Merge remote-tracking branch 'upstream/master' into 25680-CI_ENVIRONMENT_URL

* upstream/master: (251 commits)
  Don't match email addresses or foo@bar as user references
  Revert "Update GITLAB_SHELL_VERSION"
  Update GITLAB_SHELL_VERSION
  Add feature toggles through Flipper
  Change no_limits to limits
  Move includes call to scope
  Add GitLab Resources to University
  Add Documentation for GIT_CHECKOUT variable
  Remove entry variable
  Do not try to preload Commits when using Note.includes(:noteable)
  Ui improvements for count badges and permission badges
  Rename the other jobs
  Update jobs_spec for changes from builds_spec
  Introduce source to pipeline entity
  Update docs related to protected actions
  Add changelog for protected branches abilities fix
  Ask for an example project for bug reports
  Center loading spinner in issuable filters
  Fix chat commands specs related to protected actions
  Fix builds controller specs related to protected actions
  ...

16 files changed, 243 insertions, 286 deletions

diff --git a/spec/models/blob_viewer/base_spec.rb b/spec/models/blob_viewer/base_spec.rb
index 92fbf64a6b7..d56379eb59d 100644
--- a/spec/models/blob_viewer/base_spec.rb
+++ b/spec/models/blob_viewer/base_spec.rb
@@ -11,8 +11,8 @@ describe BlobViewer::Base, model: true do
 
       self.extensions = %w(pdf)
       self.binary = true
-      self.overridable_max_size = 1.megabyte
-      self.max_size = 5.megabytes
+      self.collapse_limit = 1.megabyte
+      self.size_limit = 5.megabytes
     end
   end
 
@@ -69,77 +69,49 @@ describe BlobViewer::Base, model: true do
     end
   end
 
-  describe '#exceeds_overridable_max_size?' do
-    context 'when the blob size is larger than the overridable max size' do
+  describe '#collapsed?' do
+    context 'when the blob size is larger than the collapse limit' do
       let(:blob) { fake_blob(path: 'file.pdf', size: 2.megabytes) }
 
       it 'returns true' do
-        expect(viewer.exceeds_overridable_max_size?).to be_truthy
+        expect(viewer.collapsed?).to be_truthy
       end
     end
 
-    context 'when the blob size is smaller than the overridable max size' do
+    context 'when the blob size is smaller than the collapse limit' do
       let(:blob) { fake_blob(path: 'file.pdf', size: 10.kilobytes) }
 
       it 'returns false' do
-        expect(viewer.exceeds_overridable_max_size?).to be_falsey
+        expect(viewer.collapsed?).to be_falsey
       end
     end
   end
 
-  describe '#exceeds_max_size?' do
-    context 'when the blob size is larger than the max size' do
+  describe '#too_large?' do
+    context 'when the blob size is larger than the size limit' do
       let(:blob) { fake_blob(path: 'file.pdf', size: 10.megabytes) }
 
       it 'returns true' do
-        expect(viewer.exceeds_max_size?).to be_truthy
+        expect(viewer.too_large?).to be_truthy
       end
     end
 
-    context 'when the blob size is smaller than the max size' do
+    context 'when the blob size is smaller than the size limit' do
       let(:blob) { fake_blob(path: 'file.pdf', size: 2.megabytes) }
 
       it 'returns false' do
-        expect(viewer.exceeds_max_size?).to be_falsey
-      end
-    end
-  end
-
-  describe '#can_override_max_size?' do
-    context 'when the blob size is larger than the overridable max size' do
-      context 'when the blob size is larger than the max size' do
-        let(:blob) { fake_blob(path: 'file.pdf', size: 10.megabytes) }
-
-        it 'returns false' do
-          expect(viewer.can_override_max_size?).to be_falsey
-        end
-      end
-
-      context 'when the blob size is smaller than the max size' do
-        let(:blob) { fake_blob(path: 'file.pdf', size: 2.megabytes) }
-
-        it 'returns true' do
-          expect(viewer.can_override_max_size?).to be_truthy
-        end
-      end
-    end
-
-    context 'when the blob size is smaller than the overridable max size' do
-      let(:blob) { fake_blob(path: 'file.pdf', size: 10.kilobytes) }
-
-      it 'returns false' do
-        expect(viewer.can_override_max_size?).to be_falsey
+        expect(viewer.too_large?).to be_falsey
       end
     end
   end
 
   describe '#render_error' do
-    context 'when the max size is overridden' do
+    context 'when expanded' do
       before do
-        viewer.override_max_size = true
+        viewer.expanded = true
       end
 
