Add latest changes from gitlab-org/security/gitlab@14-5-stable-ee

3 files changed, 73 insertions, 3 deletions

diff --git a/spec/lib/api/entities/user_spec.rb b/spec/lib/api/entities/user_spec.rb
index 9c9a157d68a..14dc60e1a5f 100644
--- a/spec/lib/api/entities/user_spec.rb
+++ b/spec/lib/api/entities/user_spec.rb
@@ -12,7 +12,7 @@ RSpec.describe API::Entities::User do
   subject { entity.as_json }
 
   it 'exposes correct attributes' do
-    expect(subject).to include(:bio, :location, :public_email, :skype, :linkedin, :twitter, :website_url, :organization, :job_title, :work_information, :pronouns)
+    expect(subject).to include(:name, :bio, :location, :public_email, :skype, :linkedin, :twitter, :website_url, :organization, :job_title, :work_information, :pronouns)
   end
 
   it 'exposes created_at if the current user can read the user profile' do
@@ -31,12 +31,51 @@ RSpec.describe API::Entities::User do
     expect(subject[:bot]).to be_falsey
   end
 
-  context 'with bot user' do
-    let(:user) { create(:user, :security_bot) }
+  context 'with project bot user' do
+    let(:project) { create(:project) }
+    let(:user) { create(:user, :project_bot, name: 'secret') }
+
+    before do
+      project.add_maintainer(user)
+    end
 
     it 'exposes user as a bot' do
       expect(subject[:bot]).to eq(true)
     end
+
+    context 'when the requester is not an admin' do
+      it 'does not expose project bot user name' do
+        expect(subject[:name]).to eq('****')
+      end
+    end
+
+    context 'when the requester is nil' do
+      let(:current_user) { nil }
+
+      it 'does not expose project bot user name' do
+        expect(subject[:name]).to eq('****')
+      end
+    end
+
+    context 'when the requester is a project maintainer' do
+      let(:current_user) { create(:user) }
+
+      before do
+        project.add_maintainer(current_user)
+      end
+
+      it 'exposes project bot user name' do
+        expect(subject[:name]).to eq('secret')
+      end
+    end
+
+    context 'when the requester is an admin' do
+      let(:current_user) { create(:user, :admin) }
+
+      it 'exposes project bot user name', :enable_admin_mode do
+        expect(subject[:name]).to eq('secret')
+      end
+    end
   end
 
   it 'exposes local_time' do
diff --git a/spec/lib/gitlab/git_access_wiki_spec.rb b/spec/lib/gitlab/git_access_wiki_spec.rb
index 5ada8a6ef40..27175dc8c44 100644
--- a/spec/lib/gitlab/git_access_wiki_spec.rb
+++ b/spec/lib/gitlab/git_access_wiki_spec.rb
@@ -79,5 +79,30 @@ RSpec.describe Gitlab::GitAccessWiki do
         let(:message) { include('wiki') }
       end
     end
+
+    context 'when the actor is a deploy token' do
+      let_it_be(:actor) { create(:deploy_token, projects: [project]) }
+      let_it_be(:user) { actor }
+
+      before do
+        project.project_feature.update_attribute(:wiki_access_level, wiki_access_level)
+      end
+
+      subject { access.check('git-upload-pack', changes) }
+
+      context 'when the wiki is enabled' do
+        let(:wiki_access_level) { ProjectFeature::ENABLED }
+
+        it { expect { subject }.not_to raise_error }
+      end
+
+      context 'when the wiki is disabled' do
+        let(:wiki_access_level) { ProjectFeature::DISABLED }
+
+        it_behaves_like 'forbidden git access' do
+          let(:message) { 'You are not allowed to download files from this wiki.' }
+        end
+      end
+    end
   end
 end
diff --git a/spec/lib/sidebars/projects/menus/analytics_menu_spec.rb b/spec/lib/sidebars/projects/menus/analytics_menu_spec.rb
index 9d5f029fff5..6f2ca719bc9 100644
--- a/spec/lib/sidebars/projects/menus/analytics_menu_spec.rb
+++ b/spec/lib/sidebars/projects/menus/analytics_menu_spec.rb
@@ -102,6 +102,12 @@ RSpec.describe Sidebars::Projects::Menus::AnalyticsMenu do
         specify { is_expected.to be_nil }
       end
 
+      describe 'when a user does not have access to repository graphs' do
+        let(:current_user) { guest }
+
+        specify { is_expected.to be_nil }
+      end
+
       describe 'when the user does not have access' do
         let(:current_user) { nil }