Add latest changes from gitlab-org/gitlab@master

9 files changed, 83 insertions, 74 deletions

diff --git a/qa/qa.rb b/qa/qa.rb
index dc9ef3ac464..fed2dbeade3 100644
--- a/qa/qa.rb
+++ b/qa/qa.rb
@@ -61,6 +61,7 @@ module QA
     autoload :KubernetesCluster, 'qa/resource/kubernetes_cluster'
     autoload :User, 'qa/resource/user'
     autoload :ProjectMilestone, 'qa/resource/project_milestone'
+    autoload :Members, 'qa/resource/members'
     autoload :Wiki, 'qa/resource/wiki'
     autoload :File, 'qa/resource/file'
     autoload :Fork, 'qa/resource/fork'
diff --git a/qa/qa/page/main/login.rb b/qa/qa/page/main/login.rb
index 65d83926f38..ca93663dba2 100644
--- a/qa/qa/page/main/login.rb
+++ b/qa/qa/page/main/login.rb
@@ -44,7 +44,7 @@ module QA
 
         def sign_in_using_credentials(user = nil)
           # Don't try to log-in if we're already logged-in
-          return if Page::Main::Menu.perform { |menu| menu.has_personal_area?(wait: 0) }
+          return if Page::Main::Menu.perform(&:signed_in?)
 
           using_wait_time 0 do
             set_initial_password_if_present
@@ -75,10 +75,7 @@ module QA
         end
 
         def sign_in_using_ldap_credentials(user)
-          # Log out if already logged in
-          Page::Main::Menu.perform do |menu|
-            menu.sign_out if menu.has_personal_area?(wait: 0)
-          end
+          Page::Main::Menu.perform(&:sign_out_if_signed_in)
 
           using_wait_time 0 do
             set_initial_password_if_present
@@ -149,7 +146,7 @@ module QA
         end
 
         def sign_out_and_sign_in_as(user:)
-          Menu.perform(&:sign_out)
+          Menu.perform(&:sign_out_if_signed_in)
           has_sign_in_tab?
           sign_in_using_credentials(user)
         end
diff --git a/qa/qa/page/main/menu.rb b/qa/qa/page/main/menu.rb
index 4676dc8d077..751b67d7695 100644
--- a/qa/qa/page/main/menu.rb
+++ b/qa/qa/page/main/menu.rb
@@ -55,6 +55,10 @@ module QA
           within_top_menu { click_element :admin_area_link }
         end
 
+        def signed_in?
+          has_personal_area?(wait: 0)
+        end
+
         def sign_out
           within_user_menu do
             click_element :sign_out_link
@@ -62,7 +66,7 @@ module QA
         end
 
         def sign_out_if_signed_in
-          sign_out if has_personal_area?(wait: 0)
+          sign_out if signed_in?
         end
 
         def click_settings_link
diff --git a/qa/qa/page/project/settings/protected_branches.rb b/qa/qa/page/project/settings/protected_branches.rb
index 1e707f1d315..d1d2f302013 100644
--- a/qa/qa/page/project/settings/protected_branches.rb
+++ b/qa/qa/page/project/settings/protected_branches.rb
@@ -25,6 +25,10 @@ module QA
             element :protected_branches_list
           end
 
+          view 'app/views/projects/protected_branches/shared/_create_protected_branch.html.haml' do
+            element :protect_button
+          end
+
           def select_branch(branch_name)
             click_element :protected_branch_select
 
@@ -33,40 +37,31 @@ module QA
             end
           end
 
-          def allow_no_one_to_push
-            go_to_allow(:push, 'No one')
-          end
-
-          def allow_devs_and_maintainers_to_push
-            go_to_allow(:push, 'Developers + Maintainers')
+          def select_allowed_to_merge(allowed)
+            select_allowed(:merge, allowed)
           end
 
-          # @deprecated
-          alias_method :allow_devs_and_masters_to_push, :allow_devs_and_maintainers_to_push
-
-          def allow_no_one_to_merge
-            go_to_allow(:merge, 'No one')
+          def select_allowed_to_push(allowed)
+            select_allowed(:push, allowed)
           end
 