-      context 'when the blob size is larger than the max size' do
+      context 'when the blob size is larger than the size limit' do
         let(:blob) { fake_blob(path: 'file.pdf', size: 10.megabytes) }
 
         it 'returns :too_large' do
@@ -147,7 +119,7 @@ describe BlobViewer::Base, model: true do
         end
       end
 
-      context 'when the blob size is smaller than the max size' do
+      context 'when the blob size is smaller than the size limit' do
         let(:blob) { fake_blob(path: 'file.pdf', size: 2.megabytes) }
 
         it 'returns nil' do
@@ -156,16 +128,16 @@ describe BlobViewer::Base, model: true do
       end
     end
 
-    context 'when the max size is not overridden' do
-      context 'when the blob size is larger than the overridable max size' do
+    context 'when not expanded' do
+      context 'when the blob size is larger than the collapse limit' do
         let(:blob) { fake_blob(path: 'file.pdf', size: 2.megabytes) }
 
-        it 'returns :too_large' do
-          expect(viewer.render_error).to eq(:too_large)
+        it 'returns :collapsed' do
+          expect(viewer.render_error).to eq(:collapsed)
         end
       end
 
-      context 'when the blob size is smaller than the overridable max size' do
+      context 'when the blob size is smaller than the collapse limit' do
         let(:blob) { fake_blob(path: 'file.pdf', size: 10.kilobytes) }
 
         it 'returns nil' do
diff --git a/spec/models/ci/pipeline_schedule_spec.rb b/spec/models/ci/pipeline_schedule_spec.rb
index 822b98c5f6c..b00e7a73571 100644
--- a/spec/models/ci/pipeline_schedule_spec.rb
+++ b/spec/models/ci/pipeline_schedule_spec.rb
@@ -25,6 +25,14 @@ describe Ci::PipelineSchedule, models: true do
 
       expect(pipeline_schedule).not_to be_valid
     end
+
+    context 'when active is false' do
+      it 'does not allow nullified ref' do
+        pipeline_schedule = build(:ci_pipeline_schedule, :inactive, ref: nil)
+
+        expect(pipeline_schedule).not_to be_valid
+      end
+    end
   end
 
   describe '#set_next_run_at' do
diff --git a/spec/models/ci/pipeline_spec.rb b/spec/models/ci/pipeline_spec.rb
index c8023dc13b1..ae1b01b76ab 100644
--- a/spec/models/ci/pipeline_spec.rb
+++ b/spec/models/ci/pipeline_spec.rb
@@ -21,13 +21,35 @@ describe Ci::Pipeline, models: true do
   it { is_expected.to have_many(:auto_canceled_pipelines) }
   it { is_expected.to have_many(:auto_canceled_jobs) }
 
-  it { is_expected.to validate_presence_of :sha }
-  it { is_expected.to validate_presence_of :status }
+  it { is_expected.to validate_presence_of(:sha) }
+  it { is_expected.to validate_presence_of(:status) }
 
   it { is_expected.to respond_to :git_author_name }
   it { is_expected.to respond_to :git_author_email }
   it { is_expected.to respond_to :short_sha }
 
+  describe '#source' do
+    context 'when creating new pipeline' do
+      let(:pipeline) do
+        build(:ci_empty_pipeline, status: :created, project: project, source: nil)
+      end
+
+      it "prevents from creating an object" do
+        expect(pipeline).not_to be_valid
+      end
+    end
+
+    context 'when updating existing pipeline' do
+      before do
+        pipeline.update_attribute(:source, nil)
+      end
+
+      it "object is valid" do
+        expect(pipeline).to be_valid
+      end
+    end
+  end
+
   describe '#block' do
     it 'changes pipeline status to manual' do
       expect(pipeline.block).to be true
diff --git a/spec/models/concerns/routable_spec.rb b/spec/models/concerns/routable_spec.rb
index 49a4132f763..0e10d91836d 100644
--- a/spec/models/concerns/routable_spec.rb
+++ b/spec/models/concerns/routable_spec.rb
@@ -115,123 +115,6 @@ describe Group, 'Routable' do
     end
   end
 
