diff --git a/app/assets/javascripts/todos/components/todo_item.vue b/app/assets/javascripts/todos/components/todo_item.vue
index d3f2dc2e8e675d3ff00b48250c6ee710e82516c7..92a20e9b19a2b6d83bcb0a745a40bf5ec95937e1 100644
--- a/app/assets/javascripts/todos/components/todo_item.vue
+++ b/app/assets/javascripts/todos/components/todo_item.vue
@@ -113,7 +113,7 @@ export default {
<template>
<li
- class="gl-border-t gl-border-b gl-relative -gl-mt-px gl-flex gl-gap-3 gl-px-5 gl-py-3 hover:gl-z-2 has-[>a:hover]:gl-border-blue-200 has-[>a:hover]:gl-bg-blue-50"
+ class="gl-border-t gl-border-b gl-relative -gl-mt-px gl-flex gl-gap-3 gl-px-5 gl-py-3 hover:gl-z-2 hover:gl-border-strong hover:gl-bg-feedback-info"
:data-testid="`todo-item-${todo.id}`"
:class="{ 'gl-bg-subtle': isDone }"
>
diff --git a/app/assets/stylesheets/page_bundles/work_items.scss b/app/assets/stylesheets/page_bundles/work_items.scss
index f19bd61ac79f6b643bb9c8c8cb8d6015fff91542..dddc32c0f2e85dee1241bbbc578b405c6bed1786 100644
--- a/app/assets/stylesheets/page_bundles/work_items.scss
+++ b/app/assets/stylesheets/page_bundles/work_items.scss
@@ -297,33 +297,26 @@ $disclosure-hierarchy-chevron-dimension: 1.2rem;
display: block;
height: 3rem;
width: 100%;
- background: linear-gradient(180deg, rgba(255, 255, 255, 0.00) 0%, $white 100%);
+ background: linear-gradient(180deg, transparent 0%, var(--gl-background-color-default) 100%);
- // stylelint-disable-next-line gitlab/no-gl-class
- .gl-dark & {
- background: linear-gradient(180deg, rgba(31, 30, 36, 0.00) 0%, $gray-950 100%);
+ .work-item-drawer & {
+ background: linear-gradient(180deg, transparent 0%, var(--gl-background-color-overlap) 100%);
}
}
.show-all-btn {
pointer-events: auto;
- background-color: $white;
+ background-color: var(--gl-background-color-default);
- // stylelint-disable-next-line gitlab/no-gl-class
- .gl-dark & {
- background-color: $gray-950;
+ .work-item-drawer & {
+ background-color: var(--gl-background-color-overlap);
}
&::before, &::after {
content: '';
height: 1px;
flex: 1;
- border-top: 1px solid $gray-50;
-
- // stylelint-disable-next-line gitlab/no-gl-class
- .gl-dark & {
- border-top: 1px solid $gray-900;
- }
+ border-top: 1px solid var(--gl-border-color-subtle);
}
}
}
diff --git a/doc/user/application_security/vulnerability_report/_index.md b/doc/user/application_security/vulnerability_report/_index.md
index fd2f89f75119ceafc1440eb5a338bb1e756e7e8e..775e1ea22abfda6546e959fe1a94791715e4ce89 100644
--- a/doc/user/application_security/vulnerability_report/_index.md
+++ b/doc/user/application_security/vulnerability_report/_index.md
@@ -26,15 +26,14 @@ For more information, see the history.
{{< /alert >}}
-The vulnerability report provides a consolidated view of security vulnerabilities found in your codebase.
-Sort vulnerabilities by severity, report type, scanner (for projects only), and other attributes to determine which issues need attention first.
-Track vulnerabilities through their lifecycle with status indicators and activity icons that show
-remediation progress.
-
-Access detailed information for each vulnerability, including Common Vulnerability Scoring System (CVSS) scores
-and file locations when available. Filter and group similar vulnerabilities to address them systematically. When
-you're ready to fix issues, create linked merge requests directly from the report and use AI-powered resolution
-suggestions for supported vulnerability types.
+The vulnerability report provides a consolidated view of security vulnerabilities found in your
+codebase. Sort vulnerabilities by severity, report type, scanner (for projects only), and other
+attributes to determine which issues need attention first. Track vulnerabilities through their
+lifecycle with status indicators and activity icons that show remediation progress.
+
+Access detailed information for each vulnerability, including Common Vulnerability Scoring System
+(CVSS) scores and file locations when available. Filter and group similar vulnerabilities to address
+them systematically.
