Add latest changes from gitlab-org/gitlab@master

13 files changed, 431 insertions, 21 deletions

diff --git a/spec/controllers/projects/jobs_controller_spec.rb b/spec/controllers/projects/jobs_controller_spec.rb
index ac13c0f2d9e..3e0a894e72e 100644
--- a/spec/controllers/projects/jobs_controller_spec.rb
+++ b/spec/controllers/projects/jobs_controller_spec.rb
@@ -11,7 +11,6 @@ describe Projects::JobsController, :clean_gitlab_redis_shared_state do
 
   before do
     stub_feature_flags(ci_enable_live_trace: true)
-    stub_feature_flags(job_log_json: false)
     stub_not_protect_default_branch
   end
 
@@ -527,7 +526,6 @@ describe Projects::JobsController, :clean_gitlab_redis_shared_state do
 
   describe 'GET trace.json' do
     before do
-      stub_feature_flags(job_log_json: true)
       get_trace
     end
 
@@ -634,6 +632,7 @@ describe Projects::JobsController, :clean_gitlab_redis_shared_state do
 
   describe 'GET legacy trace.json' do
     before do
+      stub_feature_flags(job_log_json: false)
       get_trace
     end
 
diff --git a/spec/features/projects/jobs/permissions_spec.rb b/spec/features/projects/jobs/permissions_spec.rb
index ae506b66a86..d78cf674dc6 100644
--- a/spec/features/projects/jobs/permissions_spec.rb
+++ b/spec/features/projects/jobs/permissions_spec.rb
@@ -10,7 +10,6 @@ describe 'Project Jobs Permissions' do
   let!(:job) { create(:ci_build, :running, :coverage, :trace_artifact, pipeline: pipeline) }
 
   before do
-    stub_feature_flags(job_log_json: true)
     sign_in(user)
 
     project.enable_ci
diff --git a/spec/features/projects/jobs/user_browses_job_spec.rb b/spec/features/projects/jobs/user_browses_job_spec.rb
index 856c39df8b3..16ba1c1b73d 100644
--- a/spec/features/projects/jobs/user_browses_job_spec.rb
+++ b/spec/features/projects/jobs/user_browses_job_spec.rb
@@ -10,8 +10,6 @@ describe 'User browses a job', :js do
   let!(:build) { create(:ci_build, :success, :trace_artifact, :coverage, pipeline: pipeline) }
 
   before do
-    stub_feature_flags(job_log_json: false)
-
     project.add_maintainer(user)
     project.enable_ci
 
@@ -24,7 +22,7 @@ describe 'User browses a job', :js do
     wait_for_requests
 
     expect(page).to have_content("Job ##{build.id}")
-    expect(page).to have_css('.js-build-trace')
+    expect(page).to have_css('.job-log')
 
     # scroll to the top of the page first
     execute_script "window.scrollTo(0,0)"
diff --git a/spec/features/projects/jobs_spec.rb b/spec/features/projects/jobs_spec.rb
index c9568dbb7ce..26ba7ae7a29 100644
--- a/spec/features/projects/jobs_spec.rb
+++ b/spec/features/projects/jobs_spec.rb
@@ -22,7 +22,6 @@ describe 'Jobs', :clean_gitlab_redis_shared_state do
   before do
     project.add_role(user, user_access_level)
     sign_in(user)
-    stub_feature_flags(job_log_json: false)
   end
 
   describe "GET /:project/jobs" do
@@ -810,7 +809,7 @@ describe 'Jobs', :clean_gitlab_redis_shared_state do
 
         it 'renders job log' do
           wait_for_all_requests
-          expect(page).to have_selector('.js-build-trace')
+          expect(page).to have_selector('.job-log')
         end
       end
 
diff --git a/spec/features/security/project/internal_access_spec.rb b/spec/features/security/project/internal_access_spec.rb
index e2ecf1e3b7e..20a320e5b92 100644
--- a/spec/features/security/project/internal_access_spec.rb
+++ b/spec/features/security/project/internal_access_spec.rb
@@ -7,10 +7,6 @@ describe "Internal Project Access" do
 