-  describe '.member_descendants' do
-    let!(:user) { create(:user) }
-    let!(:nested_group) { create(:group, parent: group) }
-
-    before { group.add_owner(user) }
-    subject { described_class.member_descendants(user.id) }
-
-    it { is_expected.to eq([nested_group]) }
-  end
-
-  describe '.member_self_and_descendants' do
-    let!(:user) { create(:user) }
-    let!(:nested_group) { create(:group, parent: group) }
-
-    before { group.add_owner(user) }
-    subject { described_class.member_self_and_descendants(user.id) }
-
-    it { is_expected.to match_array [group, nested_group] }
-  end
-
-  describe '.member_hierarchy' do
-    # foo/bar would also match foo/barbaz instead of just foo/bar and foo/bar/baz
-    let!(:user) { create(:user) }
-
-    #                group
-    #        _______ (foo) _______
-    #       |                     |
-    #       |                     |
-    # nested_group_1        nested_group_2
-    # (bar)                 (barbaz)
-    #       |                     |
-    #       |                     |
-    # nested_group_1_1      nested_group_2_1
-    # (baz)                 (baz)
-    #
-    let!(:nested_group_1) { create :group, parent: group, name: 'bar' }
-    let!(:nested_group_1_1) { create :group, parent: nested_group_1, name: 'baz' }
-    let!(:nested_group_2) { create :group, parent: group, name: 'barbaz' }
-    let!(:nested_group_2_1) { create :group, parent: nested_group_2, name: 'baz' }
-
-    context 'user is not a member of any group' do
-      subject { described_class.member_hierarchy(user.id) }
-
-      it 'returns an empty array' do
-        is_expected.to eq []
-      end
-    end
-
-    context 'user is member of all groups' do
-      before do
-        group.add_owner(user)
-        nested_group_1.add_owner(user)
-        nested_group_1_1.add_owner(user)
-        nested_group_2.add_owner(user)
-        nested_group_2_1.add_owner(user)
-      end
-      subject { described_class.member_hierarchy(user.id) }
-
-      it 'returns all groups' do
-        is_expected.to match_array [
-          group,
-          nested_group_1, nested_group_1_1,
-          nested_group_2, nested_group_2_1
-        ]
-      end
-    end
-
-    context 'user is member of the top group' do
-      before { group.add_owner(user) }
-      subject { described_class.member_hierarchy(user.id) }
-
-      it 'returns all groups' do
-        is_expected.to match_array [
-          group,
-          nested_group_1, nested_group_1_1,
-          nested_group_2, nested_group_2_1
-        ]
-      end
-    end
-
-    context 'user is member of the first child (internal node), branch 1' do
-      before { nested_group_1.add_owner(user) }
-      subject { described_class.member_hierarchy(user.id) }
-
-      it 'returns the groups in the hierarchy' do
-        is_expected.to match_array [
-          group,
-          nested_group_1, nested_group_1_1
-        ]
-      end
-    end
-
-    context 'user is member of the first child (internal node), branch 2' do
-      before { nested_group_2.add_owner(user) }
-      subject { described_class.member_hierarchy(user.id) }
-
-      it 'returns the groups in the hierarchy' do
-        is_expected.to match_array [
-          group,
-          nested_group_2, nested_group_2_1
-        ]
-      end
-    end
-
-    context 'user is member of the last child (leaf node)' do
-      before { nested_group_1_1.add_owner(user) }
-      subject { described_class.member_hierarchy(user.id) }
-
-      it 'returns the groups in the hierarchy' do
-        is_expected.to match_array [
-          group,
-          nested_group_1, nested_group_1_1
-        ]
-      end
-    end
-  end
-
   describe '#full_path' do
     let(:group) { create(:group) }
     let(:nested_group) { create(:group, parent: group) }
diff --git a/spec/models/environment_spec.rb b/spec/models/environment_spec.rb
index 12519de8636..9fbe19b04d5 100644
--- a/spec/models/environment_spec.rb
+++ b/spec/models/environment_spec.rb
@@ -227,7 +227,10 @@ describe Environment, models: true do
 
