Add latest changes from gitlab-org/gitlab@15-9-stable-eev15.9.0-rc42

21 files changed, 240 insertions, 65 deletions

diff --git a/app/finders/access_requests_finder.rb b/app/finders/access_requests_finder.rb
index 65e1934a39f..7b98df68f29 100644
--- a/app/finders/access_requests_finder.rb
+++ b/app/finders/access_requests_finder.rb
@@ -9,8 +9,8 @@ class AccessRequestsFinder
     @source = source
   end
 
-  def execute(*args)
-    execute!(*args)
+  def execute(...)
+    execute!(...)
   rescue Gitlab::Access::AccessDeniedError
     []
   end
diff --git a/app/finders/bulk_imports/entities_finder.rb b/app/finders/bulk_imports/entities_finder.rb
index 78446f104d0..2b6507cc7b5 100644
--- a/app/finders/bulk_imports/entities_finder.rb
+++ b/app/finders/bulk_imports/entities_finder.rb
@@ -12,9 +12,9 @@ module BulkImports
       ::BulkImports::Entity
         .preload(:failures) # rubocop: disable CodeReuse/ActiveRecord
         .by_user_id(user.id)
-        .then(&method(:filter_by_bulk_import))
-        .then(&method(:filter_by_status))
-        .then(&method(:sort))
+        .then { |entities| filter_by_bulk_import(entities) }
+        .then { |entities| filter_by_status(entities) }
+        .then { |entities| sort(entities) }
     end
 
     private
diff --git a/app/finders/ci/jobs_finder.rb b/app/finders/ci/jobs_finder.rb
index 1627e41a02d..8620dff6973 100644
--- a/app/finders/ci/jobs_finder.rb
+++ b/app/finders/ci/jobs_finder.rb
@@ -75,7 +75,7 @@ module Ci
 
     def filter_by_with_artifacts(builds)
       if params[:with_artifacts]
-        builds.with_erasable_artifacts
+        builds.with_any_artifacts
       else
         builds
       end
diff --git a/app/finders/ci/pipeline_schedules_finder.rb b/app/finders/ci/pipeline_schedules_finder.rb
index 2544c8c3254..e5ee65a02c8 100644
--- a/app/finders/ci/pipeline_schedules_finder.rb
+++ b/app/finders/ci/pipeline_schedules_finder.rb
@@ -9,20 +9,39 @@ module Ci
       @pipeline_schedules = project.pipeline_schedules
     end
 
-    # rubocop: disable CodeReuse/ActiveRecord
-    def execute(scope: nil)
-      scoped_schedules =
-        case scope
-        when 'active'
-          pipeline_schedules.active
-        when 'inactive'
-          pipeline_schedules.inactive
-        else
-          pipeline_schedules
-        end
-
-      scoped_schedules.order(id: :desc)
+    def execute(scope: nil, ids: nil)
+      items = pipeline_schedules
+      items = by_ids(items, ids)
+      items = by_scope(items, scope)
+
+      sort_items(items)
+    end
+
+    private
+
+    def by_ids(items, ids)
+      if ids.present?
+        items.id_in(ids)
+      else
+        items
+      end
+    end
+
+    def by_scope(items, scope)
+      case scope
+      when 'active'
+        items.active
+      when 'inactive'
+        items.inactive
+      else
+        items
+      end
+    end
+
+    # rubocop:disable CodeReuse/ActiveRecord
+    def sort_items(items)
+      items.order(id: :desc)
     end
-    # rubocop: enable CodeReuse/ActiveRecord
+    # rubocop:enable CodeReuse/ActiveRecord
   end
 end
diff --git a/app/finders/concerns/finder_methods.rb b/app/finders/concerns/finder_methods.rb
index ce6001a01d7..a9124e5c56c 100644
--- a/app/finders/concerns/finder_methods.rb
+++ b/app/finders/concerns/finder_methods.rb
@@ -2,20 +2,20 @@
 
 module FinderMethods
   # rubocop: disable CodeReuse/ActiveRecord
-  def find_by!(*args)
-    raise_not_found_unless_authorized execute.reorder(nil).find_by!(*args)
+  def find_by!(...)
+    raise_not_found_unless_authorized execute.reorder(nil).find_by!(...)
   end
   # rubocop: enable CodeReuse/ActiveRecord
 
   # rubocop: disable CodeReuse/ActiveRecord
-  def find_by(*args)
-    if_authorized execute.reorder(nil).find_by(*args)
+  def find_by(...)
+    if_authorized execute.reorder(nil).find_by(...)
   end
   # rubocop: enable CodeReuse/ActiveRecord
 
