Add latest changes from gitlab-org/gitlab@master

4 files changed, 90 insertions, 3 deletions

diff --git a/spec/requests/api/branches_spec.rb b/spec/requests/api/branches_spec.rb
index 675b06b057c..eda2f6d854f 100644
--- a/spec/requests/api/branches_spec.rb
+++ b/spec/requests/api/branches_spec.rb
@@ -131,7 +131,7 @@ describe API::Branches do
         end
 
         new_branch_name = 'protected-branch'
-        CreateBranchService.new(project, current_user).execute(new_branch_name, 'master')
+        ::Branches::CreateService.new(project, current_user).execute(new_branch_name, 'master')
         create(:protected_branch, name: new_branch_name, project: project)
 
         expect do
diff --git a/spec/requests/api/files_spec.rb b/spec/requests/api/files_spec.rb
index ec18156f49f..378441220c7 100644
--- a/spec/requests/api/files_spec.rb
+++ b/spec/requests/api/files_spec.rb
@@ -315,11 +315,11 @@ describe API::Files do
         expect(range['commit']['message'])
           .to eq("Files, encoding and much more\n\nSigned-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>\n")
 
-        expect(range['commit']['authored_date']).to eq('2014-02-27T08:14:56.000Z')
+        expect(range['commit']['authored_date']).to eq('2014-02-27T10:14:56.000+02:00')
         expect(range['commit']['author_name']).to eq('Dmitriy Zaporozhets')
         expect(range['commit']['author_email']).to eq('dmitriy.zaporozhets@gmail.com')
 
-        expect(range['commit']['committed_date']).to eq('2014-02-27T08:14:56.000Z')
+        expect(range['commit']['committed_date']).to eq('2014-02-27T10:14:56.000+02:00')
         expect(range['commit']['committer_name']).to eq('Dmitriy Zaporozhets')
         expect(range['commit']['committer_email']).to eq('dmitriy.zaporozhets@gmail.com')
       end
diff --git a/spec/requests/api/graphql/mutations/issues/set_confidential_spec.rb b/spec/requests/api/graphql/mutations/issues/set_confidential_spec.rb
new file mode 100644
index 00000000000..4d0bb59b030
--- /dev/null
+++ b/spec/requests/api/graphql/mutations/issues/set_confidential_spec.rb
@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Setting an issue as confidential' do
+  include GraphqlHelpers
+
+  let(:current_user) { create(:user) }
+  let(:issue) { create(:issue) }
+  let(:project) { issue.project }
+  let(:input) { { confidential: true } }
+
+  let(:mutation) do
+    variables = {
+      project_path: project.full_path,
+      iid: issue.iid.to_s
+    }
+    graphql_mutation(:issue_set_confidential, variables.merge(input),
+                     <<-QL.strip_heredoc
+                       clientMutationId
+                       errors
+                       issue {
+                         iid
+                         confidential
+                       }
+                     QL
+    )
+  end
+
+  def mutation_response
+    graphql_mutation_response(:issue_set_confidential)
+  end
+
+  before do
+    project.add_developer(current_user)
+  end
+
+  it 'returns an error if the user is not allowed to update the issue' do
+    error = "The resource that you are attempting to access does not exist or you don't have permission to perform this action"
+    post_graphql_mutation(mutation, current_user: create(:user))
+
+    expect(graphql_errors).to include(a_hash_including('message' => error))
+  end
+
+  it 'updates the issue confidentiality' do
+    post_graphql_mutation(mutation, current_user: current_user)
+
+    expect(response).to have_gitlab_http_status(:success)
+    expect(mutation_response['issue']['confidential']).to be_truthy
+  end
+end
diff --git a/spec/requests/user_avatar_spec.rb b/spec/requests/user_avatar_spec.rb
new file mode 100644
index 00000000000..9451674161c
--- /dev/null
+++ b/spec/requests/user_avatar_spec.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Loading a user avatar' do
+  let(:user) { create(:user, :with_avatar) }
+
+  context 'when logged in' do
+    # The exact query count will vary depending on the 2FA settings of the
+    # instance, group, and user. Removing those extra 2FA queries in this case
+    # may not be a good idea, so we just set up the ideal case.
+    before do
+      stub_application_setting(require_two_factor_authentication: true)
+
+      login_as(create(:user, :two_factor))
+    end
+
+    # One each for: current user, avatar user, and upload record
+    it 'only performs three SQL queries' do
+      get user.avatar_url # Skip queries on first application load
+
+      expect(response).to have_gitlab_http_status(200)
+      expect { get user.avatar_url }.not_to exceed_query_limit(3)
+    end
+  end
+
+  context 'when logged out' do
+    # One each for avatar user and upload record
+    it 'only performs two SQL queries' do
+      get user.avatar_url # Skip queries on first application load
+
+      expect(response).to have_gitlab_http_status(200)
+      expect { get user.avatar_url }.not_to exceed_query_limit(2)
+    end
+  end
+end