Add latest changes from gitlab-org/gitlab@master

3 files changed, 101 insertions, 4 deletions

diff --git a/spec/requests/abuse_reports_controller_spec.rb b/spec/requests/abuse_reports_controller_spec.rb
index 510855d95e0..71ecf8444bf 100644
--- a/spec/requests/abuse_reports_controller_spec.rb
+++ b/spec/requests/abuse_reports_controller_spec.rb
@@ -40,6 +40,80 @@ RSpec.describe AbuseReportsController, feature_category: :users do
     end
   end
 
+  describe 'POST add_category', :aggregate_failures do
+    subject(:request) { post add_category_abuse_reports_path, params: request_params }
+
+    let(:abuse_category) { 'spam' }
+
+    context 'when user is reported for abuse' do
+      let(:ref_url) { 'http://example.com' }
+      let(:request_params) { { user_id: user.id, abuse_report: { category: abuse_category }, ref_url: ref_url } }
+
+      it 'renders new template' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response).to render_template(:new)
+      end
+
+      it 'sets the instance variables' do
+        subject
+
+        expect(assigns(:abuse_report)).to be_kind_of(AbuseReport)
+        expect(assigns(:abuse_report)).to have_attributes(
+          user_id: user.id,
+          category: abuse_category
+        )
+        expect(assigns(:ref_url)).to eq(ref_url)
+      end
+    end
+
+    context 'when abuse_report is missing in params' do
+      let(:request_params) { { user_id: user.id } }
+
+      it 'raises an error' do
+        expect { subject }.to raise_error(ActionController::ParameterMissing)
+      end
+    end
+
+    context 'when user_id is missing in params' do
+      let(:request_params) { { abuse_report: { category: abuse_category } } }
+
+      it 'redirects the reporter to root_path' do
+        subject
+
+        expect(response).to redirect_to root_path
+        expect(flash[:alert]).to eq(_('Cannot create the abuse report. The user has been deleted.'))
+      end
+    end
+
+    context 'when the user has already been deleted' do
+      let(:request_params) { { user_id: user.id, abuse_report: { category: abuse_category } } }
+
+      it 'redirects the reporter to root_path' do
+        user.destroy!
+
+        subject
+
+        expect(response).to redirect_to root_path
+        expect(flash[:alert]).to eq(_('Cannot create the abuse report. The user has been deleted.'))
+      end
+    end
+
+    context 'when the user has already been blocked' do
+      let(:request_params) { { user_id: user.id, abuse_report: { category: abuse_category } } }
+
+      it 'redirects the reporter to the user\'s profile' do
+        user.block
+
+        subject
+
+        expect(response).to redirect_to user
+        expect(flash[:alert]).to eq(_('Cannot create the abuse report. This user has been blocked.'))
+      end
+    end
+  end
+
   describe 'POST create' do
     context 'with valid attributes' do
       it 'saves the abuse report' do
diff --git a/spec/requests/api/debian_project_packages_spec.rb b/spec/requests/api/debian_project_packages_spec.rb
index c27e165b39b..5258d26be17 100644
--- a/spec/requests/api/debian_project_packages_spec.rb
+++ b/spec/requests/api/debian_project_packages_spec.rb
@@ -5,7 +5,17 @@ RSpec.describe API::DebianProjectPackages, feature_category: :package_registry d
   include HttpBasicAuthHelpers
   include WorkhorseHelpers
 
-  include_context 'Debian repository shared context', :project, true do
+  include_context 'Debian repository shared context', :project, false do
+    shared_examples 'accept GET request on private project with access to package registry for everyone' do
+      include_context 'Debian repository access', :private, :anonymous, :basic do
+        before do
+          container.project_feature.reload.update!(package_registry_access_level: ProjectFeature::PUBLIC)
+        end
+
+        it_behaves_like 'Debian packages GET request', :success
+      end
+    end
+
     context 'with invalid parameter' do
       let(:url) { "/projects/1/packages/debian/dists/with+space/InRelease" }
 
@@ -16,54 +26,63 @@ RSpec.describe API::DebianProjectPackages, feature_category: :package_registry d
       let(:url) { "/projects/#{container.id}/packages/debian/dists/#{distribution.codename}/Release.gpg" }
 
       it_behaves_like 'Debian packages read endpoint', 'GET', :success, /^-----BEGIN PGP SIGNATURE-----/
+      it_behaves_like 'accept GET request on private project with access to package registry for everyone'
     end
 
     describe 'GET projects/:id/packages/debian/dists/*distribution/Release' do
       let(:url) { "/projects/#{container.id}/packages/debian/dists/#{distribution.codename}/Release" }
 
       it_behaves_like 'Debian packages read endpoint', 'GET', :success, /^Codename: fixture-distribution\n$/
+      it_behaves_like 'accept GET request on private project with access to package registry for everyone'
     end
 