   # rubocop: disable CodeReuse/ActiveRecord
-  def find(*args)
-    raise_not_found_unless_authorized execute.reorder(nil).find(*args)
+  def find(...)
+    raise_not_found_unless_authorized execute.reorder(nil).find(...)
   end
   # rubocop: enable CodeReuse/ActiveRecord
 
diff --git a/app/finders/concerns/finder_with_group_hierarchy.rb b/app/finders/concerns/finder_with_group_hierarchy.rb
index 86ccac19b63..4ced544ba2c 100644
--- a/app/finders/concerns/finder_with_group_hierarchy.rb
+++ b/app/finders/concerns/finder_with_group_hierarchy.rb
@@ -27,6 +27,12 @@ module FinderWithGroupHierarchy
       # we can preset root group for all of them to optimize permission checks
       Group.preset_root_ancestor_for(groups)
 
+      # Preloading the max access level for the given groups to avoid N+1 queries
+      # during the access check.
+      if !skip_authorization && current_user && Feature.enabled?(:preload_max_access_levels_for_labels_finder, group)
+        Preloaders::UserMaxAccessLevelInGroupsPreloader.new(groups, current_user).execute
+      end
+
       groups_user_can_read_items(groups).map(&:id)
     end
   end
diff --git a/app/finders/fork_targets_finder.rb b/app/finders/fork_targets_finder.rb
index e129fde3748..c1769ea28f9 100644
--- a/app/finders/fork_targets_finder.rb
+++ b/app/finders/fork_targets_finder.rb
@@ -7,8 +7,6 @@ class ForkTargetsFinder
   end
 
   def execute(options = {})
-    return previous_execute(options) unless Feature.enabled?(:searchable_fork_targets)
-
     items = fork_targets(options)
 
     by_search(items, options)
@@ -31,14 +29,6 @@ class ForkTargetsFinder
       user.forkable_namespaces.sort_by_type
     end
   end
-
-  # rubocop: disable CodeReuse/ActiveRecord
-  def previous_execute(options = {})
-    return ::Namespace.where(id: user.forkable_namespaces).sort_by_type unless options[:only_groups]
-
-    ::Group.where(id: user.manageable_groups(include_groups_with_developer_maintainer_access: true))
-  end
-  # rubocop: enable CodeReuse/ActiveRecord
 end
 
 ForkTargetsFinder.prepend_mod_with('ForkTargetsFinder')
diff --git a/app/finders/groups/accepting_project_shares_finder.rb b/app/finders/groups/accepting_project_shares_finder.rb
new file mode 100644
index 00000000000..c4963fcc352
--- /dev/null
+++ b/app/finders/groups/accepting_project_shares_finder.rb
@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+# AcceptingProjectSharesFinder
+#
+# Used to filter Shareable Groups by a set of params
+#
+# Arguments:
+#   current_user - which user is requesting groups
+#   params:
+#     search: string
+module Groups
+  class AcceptingProjectSharesFinder < Base
+    def initialize(current_user, project_to_be_shared, params = {})
+      @current_user = current_user
+      @params = params
+      @project_to_be_shared = project_to_be_shared
+    end
+
+    def execute
+      return Group.none unless can_share_project?
+
+      groups = if has_admin_access?
+                 Group.all
+               else
+                 groups_with_guest_access_plus
+               end
+
+      groups = groups.search(params[:search]) if params[:search].present?
+
+      sort(groups).with_route
+    end
+
+    private
+
+    attr_reader :current_user, :project_to_be_shared, :params
+
+    def has_admin_access?
+      current_user&.can_read_all_resources?
+    end
+
+    # rubocop: disable CodeReuse/Finder
+    def groups_with_guest_access_plus
+      GroupsFinder.new(current_user, min_access_level: Gitlab::Access::GUEST).execute
+    end
+    # rubocop: enable CodeReuse/Finder
+
+    def can_share_project?
+      Ability.allowed?(current_user, :admin_project, project_to_be_shared) &&
+        project_to_be_shared.allowed_to_share_with_group?
+    end
+  end
+end
diff --git a/app/finders/groups/base.rb b/app/finders/groups/base.rb
index d7f56b1a7a6..9d2f9f60a63 100644
--- a/app/finders/groups/base.rb
+++ b/app/finders/groups/base.rb
@@ -5,7 +5,7 @@ module Groups
     private
 
