ module QA parse_body(response) end + def get_response(scope, term) + QA::Runtime::Logger.debug("Search scope '#{scope}' for '#{term}'...") + request = Runtime::API::Request.new(api_client, "/search?scope=#{scope}&search=#{term}") + get(request.url) + end + + def verify_search_engine_ok(search_term) + response = get_response('commits', search_term) + if response.code.to_s =~ /5[0-9][0-9]/ + raise ElasticSearchServerError, "elasticsearch attempt returned code #{response.code}. Check that search was conducted on the appropriate url and port." + end + end + def api_client @api_client ||= Runtime::API::Client.new(:gitlab) end diff --git a/spec/controllers/groups/group_links_controller_spec.rb b/spec/controllers/groups/group_links_controller_spec.rb index 04f2e33b26a..fc015471d5c 100644 --- a/spec/controllers/groups/group_links_controller_spec.rb +++ b/spec/controllers/groups/group_links_controller_spec.rb @@ -13,12 +13,30 @@ describe Groups::GroupLinksController do describe '#create' do let(:shared_with_group_id) { shared_with_group.id } + let(:shared_group_access) { GroupGroupLink.default_access } subject do post(:create, params: { group_id: shared_group, shared_with_group_id: shared_with_group_id, - shared_group_access: GroupGroupLink.default_access }) + shared_group_access: shared_group_access }) + end + + shared_examples 'creates group group link' do + it 'links group with selected group' do + expect { subject }.to change { shared_with_group.shared_groups.include?(shared_group) }.from(false).to(true) + end + + it 'redirects to group links page' do + subject + + expect(response).to(redirect_to(group_group_members_path(shared_group))) + end + + it 'allows access for group member' do + expect { subject }.to( + change { group_member.can?(:read_group, shared_group) }.from(false).to(true)) + end end context 'when user has correct access to both groups' do @@ -31,18 +49,19 @@ describe Groups::GroupLinksController do shared_with_group.add_developer(group_member) end - it 'links group with selected group' do - expect { subject }.to change { shared_with_group.shared_groups.include?(shared_group) }.from(false).to(true) + context 'when default access level is requested' do + include_examples 'creates group group link' end - it 'redirects to group links page' do - subject + context 'when owner access is requested' do + let(:shared_group_access) { Gitlab::Access::OWNER } - expect(response).to(redirect_to(group_group_members_path(shared_group))) - end + include_examples 'creates group group link' - it 'allows access for group member' do - expect { subject }.to change { group_member.can?(:read_group, shared_group) }.from(false).to(true) + it 'allows admin access for group member' do + expect { subject }.to( + change { group_member.can?(:admin_group, shared_group) }.from(false).to(true)) + end end context 'when shared with group id is not present' do