<i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
For an overview, see [Vulnerability Management](https://www.youtube.com/watch?v=alMRIq5UPbw).
diff --git a/doc/user/ssh_troubleshooting.md b/doc/user/ssh_troubleshooting.md
index 07d6d8164a843cc7d6478e671e113f88ef255523..fe9d5af7c4fa362812a26c0a3ace8a4abdcc1aed 100644
--- a/doc/user/ssh_troubleshooting.md
+++ b/doc/user/ssh_troubleshooting.md
@@ -25,6 +25,7 @@ This indicates that something is wrong with your SSH setup.
- Ensure that you generated your SSH key pair correctly and added the public SSH
key to your GitLab profile.
+- Ensure that your SSH key format is compatible with your server OS configuration. For example, ED25519 key pairs might not work on [some FIPS systems](https://gitlab.com/gitlab-org/gitlab/-/issues/367429).
- Try to manually register your private SSH key by using `ssh-agent`.
- Try to debug the connection by running `ssh -Tv git@example.com`.
Replace `example.com` with your GitLab URL.
diff --git a/ee/app/models/ee/namespace.rb b/ee/app/models/ee/namespace.rb
index d5e61431465091d57476ccd29deea4f43c273589..2f468b9aba25e02150c627c0f49af03ff2034d89 100644
--- a/ee/app/models/ee/namespace.rb
+++ b/ee/app/models/ee/namespace.rb
@@ -569,6 +569,16 @@ def root_storage_size
end
end
+ def seat_control_available?
+ user_cap_available? || block_overages_available?
+ end
+
+ def block_overages_available?
+ group_namespace? &&
+ ::Gitlab::Saas.feature_available?(:gitlab_com_subscriptions) &&
+ has_paid_hosted_plan? && subscription_not_expired?
+ end
+
def user_cap_available?
return false unless group_namespace?
return false unless ::Gitlab.com?
@@ -659,6 +669,14 @@ def projects_with_repository_size_limit_usage_ratio_greater_than(ratio:)
private
+ def has_paid_hosted_plan?
+ has_subscription? && gitlab_subscription.has_a_paid_hosted_plan?
+ end
+
+ def subscription_not_expired?
+ has_subscription? && !gitlab_subscription.expired?
+ end
+
def security_orchestration_policies_for_namespaces(namespace_ids, include_invalid: false)
validated_security_orchestration_policies(
::Security::OrchestrationPolicyConfiguration.for_namespace(namespace_ids),
diff --git a/ee/app/views/groups/_seat_control_setting.html.haml b/ee/app/views/groups/_seat_control_setting.html.haml
index 91ed3325824e1cbd92660db4ce53af774d564bc7..0457313a09b007e12d2516f538315a3ba8910ba7 100644
--- a/ee/app/views/groups/_seat_control_setting.html.haml
+++ b/ee/app/views/groups/_seat_control_setting.html.haml
@@ -1,12 +1,13 @@
-- return unless group.root? && group.user_cap_available?
+- return unless group.root? && group.seat_control_available?
.form-group#js-seat-control
%h5
= _("Seat control")
- %div
- = f.gitlab_ui_radio_component :seat_control, :block_overages, render('groups/restricted_access_label'),
- help_text: _("Invitations above seat count are blocked"),
- radio_options: { disabled: group.shared_externally? }
+ - if group.block_overages_available?
