Merge commit '6d000c9f' into 11-10-stable

lib/gitlab/git/wiki.rb

@@ -86,9 +86,9 @@ module Gitlab
         end
       end
-      def pages(limit: 0)
+      def pages(limit: 0, sort: nil, direction_desc: false)
         wrapped_gitaly_errors do
-          gitaly_get_all_pages(limit: limit)
+          gitaly_get_all_pages(limit: limit, sort: sort, direction_desc: direction_desc)
         end
       end
@@ -168,8 +168,10 @@ module Gitlab
         Gitlab::Git::WikiFile.new(wiki_file)
       end
-      def gitaly_get_all_pages(limit: 0)
-        gitaly_wiki_client.get_all_pages(limit: limit).map do |wiki_page, version|
+      def gitaly_get_all_pages(limit: 0, sort: nil, direction_desc: false)
+        gitaly_wiki_client.get_all_pages(
+          limit: limit, sort: sort, direction_desc: direction_desc
+        ).map do |wiki_page, version|
           Gitlab::Git::WikiPage.new(wiki_page, version)
         end
       end

lib/gitlab/gitaly_client/wiki_service.rb

@@ -87,8 +87,13 @@ module Gitlab
         wiki_page_from_iterator(response)
       end
-      def get_all_pages(limit: 0)
-        request = Gitaly::WikiGetAllPagesRequest.new(repository: @gitaly_repo, limit: limit)
+      def get_all_pages(limit: 0, sort: nil, direction_desc: false)
+        sort_value = Gitaly::WikiGetAllPagesRequest::SortBy.resolve(sort.to_s.upcase.to_sym)
+
+        params = { repository: @gitaly_repo, limit: limit, direction_desc: direction_desc }
+        params[:sort] = sort_value if sort_value
+
+        request = Gitaly::WikiGetAllPagesRequest.new(params)
         response = GitalyClient.call(@repository.storage, :wiki_service, :wiki_get_all_pages, request, timeout: GitalyClient.medium_timeout)
         pages = []

lib/gitlab/graphql/authorize/authorize_field_service.rb

@@ -14,9 +14,10 @@ module Gitlab
         end
         def authorized_resolve
-          proc do |obj, args, ctx|
-            resolved_obj = @old_resolve_proc.call(obj, args, ctx)
-            checker = build_checker(ctx[:current_user])
+          proc do |parent_typed_object, args, ctx|
+            resolved_obj = @old_resolve_proc.call(parent_typed_object, args, ctx)
+            authorizing_obj = authorize_against(parent_typed_object)
+            checker = build_checker(ctx[:current_user], authorizing_obj)
             if resolved_obj.respond_to?(:then)
               resolved_obj.then(&checker)
@@ -51,22 +52,28 @@ module Gitlab
           Array.wrap(@field.metadata[:authorize])
         end
-        def build_checker(current_user)
-          lambda do |value|
+        # If it's a built-in/scalar type, authorize using its parent object.
+        # nil means authorize using the resolved object
+        def authorize_against(parent_typed_object)
+          parent_typed_object.object if built_in_type? && parent_typed_object.respond_to?(:object)
+        end
+
+        def build_checker(current_user, authorizing_obj)
+          lambda do |resolved_obj|
             # Load the elements if they were not loaded by BatchLoader yet
-            value = value.sync if value.respond_to?(:sync)
+            resolved_obj = resolved_obj.sync if resolved_obj.respond_to?(:sync)
             check = lambda do |object|
               authorizations.all? do |ability|
-                Ability.allowed?(current_user, ability, object)
+                Ability.allowed?(current_user, ability, authorizing_obj || object)
               end
             end
-            case value
+            case resolved_obj
             when Array, ActiveRecord::Relation
-              value.select(&check)
+              resolved_obj.select(&check)
             else
-              value if check.call(value)
+              resolved_obj if check.call(resolved_obj)
             end
           end
         end
@@ -88,6 +95,10 @@ module Gitlab
         def node_type_for_basic_connection(type)
           type.unwrap
         end
+
+        def built_in_type?
+          GraphQL::Schema::BUILT_IN_TYPES.has_value?(node_type_for_basic_connection(@field.type))
+        end
       end
     end
   end