     describe 'GET projects/:id/packages/debian/dists/*distribution/InRelease' do
       let(:url) { "/projects/#{container.id}/packages/debian/dists/#{distribution.codename}/InRelease" }
 
       it_behaves_like 'Debian packages read endpoint', 'GET', :success, /^-----BEGIN PGP SIGNED MESSAGE-----/
+      it_behaves_like 'accept GET request on private project with access to package registry for everyone'
     end
 
     describe 'GET projects/:id/packages/debian/dists/*distribution/:component/binary-:architecture/Packages' do
       let(:url) { "/projects/#{container.id}/packages/debian/dists/#{distribution.codename}/#{component.name}/binary-#{architecture.name}/Packages" }
 
       it_behaves_like 'Debian packages read endpoint', 'GET', :success, /Description: This is an incomplete Packages file/
+      it_behaves_like 'accept GET request on private project with access to package registry for everyone'
     end
 
     describe 'GET projects/:id/packages/debian/dists/*distribution/:component/binary-:architecture/by-hash/SHA256/:file_sha256' do
       let(:url) { "/projects/#{container.id}/packages/debian/dists/#{distribution.codename}/#{component.name}/binary-#{architecture.name}/by-hash/SHA256/#{component_file_older_sha256.file_sha256}" }
 
       it_behaves_like 'Debian packages read endpoint', 'GET', :success, /^Other SHA256$/
+      it_behaves_like 'accept GET request on private project with access to package registry for everyone'
     end
 
-    describe 'GET projects/:id/packages/debian/dists/*distribution/source/Sources' do
+    describe 'GET projects/:id/packages/debian/dists/*distribution/:component/source/Sources' do
       let(:url) { "/projects/#{container.id}/packages/debian/dists/#{distribution.codename}/#{component.name}/source/Sources" }
 
       it_behaves_like 'Debian packages read endpoint', 'GET', :success, /Description: This is an incomplete Sources file/
+      it_behaves_like 'accept GET request on private project with access to package registry for everyone'
     end
 
-    describe 'GET projects/:id/packages/debian/dists/*distribution/source/by-hash/SHA256/:file_sha256' do
+    describe 'GET projects/:id/packages/debian/dists/*distribution/:component/source/by-hash/SHA256/:file_sha256' do
       let(:url) { "/projects/#{container.id}/packages/debian/dists/#{distribution.codename}/#{component.name}/source/by-hash/SHA256/#{component_file_sources_older_sha256.file_sha256}" }
 
       it_behaves_like 'Debian packages read endpoint', 'GET', :success, /^Other SHA256$/
+      it_behaves_like 'accept GET request on private project with access to package registry for everyone'
     end
 
     describe 'GET projects/:id/packages/debian/dists/*distribution/:component/debian-installer/binary-:architecture/Packages' do
       let(:url) { "/projects/#{container.id}/packages/debian/dists/#{distribution.codename}/#{component.name}/debian-installer/binary-#{architecture.name}/Packages" }
 
       it_behaves_like 'Debian packages read endpoint', 'GET', :success, /Description: This is an incomplete D-I Packages file/
+      it_behaves_like 'accept GET request on private project with access to package registry for everyone'
     end
 
     describe 'GET projects/:id/packages/debian/dists/*distribution/:component/debian-installer/binary-:architecture/by-hash/SHA256/:file_sha256' do
       let(:url) { "/projects/#{container.id}/packages/debian/dists/#{distribution.codename}/#{component.name}/debian-installer/binary-#{architecture.name}/by-hash/SHA256/#{component_file_di_older_sha256.file_sha256}" }
 
       it_behaves_like 'Debian packages read endpoint', 'GET', :success, /^Other SHA256$/
+      it_behaves_like 'accept GET request on private project with access to package registry for everyone'
     end
 
     describe 'GET projects/:id/packages/debian/pool/:codename/:letter/:package_name/:package_version/:file_name' do
@@ -90,6 +109,10 @@ RSpec.describe API::DebianProjectPackages, feature_category: :package_registry d
           end
         end
       end
+
+      it_behaves_like 'accept GET request on private project with access to package registry for everyone' do
+        let(:file_name) { 'sample_1.2.3~alpha2.dsc' }
+      end
     end
 
     describe 'PUT projects/:id/packages/debian/:file_name' do
diff --git a/spec/requests/api/graphql/project/work_items_spec.rb b/spec/requests/api/graphql/project/work_items_spec.rb
index a59da706a8a..de35c943749 100644
--- a/spec/requests/api/graphql/project/work_items_spec.rb
+++ b/spec/requests/api/graphql/project/work_items_spec.rb
@@ -263,7 +263,7 @@ RSpec.describe 'getting a work item list for a project', feature_category: :team
       GRAPHQL
     end
 
-    before do
+    before_all do
       create_notes(item1, "some note1")
       create_notes(item2, "some note2")
     end