       context 'when user is allowed to stop environment' do
         before do
-          project.add_master(user)
+          project.add_developer(user)
+
+          create(:protected_branch, :developers_can_merge,
+                 name: 'master', project: project)
         end
 
         context 'when action did not yet finish' do
diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb
index 6ca1eb0374d..316bf153660 100644
--- a/spec/models/group_spec.rb
+++ b/spec/models/group_spec.rb
@@ -340,7 +340,7 @@ describe Group, models: true do
     it { expect(subject.parent).to be_kind_of(Group) }
   end
 
-  describe '#members_with_parents' do
+  describe '#members_with_parents', :nested_groups do
     let!(:group) { create(:group, :nested) }
     let!(:master) { group.parent.add_user(create(:user), GroupMember::MASTER) }
     let!(:developer) { group.add_user(create(:user), GroupMember::DEVELOPER) }
diff --git a/spec/models/members/project_member_spec.rb b/spec/models/members/project_member_spec.rb
index 87ea2e70680..cf9c701e8c5 100644
--- a/spec/models/members/project_member_spec.rb
+++ b/spec/models/members/project_member_spec.rb
@@ -22,16 +22,15 @@ describe ProjectMember, models: true do
   end
 
   describe '.add_user' do
-    context 'when called with the project owner' do
-      it 'adds the user as a member' do
-        project = create(:empty_project)
+    it 'adds the user as a member' do
+      user = create(:user)
+      project = create(:empty_project)
 
-        expect(project.users).not_to include(project.owner)
+      expect(project.users).not_to include(user)
 
-        described_class.add_user(project, project.owner, :master, current_user: project.owner)
+      described_class.add_user(project, user, :master, current_user: project.owner)
 
-        expect(project.users.reload).to include(project.owner)
-      end
+      expect(project.users.reload).to include(user)
     end
   end
 
diff --git a/spec/models/merge_request_spec.rb b/spec/models/merge_request_spec.rb
index 712470d6bf5..58f273ade28 100644
--- a/spec/models/merge_request_spec.rb
+++ b/spec/models/merge_request_spec.rb
@@ -238,10 +238,10 @@ describe MergeRequest, models: true do
     end
 
     context 'when there are no MR diffs' do
-      it 'delegates to the compare object, setting no_collapse: true' do
+      it 'delegates to the compare object, setting expanded: true' do
         merge_request.compare = double(:compare)
 
-        expect(merge_request.compare).to receive(:diffs).with(options.merge(no_collapse: true))
+        expect(merge_request.compare).to receive(:diffs).with(options.merge(expanded: true))
 
         merge_request.diffs(options)
       end
diff --git a/spec/models/milestone_spec.rb b/spec/models/milestone_spec.rb
index e3e8e6d571c..aa1ce89ffd7 100644
--- a/spec/models/milestone_spec.rb
+++ b/spec/models/milestone_spec.rb
@@ -249,4 +249,17 @@ describe Milestone, models: true do
       expect(milestone.to_reference(another_project)).to eq "sample-project%1"
     end
   end
+
+  describe '#participants' do
+    let(:project) { build(:empty_project, name: 'sample-project') }
+    let(:milestone) { build(:milestone, iid: 1, project: project) }
+
+    it 'returns participants without duplicates' do
+      user = create :user
+      create :issue, project: project, milestone: milestone, assignees: [user]
+      create :issue, project: project, milestone: milestone, assignees: [user]
+
+      expect(milestone.participants).to eq [user]
+    end
+  end
 end
diff --git a/spec/models/namespace_spec.rb b/spec/models/namespace_spec.rb
index ff5e7c350aa..0e74f1ab1bd 100644
--- a/spec/models/namespace_spec.rb
+++ b/spec/models/namespace_spec.rb
@@ -287,21 +287,21 @@ describe Namespace, models: true do
     end
   end
 