     def sort(items)
-      items.order(Group.arel_table[:path].asc, Group.arel_table[:id].asc) # rubocop: disable CodeReuse/ActiveRecord
+      items.reorder(Group.arel_table[:path].asc, Group.arel_table[:id].asc) # rubocop: disable CodeReuse/ActiveRecord
     end
 
     def by_search(items)
diff --git a/app/finders/groups_finder.rb b/app/finders/groups_finder.rb
index 61d79885001..24003111f88 100644
--- a/app/finders/groups_finder.rb
+++ b/app/finders/groups_finder.rb
@@ -13,6 +13,7 @@
 #     min_access_level: integer
 #     search: string
 #     exclude_group_ids: array of integers
+#     filter_group_ids: array of integers - only include groups from the specified list of ids
 #     include_parent_descendants: boolean (defaults to false) - includes descendant groups when
 #                                 filtering by parent. The parent param must be present.
 #     include_ancestors: boolean (defaults to true)
@@ -34,6 +35,7 @@ class GroupsFinder < UnionFinder
     items = all_groups.map do |item|
       item = by_parent(item)
       item = by_custom_attributes(item)
+      item = filter_group_ids(item)
       item = exclude_group_ids(item)
       item = by_search(item)
 
@@ -90,6 +92,12 @@ class GroupsFinder < UnionFinder
     groups.id_not_in(params[:exclude_group_ids])
   end
 
+  def filter_group_ids(groups)
+    return groups unless params[:filter_group_ids]
+
+    groups.id_in(params[:filter_group_ids])
+  end
+
   # rubocop: disable CodeReuse/ActiveRecord
   def by_parent(groups)
     return groups unless params[:parent]
diff --git a/app/finders/issuable_finder.rb b/app/finders/issuable_finder.rb
index 13b7137da48..159836062cb 100644
--- a/app/finders/issuable_finder.rb
+++ b/app/finders/issuable_finder.rb
@@ -337,7 +337,6 @@ class IssuableFinder
   def by_search(items)
     return items unless search
     return items if items.is_a?(ActiveRecord::NullRelation)
-    return items if Feature.enabled?(:disable_anonymous_search, type: :ops) && current_user.nil?
 
     return filter_by_full_text_search(items) if use_full_text_search?
 
diff --git a/app/finders/members_finder.rb b/app/finders/members_finder.rb
index de2a4ce3518..1641219a14c 100644
--- a/app/finders/members_finder.rb
+++ b/app/finders/members_finder.rb
@@ -22,8 +22,8 @@ class MembersFinder
     filter_members(members)
   end
 
-  def can?(*args)
-    Ability.allowed?(*args)
+  def can?(...)
+    Ability.allowed?(...)
   end
 
   private
diff --git a/app/finders/merge_request_target_project_finder.rb b/app/finders/merge_request_target_project_finder.rb
index fdb3bac8935..ea1aa6d2e9e 100644
--- a/app/finders/merge_request_target_project_finder.rb
+++ b/app/finders/merge_request_target_project_finder.rb
@@ -11,9 +11,10 @@ class MergeRequestTargetProjectFinder
     @project_feature = project_feature
   end
 
-  def execute(include_routes: false)
+  def execute(search: nil, include_routes: false)
     if source_project.fork_network
-      include_routes ? projects.inc_routes : projects
+      items = include_routes ? projects.inc_routes : projects
+      by_search(items, search)
     else
       Project.id_in(source_project.id)
     end
@@ -31,4 +32,10 @@ class MergeRequestTargetProjectFinder
       .non_archived
       .with_feature_available_for_user(project_feature, current_user)
   end
+
+  # rubocop: disable CodeReuse/ActiveRecord
+  def by_search(items, search)
+    items.joins(:route).fuzzy_search(search, [Route.arel_table[:path], Route.arel_table[:name], :description])
+  end
+  # rubocop: enable CodeReuse/ActiveRecord
 end
diff --git a/app/finders/namespaces/projects_finder.rb b/app/finders/namespaces/projects_finder.rb
index 589a9696ea6..c96f9527dd8 100644
--- a/app/finders/namespaces/projects_finder.rb
+++ b/app/finders/namespaces/projects_finder.rb
@@ -12,6 +12,8 @@
 #     search: string
 #     include_subgroups: boolean
 #     ids: int[]
+#     with_issues_enabled: boolean
+#     with_merge_requests_enabled: boolean
 #
 module Namespaces
   class ProjectsFinder
@@ -30,7 +32,9 @@ module Namespaces
                      namespace.projects.with_route
                    end
 
-      filter_projects(collection)
+      collection = filter_projects(collection)
+
+      sort(collection)
     end
 
     private
@@ -39,7 +43,8 @@ module Namespaces
 
     def filter_projects(collection)
       collection = by_ids(collection)
-      by_similarity(collection)
+      collection = by_similarity(collection)
+      by_feature_availability(collection)
     end
 
     def by_ids(items)
@@ -51,11 +56,26 @@ module Namespaces
     def by_similarity(items)
       return items unless params[:search].present?
 
