Add latest changes from gitlab-org/gitlab@master

79216161 · GitLab Bot · c1924b86 · 79216161 · 79216161 · 79216161
Commit 79216161 authored Jan 29, 2020 by GitLab Bot
22 changed files
--- a/app/assets/javascripts/ide/components/new_dropdown/index.vue
+++ b/app/assets/javascripts/ide/components/new_dropdown/index.vue
@@ -91,7 +91,7 @@ export default {
        </template>
        <li>
          <item-button
-            :label="__('Rename')"
+            :label="__('Rename/Move')"
            class="d-flex"
            icon="pencil"
            icon-classes="mr-2"

--- a/app/models/issue_assignee.rb
+++ b/app/models/issue_assignee.rb
@@ -3,6 +3,8 @@
 class IssueAssignee < ApplicationRecord
  belongs_to :issue
  belongs_to :assignee, class_name: "User", foreign_key: :user_id
+
+  validates :assignee, uniqueness: { scope: :issue_id }
 end

 IssueAssignee.prepend_if_ee('EE::IssueAssignee')
--- a/app/models/merge_request_assignee.rb
+++ b/app/models/merge_request_assignee.rb
@@ -3,4 +3,6 @@
 class MergeRequestAssignee < ApplicationRecord
  belongs_to :merge_request
  belongs_to :assignee, class_name: "User", foreign_key: :user_id
+
+  validates :assignee, uniqueness: { scope: :merge_request_id }
 end
--- a/app/serializers/variable_entity.rb
+++ b/app/serializers/variable_entity.rb
@@ -4,6 +4,7 @@ class VariableEntity < Grape::Entity
  expose :id
  expose :key
  expose :value
+  expose :variable_type

  expose :protected?, as: :protected
  expose :masked?, as: :masked

--- a/changelogs/unreleased/11120-autodevops-test-postgres-version.yml
+++ b/changelogs/unreleased/11120-autodevops-test-postgres-version.yml
+---
+title: Use POSTGRES_VERSION variable in Auto DevOps Test stage
+merge_request: 22884
+author: Serban Marti
+type: fixed
--- a/changelogs/unreleased/195989-quick-action-add-dup-assignee-error.yml
+++ b/changelogs/unreleased/195989-quick-action-add-dup-assignee-error.yml
+---
+title: Fix error when assigning an existing asignee
+merge_request: 23416
+author:
+type: fixed
--- a/changelogs/unreleased/199257-renamemove-webide-dropdown.yml
+++ b/changelogs/unreleased/199257-renamemove-webide-dropdown.yml
+---
+title: "Change `Rename` to `Rename/Move` in Web IDE Dropdown"
+merge_request: 23877
+author:
+type: added
--- a/changelogs/unreleased/avoid-using-gl-object.yml
+++ b/changelogs/unreleased/avoid-using-gl-object.yml
+---
+title: Fix outdated MR security warning message
+merge_request: 23496
+author:
+type: fixed
--- a/changelogs/unreleased/dz-scope-project-issues-routing.yml
+++ b/changelogs/unreleased/dz-scope-project-issues-routing.yml
+---
+title: Copy issues routing under - scope
+merge_request: 23779
+author:
+type: changed
--- a/config/routes/issues.rb
+++ b/config/routes/issues.rb
+# frozen_string_literal: true
+
+get :issues, to: 'issues#calendar', constraints: lambda { |req| req.format == :ics }
+
+resources :issues, concerns: :awardable, constraints: { id: /\d+/ } do
+  member do
+    post :toggle_subscription
+    post :mark_as_spam
+    post :move
+    put :reorder
+    get :related_branches
+    get :can_create_branch
+    get :realtime_changes
+    post :create_merge_request
+    get :discussions, format: :json
+  end
+
+  collection do
+    post :bulk_update
+    post :import_csv
+  end
+end
--- a/config/routes/project.rb
+++ b/config/routes/project.rb
@@ -401,25 +401,15 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
        end
      end

-      get :issues, to: 'issues#calendar', constraints: lambda { |req| req.format == :ics }
-
-      resources :issues, concerns: :awardable, constraints: { id: /\d+/ } do
-        member do
-          post :toggle_subscription
-          post :mark_as_spam
-          post :move
-          put :reorder
-          get :related_branches
-          get :can_create_branch
-          get :realtime_changes
-          post :create_merge_request
-          get :discussions, format: :json
-        end
+      # Unscoped route. It will be replaced with redirect to /-/issues/
+      # Issue https://gitlab.com/gitlab-org/gitlab/issues/118849
+      draw :issues

-        collection do
-          post :bulk_update
-          post :import_csv
-        end
+      # To ensure an old unscoped routing is used for the UI we need to
+      # add prefix 'as' to the scope routing and place it below original routing.
+      # Issue https://gitlab.com/gitlab-org/gitlab/issues/118849
+      scope '-', as: 'scoped' do
+        draw :issues
      end

      resources :notes, only: [:create, :destroy, :update], concerns: :awardable, constraints: { id: /\d+/ } do

--- a/doc/development/changelog.md
+++ b/doc/development/changelog.md
@@ -35,6 +35,8 @@ the `author` field. GitLab team members **should not**.