lib/gitlab/graphql/query_analyzers/log_query_complexity.rb

+# frozen_string_literal: true
+
+module Gitlab
+  module Graphql
+    module QueryAnalyzers
+      class LogQueryComplexity
+        class << self
+          def analyzer
+            GraphQL::Analysis::QueryComplexity.new do |query, complexity|
+              # temporary until https://gitlab.com/gitlab-org/gitlab-ce/issues/59587
+              Rails.logger.info("[GraphQL Query Complexity] #{complexity}  | admin? #{query.context[:current_user]&.admin?}")
+            end
+          end
+        end
+      end
+    end
+  end
+end

lib/gitlab/prometheus_client.rb

@@ -6,6 +6,14 @@ module Gitlab
     Error = Class.new(StandardError)
     QueryError = Class.new(Gitlab::PrometheusClient::Error)
+    # Target number of data points for `query_range`.
+    # Please don't exceed the limit of 11000 data points
+    # See https://github.com/prometheus/prometheus/blob/91306bdf24f5395e2601773316945a478b4b263d/web/api/v1/api.go#L347
+    QUERY_RANGE_DATA_POINTS = 600
+
+    # Minimal value of the `step` parameter for `query_range` in seconds.
+    QUERY_RANGE_MIN_STEP = 60
+
     attr_reader :rest_client, :headers
     def initialize(rest_client)
@@ -23,12 +31,18 @@ module Gitlab
     end
     def query_range(query, start: 8.hours.ago, stop: Time.now)
+      start = start.to_f
+      stop = stop.to_f
+      step = self.class.compute_step(start, stop)
+
       get_result('matrix') do
-        json_api_get('query_range',
-                     query: query,
-                     start: start.to_f,
-                     end: stop.to_f,
-                     step: 1.minute.to_i)
+        json_api_get(
+          'query_range',
+          query: query,
+          start: start,
+          end: stop,
+          step: step
+        )
       end
     end
@@ -40,6 +54,14 @@ module Gitlab
       json_api_get('series', 'match': matches, start: start.to_f, end: stop.to_f)
     end
+    def self.compute_step(start, stop)
+      diff = stop - start
+
+      step = (diff / QUERY_RANGE_DATA_POINTS).ceil
+
+      [QUERY_RANGE_MIN_STEP, step].max
+    end
+
     private
     def json_api_get(type, args = {})

lib/gitlab/untrusted_regexp/ruby_syntax.rb

@@ -6,7 +6,7 @@ module Gitlab
     # and converts that to RE2 representation:
     # /<regexp>/<flags>
     class RubySyntax
-      PATTERN = %r{^/(?<regexp>.+)/(?<flags>[ismU]*)$}.freeze
+      PATTERN = %r{^/(?<regexp>.*)/(?<flags>[ismU]*)$}.freeze
       # Checks if pattern matches a regexp pattern
       # but does not enforce it's validity
@@ -16,28 +16,47 @@ module Gitlab
       # The regexp can match the pattern `/.../`, but may not be fabricatable:
       # it can be invalid or incomplete: `/match ( string/`
-      def self.valid?(pattern)
-        !!self.fabricate(pattern)
+      def self.valid?(pattern, fallback: false)
+        !!self.fabricate(pattern, fallback: fallback)
       end
-      def self.fabricate(pattern)
-        self.fabricate!(pattern)
+      def self.fabricate(pattern, fallback: false)
+        self.fabricate!(pattern, fallback: fallback)
       rescue RegexpError
         nil
       end
-      def self.fabricate!(pattern)
+      def self.fabricate!(pattern, fallback: false)
         raise RegexpError, 'Pattern is not string!' unless pattern.is_a?(String)
         matches = pattern.match(PATTERN)
         raise RegexpError, 'Invalid regular expression!' if matches.nil?
-        expression = matches[:regexp]
-        flags = matches[:flags]
-        expression.prepend("(?#{flags})") if flags.present?
-        UntrustedRegexp.new(expression, multiline: false)
+        begin
+          create_untrusted_regexp(matches[:regexp], matches[:flags])
+        rescue RegexpError
+          raise unless fallback &&
+              Feature.enabled?(:allow_unsafe_ruby_regexp, default_enabled: false)
+          create_ruby_regexp(matches[:regexp], matches[:flags])
+        end
       end
+
+      def self.create_untrusted_regexp(pattern, flags)
+        pattern.prepend("(?#{flags})") if flags.present?
+
+        UntrustedRegexp.new(pattern, multiline: false)
+      end
+      private_class_method :create_untrusted_regexp
+
+      def self.create_ruby_regexp(pattern, flags)
+        options = 0
+        options += Regexp::IGNORECASE if flags&.include?('i')
+        options += Regexp::MULTILINE if flags&.include?('m')
+
+        Regexp.new(pattern, options)
+      end
+      private_class_method :create_ruby_regexp
     end
   end
 end