   set(:project) { create(:project, :internal, :repository) }
 
-  before do
-    stub_feature_flags(job_log_json: false)
-  end
-
   describe "Project should be internal" do
     describe '#internal?' do
       subject { project.internal? }
diff --git a/spec/features/security/project/private_access_spec.rb b/spec/features/security/project/private_access_spec.rb
index f692fa3f8ee..62f9a96305d 100644
--- a/spec/features/security/project/private_access_spec.rb
+++ b/spec/features/security/project/private_access_spec.rb
@@ -7,10 +7,6 @@ describe "Private Project Access" do
 
   set(:project) { create(:project, :private, :repository, public_builds: false) }
 
-  before do
-    stub_feature_flags(job_log_json: false)
-  end
-
   describe "Project should be private" do
     describe '#private?' do
       subject { project.private? }
diff --git a/spec/features/security/project/public_access_spec.rb b/spec/features/security/project/public_access_spec.rb
index 1bb9f766719..317c7bae084 100644
--- a/spec/features/security/project/public_access_spec.rb
+++ b/spec/features/security/project/public_access_spec.rb
@@ -7,10 +7,6 @@ describe "Public Project Access" do
 
   set(:project) { create(:project, :public, :repository) }
 
-  before do
-    stub_feature_flags(job_log_json: false)
-  end
-
   describe "Project should be public" do
     describe '#public?' do
       subject { project.public? }
diff --git a/spec/frontend/lib/utils/url_utility_spec.js b/spec/frontend/lib/utils/url_utility_spec.js
index 8244acbceea..97f7f05cd85 100644
--- a/spec/frontend/lib/utils/url_utility_spec.js
+++ b/spec/frontend/lib/utils/url_utility_spec.js
@@ -298,4 +298,28 @@ describe('URL utility', () => {
       expect(urlUtils.objectToQuery(searchQueryObject)).toEqual('one=1&two=2');
     });
   });
+
+  describe('joinPaths', () => {
+    it.each`
+      paths                                       | expected
+      ${['foo', 'bar']}                           | ${'foo/bar'}
+      ${['foo/', 'bar']}                          | ${'foo/bar'}
+      ${['foo//', 'bar']}                         | ${'foo/bar'}
+      ${['abc/', '/def']}                         | ${'abc/def'}
+      ${['foo', '/bar']}                          | ${'foo/bar'}
+      ${['foo', '/bar/']}                         | ${'foo/bar/'}
+      ${['foo', '//bar/']}                        | ${'foo/bar/'}
+      ${['foo', '', '/bar']}                      | ${'foo/bar'}
+      ${['foo', '/bar', '']}                      | ${'foo/bar'}
+      ${['/', '', 'foo/bar/  ', '', '/ninja']}    | ${'/foo/bar/  /ninja'}
+      ${['', '/ninja', '/', ' ', '', 'bar', ' ']} | ${'/ninja/ /bar/ '}
+      ${['http://something/bar/', 'foo']}         | ${'http://something/bar/foo'}
+      ${['foo/bar', null, 'ninja', null]}         | ${'foo/bar/ninja'}
+      ${[null, 'abc/def', 'zoo']}                 | ${'abc/def/zoo'}
+      ${['', '', '']}                             | ${''}
+      ${['///', '/', '//']}                       | ${'/'}
+    `('joins paths $paths => $expected', ({ paths, expected }) => {
+      expect(urlUtils.joinPaths(...paths)).toBe(expected);
+    });
+  });
 });
diff --git a/spec/graphql/resolvers/base_resolver_spec.rb b/spec/graphql/resolvers/base_resolver_spec.rb
index a212bd07f35..0a21b2797ee 100644
--- a/spec/graphql/resolvers/base_resolver_spec.rb
+++ b/spec/graphql/resolvers/base_resolver_spec.rb
@@ -8,8 +8,12 @@ describe Resolvers::BaseResolver do
   let(:resolver) do
     Class.new(described_class) do
       def resolve(**args)
+        process(object)
+
         [args, args]
       end
+
+      def process(obj); end
     end
   end
 