-  describe '#ancestors' do
+  describe '#ancestors', :nested_groups do
     let(:group) { create(:group) }
     let(:nested_group) { create(:group, parent: group) }
     let(:deep_nested_group) { create(:group, parent: nested_group) }
     let(:very_deep_nested_group) { create(:group, parent: deep_nested_group) }
 
     it 'returns the correct ancestors' do
-      expect(very_deep_nested_group.ancestors).to eq([group, nested_group, deep_nested_group])
-      expect(deep_nested_group.ancestors).to eq([group, nested_group])
-      expect(nested_group.ancestors).to eq([group])
+      expect(very_deep_nested_group.ancestors).to include(group, nested_group, deep_nested_group)
+      expect(deep_nested_group.ancestors).to include(group, nested_group)
+      expect(nested_group.ancestors).to include(group)
       expect(group.ancestors).to eq([])
     end
   end
 
-  describe '#descendants' do
+  describe '#descendants', :nested_groups do
     let!(:group) { create(:group, path: 'git_lab') }
     let!(:nested_group) { create(:group, parent: group) }
     let!(:deep_nested_group) { create(:group, parent: nested_group) }
@@ -311,9 +311,9 @@ describe Namespace, models: true do
 
     it 'returns the correct descendants' do
       expect(very_deep_nested_group.descendants.to_a).to eq([])
-      expect(deep_nested_group.descendants.to_a).to eq([very_deep_nested_group])
-      expect(nested_group.descendants.to_a).to eq([deep_nested_group, very_deep_nested_group])
-      expect(group.descendants.to_a).to eq([nested_group, deep_nested_group, very_deep_nested_group])
+      expect(deep_nested_group.descendants.to_a).to include(very_deep_nested_group)
+      expect(nested_group.descendants.to_a).to include(deep_nested_group, very_deep_nested_group)
+      expect(group.descendants.to_a).to include(nested_group, deep_nested_group, very_deep_nested_group)
     end
   end
 
diff --git a/spec/models/project_group_link_spec.rb b/spec/models/project_group_link_spec.rb
index 9b711bfc007..4161b9158b1 100644
--- a/spec/models/project_group_link_spec.rb
+++ b/spec/models/project_group_link_spec.rb
@@ -23,7 +23,7 @@ describe ProjectGroupLink do
       expect(project_group_link).not_to be_valid
     end
 
-    it "doesn't allow a project to be shared with an ancestor of the group it is in" do
+    it "doesn't allow a project to be shared with an ancestor of the group it is in", :nested_groups do
       project_group_link.group = parent_group
 
       expect(project_group_link).not_to be_valid
diff --git a/spec/models/project_services/jira_service_spec.rb b/spec/models/project_services/jira_service_spec.rb
index 349067e73ab..1920b5bf42b 100644
--- a/spec/models/project_services/jira_service_spec.rb
+++ b/spec/models/project_services/jira_service_spec.rb
@@ -133,6 +133,7 @@ describe JiraService, models: true do
       allow(JIRA::Resource::Issue).to receive(:find).and_return(open_issue, closed_issue)
 
       allow_any_instance_of(JIRA::Resource::Issue).to receive(:key).and_return("JIRA-123")
+      allow(JIRA::Resource::Remotelink).to receive(:all).and_return([])
 
       @jira_service.save
 
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index f2b4e9070b4..da1b29a2bda 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -948,6 +948,20 @@ describe Project, models: true do
     end
   end
 
+  describe '.starred_by' do
+    it 'returns only projects starred by the given user' do
+      user1 = create(:user)
+      user2 = create(:user)
+      project1 = create(:empty_project)
+      project2 = create(:empty_project)
+      create(:empty_project)
+      user1.toggle_star(project1)
+      user2.toggle_star(project2)
+
+      expect(Project.starred_by(user1)).to contain_exactly(project1)
+    end
+  end
+
   describe '.visible_to_user' do
     let!(:project) { create(:empty_project, :private) }
     let!(:user)    { create(:user) }
@@ -1431,6 +1445,31 @@ describe Project, models: true do
     end
   end
 