lib/gitlab/url_helpers.rb

+# frozen_string_literal: true
+
+module Gitlab
+  class UrlHelpers
+    WSS_PROTOCOL = "wss".freeze
+    def self.as_wss(url)
+      return unless url.present?
+
+      URI.parse(url).tap do |uri|
+        uri.scheme = WSS_PROTOCOL
+      end.to_s
+    rescue URI::InvalidURIError
+      nil
+    end
+  end
+end

lib/gitlab/workhorse.rb

@@ -162,16 +162,16 @@ module Gitlab
         ]
       end
-      def terminal_websocket(terminal)
+      def channel_websocket(channel)
         details = {
-          'Terminal' => {
-            'Subprotocols' => terminal[:subprotocols],
-            'Url' => terminal[:url],
-            'Header' => terminal[:headers],
-            'MaxSessionTime' => terminal[:max_session_time]
+          'Channel' => {
+            'Subprotocols' => channel[:subprotocols],
+            'Url' => channel[:url],
+            'Header' => channel[:headers],
+            'MaxSessionTime' => channel[:max_session_time]
           }
         }
-        details['Terminal']['CAPem'] = terminal[:ca_pem] if terminal.key?(:ca_pem)
+        details['Channel']['CAPem'] = channel[:ca_pem] if channel.key?(:ca_pem)
         details
       end

