8 files changed, 85 insertions, 42 deletions

diff --git a/spec/models/clusters/agent_spec.rb b/spec/models/clusters/agent_spec.rb
index f97e89912c6..de67bdb32aa 100644
--- a/spec/models/clusters/agent_spec.rb
+++ b/spec/models/clusters/agent_spec.rb
@@ -40,6 +40,39 @@ RSpec.describe Clusters::Agent do
 
       it { is_expected.to contain_exactly(matching_name) }
     end
+
+    describe '.has_vulnerabilities' do
+      let_it_be(:without_vulnerabilities) { create(:cluster_agent, has_vulnerabilities: false) }
+      let_it_be(:with_vulnerabilities) { create(:cluster_agent, has_vulnerabilities: true) }
+
+      context 'when value is not provided' do
+        subject { described_class.has_vulnerabilities }
+
+        it 'returns agents which have vulnerabilities' do
+          is_expected.to contain_exactly(with_vulnerabilities)
+        end
+      end
+
+      context 'when value is provided' do
+        subject { described_class.has_vulnerabilities(value) }
+
+        context 'as true' do
+          let(:value) { true }
+
+          it 'returns agents which have vulnerabilities' do
+            is_expected.to contain_exactly(with_vulnerabilities)
+          end
+        end
+
+        context 'as false' do
+          let(:value) { false }
+
+          it 'returns agents which do not have vulnerabilities' do
+            is_expected.to contain_exactly(without_vulnerabilities)
+          end
+        end
+      end
+    end
   end
 
   describe 'validation' do
diff --git a/spec/models/hooks/project_hook_spec.rb b/spec/models/hooks/project_hook_spec.rb
index ec2eca96755..4253686b843 100644
--- a/spec/models/hooks/project_hook_spec.rb
+++ b/spec/models/hooks/project_hook_spec.rb
@@ -31,15 +31,6 @@ RSpec.describe ProjectHook do
     end
   end
 
-  describe '#rate_limit' do
-    let_it_be(:plan_limits) { create(:plan_limits, :default_plan, web_hook_calls: 100) }
-    let_it_be(:hook) { create(:project_hook) }
-
-    it 'returns the default limit' do
-      expect(hook.rate_limit).to be(100)
-    end
-  end
-
   describe '#parent' do
     it 'returns the associated project' do
       project = build(:project)
diff --git a/spec/models/hooks/service_hook_spec.rb b/spec/models/hooks/service_hook_spec.rb
index 0d65fe302e1..68c284a913c 100644
--- a/spec/models/hooks/service_hook_spec.rb
+++ b/spec/models/hooks/service_hook_spec.rb
@@ -23,14 +23,6 @@ RSpec.describe ServiceHook do
     end
   end
 
-  describe '#rate_limit' do
-    let(:hook) { build(:service_hook) }
-
-    it 'returns nil' do
-      expect(hook.rate_limit).to be_nil
-    end
-  end
-
   describe '#parent' do
     let(:hook) { build(:service_hook, integration: integration) }
 
diff --git a/spec/models/hooks/system_hook_spec.rb b/spec/models/hooks/system_hook_spec.rb
index bf69c7219a8..9f5f81dd6c0 100644
--- a/spec/models/hooks/system_hook_spec.rb
+++ b/spec/models/hooks/system_hook_spec.rb
@@ -185,14 +185,6 @@ RSpec.describe SystemHook do
     end
   end
 
-  describe '#rate_limit' do
-    let(:hook) { build(:system_hook) }
-
-    it 'returns nil' do
-      expect(hook.rate_limit).to be_nil
-    end
-  end
-
   describe '#application_context' do
     let(:hook) { build(:system_hook) }
 
diff --git a/spec/models/hooks/web_hook_spec.rb b/spec/models/hooks/web_hook_spec.rb
index ab40f962af3..fb4d1cee606 100644
--- a/spec/models/hooks/web_hook_spec.rb
+++ b/spec/models/hooks/web_hook_spec.rb
@@ -493,31 +493,30 @@ RSpec.describe WebHook do
   end
 
   describe '#rate_limited?' do
-    context 'when there are rate limits' do
-      before do
-        allow(hook).to receive(:rate_limit).and_return(3)
+    it 'is false when hook has not been rate limited' do
+      expect_next_instance_of(Gitlab::WebHooks::RateLimiter) do |rate_limiter|
+        expect(rate_limiter).to receive(:rate_limited?).and_return(false)
       end
 