+ %div
+ = f.gitlab_ui_radio_component :seat_control, :block_overages, render('groups/restricted_access_label'),
+ help_text: _("Invitations above seat count are blocked"),
+ radio_options: { disabled: group.shared_externally? }
%div
= f.gitlab_ui_radio_component :seat_control, :user_cap, _("Set user cap"),
help_text: _("Any user who is added or requests access in excess of the user cap must be approved by an administrator"),
diff --git a/ee/spec/features/groups/group_settings_spec.rb b/ee/spec/features/groups/group_settings_spec.rb
index 4a9d14a041f7285400cbc938c1fc736d89b22891..51c25bb70513c2d2f99d468c98414ca121485abc 100644
--- a/ee/spec/features/groups/group_settings_spec.rb
+++ b/ee/spec/features/groups/group_settings_spec.rb
@@ -616,112 +616,135 @@ def update_email_domains(new_domain)
end
end
- context 'when user cap feature is available', :js do
+ context 'when user cap feature is available', :js, :saas do
let(:user_caps_selector) { '[name="group[new_user_signups_cap]"]' }
- context 'when group is not the root group' do
- let(:subgroup) { create(:group, parent: group) }
-
+ context 'with no subscription' do
before do
- visit edit_group_path(subgroup)
+ visit edit_group_path(group)
+ end
+
+ it 'is visible' do
+ expect(page).to have_content('Seat control')
+ expect(page).to have_content('Set user cap')
end
it 'is not visible' do
- expect(page).not_to have_content('Seat control')
expect(page).not_to have_content('Restricted access')
- expect(page).not_to have_content('Set user cap')
end
end
- context 'when the group is the root group' do
+ context 'with a subscription' do
before do
- visit edit_group_path(group)
+ create(:gitlab_subscription, namespace: group, hosted_plan: create(:ultimate_plan))
+ allow(Gitlab::CurrentSettings.current_application_settings)
+ .to receive(:should_check_namespace_plan?).and_return(true)
end
- it 'is visible' do
- expect(page).to have_content('Seat control')
- expect(page).to have_content('Set user cap')
- expect(page).to have_content('Restricted access')
+ context 'when group is not the root group' do
+ let(:subgroup) { create(:group, parent: group) }
+
+ before do
+ visit edit_group_path(subgroup)
+ end
+
+ it 'is not visible' do
+ expect(page).not_to have_content('Seat control')
+ expect(page).not_to have_content('Restricted access')
+ expect(page).not_to have_content('Set user cap')
+ end
end
- it 'will save positive numbers for the user cap' do
- find_by_testid("seat-control-user-cap-radio").click
+ context 'when the group is the root group' do
+ before do
+ visit edit_group_path(group)
+ end
- find(user_caps_selector).set(5)
+ it 'is visible' do
+ expect(page).to have_content('Seat control')
+ expect(page).to have_content('Set user cap')
+ expect(page).to have_content('Restricted access')
+ end
- click_button 'Save changes'
- wait_for_requests
+ it 'will save positive numbers for the user cap' do
+ find_by_testid("seat-control-user-cap-radio").click
- expect(page).to have_content("Group 'Foo bar' was successfully updated.")
- end
+ find(user_caps_selector).set(5)
- it 'will not allow a negative number for the user cap' do
- find_by_testid("seat-control-user-cap-radio").click
+ click_button 'Save changes'
+ wait_for_requests
- find(user_caps_selector).set(-5)
+ expect(page).to have_content("Group 'Foo bar' was successfully updated.")
+ end
- click_button 'Save changes'
- expect(page).to have_content('This field is required.')
+ it 'will not allow a negative number for the user cap' do
+ find_by_testid("seat-control-user-cap-radio").click
- wait_for_requests
+ find(user_caps_selector).set(-5)
- expect(page).not_to have_content("Group 'Foo bar' was successfully updated.")
- end
+ click_button 'Save changes'
+ expect(page).to have_content('This field is required.')
- it 'requires a number' do
- find_by_testid("seat-control-user-cap-radio").click
+ wait_for_requests
- expect(find(user_caps_selector).value).to eq("")
+ expect(page).not_to have_content("Group 'Foo bar' was successfully updated.")
+ end
- click_button 'Save changes'
- expect(page).to have_content('This field is required.')
+ it 'requires a number' do
+ find_by_testid("seat-control-user-cap-radio").click
- wait_for_requests
+ expect(find(user_caps_selector).value).to eq("")
- expect(page).not_to have_content("Group 'Foo bar' was successfully updated.")
- end
+ click_button 'Save changes'
+ expect(page).to have_content('This field is required.')
- it 'hides the required error when the user selects open access' do
- find_by_testid("seat-control-user-cap-radio").click
+ wait_for_requests
- expect(find(user_caps_selector).value).to eq("")
+ expect(page).not_to have_content("Group 'Foo bar' was successfully updated.")
+ end
- click_button 'Save changes'
- expect(page).to have_content('This field is required.')
- expect(page).to have_css("#{user_caps_selector}.gl-field-error-outline")
+ it 'hides the required error when the user selects open access' do
+ find_by_testid("seat-control-user-cap-radio").click
- find_by_testid("seat-control-off-radio").click
+ expect(find(user_caps_selector).value).to eq("")
- expect(page).not_to have_content('This field is required.')
- expect(page).not_to have_css("#{user_caps_selector}.gl-field-error-outline")
- end
+ click_button 'Save changes'
+ expect(page).to have_content('This field is required.')
+ expect(page).to have_css("#{user_caps_selector}.gl-field-error-outline")
- it 'disables the user cap input field when open access is selected' do
- expect(find('#group_new_user_signups_cap')).to be_disabled
- end
+ find_by_testid("seat-control-off-radio").click
- it 'will save restricted access' do
- choose 'Restricted access'
+ expect(page).not_to have_content('This field is required.')