locale/gitlab.pot

@@ -19,6 +19,9 @@ msgstr ""
 msgid " Status"
 msgstr ""
+msgid " Try to %{action} this file again."
+msgstr ""
+
 msgid " You need to do this before %{grace_period_deadline}."
 msgstr ""
@@ -126,6 +129,9 @@ msgstr ""
 msgid "%{label_for_message} unavailable"
 msgstr ""
+msgid "%{level_name} visibility has been restricted by the administrator."
+msgstr ""
+
 msgid "%{link_start}Read more%{link_end} about role permissions"
 msgstr ""
@@ -351,6 +357,9 @@ msgstr ""
 msgid "A user with write access to the source branch selected this option"
 msgstr ""
+msgid "API Help"
+msgstr ""
+
 msgid "About GitLab"
 msgstr ""
@@ -480,6 +489,9 @@ msgstr ""
 msgid "Admin Overview"
 msgstr ""
+msgid "Admin Section"
+msgstr ""
+
 msgid "AdminArea| You are about to permanently delete the user %{username}. Issues, merge requests, and groups linked to them will be transferred to a system-wide \"Ghost-user\". To avoid data loss, consider using the %{strong_start}block user%{strong_end} feature instead. Once you %{strong_start}Delete user%{strong_end}, it cannot be undone or recovered."
 msgstr ""
@@ -4529,6 +4541,9 @@ msgstr ""
 msgid "Job"
 msgstr ""
+msgid "Job Failed #%{build_id}"
+msgstr ""
+
 msgid "Job ID"
 msgstr ""
@@ -4774,6 +4789,9 @@ msgstr ""
 msgid "Leave"
 msgstr ""
+msgid "Leave edit mode? All unsaved changes will be lost."
+msgstr ""
+
 msgid "Leave group"
 msgstr ""
@@ -4923,6 +4941,9 @@ msgstr ""
 msgid "Markdown"
 msgstr ""
+msgid "Markdown Help"
+msgstr ""
+
 msgid "Markdown enabled"
 msgstr ""
@@ -5393,6 +5414,9 @@ msgstr ""
 msgid "No files found."
 msgstr ""
+msgid "No job trace"
+msgstr ""
+
 msgid "No labels with such name or description"
 msgstr ""
@@ -5617,6 +5641,9 @@ msgstr ""
 msgid "Open in Xcode"
 msgstr ""
+msgid "Open raw"
+msgstr ""
+
 msgid "Open sidebar"
 msgstr ""
@@ -5740,6 +5767,9 @@ msgstr ""
 msgid "Permissions"
 msgstr ""
+msgid "Permissions Help"
+msgstr ""
+
 msgid "Permissions, LFS, 2FA"
 msgstr ""
@@ -6016,6 +6046,9 @@ msgstr ""
 msgid "Preview"
 msgstr ""
+msgid "Preview changes"
+msgstr ""
+
 msgid "Preview payload"
 msgstr ""
@@ -6547,6 +6580,9 @@ msgstr ""
 msgid "Public - The project can be accessed without any authentication."
 msgstr ""
+msgid "Public Access Help"
+msgstr ""
+
 msgid "Public deploy keys (%{deploy_keys_count})"
 msgstr ""
@@ -6577,6 +6613,9 @@ msgstr ""
 msgid "README"
 msgstr ""
+msgid "Rake Tasks Help"
+msgstr ""
+
 msgid "Read more"
 msgstr ""
@@ -6672,6 +6711,12 @@ msgstr ""
 msgid "Remove project"
 msgstr ""
+msgid "Remove this label? Are you sure?"
+msgstr ""
+
+msgid "Remove this label? This will affect all projects within the group. Are you sure?"
+msgstr ""
+
 msgid "Removed group can not be restored!"
 msgstr ""
@@ -6690,6 +6735,9 @@ msgstr ""
 msgid "Reopen milestone"
 msgstr ""
+msgid "Replace"
+msgstr ""
+
 msgid "Reply to comment"
 msgstr ""
@@ -6914,6 +6962,9 @@ msgstr ""
 msgid "SSH Keys"
 msgstr ""
+msgid "SSH Keys Help"
+msgstr ""
+
 msgid "SSH host keys"
 msgstr ""
@@ -7040,6 +7091,9 @@ msgstr ""
 msgid "SearchAutocomplete|in this project"
 msgstr ""
+msgid "SearchResults|Showing %{from} - %{to} of %{count} %{scope} for \"%{term}\""
+msgstr ""
+
 msgid "Secret"
 msgstr ""
@@ -7417,6 +7471,9 @@ msgstr ""
 msgid "Sort by"
 msgstr ""
+msgid "Sort direction"