-          def allow_devs_and_maintainers_to_merge
-            go_to_allow(:merge, 'Developers + Maintainers')
-          end
-
-          # @deprecated
-          alias_method :allow_devs_and_masters_to_merge, :allow_devs_and_maintainers_to_merge
-
           def protect_branch
-            click_on 'Protect'
+            click_element :protect_button
           end
 
           private
 
-          def go_to_allow(action, text)
+          def select_allowed(action, allowed)
             click_element :"allowed_to_#{action}_select"
 
+            allowed[:roles] = Resource::ProtectedBranch::Roles::NO_ONE unless allowed.key?(:roles)
+
             within_element(:"allowed_to_#{action}_dropdown") do
-              click_on text
+              click_on allowed[:roles]
             end
+
+            # Click the select element again to close the dropdown
+            click_element :protected_branch_select
           end
         end
       end
diff --git a/qa/qa/resource/group.rb b/qa/qa/resource/group.rb
index b5beba64c61..e11bd5728fb 100644
--- a/qa/qa/resource/group.rb
+++ b/qa/qa/resource/group.rb
@@ -3,6 +3,8 @@
 module QA
   module Resource
     class Group < Base
+      include Members
+
       attr_accessor :path, :description
 
       attribute :sandbox do
@@ -48,19 +50,10 @@ module QA
         super
       end
 
-      def add_member(user, access_level = '30')
-        # 30 = developer access
-        post Runtime::API::Request.new(api_client, api_members_path).url, { user_id: user.id, access_level: access_level }
-      end
-
       def api_get_path
         "/groups/#{CGI.escape("#{sandbox.path}/#{path}")}"
       end
 
-      def api_members_path
-        "#{api_get_path}/members"
-      end
-
       def api_post_path
         '/groups'
       end
diff --git a/qa/qa/resource/members.rb b/qa/qa/resource/members.rb
new file mode 100644
index 00000000000..d70a2907523
--- /dev/null
+++ b/qa/qa/resource/members.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module QA
+  module Resource
+    #
+    # Included in Resource::Project and Resource::Group to allow changes to
+    # project/group membership
+    #
+    module Members
+      def add_member(user, access_level = AccessLevel::DEVELOPER)
+        post Runtime::API::Request.new(api_client, api_members_path).url, { user_id: user.id, access_level: access_level }
+      end
+
+      def api_members_path
+        "#{api_get_path}/members"
+      end
+
+      class AccessLevel
+        NO_ACCESS  = 0
+        GUEST      = 10
+        REPORTER   = 20
+        DEVELOPER  = 30
+        MAINTAINER = 40
+        OWNER      = 50
+      end
+    end
+  end
+end
diff --git a/qa/qa/resource/project.rb b/qa/qa/resource/project.rb
index 2e49f69bd55..a0389390c83 100644
--- a/qa/qa/resource/project.rb
+++ b/qa/qa/resource/project.rb
@@ -6,6 +6,7 @@ module QA
   module Resource
     class Project < Base
       include Events::Project
+      include Members
 
       attr_writer :initialize_with_readme
       attr_writer :visibility
@@ -75,11 +76,6 @@ module QA
         super
       end
 
-      def add_member(user, access_level = '30')
-        # 30 = developer access
-        post Runtime::API::Request.new(api_client, api_members_path).url, { user_id: user.id, access_level: access_level }
-      end
-
       def api_get_path
         "/projects/#{CGI.escape(path_with_namespace)}"
       end
@@ -112,6 +108,10 @@ module QA
         post_body
       end
 
+      def share_with_group(invitee, access_level = Resource::Members::AccessLevel::DEVELOPER)
+        post Runtime::API::Request.new(api_client, "/projects/#{id}/share").url, { group_id: invitee.id, group_access: access_level }
+      end
+
       private
 
       def transform_api_resource(api_resource)
diff --git a/qa/qa/resource/protected_branch.rb b/qa/qa/resource/protected_branch.rb
index c27647cf3ce..f0cef624e0b 100644
--- a/qa/qa/resource/protected_branch.rb
+++ b/qa/qa/resource/protected_branch.rb
@@ -3,7 +3,7 @@
 module QA
   module Resource
     class ProtectedBranch < Base
-      attr_accessor :branch_name, :allow_to_push, :allow_to_merge, :protected
+      attr_accessor :branch_name, :allowed_to_push, :allowed_to_merge, :protected
 
       attribute :project do
         Project.fabricate_via_api! do |resource|
@@ -25,8 +25,12 @@ module QA
 
       def initialize
         @branch_name = 'test/branch'
-        @allow_to_push = true
-        @allow_to_merge = true
+        @allowed_to_push = {
+          roles: Resource::ProtectedBranch::Roles::DEVS_AND_MAINTAINERS
+        }
+        @allowed_to_merge = {
+          roles: Resource::ProtectedBranch::Roles::DEVS_AND_MAINTAINERS
+        }
         @protected = false
       end
 