-      if params[:sort] == :similarity
-        items = items.sorted_by_similarity_desc(params[:search], include_in_select: true)
+      items.merge(Project.search(params[:search]))
+    end
+
+    def by_feature_availability(items)
+      items = items.with_issues_available_for_user(current_user) if params[:with_issues_enabled].present?
+      if params[:with_merge_requests_enabled].present?
+        items = items.with_merge_requests_available_for_user(current_user)
       end
 
-      items.merge(Project.search(params[:search]))
+      items
+    end
+
+    def sort(items)
+      return items.projects_order_id_desc unless params[:sort]
+
+      if params[:sort] == :similarity && params[:search].present?
+        return items.sorted_by_similarity_desc(params[:search], include_in_select: true)
+      end
+
+      items.sort_by_attribute(params[:sort])
     end
   end
 end
diff --git a/app/finders/packages/tags_finder.rb b/app/finders/packages/tags_finder.rb
index 020b3d8072a..dd104ea6f91 100644
--- a/app/finders/packages/tags_finder.rb
+++ b/app/finders/packages/tags_finder.rb
@@ -15,7 +15,7 @@ class Packages::TagsFinder
                       .with_name(package_name)
     packages = packages.with_package_type(package_type) if package_type.present?
 
-    Packages::Tag.for_packages(packages)
+    Packages::Tag.for_package_ids(packages.select(:id))
   end
 
   private
diff --git a/app/finders/projects/ml/candidate_finder.rb b/app/finders/projects/ml/candidate_finder.rb
new file mode 100644
index 00000000000..a543abc2c99
--- /dev/null
+++ b/app/finders/projects/ml/candidate_finder.rb
@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module Projects
+  module Ml
+    class CandidateFinder
+      VALID_ORDER_BY_TYPES = %w[column metric].freeze
+      VALID_ORDER_BY_COLUMNS = %w[name created_at id].freeze
+      VALID_SORT = %w[asc desc].freeze
+
+      def initialize(experiment, params = {})
+        @experiment = experiment
+        @params = params
+      end
+
+      def execute
+        candidates = @experiment.candidates.including_relationships
+
+        candidates = by_name(candidates)
+        order(candidates)
+      end
+
+      private
+
+      def by_name(candidates)
+        return candidates unless @params[:name].present?
+
+        candidates.by_name(@params[:name])
+      end
+
+      def order(candidates)
+        return candidates.order_by_metric(metric_order_by, sort) if order_by_metric?
+
+        candidates.order_by("#{column_order_by}_#{sort}").with_order_id_desc
+      end
+
+      def order_by_metric?
+        order_by_type == 'metric'
+      end
+
+      def order_by_type
+        valid_or_default(@params[:order_by_type], VALID_ORDER_BY_TYPES, 'column')
+      end
+
+      def column_order_by
+        valid_or_default(@params[:order_by], VALID_ORDER_BY_COLUMNS, 'created_at')
+      end
+
+      def metric_order_by
+        @params[:order_by] || ''
+      end
+
+      def sort
+        valid_or_default(@params[:sort]&.downcase, VALID_SORT, 'desc')
+      end
+
+      def valid_or_default(value, valid_values, default)
+        return value if valid_values.include?(value)
+
+        default
+      end
+    end
+  end
+end
diff --git a/app/finders/projects_finder.rb b/app/finders/projects_finder.rb
index 1afd5adeada..401bc473216 100644
--- a/app/finders/projects_finder.rb
+++ b/app/finders/projects_finder.rb
@@ -56,11 +56,7 @@ class ProjectsFinder < UnionFinder
     collection = Project.wrap_with_cte(collection) if use_cte
     collection = filter_projects(collection)
 