+msgstr ""
+
 msgid "SortOptions|Access level, ascending"
 msgstr ""
@@ -7735,6 +7792,9 @@ msgstr ""
 msgid "System Hooks"
 msgstr ""
+msgid "System Hooks Help"
+msgstr ""
+
 msgid "System Info"
 msgstr ""
@@ -7867,6 +7927,11 @@ msgstr ""
 msgid "Test failed."
 msgstr ""
+msgid "The %{type} contains the following error:"
+msgid_plural "The %{type} contains the following errors:"
+msgstr[0] ""
+msgstr[1] ""
+
 msgid "The Git LFS objects will <strong>not</strong> be synced."
 msgstr ""
@@ -7909,6 +7974,15 @@ msgstr ""
 msgid "The global settings require you to enable Two-Factor Authentication for your account."
 msgstr ""
+msgid "The group and any internal projects can be viewed by any logged in user."
+msgstr ""
+
+msgid "The group and any public projects can be viewed without any authentication."
+msgstr ""
+
+msgid "The group and its projects can only be viewed by members."
+msgstr ""
+
 msgid "The group settings for %{group_links} require you to enable Two-Factor Authentication for your account. You can %{leave_group_links}."
 msgstr ""
@@ -7987,6 +8061,18 @@ msgstr ""
 msgid "The review stage shows the time from creating the merge request to merging it. The data will automatically be added after you merge your first merge request."
 msgstr ""
+msgid "The snippet can be accessed without any authentication."
+msgstr ""
+
+msgid "The snippet is visible only to me."
+msgstr ""
+
+msgid "The snippet is visible only to project members."
+msgstr ""
+
+msgid "The snippet is visible to any logged in user."
+msgstr ""
+
 msgid "The staging stage shows the time between merging the MR and deploying code to the production environment. The data will be automatically added once you deploy to production for the first time."
 msgstr ""
@@ -8837,6 +8923,9 @@ msgstr ""
 msgid "User map"
 msgstr ""
+msgid "User settings"
+msgstr ""
+
 msgid "User was successfully created."
 msgstr ""
@@ -8990,6 +9079,9 @@ msgstr ""
 msgid "View it on GitLab"
 msgstr ""
+msgid "View job trace"
+msgstr ""
+
 msgid "View jobs"
 msgstr ""
@@ -9065,6 +9157,9 @@ msgstr ""
 msgid "Web terminal"
 msgstr ""
+msgid "Webhooks Help"
+msgstr ""
+
 msgid "When a runner is locked, it cannot be assigned to other projects"
 msgstr ""
@@ -9197,6 +9292,9 @@ msgstr ""
 msgid "Wiki|Create page"
 msgstr ""
+msgid "Wiki|Created date"
+msgstr ""
+
 msgid "Wiki|Edit Page"
 msgstr ""
@@ -9215,6 +9313,9 @@ msgstr ""
 msgid "Wiki|Pages"
 msgstr ""
+msgid "Wiki|Title"
+msgstr ""
+
 msgid "Wiki|Wiki Pages"
 msgstr ""
@@ -9224,6 +9325,9 @@ msgstr ""
 msgid "Withdraw Access Request"
 msgstr ""
+msgid "Workflow Help"
+msgstr ""
+
 msgid "Write"
 msgstr ""
@@ -9428,6 +9532,12 @@ msgstr ""
 msgid "You'll need to use different branch names to get a valid comparison."
 msgstr ""
+msgid "You're not allowed to make changes to this project directly. A fork of this project has been created that you can make changes in, so you can submit a merge request."
+msgstr ""
+
+msgid "You're not allowed to make changes to this project directly. A fork of this project is being created that you can make changes in, so you can submit a merge request."
+msgstr ""
+
 msgid "You're only seeing %{startTag}other activity%{endTag} in the feed. To add a comment, switch to one of the following options."
 msgstr ""

