Merge branch 'adam-fix-labels-find-or-create' into 'master'

Pass user instance to Labels::FindOrCreateService or skip_authorization: true

## What does this MR do?

It fixes a bug described in #23694 when `project.owner` was passed to `Labels::FindOrCreateService`. `Labels::FindOrCreateService` expected a user instance and `project.owner` may return a group as well. This MR makes sure that we either pass a user instance or `skip_authorization: true`.

## Are there points in the code the reviewer needs to double check?

- places where we pass `skip_authorization: true`

## Does this MR meet the acceptance criteria?

- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?

Fixes #23694

See merge request !7093

3 files changed, 15 insertions, 13 deletions

diff --git a/app/finders/labels_finder.rb b/app/finders/labels_finder.rb
index 44484d64567..865f093f04a 100644
--- a/app/finders/labels_finder.rb
+++ b/app/finders/labels_finder.rb
@@ -4,9 +4,8 @@ class LabelsFinder < UnionFinder
     @params = params
   end
 
-  def execute(authorized_only: true)
-    @authorized_only = authorized_only
-
+  def execute(skip_authorization: false)
+    @skip_authorization = skip_authorization
     items = find_union(label_ids, Label)
     items = with_title(items)
     sort(items)
@@ -14,7 +13,7 @@ class LabelsFinder < UnionFinder
 
   private
 
-  attr_reader :current_user, :params, :authorized_only
+  attr_reader :current_user, :params, :skip_authorization
 
   def label_ids
     label_ids = []
@@ -70,17 +69,17 @@ class LabelsFinder < UnionFinder
   end
 
   def find_project
-    if authorized_only
-      available_projects.find_by(id: project_id)
-    else
+    if skip_authorization
       Project.find_by(id: project_id)
+    else
+      available_projects.find_by(id: project_id)
     end
   end
 
   def projects
     return @projects if defined?(@projects)
 
-    @projects = authorized_only ? available_projects : Project.all
+    @projects = skip_authorization ? Project.all : available_projects
     @projects = @projects.in_namespace(group_id) if group_id
     @projects = @projects.where(id: projects_ids) if projects_ids
     @projects = @projects.reorder(nil)
diff --git a/app/models/project.rb b/app/models/project.rb
index fbf7012972e..ae57815c620 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -738,7 +738,7 @@ class Project < ActiveRecord::Base
   def create_labels
     Label.templates.each do |label|
       params = label.attributes.except('id', 'template', 'created_at', 'updated_at')
-      Labels::FindOrCreateService.new(owner, self, params).execute
+      Labels::FindOrCreateService.new(nil, self, params).execute(skip_authorization: true)
     end
   end
 
diff --git a/app/services/labels/find_or_create_service.rb b/app/services/labels/find_or_create_service.rb
index 74291312c4e..d622f9edd33 100644
--- a/app/services/labels/find_or_create_service.rb
+++ b/app/services/labels/find_or_create_service.rb
@@ -2,21 +2,24 @@ module Labels
   class FindOrCreateService
     def initialize(current_user, project, params = {})
       @current_user = current_user
-      @group = project.group
       @project = project
       @params = params.dup
     end
 
-    def execute
+    def execute(skip_authorization: false)
+      @skip_authorization = skip_authorization
       find_or_create_label
     end
 
     private
 
-    attr_reader :current_user, :group, :project, :params
+    attr_reader :current_user, :project, :params, :skip_authorization
 
     def available_labels
-      @available_labels ||= LabelsFinder.new(current_user, project_id: project.id).execute
+      @available_labels ||= LabelsFinder.new(
+        current_user,
+        project_id: project.id
+      ).execute(skip_authorization: skip_authorization)
     end
 
     def find_or_create_label