+  describe 'Project import job' do
+    let(:project) { create(:empty_project) }
+    let(:mirror) { false }
+
+    before do
+      allow_any_instance_of(Gitlab::Shell).to receive(:import_repository)
+        .with(project.repository_storage_path, project.path_with_namespace, project.import_url)
+        .and_return(true)
+
+      allow(project).to receive(:repository_exists?).and_return(true)
+
+      expect_any_instance_of(Repository).to receive(:after_import)
+        .and_call_original
+    end
+
+    it 'imports a project' do
+      expect_any_instance_of(RepositoryImportWorker).to receive(:perform).and_call_original
+
+      project.import_start
+      project.add_import_job
+
+      expect(project.reload.import_status).to eq('finished')
+    end
+  end
+
   describe '#latest_successful_builds_for' do
     def create_pipeline(status = 'success')
       create(:ci_pipeline, project: project,
@@ -1884,19 +1923,9 @@ describe Project, models: true do
   describe '#http_url_to_repo' do
     let(:project) { create :empty_project }
 
-    context 'when no user is given' do
-      it 'returns the url to the repo without a username' do
-        expect(project.http_url_to_repo).to eq("#{project.web_url}.git")
-        expect(project.http_url_to_repo).not_to include('@')
-      end
-    end
-
-    context 'when user is given' do
-      it 'returns the url to the repo with the username' do
-        user = build_stubbed(:user)
-
-        expect(project.http_url_to_repo(user)).to start_with("http://#{user.username}@")
-      end
+    it 'returns the url to the repo without a username' do
+      expect(project.http_url_to_repo).to eq("#{project.web_url}.git")
+      expect(project.http_url_to_repo).not_to include('@')
     end
   end
 
diff --git a/spec/models/project_team_spec.rb b/spec/models/project_team_spec.rb
index 942eeab251d..fb2d5f60009 100644
--- a/spec/models/project_team_spec.rb
+++ b/spec/models/project_team_spec.rb
@@ -81,7 +81,7 @@ describe ProjectTeam, models: true do
         user = create(:user)
         project.add_guest(user)
 
-        expect(project.team.members).to contain_exactly(user)
+        expect(project.team.members).to contain_exactly(user, project.owner)
       end
 
       it 'returns project members of a specified level' do
@@ -100,7 +100,8 @@ describe ProjectTeam, models: true do
           group_access: Gitlab::Access::GUEST
         )
 
-        expect(project.team.members).to contain_exactly(group_member.user)
+        expect(project.team.members).
+          to contain_exactly(group_member.user, project.owner)
       end
 
       it 'returns invited members of a group of a specified level' do
@@ -137,7 +138,10 @@ describe ProjectTeam, models: true do
 
   describe '#find_member' do
     context 'personal project' do
-      let(:project) { create(:empty_project, :public, :access_requestable) }
+      let(:project) do
+        create(:empty_project, :public, :access_requestable)
+      end
+
       let(:requester) { create(:user) }
 
       before do
@@ -200,7 +204,9 @@ describe ProjectTeam, models: true do
     let(:requester) { create(:user) }
 
     context 'personal project' do
-      let(:project) { create(:empty_project, :public, :access_requestable) }
+      let(:project) do
+        create(:empty_project, :public, :access_requestable)
+      end
 
       context 'when project is not shared with group' do
         before do
@@ -244,7 +250,9 @@ describe ProjectTeam, models: true do
 
     context 'group project' do
       let(:group) { create(:group, :access_requestable) }
-      let!(:project) { create(:empty_project, group: group) }
+      let!(:project) do
+        create(:empty_project, group: group)
+      end
 
       before do
         group.add_master(master)
@@ -265,8 +273,15 @@ describe ProjectTeam, models: true do
     let(:group) { create(:group) }
     let(:developer) { create(:user) }
     let(:master) { create(:user) }
-    let(:personal_project) { create(:empty_project, namespace: developer.namespace) }
-    let(:group_project) { create(:empty_project, namespace: group) }
+
+    let(:personal_project) do
+      create(:empty_project, namespace: developer.namespace)
+    end
+
+    let(:group_project) do
+      create(:empty_project, namespace: group)
+    end
+
     let(:members_project) { create(:empty_project) }
     let(:shared_project) { create(:empty_project) }
 
diff --git a/spec/models/project_wiki_spec.rb b/spec/models/project_wiki_spec.rb
index 969e9f7a130..224067f58dd 100644
--- a/spec/models/project_wiki_spec.rb
+++ b/spec/models/project_wiki_spec.rb
@@ -37,21 +37,11 @@ describe ProjectWiki, models: true do
   describe "#http_url_to_repo" do
     let(:project) { create :empty_project }
 