qa/qa/page/file/show.rb

@@ -6,7 +6,7 @@ module QA
         view 'app/helpers/blob_helper.rb' do
           element :edit_button, "_('Edit')" # rubocop:disable QA/ElementWithPattern
-          element :delete_button, /label:\s+"Delete"/ # rubocop:disable QA/ElementWithPattern
+          element :delete_button, '_("Delete")' # rubocop:disable QA/ElementWithPattern
         end
         view 'app/views/projects/blob/_remove.html.haml' do

spec/controllers/concerns/issuable_collections_spec.rb

@@ -117,7 +117,7 @@ describe IssuableCollections do
         due_date: '2017-01-01',
         group_id: '3',
         iids: '4',
-        label_name: 'foo',
+        label_name: ['foo'],
         milestone_title: 'bar',
         my_reaction_emoji: 'thumbsup',
         non_archived: 'true',
@@ -142,7 +142,7 @@ describe IssuableCollections do
         'author_id' => '2',
         'author_username' => 'user2',
         'confidential' => true,
-        'label_name' => 'foo',
+        'label_name' => ['foo'],
         'milestone_title' => 'bar',
         'my_reaction_emoji' => 'thumbsup',
         'due_date' => '2017-01-01',

spec/controllers/dashboard_controller_spec.rb

@@ -23,4 +23,37 @@ describe DashboardController do
   it_behaves_like 'authenticates sessionless user', :issues, :atom, author_id: User.first
   it_behaves_like 'authenticates sessionless user', :issues_calendar, :ics
+
+  describe "#check_filters_presence!" do
+    let(:user) { create(:user) }
+
+    before do
+      sign_in(user)
+      get :merge_requests, params: params
+    end
+
+    context "no filters" do
+      let(:params) { {} }
+
+      it 'sets @no_filters_set to false' do
+        expect(assigns[:no_filters_set]).to eq(true)
+      end
+    end
+
+    context "scalar filters" do
+      let(:params) { { author_id: user.id } }
+
+      it 'sets @no_filters_set to false' do
+        expect(assigns[:no_filters_set]).to eq(false)
+      end
+    end
+
+    context "array filters" do
+      let(:params) { { label_name: ['bug'] } }
+
+      it 'sets @no_filters_set to false' do
+        expect(assigns[:no_filters_set]).to eq(false)
+      end
+    end
+  end
 end

spec/controllers/groups_controller_spec.rb

@@ -616,7 +616,7 @@ describe GroupsController do
       end
       it 'should redirect to the current path' do
-        expect(response).to render_template(:edit)
+        expect(response).to redirect_to(edit_group_path(group))
       end
     end

spec/controllers/projects/environments_controller_spec.rb

@@ -283,7 +283,7 @@ describe Projects::EnvironmentsController do
             .and_return([:fake_terminal])
           expect(Gitlab::Workhorse)
-            .to receive(:terminal_websocket)
+            .to receive(:channel_websocket)
             .with(:fake_terminal)
             .and_return(workhorse: :response)

spec/controllers/projects/jobs_controller_spec.rb

@@ -989,7 +989,7 @@ describe Projects::JobsController, :clean_gitlab_redis_shared_state do
       context 'and valid id' do
         it 'returns the terminal for the job' do
           expect(Gitlab::Workhorse)
-            .to receive(:terminal_websocket)
+            .to receive(:channel_websocket)
             .and_return(workhorse: :response)
           get_terminal_websocket(id: job.id)

spec/features/dashboard/merge_requests_spec.rb

@@ -44,6 +44,8 @@ describe 'Dashboard Merge Requests' do
   end
   context 'merge requests exist' do
+    let(:label) { create(:label) }
+
     let!(:assigned_merge_request) do
       create(:merge_request,
         assignee: current_user,
@@ -72,6 +74,14 @@ describe 'Dashboard Merge Requests' do
               target_project: public_project, source_project: forked_project)
     end
+    let!(:labeled_merge_request) do
+      create(:labeled_merge_request,
+              source_branch: 'labeled',
+              labels: [label],
+              author: current_user,
+              source_project: project)
+    end
+
     let!(:other_merge_request) do
       create(:merge_request,
               source_branch: 'fix',
@@ -90,6 +100,7 @@ describe 'Dashboard Merge Requests' do
       expect(page).not_to have_content(authored_merge_request.title)
       expect(page).not_to have_content(authored_merge_request_from_fork.title)
       expect(page).not_to have_content(other_merge_request.title)
+      expect(page).not_to have_content(labeled_merge_request.title)
     end
     it 'shows authored merge requests', :js do
@@ -98,7 +109,21 @@ describe 'Dashboard Merge Requests' do
       expect(page).to have_content(authored_merge_request.title)
       expect(page).to have_content(authored_merge_request_from_fork.title)
+      expect(page).to have_content(labeled_merge_request.title)
+
+      expect(page).not_to have_content(assigned_merge_request.title)
+      expect(page).not_to have_content(assigned_merge_request_from_fork.title)
+      expect(page).not_to have_content(other_merge_request.title)
+    end
+
+    it 'shows labeled merge requests', :js do
+      reset_filters
+      input_filtered_search("label:#{label.name}")
+      expect(page).to have_content(labeled_merge_request.title)
+
+      expect(page).not_to have_content(authored_merge_request.title)
+      expect(page).not_to have_content(authored_merge_request_from_fork.title)
       expect(page).not_to have_content(assigned_merge_request.title)
       expect(page).not_to have_content(assigned_merge_request_from_fork.title)
       expect(page).not_to have_content(other_merge_request.title)