@@ -69,4 +73,26 @@ describe Resolvers::BaseResolver do
       expect(field.to_graphql.complexity.call({}, { sort: 'foo', iids: [1, 2, 3] }, 1)).to eq 3
     end
   end
+
+  describe '#object' do
+    let_it_be(:user) { create(:user) }
+
+    it 'returns object' do
+      expect_next_instance_of(resolver) do |r|
+        expect(r).to receive(:process).with(user)
+      end
+
+      resolve(resolver, obj: user)
+    end
+
+    context 'when object is a presenter' do
+      it 'returns presented object' do
+        expect_next_instance_of(resolver) do |r|
+          expect(r).to receive(:process).with(user)
+        end
+
+        resolve(resolver, obj: UserPresenter.new(user))
+      end
+    end
+  end
 end
diff --git a/spec/graphql/types/snippet_type_spec.rb b/spec/graphql/types/snippet_type_spec.rb
index 3c3250a5fa2..5524e7a415d 100644
--- a/spec/graphql/types/snippet_type_spec.rb
+++ b/spec/graphql/types/snippet_type_spec.rb
@@ -6,7 +6,7 @@ describe GitlabSchema.types['Snippet'] do
   it 'has the correct fields' do
     expected_fields = [:id, :title, :project, :author,
                        :file_name, :content, :description,
-                       :visibility, :created_at, :updated_at,
+                       :visibility_level, :created_at, :updated_at,
                        :web_url, :raw_url, :notes, :discussions,
                        :user_permissions, :description_html]
 
