Add latest changes from gitlab-org/gitlab@master

3 files changed, 70 insertions, 3 deletions

diff --git a/spec/support/shared_examples/features/creatable_merge_request_shared_examples.rb b/spec/support/shared_examples/features/creatable_merge_request_shared_examples.rb
index 96e57980c68..7e0e235698e 100644
--- a/spec/support/shared_examples/features/creatable_merge_request_shared_examples.rb
+++ b/spec/support/shared_examples/features/creatable_merge_request_shared_examples.rb
@@ -5,20 +5,20 @@ RSpec.shared_examples 'a creatable merge request' do
   include ListboxHelpers
 
   it 'creates new merge request', :js do
-    find('.js-assignee-search').click
+    find('[data-testid="assignee-ids-dropdown-toggle"]').click
     page.within '.dropdown-menu-user' do
       click_link user2.name
     end
 
     expect(find('input[name="merge_request[assignee_ids][]"]', visible: false).value).to match(user2.id.to_s)
-    page.within '.js-assignee-search' do
+    page.within '[data-testid="assignee-ids-dropdown-toggle"]' do
       expect(page).to have_content user2.name
     end
 
     click_link 'Assign to me'
 
     expect(find('input[name="merge_request[assignee_ids][]"]', visible: false).value).to match(user.id.to_s)
-    page.within '.js-assignee-search' do
+    page.within '[data-testid="assignee-ids-dropdown-toggle"]' do
       expect(page).to have_content user.name
     end
 
diff --git a/spec/support/shared_examples/models/concerns/protected_ref_access_allowed_access_levels_examples.rb b/spec/support/shared_examples/models/concerns/protected_ref_access_allowed_access_levels_examples.rb
new file mode 100644
index 00000000000..8e15720c79a
--- /dev/null
+++ b/spec/support/shared_examples/models/concerns/protected_ref_access_allowed_access_levels_examples.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+RSpec.shared_examples 'protected ref access allowed_access_levels' do |excludes: []|
+  describe '::allowed_access_levels' do
+    subject { described_class.allowed_access_levels }
+
+    let(:all_levels) do
+      [
+        Gitlab::Access::DEVELOPER,
+        Gitlab::Access::MAINTAINER,
+        Gitlab::Access::ADMIN,
+        Gitlab::Access::NO_ACCESS
+      ]
+    end
+
+    context 'when running on Gitlab.com?' do
+      let(:levels) { all_levels.excluding(Gitlab::Access::ADMIN, *excludes) }
+
+      before do
+        allow(Gitlab).to receive(:com?).and_return(true)
+      end
+
+      it { is_expected.to match_array(levels) }
+    end
+
+    context 'when self hosted?' do
+      let(:levels) { all_levels.excluding(*excludes) }
+
+      before do
+        allow(Gitlab).to receive(:com?).and_return(false)
+      end
+
+      it { is_expected.to match_array(levels) }
+    end
+  end
+end
diff --git a/spec/support/shared_examples/models/concerns/protected_ref_access_examples.rb b/spec/support/shared_examples/models/concerns/protected_ref_access_examples.rb
index f6ca2b91616..4753d7a4556 100644
--- a/spec/support/shared_examples/models/concerns/protected_ref_access_examples.rb
+++ b/spec/support/shared_examples/models/concerns/protected_ref_access_examples.rb
@@ -18,6 +18,21 @@ RSpec.shared_examples 'protected ref access' do |association|
     it { is_expected.not_to validate_presence_of(:access_level) }
   end
 
+  describe '::human_access_levels' do
+    subject { described_class.human_access_levels }
+
+    let(:levels) do
+      {
+        Gitlab::Access::DEVELOPER => "Developers + Maintainers",
+        Gitlab::Access::MAINTAINER => "Maintainers",
+        Gitlab::Access::ADMIN => 'Instance admins',
+        Gitlab::Access::NO_ACCESS => "No one"
+      }.slice(*described_class.allowed_access_levels)
+    end
+
+    it { is_expected.to eq(levels) }
+  end
+
   describe '#check_access' do
     let_it_be(:current_user) { create(:user) }
 
@@ -44,6 +59,22 @@ RSpec.shared_examples 'protected ref access' do |association|
       it { expect(subject.check_access(current_user)).to eq(false) }
     end
 
+    context 'when instance admin access is configured' do
+      let(:access_level) { Gitlab::Access::ADMIN }
+
+      context 'when current_user is a maintainer' do
+        it { expect(subject.check_access(current_user)).to eq(false) }
+      end
+
+      context 'when current_user is admin' do
+        before do
+          allow(current_user).to receive(:admin?).and_return(true)
+        end
+
+        it { expect(subject.check_access(current_user)).to eq(true) }
+      end
+    end
+
     context 'when current_user can push_code to project' do
       context 'and member access is high enough' do
         it { expect(subject.check_access(current_user)).to eq(true) }