-      it 'is false when hook has not been rate limited' do
-        expect(Gitlab::ApplicationRateLimiter).to receive(:peek).and_return(false)
-        expect(hook).not_to be_rate_limited
-      end
+      expect(hook).not_to be_rate_limited
+    end
 
-      it 'is true when hook has been rate limited' do
-        expect(Gitlab::ApplicationRateLimiter).to receive(:peek).and_return(true)
-        expect(hook).to be_rate_limited
+    it 'is true when hook has been rate limited' do
+      expect_next_instance_of(Gitlab::WebHooks::RateLimiter) do |rate_limiter|
+        expect(rate_limiter).to receive(:rate_limited?).and_return(true)
       end
+
+      expect(hook).to be_rate_limited
     end
+  end
 
-    context 'when there are no rate limits' do
-      before do
-        allow(hook).to receive(:rate_limit).and_return(nil)
+  describe '#rate_limit' do
+    it 'returns the hook rate limit' do
+      expect_next_instance_of(Gitlab::WebHooks::RateLimiter) do |rate_limiter|
+        expect(rate_limiter).to receive(:limit).and_return(10)
       end
 
-      it 'does not call Gitlab::ApplicationRateLimiter, and is false' do
-        expect(Gitlab::ApplicationRateLimiter).not_to receive(:peek)
-        expect(hook).not_to be_rate_limited
-      end
+      expect(hook.rate_limit).to eq(10)
     end
   end
 
diff --git a/spec/models/members/group_member_spec.rb b/spec/models/members/group_member_spec.rb
index 189951715c3..f93c2d36966 100644
--- a/spec/models/members/group_member_spec.rb
+++ b/spec/models/members/group_member_spec.rb
@@ -47,6 +47,16 @@ RSpec.describe GroupMember do
     end
   end
 
+  describe '#permissible_access_level_roles' do
+    let_it_be(:group) { create(:group) }
+
+    it 'returns Gitlab::Access.options_with_owner' do
+      result = described_class.permissible_access_level_roles(group.first_owner, group)
+
+      expect(result).to eq(Gitlab::Access.options_with_owner)
+    end
+  end
+
   it_behaves_like 'members notifications', :group
 
   describe '#namespace_id' do
diff --git a/spec/models/members/project_member_spec.rb b/spec/models/members/project_member_spec.rb
index 3923f4161cc..8c989f5aaca 100644
--- a/spec/models/members/project_member_spec.rb
+++ b/spec/models/members/project_member_spec.rb
@@ -23,6 +23,30 @@ RSpec.describe ProjectMember do
     end
   end
 
+  describe '#permissible_access_level_roles' do
+    let_it_be(:owner) { create(:user) }
+    let_it_be(:maintainer) { create(:user) }
+    let_it_be(:group) { create(:group) }
+    let_it_be(:project) { create(:project, group: group) }
+
+    before do
+      project.add_owner(owner)
+      project.add_maintainer(maintainer)
+    end
+
+    context 'when member can manage owners' do
+      it 'returns Gitlab::Access.options_with_owner' do
+        expect(described_class.permissible_access_level_roles(owner, project)).to eq(Gitlab::Access.options_with_owner)
+      end
+    end
+
+    context 'when member cannot manage owners' do
+      it 'returns Gitlab::Access.options' do
+        expect(described_class.permissible_access_level_roles(maintainer, project)).to eq(Gitlab::Access.options)
+      end
+    end
+  end
+
   describe '#real_source_type' do
     subject { create(:project_member).real_source_type }
 
diff --git a/spec/models/plan_limits_spec.rb b/spec/models/plan_limits_spec.rb
index 78521e4bdf2..f9c458b2c80 100644
--- a/spec/models/plan_limits_spec.rb
+++ b/spec/models/plan_limits_spec.rb
@@ -213,6 +213,8 @@ RSpec.describe PlanLimits do
         storage_size_limit
         daily_invites
         web_hook_calls
+        web_hook_calls_mid
+        web_hook_calls_low
         ci_daily_pipeline_schedule_triggers
         repository_size
         security_policy_scan_execution_schedules