diff --git a/spec/requests/api/graphql/mutations/snippets/create_spec.rb b/spec/requests/api/graphql/mutations/snippets/create_spec.rb
new file mode 100644
index 00000000000..9ef45c0f6bc
--- /dev/null
+++ b/spec/requests/api/graphql/mutations/snippets/create_spec.rb
@@ -0,0 +1,144 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Creating a Snippet' do
+  include GraphqlHelpers
+
+  let_it_be(:user) { create(:user) }
+  let_it_be(:project) { create(:project) }
+  let(:content) { 'Initial content' }
+  let(:description) { 'Initial description' }
+  let(:title) { 'Initial title' }
+  let(:file_name) { 'Initial file_name' }
+  let(:visibility_level) { 'public' }
+  let(:project_path) { nil }
+
+  let(:mutation) do
+    variables = {
+      content: content,
+      description: description,
+      visibility_level: visibility_level,
+      file_name: file_name,
+      title: title,
+      project_path: project_path
+    }
+
+    graphql_mutation(:create_snippet, variables)
+  end
+
+  def mutation_response
+    graphql_mutation_response(:create_snippet)
+  end
+
+  context 'when the user does not have permission' do
+    let(:current_user) { nil }
+
+    it_behaves_like 'a mutation that returns top-level errors',
+                    errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
+
+    it 'does not create the Snippet' do
+      expect do
+        post_graphql_mutation(mutation, current_user: current_user)
+      end.not_to change { Snippet.count }
+    end
+
+    context 'when user is not authorized in the project' do
+      let(:project_path) { project.full_path }
+
+      it 'does not create the snippet when the user is not authorized' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+        end.not_to change { Snippet.count }
+      end
+    end
+  end
+
+  context 'when the user has permission' do
+    let(:current_user) { user }
+
+    context 'with PersonalSnippet' do
+      it 'creates the Snippet' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+        end.to change { Snippet.count }.by(1)
+      end
+
+      it 'returns the created Snippet' do
+        post_graphql_mutation(mutation, current_user: current_user)
+
+        expect(mutation_response['snippet']['content']).to eq(content)
+        expect(mutation_response['snippet']['title']).to eq(title)
+        expect(mutation_response['snippet']['description']).to eq(description)
+        expect(mutation_response['snippet']['fileName']).to eq(file_name)
+        expect(mutation_response['snippet']['visibilityLevel']).to eq(visibility_level)
+        expect(mutation_response['snippet']['project']).to be_nil
+      end
+    end
+
+    context 'with ProjectSnippet' do
+      let(:project_path) { project.full_path }
+
+      before do
+        project.add_developer(current_user)
+      end
+
+      it 'creates the Snippet' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+        end.to change { Snippet.count }.by(1)
+      end
+
+      it 'returns the created Snippet' do
+        post_graphql_mutation(mutation, current_user: current_user)
+
+        expect(mutation_response['snippet']['content']).to eq(content)
+        expect(mutation_response['snippet']['title']).to eq(title)
+        expect(mutation_response['snippet']['description']).to eq(description)
+        expect(mutation_response['snippet']['fileName']).to eq(file_name)
+        expect(mutation_response['snippet']['visibilityLevel']).to eq(visibility_level)
+        expect(mutation_response['snippet']['project']['fullPath']).to eq(project_path)
+      end
+
+      context 'when the project path is invalid' do
+        let(:project_path) { 'foobar' }
+
+        it 'returns an an error' do
+          post_graphql_mutation(mutation, current_user: current_user)
+          errors = json_response['errors']
+
+          expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR)
+        end
+      end
+
+      context 'when the feature is disabled' do
+        it 'returns an an error' do
+          project.project_feature.update_attribute(:snippets_access_level, ProjectFeature::DISABLED)
+
+          post_graphql_mutation(mutation, current_user: current_user)
+          errors = json_response['errors']
+
+          expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR)
+        end
+      end
+    end
+
+    context 'when there are ActiveRecord validation errors' do
+      let(:title) { '' }
+
+      it_behaves_like 'a mutation that returns errors in the response', errors: ["Title can't be blank"]
+
+      it 'does not create the Snippet' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+        end.not_to change { Snippet.count }
+      end
+
+      it 'does not return Snippet' do
+        post_graphql_mutation(mutation, current_user: current_user)
+
+        expect(mutation_response['snippet']).to be_nil
+      end
+    end
+  end
+end
diff --git a/spec/requests/api/graphql/mutations/snippets/destroy_spec.rb b/spec/requests/api/graphql/mutations/snippets/destroy_spec.rb
new file mode 100644
index 00000000000..351d2db8973
--- /dev/null
+++ b/spec/requests/api/graphql/mutations/snippets/destroy_spec.rb
@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Destroying a Snippet' do
+  include GraphqlHelpers
+
+  let(:current_user) { snippet.author }
+  let(:mutation) do
+    variables = {
+      id: snippet.to_global_id.to_s
+    }
+
+    graphql_mutation(:destroy_snippet, variables)
+  end
+
+  def mutation_response
+    graphql_mutation_response(:destroy_snippet)
+  end
+
+  shared_examples 'graphql delete actions' do
+    context 'when the user does not have permission' do
+      let(:current_user) { create(:user) }
+
+      it_behaves_like 'a mutation that returns top-level errors',
+                      errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
+
+      it 'does not destroy the Snippet' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+        end.not_to change { Snippet.count }
+      end
+    end
+
+    context 'when the user has permission' do
+      it 'destroys the Snippet' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+        end.to change { Snippet.count }.by(-1)
+      end
+
+      it 'returns an empty Snippet' do
+        post_graphql_mutation(mutation, current_user: current_user)
+
+        expect(mutation_response).to have_key('snippet')
+        expect(mutation_response['snippet']).to be_nil
+      end
+    end
+  end
+
+  describe 'PersonalSnippet' do