 - Any change that introduces a database migration, whether it's regular, post,
  or data migration, **must** have a changelog entry.
+- [Security fixes] **must** have a changelog entry, without `merge_request` value
+  and with `type` set to `security`.
 - Any user-facing change **should** have a changelog entry. Example: "GitLab now
  uses system fonts for all text."
 - Performance improvements **should** have a changelog entry.
@@ -289,6 +291,7 @@ and then compiling the entries into the overall `CHANGELOG.md` file during the
 [release managers]: https://gitlab.com/gitlab-org/release/docs/blob/master/quickstart/release-manager.md
 [started brainstorming]: https://gitlab.com/gitlab-org/gitlab-foss/issues/17826
 [release process]: https://gitlab.com/gitlab-org/release-tools
+[Security fixes]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md

 ---


--- a/lib/gitlab/ci/templates/Jobs/Test.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Test.gitlab-ci.yml
 test:
  services:
-    - postgres:latest
+    - "postgres:${POSTGRES_VERSION}"
  variables:
    POSTGRES_DB: test
  stage: test

--- a/lib/gitlab/quick_actions/issue_and_merge_request_actions.rb
+++ b/lib/gitlab/quick_actions/issue_and_merge_request_actions.rb
@@ -12,6 +12,15 @@ module Gitlab
        explanation do |users|
          _('Assigns %{assignee_users_sentence}.') % { assignee_users_sentence: assignee_users_sentence(users) }
        end
+        execution_message do |users = nil|
+          if users.blank?
+            _("Failed to assign a user because no user was found.")
+          else
+            users = [users.first] unless quick_action_target.allows_multiple_assignees?
+
+            _('Assigned %{assignee_users_sentence}.') % { assignee_users_sentence: assignee_users_sentence(users) }
+          end
+        end
        params do
          quick_action_target.allows_multiple_assignees? ? '@user1 @user2' : '@user'
        end
@@ -23,19 +32,14 @@ module Gitlab
          extract_users(assignee_param)
        end
        command :assign do |users|
-          if users.empty?
-            @execution_message[:assign] = _("Failed to assign a user because no user was found.")
-            next
-          end
+          next if users.empty?

          if quick_action_target.allows_multiple_assignees?
            @updates[:assignee_ids] ||= quick_action_target.assignees.map(&:id)
-            @updates[:assignee_ids] += users.map(&:id)
+            @updates[:assignee_ids] |= users.map(&:id)
          else
            @updates[:assignee_ids] = [users.first.id]
          end
-
-          @execution_message[:assign] = _('Assigned %{assignee_users_sentence}.') % { assignee_users_sentence: assignee_users_sentence(users) }
        end

        desc do
@@ -249,7 +253,7 @@ module Gitlab
        def assignees_for_removal(users)
          assignees = quick_action_target.assignees
          if users.present? && quick_action_target.allows_multiple_assignees?
-            assignees & users
+            users
          else
            assignees
          end

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -15694,15 +15694,15 @@ msgstr ""
 msgid "Removing the project will delete its repository and all related resources including issues, merge requests etc."
 msgstr ""

-msgid "Rename"
-msgstr ""
-
 msgid "Rename file"
 msgstr ""

 msgid "Rename folder"
 msgstr ""

+msgid "Rename/Move"
+msgstr ""
+
 msgid "Reopen epic"
 msgstr ""


--- a/spec/fixtures/api/schemas/variable.json
+++ b/spec/fixtures/api/schemas/variable.json
@@ -13,6 +13,7 @@
    "value": { "type": "string" },
    "masked": { "type": "boolean" },
    "protected": { "type": "boolean" },
+    "variable_type": { "type": "string" },
    "environment_scope": { "type": "string", "optional": true }
  },
  "additionalProperties": false