spec/features/issues/user_uses_quick_actions_spec.rb

@@ -43,6 +43,7 @@ describe 'Issues > User uses quick actions', :js do
   describe 'issue-only commands' do
     let(:user) { create(:user) }
     let(:project) { create(:project, :public) }
+    let(:issue) { create(:issue, project: project) }
     before do
       project.add_maintainer(user)
@@ -55,6 +56,8 @@ describe 'Issues > User uses quick actions', :js do
       wait_for_requests
     end
+    it_behaves_like 'confidential quick action'
+
     describe 'adding a due date from note' do
       let(:issue) { create(:issue, project: project) }
@@ -137,42 +140,6 @@ describe 'Issues > User uses quick actions', :js do
       end
     end
-    describe 'make issue confidential' do
-      let(:issue) { create(:issue, project: project) }
-      let(:original_issue) { create(:issue, project: project) }
-
-      context 'when the current user can update issues' do
-        it 'does not create a note, and marks the issue as confidential' do
-          add_note("/confidential")
-
-          expect(page).not_to have_content "/confidential"
-          expect(page).to have_content 'Commands applied'
-          expect(page).to have_content "made the issue confidential"
-
-          expect(issue.reload).to be_confidential
-        end
-      end
-
-      context 'when the current user cannot update the issue' do
-        let(:guest) { create(:user) }
-        before do
-          project.add_guest(guest)
-          gitlab_sign_out
-          sign_in(guest)
-          visit project_issue_path(project, issue)
-        end
-
-        it 'does not create a note, and does not mark the issue as confidential' do
-          add_note("/confidential")
-
-          expect(page).not_to have_content 'Commands applied'
-          expect(page).not_to have_content "made the issue confidential"
-
-          expect(issue.reload).not_to be_confidential
-        end
-      end
-    end
-
     describe 'move the issue to another project' do
       let(:issue) { create(:issue, project: project) }

spec/features/projects/wiki/user_views_wiki_pages_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'User views wiki pages' do
+  include WikiHelpers
+
+  let(:user) { create(:user) }
+  let(:project) { create(:project, :wiki_repo, namespace: user.namespace) }
+
+  let!(:wiki_page1) do
+    create(:wiki_page, wiki: project.wiki, attrs: { title: '3 home', content: '3' })
+  end
+  let!(:wiki_page2) do
+    create(:wiki_page, wiki: project.wiki, attrs: { title: '1 home', content: '1' })
+  end
+  let!(:wiki_page3) do
+    create(:wiki_page, wiki: project.wiki, attrs: { title: '2 home', content: '2' })
+  end
+
+  let(:pages) do
+    page.find('.wiki-pages-list').all('li').map { |li| li.find('a') }
+  end
+
+  before do
+    project.add_maintainer(user)
+    sign_in(user)
+    visit(project_wikis_pages_path(project))
+  end
+
+  context 'ordered by title' do
+    let(:pages_ordered_by_title) { [wiki_page2, wiki_page3, wiki_page1] }
+
+    context 'asc' do
+      it 'pages are displayed in direct order' do
+        pages.each.with_index do |page_title, index|
+          expect(page_title.text).to eq(pages_ordered_by_title[index].title)
+        end
+      end
+    end
+
+    context 'desc' do
+      before do
+        page.within('.wiki-sort-dropdown') do
+          page.find('.qa-reverse-sort').click
+        end
+      end
+
+      it 'pages are displayed in reversed order' do
+        pages.reverse_each.with_index do |page_title, index|
+          expect(page_title.text).to eq(pages_ordered_by_title[index].title)
+        end
+      end
+    end
+  end
+
+  context 'ordered by created_at' do
+    let(:pages_ordered_by_created_at) { [wiki_page1, wiki_page2, wiki_page3] }
+
+    before do
+      page.within('.wiki-sort-dropdown') do
+        click_button('Title')
+        click_link('Created date')
+      end
+    end
+
+    context 'asc' do
+      it 'pages are displayed in direct order' do
+        pages.each.with_index do |page_title, index|
+          expect(page_title.text).to eq(pages_ordered_by_created_at[index].title)
+        end
+      end
+    end
+
+    context 'desc' do
+      before do
+        page.within('.wiki-sort-dropdown') do
+          page.find('.qa-reverse-sort').click
+        end
+      end
+
+      it 'pages are displayed in reversed order' do
+        pages.reverse_each.with_index do |page_title, index|
+          expect(page_title.text).to eq(pages_ordered_by_created_at[index].title)
+        end
+      end
+    end
+  end
+end