-    context 'when no user is given' do
-      it 'returns the url to the repo without a username' do
-        expected_url = "#{Gitlab.config.gitlab.url}/#{subject.path_with_namespace}.git"
+    it 'returns the full http url to the repo' do
+      expected_url = "#{Gitlab.config.gitlab.url}/#{subject.path_with_namespace}.git"
 
-        expect(project_wiki.http_url_to_repo).to eq(expected_url)
-        expect(project_wiki.http_url_to_repo).not_to include('@')
-      end
-    end
-
-    context 'when user is given' do
-      it 'returns the url to the repo with the username' do
-        user = build_stubbed(:user)
-
-        expect(project_wiki.http_url_to_repo(user)).to start_with("http://#{user.username}@")
-      end
+      expect(project_wiki.http_url_to_repo).to eq(expected_url)
+      expect(project_wiki.http_url_to_repo).not_to include('@')
     end
   end
 
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index aabdac4bb75..fe9df3360ff 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -627,16 +627,6 @@ describe User, models: true do
     it { expect(User.without_projects).to include user_without_project2 }
   end
 
-  describe '.not_in_project' do
-    before do
-      User.delete_all
-      @user = create :user
-      @project = create(:empty_project)
-    end
-
-    it { expect(User.not_in_project(@project)).to include(@user, @project.owner) }
-  end
-
   describe 'user creation' do
     describe 'normal user' do
       let(:user) { create(:user, name: 'John Smith') }
@@ -1506,25 +1496,6 @@ describe User, models: true do
     end
   end
 
-  describe '#viewable_starred_projects' do
-    let(:user) { create(:user) }
-    let(:public_project) { create(:empty_project, :public) }
-    let(:private_project) { create(:empty_project, :private) }
-    let(:private_viewable_project) { create(:empty_project, :private) }
-
-    before do
-      private_viewable_project.team << [user, Gitlab::Access::MASTER]
-
-      [public_project, private_project, private_viewable_project].each do |project|
-        user.toggle_star(project)
-      end
-    end
-
-    it 'returns only starred projects the user can view' do
-      expect(user.viewable_starred_projects).not_to include(private_project)
-    end
-  end
-
   describe '#projects_with_reporter_access_limited_to' do
     let(:project1) { create(:empty_project) }
     let(:project2) { create(:empty_project) }
@@ -1561,48 +1532,103 @@ describe User, models: true do
     end
   end
 
-  describe '#nested_groups' do
+  describe '#all_expanded_groups' do
+    # foo/bar would also match foo/barbaz instead of just foo/bar and foo/bar/baz
     let!(:user) { create(:user) }
-    let!(:group) { create(:group) }
-    let!(:nested_group) { create(:group, parent: group) }
 
-    before do
-      group.add_owner(user)
+    #                group
+    #        _______ (foo) _______
+    #       |                     |
+    #       |                     |
+    # nested_group_1        nested_group_2
+    # (bar)                 (barbaz)
+    #       |                     |
+    #       |                     |
+    # nested_group_1_1      nested_group_2_1
+    # (baz)                 (baz)
+    #
+    let!(:group) { create :group }
+    let!(:nested_group_1) { create :group, parent: group, name: 'bar' }
+    let!(:nested_group_1_1) { create :group, parent: nested_group_1, name: 'baz' }
+    let!(:nested_group_2) { create :group, parent: group, name: 'barbaz' }
+    let!(:nested_group_2_1) { create :group, parent: nested_group_2, name: 'baz' }
+
+    subject { user.all_expanded_groups }
 
-      # Add more data to ensure method does not include wrong groups
-      create(:group).add_owner(create(:user))
+    context 'user is not a member of any group' do
+      it 'returns an empty array' do
+        is_expected.to eq([])
+      end
     end
 