--- a/spec/frontend/environments/emtpy_state_spec.js
+++ b/spec/frontend/environments/emtpy_state_spec.js
+import { shallowMount } from '@vue/test-utils';
+import EmptyState from '~/environments/components/empty_state.vue';
+
+describe('environments empty state', () => {
+  let vm;
+
+  beforeEach(() => {
+    vm = shallowMount(EmptyState, {
+      propsData: {
+        newPath: 'foo',
+        canCreateEnvironment: true,
+        helpPath: 'bar',
+      },
+    });
+  });
+
+  afterEach(() => {
+    vm.destroy();
+  });
+
+  it('renders the empty state', () => {
+    expect(vm.find('.js-blank-state-title').text()).toEqual(
+      "You don't have any environments right now",
+    );
+  });
+
+  it('renders the new environment button', () => {
+    expect(vm.find('.js-new-environment-button').attributes('href')).toEqual('foo');
+  });
+
+  describe('without permission', () => {
+    beforeEach(() => {
+      vm.setProps({ canCreateEnvironment: false });
+    });
+
+    it('does not render the new environment button', () => {
+      expect(vm.find('.js-new-environment-button').exists()).toBe(false);
+    });
+  });
+});
--- a/spec/javascripts/environments/emtpy_state_spec.js
+++ b/spec/javascripts/environments/emtpy_state_spec.js
-import Vue from 'vue';
-import mountComponent from 'spec/helpers/vue_mount_component_helper';
-import emptyState from '~/environments/components/empty_state.vue';
-
-describe('environments empty state', () => {
-  let vm;
-  let Component;
-
-  beforeEach(() => {
-    Component = Vue.extend(emptyState);
-  });
-
-  afterEach(() => {
-    vm.$destroy();
-  });
-
-  describe('With permissions', () => {
-    beforeEach(() => {
-      vm = mountComponent(Component, {
-        newPath: 'foo',
-        canCreateEnvironment: true,
-        helpPath: 'bar',
-      });
-    });
-
-    it('renders empty state and new environment button', () => {
-      expect(vm.$el.querySelector('.js-blank-state-title').textContent.trim()).toEqual(
-        "You don't have any environments right now",
-      );
-
-      expect(vm.$el.querySelector('.js-new-environment-button').getAttribute('href')).toEqual(
-        'foo',
-      );
-    });
-  });
-
-  describe('Without permission', () => {
-    beforeEach(() => {
-      vm = mountComponent(Component, {
-        newPath: 'foo',
-        canCreateEnvironment: false,
-        helpPath: 'bar',
-      });
-    });
-
-    it('renders empty state without new button', () => {
-      expect(vm.$el.querySelector('.js-blank-state-title').textContent.trim()).toEqual(
-        "You don't have any environments right now",
-      );
-
-      expect(vm.$el.querySelector('.js-new-environment-button')).toBeNull();
-    });
-  });
-});
--- a/spec/models/issue_assignee_spec.rb
+++ b/spec/models/issue_assignee_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe IssueAssignee do
+  let(:issue) { create(:issue) }
+
+  subject { issue.issue_assignees.build(assignee: create(:user)) }
+
+  describe 'associations' do
+    it { is_expected.to belong_to(:issue).class_name('Issue') }
+    it { is_expected.to belong_to(:assignee).class_name('User') }
+  end
+
+  describe 'validations' do
+    it { is_expected.to validate_uniqueness_of(:assignee).scoped_to(:issue_id) }
+  end
+end
--- a/spec/models/merge_request_assignee_spec.rb
+++ b/spec/models/merge_request_assignee_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe MergeRequestAssignee do
+  let(:merge_request) { create(:merge_request) }
+
+  subject { merge_request.merge_request_assignees.build(assignee: create(:user)) }
+
+  describe 'associations' do
+    it { is_expected.to belong_to(:merge_request).class_name('MergeRequest') }
+    it { is_expected.to belong_to(:assignee).class_name('User') }
+  end
+
+  describe 'validations' do
+    it { is_expected.to validate_uniqueness_of(:assignee).scoped_to(:merge_request_id) }
+  end
+end
--- a/spec/serializers/variable_entity_spec.rb
+++ b/spec/serializers/variable_entity_spec.rb
@@ -10,7 +10,7 @@ describe VariableEntity do
    subject { entity.as_json }

    it 'contains required fields' do
-      expect(subject).to include(:id, :key, :value, :protected, :environment_scope)
+      expect(subject).to include(:id, :key, :value, :protected, :environment_scope, :variable_type)
    end
  end
 end
--- a/spec/services/quick_actions/interpret_service_spec.rb
+++ b/spec/services/quick_actions/interpret_service_spec.rb
@@ -804,7 +804,7 @@ describe QuickActions::InterpretService do
      let(:issuable) { issue }
    end

-    it_behaves_like 'empty command' do
+    it_behaves_like 'empty command', "Failed to assign a user because no user was found." do
      let(:content) { '/assign' }
      let(:issuable) { issue }
    end