-    if params[:sort] == 'similarity' && params[:search]
-      collection.sorted_by_similarity_desc(params[:search])
-    else
-      sort(collection)
-    end
+    sort(collection)
   end
 
   private
@@ -90,6 +86,7 @@ class ProjectsFinder < UnionFinder
     collection = by_last_activity_after(collection)
     collection = by_last_activity_before(collection)
     collection = by_language(collection)
+    collection = by_feature_availability(collection)
     by_repository_storage(collection)
   end
 
@@ -239,7 +236,7 @@ class ProjectsFinder < UnionFinder
   end
 
   def by_language(items)
-    if Feature.enabled?(:project_language_search, current_user) && params[:language].present?
+    if params[:language].present?
       items.with_programming_language_id(params[:language])
     else
       items
@@ -247,11 +244,13 @@ class ProjectsFinder < UnionFinder
   end
 
   def sort(items)
-    if params[:sort].present?
-      items.sort_by_attribute(params[:sort])
-    else
-      items.projects_order_id_desc
+    return items.projects_order_id_desc unless params[:sort]
+
+    if params[:sort] == 'similarity' && params[:search].present?
+      return items.sorted_by_similarity_desc(params[:search], include_in_select: true)
     end
+
+    items.sort_by_attribute(params[:sort])
   end
 
   def by_archived(projects)
@@ -270,6 +269,12 @@ class ProjectsFinder < UnionFinder
     end
   end
 
+  def by_feature_availability(items)
+    items = items.with_issues_available_for_user(current_user) if params[:with_issues_enabled]
+    items = items.with_merge_requests_available_for_user(current_user) if params[:with_merge_requests_enabled]
+    items
+  end
+
   def finder_params
     return {} unless min_access_level?
 
diff --git a/app/finders/protected_branches_finder.rb b/app/finders/protected_branches_finder.rb
index a452a1f993b..dfc9a64737d 100644
--- a/app/finders/protected_branches_finder.rb
+++ b/app/finders/protected_branches_finder.rb
@@ -11,15 +11,21 @@
 class ProtectedBranchesFinder
   LIMIT = 100
 
-  attr_accessor :project, :params
+  attr_accessor :project_or_group, :params
 
-  def initialize(project, params = {})
-    @project = project
+  def initialize(project_or_group, params = {})
+    @project_or_group = project_or_group
     @params = params
   end
 
   def execute
-    protected_branches = project.limited_protected_branches(LIMIT)
+    protected_branches = if project_or_group.is_a?(Group)
+                           project_or_group.protected_branches
+                         else
+                           project_or_group.all_protected_branches
+                         end
+
+    protected_branches = protected_branches.limit(LIMIT)
     by_name(protected_branches)
   end
 
diff --git a/app/finders/security/jobs_finder.rb b/app/finders/security/jobs_finder.rb
index 6c2090e0509..ef5b63ccd1d 100644
--- a/app/finders/security/jobs_finder.rb
+++ b/app/finders/security/jobs_finder.rb
@@ -20,7 +20,7 @@ module Security
     end
 
     def initialize(pipeline:, job_types: [])
-      if self.instance_of?(Security::JobsFinder)
+      if instance_of?(Security::JobsFinder)
         raise NotImplementedError, 'This is an abstract class, please instantiate its descendants'
       end
 
diff --git a/app/finders/todos_finder.rb b/app/finders/todos_finder.rb
index 0bf31ea33dd..2bb233e1906 100644
--- a/app/finders/todos_finder.rb
+++ b/app/finders/todos_finder.rb
@@ -24,7 +24,7 @@ class TodosFinder
 
   NONE = '0'
 
-  TODO_TYPES = Set.new(%w[Issue WorkItem MergeRequest DesignManagement::Design AlertManagement::Alert]).freeze
+  TODO_TYPES = Set.new(%w[Issue WorkItem MergeRequest DesignManagement::Design AlertManagement::Alert Namespace Project]).freeze
 
   attr_accessor :current_user, :params
 
diff --git a/app/finders/work_items/work_items_finder.rb b/app/finders/work_items/work_items_finder.rb
index 62cca06bf5e..07010adcf0d 100644
--- a/app/finders/work_items/work_items_finder.rb
+++ b/app/finders/work_items/work_items_finder.rb
@@ -19,7 +19,7 @@ module WorkItems
     end
 
     def by_widgets(items)
-      WorkItems::Type.available_widgets.each do |widget_class|
+      WorkItems::WidgetDefinition.available_widgets.each do |widget_class|
         widget_filter = widget_filter_for(widget_class)
 
         next unless widget_filter