Add latest changes from gitlab-org/gitlab@master

6 files changed, 8 insertions, 9 deletions

diff --git a/app/assets/stylesheets/framework/filters.scss b/app/assets/stylesheets/framework/filters.scss
index 5984efd1cf8..a669e004d3a 100644
--- a/app/assets/stylesheets/framework/filters.scss
+++ b/app/assets/stylesheets/framework/filters.scss
@@ -249,7 +249,7 @@
 }
 
 .filtered-search-input-dropdown-menu {
-  max-height: $dropdown-max-height;
+  max-height: $dropdown-max-height-lg;
   max-width: 280px;
   overflow: auto;
 
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 8d388151dbc..0bb5933327d 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -23,6 +23,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
 
   before_action do
     push_frontend_feature_flag(:vue_issuable_sidebar, @project.group)
+    push_frontend_feature_flag(:release_search_filter, @project)
   end
 
   around_action :allow_gitaly_ref_name_caching, only: [:index, :show, :discussions]
diff --git a/app/models/user.rb b/app/models/user.rb
index c0d73cb435c..07cd8431d1a 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1454,7 +1454,7 @@ class User < ApplicationRecord
   # Does the user have access to all private groups & projects?
   # Overridden in EE to also check auditor?
   def full_private_access?
-    admin?
+    can?(:read_all_resources)
   end
 
   def update_two_factor_requirement
diff --git a/app/policies/base_policy.rb b/app/policies/base_policy.rb
index 18c23cbd13a..8f5c6957a20 100644
--- a/app/policies/base_policy.rb
+++ b/app/policies/base_policy.rb
@@ -21,10 +21,6 @@ class BasePolicy < DeclarativePolicy::Base
   with_options scope: :user, score: 0
   condition(:deactivated) { @user&.deactivated? }
 
-  desc "User has access to all private groups & projects"
-  with_options scope: :user, score: 0
-  condition(:full_private_access) { @user&.full_private_access? }
-
   with_options scope: :user, score: 0
   condition(:external_user) { @user.nil? || @user.external? }
 
@@ -40,10 +36,12 @@ class BasePolicy < DeclarativePolicy::Base
     ::Gitlab::ExternalAuthorization.perform_check?
   end
 
-  rule { external_authorization_enabled & ~full_private_access }.policy do
+  rule { external_authorization_enabled & ~can?(:read_all_resources) }.policy do
     prevent :read_cross_project
   end
 
+  rule { admin }.enable :read_all_resources
+
   rule { default }.enable :read_cross_project
 end
 
diff --git a/app/policies/personal_snippet_policy.rb b/app/policies/personal_snippet_policy.rb
index 40dd49b4afd..67c66e42d79 100644
--- a/app/policies/personal_snippet_policy.rb
+++ b/app/policies/personal_snippet_policy.rb
@@ -30,5 +30,5 @@ class PersonalSnippetPolicy < BasePolicy
 
   rule { can?(:create_note) }.enable :award_emoji
 
-  rule { full_private_access }.enable :read_personal_snippet
+  rule { can?(:read_all_resources) }.enable :read_personal_snippet
 end
diff --git a/app/policies/project_snippet_policy.rb b/app/policies/project_snippet_policy.rb
index 2a3e4ca174b..d9d09eb04cd 100644
--- a/app/policies/project_snippet_policy.rb
+++ b/app/policies/project_snippet_policy.rb
@@ -28,7 +28,7 @@ class ProjectSnippetPolicy < BasePolicy
     all?(private_snippet | (internal_snippet & external_user),
          ~project.guest,
          ~is_author,
-         ~full_private_access)
+         ~can?(:read_all_resources))
   end.prevent :read_project_snippet
 
   rule { internal_snippet & ~is_author & ~admin }.policy do