+    it_behaves_like 'graphql delete actions' do
+      let_it_be(:snippet) { create(:personal_snippet) }
+    end
+  end
+
+  describe 'ProjectSnippet' do
+    let_it_be(:project) { create(:project, :private) }
+    let_it_be(:snippet) { create(:project_snippet, :private, project: project, author: create(:user)) }
+
+    context 'when the author is not a member of the project' do
+      it 'returns an an error' do
+        post_graphql_mutation(mutation, current_user: current_user)
+        errors = json_response['errors']
+
+        expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR)
+      end
+    end
+
+    context 'when the author is a member of the project' do
+      before do
+        project.add_developer(current_user)
+      end
+
+      it_behaves_like 'graphql delete actions'
+
+      context 'when the snippet project feature is disabled' do
+        it 'returns an an error' do
+          project.project_feature.update_attribute(:snippets_access_level, ProjectFeature::DISABLED)
+
+          post_graphql_mutation(mutation, current_user: current_user)
+          errors = json_response['errors']
+
+          expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR)
+        end
+      end
+    end
+  end
+end
diff --git a/spec/requests/api/graphql/mutations/snippets/update_spec.rb b/spec/requests/api/graphql/mutations/snippets/update_spec.rb
new file mode 100644
index 00000000000..deaa9e8a237
--- /dev/null
+++ b/spec/requests/api/graphql/mutations/snippets/update_spec.rb
@@ -0,0 +1,144 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Updating a Snippet' do
+  include GraphqlHelpers
+
+  let_it_be(:original_content) { 'Initial content' }
+  let_it_be(:original_description) { 'Initial description' }
+  let_it_be(:original_title) { 'Initial title' }
+  let_it_be(:original_file_name) { 'Initial file_name' }
+  let(:updated_content) { 'Updated content' }
+  let(:updated_description) { 'Updated description' }
+  let(:updated_title) { 'Updated_title' }
+  let(:updated_file_name) { 'Updated file_name' }
+  let(:current_user) { snippet.author }
+
+  let(:mutation) do
+    variables = {
+      id: GitlabSchema.id_from_object(snippet).to_s,
+      content: updated_content,
+      description: updated_description,
+      visibility_level: 'public',
+      file_name: updated_file_name,
+      title: updated_title
+    }
+
+    graphql_mutation(:update_snippet, variables)
+  end
+
+  def mutation_response
+    graphql_mutation_response(:update_snippet)
+  end
+
+  shared_examples 'graphql update actions' do
+    context 'when the user does not have permission' do
+      let(:current_user) { create(:user) }
+
+      it_behaves_like 'a mutation that returns top-level errors',
+                      errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
+
+      it 'does not update the Snippet' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+        end.not_to change { snippet.reload }
+      end
+    end
+
+    context 'when the user has permission' do
+      it 'updates the Snippet' do
+        post_graphql_mutation(mutation, current_user: current_user)
+
+        expect(snippet.reload.title).to eq(updated_title)
+      end
+
+      it 'returns the updated Snippet' do
+        post_graphql_mutation(mutation, current_user: current_user)
+
+        expect(mutation_response['snippet']['content']).to eq(updated_content)
+        expect(mutation_response['snippet']['title']).to eq(updated_title)
+        expect(mutation_response['snippet']['description']).to eq(updated_description)
+        expect(mutation_response['snippet']['fileName']).to eq(updated_file_name)
+        expect(mutation_response['snippet']['visibilityLevel']).to eq('public')
+      end
+
+      context 'when there are ActiveRecord validation errors' do
+        let(:updated_title) { '' }
+
+        it_behaves_like 'a mutation that returns errors in the response', errors: ["Title can't be blank"]
+
+        it 'does not update the Snippet' do
+          post_graphql_mutation(mutation, current_user: current_user)
+
+          expect(snippet.reload.title).to eq(original_title)
+        end
+
+        it 'returns the Snippet with its original values' do
+          post_graphql_mutation(mutation, current_user: current_user)
+
+          expect(mutation_response['snippet']['content']).to eq(original_content)
+          expect(mutation_response['snippet']['title']).to eq(original_title)
+          expect(mutation_response['snippet']['description']).to eq(original_description)
+          expect(mutation_response['snippet']['fileName']).to eq(original_file_name)
+          expect(mutation_response['snippet']['visibilityLevel']).to eq('private')
+        end
+      end
+    end
+  end
+
+  describe 'PersonalSnippet' do
+    it_behaves_like 'graphql update actions' do
+      let_it_be(:snippet) do
+        create(:personal_snippet,
+               :private,
+               file_name: original_file_name,
+               title: original_title,
+               content: original_content,
+               description: original_description)
+      end
+    end
+  end
+
+  describe 'ProjectSnippet' do
+    let_it_be(:project) { create(:project, :private) }
+    let_it_be(:snippet) do
+      create(:project_snippet,
+             :private,
+             project: project,
+             author: create(:user),
+             file_name: original_file_name,
+             title: original_title,
+             content: original_content,
+             description: original_description)
+    end
+
+    context 'when the author is not a member of the project' do
+      it 'returns an an error' do
+        post_graphql_mutation(mutation, current_user: current_user)
+        errors = json_response['errors']
+
+        expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR)
+      end
+    end
+
+    context 'when the author is a member of the project' do
+      before do
+        project.add_developer(current_user)
+      end
+
+      it_behaves_like 'graphql update actions'
+
+      context 'when the snippet project feature is disabled' do
+        it 'returns an an error' do
+          project.project_feature.update_attribute(:snippets_access_level, ProjectFeature::DISABLED)
+
+          post_graphql_mutation(mutation, current_user: current_user)
+          errors = json_response['errors']
+
+          expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR)
+        end
+      end
+    end
+  end
+end