@@ -35,29 +39,14 @@ module QA
 
         project.wait_for_push_new_branch @branch_name
 
-        # The upcoming process will make it access the Protected Branches page,
-        # select the already created branch and protect it according
-        # to `allow_to_push` variable.
-        return branch unless @protected
-
         project.visit!
         Page::Project::Menu.perform(&:go_to_repository_settings)
 
         Page::Project::Settings::Repository.perform do |setting|
           setting.expand_protected_branches do |page|
             page.select_branch(branch_name)
-
-            if allow_to_push
-              page.allow_devs_and_maintainers_to_push
-            else
-              page.allow_no_one_to_push
-            end
-
-            if allow_to_merge
-              page.allow_devs_and_maintainers_to_merge
-            else
-              page.allow_no_one_to_merge
-            end
+            page.select_allowed_to_merge(allowed_to_merge)
+            page.select_allowed_to_push(allowed_to_push)
 
             page.wait(reload: false) do
               !page.first('.btn-success').disabled?
@@ -79,6 +68,12 @@ module QA
       def api_delete_path
         "/projects/#{@project.api_resource[:id]}/protected_branches/#{@branch_name}"
       end
+
+      class Roles
+        NO_ONE = 'No one'
+        DEVS_AND_MAINTAINERS = 'Developers + Maintainers'
+        MAINTAINERS = 'Maintainers'
+      end
     end
   end
 end
diff --git a/qa/qa/specs/features/browser_ui/3_create/repository/push_protected_branch_spec.rb b/qa/qa/specs/features/browser_ui/3_create/repository/push_protected_branch_spec.rb
index dd80905d184..5d0f4b215f4 100644
--- a/qa/qa/specs/features/browser_ui/3_create/repository/push_protected_branch_spec.rb
+++ b/qa/qa/specs/features/browser_ui/3_create/repository/push_protected_branch_spec.rb
@@ -17,16 +17,11 @@ module QA
         Page::Main::Login.perform(&:sign_in_using_credentials)
       end
 
-      after do
-        # We need to clear localStorage because we're using it for the dropdown,
-        # and capybara doesn't do this for us.
-        # https://github.com/teamcapybara/capybara/issues/1702
-        Capybara.execute_script 'localStorage.clear()'
-      end
-
       context 'when developers and maintainers are allowed to push to a protected branch' do
         it 'user with push rights successfully pushes to the protected branch' do
-          create_protected_branch(allow_to_push: true)
+          create_protected_branch(allowed_to_push: {
+            roles: Resource::ProtectedBranch::Roles::DEVS_AND_MAINTAINERS
+          })
 
           push = push_new_file(branch_name)
 
@@ -36,18 +31,19 @@ module QA
 
       context 'when developers and maintainers are not allowed to push to a protected branch' do
         it 'user without push rights fails to push to the protected branch' do
-          create_protected_branch(allow_to_push: false)
+          create_protected_branch(allowed_to_push: {
+            roles: Resource::ProtectedBranch::Roles::NO_ONE
+          })
 
           expect { push_new_file(branch_name) }.to raise_error(QA::Git::Repository::RepositoryCommandError, /remote: GitLab: You are not allowed to push code to protected branches on this project\.([\s\S]+)\[remote rejected\] #{branch_name} -> #{branch_name} \(pre-receive hook declined\)/)
         end
       end
 
-      def create_protected_branch(allow_to_push:)
+      def create_protected_branch(allowed_to_push:)
         Resource::ProtectedBranch.fabricate! do |resource|
           resource.branch_name = branch_name
           resource.project = project
-          resource.allow_to_push = allow_to_push
-          resource.protected = true
+          resource.allowed_to_push = allowed_to_push
         end
       end