-    it { expect(user.nested_groups).to eq([nested_group]) }
-  end
+    context 'user is member of all groups' do
+      before do
+        group.add_owner(user)
+        nested_group_1.add_owner(user)
+        nested_group_1_1.add_owner(user)
+        nested_group_2.add_owner(user)
+        nested_group_2_1.add_owner(user)
+      end
 
-  describe '#all_expanded_groups' do
-    let!(:user) { create(:user) }
-    let!(:group) { create(:group) }
-    let!(:nested_group_1) { create(:group, parent: group) }
-    let!(:nested_group_2) { create(:group, parent: group) }
+      it 'returns all groups' do
+        is_expected.to match_array [
+          group,
+          nested_group_1, nested_group_1_1,
+          nested_group_2, nested_group_2_1
+        ]
+      end
+    end
 
-    before { nested_group_1.add_owner(user) }
+    context 'user is member of the top group' do
+      before { group.add_owner(user) }
 
-    it { expect(user.all_expanded_groups).to match_array [group, nested_group_1] }
-  end
+      if Group.supports_nested_groups?
+        it 'returns all groups' do
+          is_expected.to match_array [
+            group,
+            nested_group_1, nested_group_1_1,
+            nested_group_2, nested_group_2_1
+          ]
+        end
+      else
+        it 'returns the top-level groups' do
+          is_expected.to match_array [group]
+        end
+      end
+    end
 
-  describe '#nested_groups_projects' do
-    let!(:user) { create(:user) }
-    let!(:group) { create(:group) }
-    let!(:nested_group) { create(:group, parent: group) }
-    let!(:project) { create(:empty_project, namespace: group) }
-    let!(:nested_project) { create(:empty_project, namespace: nested_group) }
+    context 'user is member of the first child (internal node), branch 1', :nested_groups do
+      before { nested_group_1.add_owner(user) }
 
-    before do
-      group.add_owner(user)
+      it 'returns the groups in the hierarchy' do
+        is_expected.to match_array [
+          group,
+          nested_group_1, nested_group_1_1
+        ]
+      end
+    end
+
+    context 'user is member of the first child (internal node), branch 2', :nested_groups do
+      before { nested_group_2.add_owner(user) }
 
-      # Add more data to ensure method does not include wrong projects
-      other_project = create(:empty_project, namespace: create(:group, :nested))
-      other_project.add_developer(create(:user))
+      it 'returns the groups in the hierarchy' do
+        is_expected.to match_array [
+          group,
+          nested_group_2, nested_group_2_1
+        ]
+      end
     end
 
-    it { expect(user.nested_groups_projects).to eq([nested_project]) }
+    context 'user is member of the last child (leaf node)', :nested_groups do
+      before { nested_group_1_1.add_owner(user) }
+
+      it 'returns the groups in the hierarchy' do
+        is_expected.to match_array [
+          group,
+          nested_group_1, nested_group_1_1
+        ]
+      end
+    end
   end
 
   describe '#refresh_authorized_projects', redis: true do
@@ -1622,10 +1648,6 @@ describe User, models: true do
       expect(user.project_authorizations.count).to eq(2)
     end
 
-    it 'sets the authorized_projects_populated column' do
-      expect(user.authorized_projects_populated).to eq(true)
-    end
-
     it 'stores the correct access levels' do
       expect(user.project_authorizations.where(access_level: Gitlab::Access::GUEST).exists?).to eq(true)
       expect(user.project_authorizations.where(access_level: Gitlab::Access::REPORTER).exists?).to eq(true)
@@ -1735,7 +1757,7 @@ describe User, models: true do
       end
     end
 
-    context 'with 2FA requirement on nested parent group' do
+    context 'with 2FA requirement on nested parent group', :nested_groups do
       let!(:group1) { create :group, require_two_factor_authentication: true }
       let!(:group1a) { create :group, require_two_factor_authentication: false, parent: group1 }
 
@@ -1750,7 +1772,7 @@ describe User, models: true do
       end
     end
 
-    context 'with 2FA requirement on nested child group' do
+    context 'with 2FA requirement on nested child group', :nested_groups do
       let!(:group1) { create :group, require_two_factor_authentication: false }
       let!(:group1a) { create :group, require_two_factor_authentication: true, parent: group1 }