spec/graphql/features/authorization_spec.rb

@@ -75,6 +75,59 @@ describe 'Gitlab::Graphql::Authorization' do
     end
   end
+  describe 'Field authorizations when field is a built in type' do
+    let(:query_type) do
+      query_factory do |query|
+        query.field :object, type, null: true, resolve: ->(obj, args, ctx) { test_object }
+      end
+    end
+
+    describe 'with a single permission' do
+      let(:type) do
+        type_factory do |type|
+          type.field :name, GraphQL::STRING_TYPE, null: true, authorize: permission_single
+        end
+      end
+
+      it 'returns the protected field when user has permission' do
+        permit(permission_single)
+
+        expect(subject).to eq('name' => test_object.name)
+      end
+
+      it 'returns nil when user is not authorized' do
+        expect(subject).to eq('name' => nil)
+      end
+    end
+
+    describe 'with a collection of permissions' do
+      let(:type) do
+        permissions = permission_collection
+        type_factory do |type|
+          type.field :name, GraphQL::STRING_TYPE, null: true do
+            authorize permissions
+          end
+        end
+      end
+
+      it 'returns the protected field when user has all permissions' do
+        permit(*permission_collection)
+
+        expect(subject).to eq('name' => test_object.name)
+      end
+
+      it 'returns nil when user only has one of the permissions' do
+        permit(permission_collection.first)
+
+        expect(subject).to eq('name' => nil)
+      end
+
+      it 'returns nil when user only has none of the permissions' do
+        expect(subject).to eq('name' => nil)
+      end
+    end
+  end
+
   describe 'Type authorizations' do
     let(:query_type) do
       query_factory do |query|

spec/graphql/gitlab_schema_spec.rb

+# frozen_string_literal: true
+
 require 'spec_helper'
 describe GitlabSchema do
@@ -31,6 +33,46 @@ describe GitlabSchema do
     expect(connection).to eq(Gitlab::Graphql::Connections::KeysetConnection)
   end
+  context 'for different types of users' do
+    it 'returns DEFAULT_MAX_COMPLEXITY for no context' do
+      expect(GraphQL::Schema)
+        .to receive(:execute)
+        .with('query', hash_including(max_complexity: GitlabSchema::DEFAULT_MAX_COMPLEXITY))
+
+      described_class.execute('query')
+    end
+
+    it 'returns DEFAULT_MAX_COMPLEXITY for no user' do
+      expect(GraphQL::Schema)
+        .to receive(:execute)
+        .with('query', hash_including(max_complexity: GitlabSchema::DEFAULT_MAX_COMPLEXITY))
+
+      described_class.execute('query', context: {})
+    end
+
+    it 'returns AUTHENTICATED_COMPLEXITY for a logged in user' do
+      user = build :user
+
+      expect(GraphQL::Schema).to receive(:execute).with('query', hash_including(max_complexity: GitlabSchema::AUTHENTICATED_COMPLEXITY))
+
+      described_class.execute('query', context: { current_user: user })
+    end
+
+    it 'returns ADMIN_COMPLEXITY for an admin user' do
+      user = build :user, :admin
+
+      expect(GraphQL::Schema).to receive(:execute).with('query', hash_including(max_complexity: GitlabSchema::ADMIN_COMPLEXITY))
+
+      described_class.execute('query', context: { current_user: user })
+    end
+
+    it 'returns what was passed on the query' do
+      expect(GraphQL::Schema).to receive(:execute).with('query', { max_complexity: 1234 })
+
+      described_class.execute('query', max_complexity: 1234)
+    end
+  end
+
   def field_instrumenters
     described_class.instrumenters[:field]
   end