+ expect(page).not_to have_css("#{user_caps_selector}.gl-field-error-outline")
+ end
- click_button 'Save changes'
+ it 'disables the user cap input field when open access is selected' do
+ expect(find('#group_new_user_signups_cap')).to be_disabled
+ end
- expect(page).to have_content("Group 'Foo bar' was successfully updated.")
- expect(page).to have_checked_field 'Restricted access'
- end
+ it 'will save restricted access' do
+ choose 'Restricted access'
- context 'when the group cannot set a user cap or block seat overages' do
- before do
- create(:group_group_link, shared_group: group)
+ click_button 'Save changes'
+
+ expect(page).to have_content("Group 'Foo bar' was successfully updated.")
+ expect(page).to have_checked_field 'Restricted access'
end
- it 'will disable both options' do
- visit edit_group_path(group)
+ context 'when the group cannot set a user cap or block seat overages' do
+ before do
+ create(:group_group_link, shared_group: group)
+ end
- expect(find('#group_seat_control_block_overages')).to be_disabled
- expect(find('#group_seat_control_user_cap')).to be_disabled
- expect(find(user_caps_selector)).to be_disabled
- expect(page).to have_content 'Restricted access and user cap cannot be turned on. ' \
- 'The group or one of its subgroups or projects is shared externally.'
+ it 'will disable both options' do
+ visit edit_group_path(group)
+
+ expect(find('#group_seat_control_block_overages')).to be_disabled
+ expect(find('#group_seat_control_user_cap')).to be_disabled
+ expect(find(user_caps_selector)).to be_disabled
+ expect(page).to have_content 'Restricted access and user cap cannot be turned on. ' \
+ 'The group or one of its subgroups or projects is shared externally.'
+ end
end
end
end
diff --git a/ee/spec/models/ee/namespace_spec.rb b/ee/spec/models/ee/namespace_spec.rb
index 00fcf487a5edd83e22cef9c59968deeaf276d54a..1021cb05929ebd91401f6b9e766e6b5e81daabf2 100644
--- a/ee/spec/models/ee/namespace_spec.rb
+++ b/ee/spec/models/ee/namespace_spec.rb
@@ -2021,6 +2021,28 @@
end
end
+ describe 'seat_control_available?' do
+ let_it_be(:namespace) { create(:group) }
+
+ subject(:seat_control_available?) { namespace.seat_control_available? }
+
+ where(:user_cap, :block_overages, :expected) do
+ true | true | true
+ true | false | true
+ false | true | true
+ false | false | false
+ end
+
+ with_them do
+ before do
+ allow(namespace).to receive(:user_cap_available?).and_return(user_cap)
+ allow(namespace).to receive(:block_overages_available?).and_return(block_overages)
+ end
+
+ it { is_expected.to be expected }
+ end
+ end
+
describe '#user_cap_available?' do
let_it_be(:namespace) { create(:group) }
let_it_be(:subgroup) { create(:group, parent: namespace) }
@@ -2047,6 +2069,59 @@
end
end
+ describe '#block_overages_available?', :saas do
+ let_it_be(:namespace) { create(:group) }
+
+ let(:end_date) { 5.days.from_now }
+
+ subject(:block_overages_available?) { namespace.block_overages_available? }
+
+ before do
+ stub_saas_features(gitlab_com_subscriptions: true)
+
+ create(:gitlab_subscription, namespace: namespace, hosted_plan: create(:ultimate_plan), end_date: end_date)
+ end
+
+ context 'when not on Gitlab.com' do
+ before do
+ stub_saas_features(gitlab_com_subscriptions: false)
+ end
+
+ it { is_expected.to be false }
+ end
+
+ context 'when the namespace is not a group' do
+ let(:user) { create(:user) }
+ let(:namespace) { user.namespace }
+
+ it { is_expected.to be false }
+ end
+
+ context 'with no subscription' do
+ before do
+ allow(namespace).to receive(:gitlab_subscription).and_return(nil)
+ end
+
+ it { is_expected.to be false }
+ end
+
+ context 'without a paid plan' do
+ before do
+ allow(namespace.gitlab_subscription).to receive(:has_a_paid_hosted_plan?).and_return(false)
+ end
+
+ it { is_expected.to be false }
+ end
+
+ context 'with an expired subscription' do
+ let(:end_date) { 1.day.ago }
+
+ it { is_expected.to be false }
+ end
+
+ it { is_expected.to be true }
+ end
+
describe '#capacity_left_for_user?' do
let(:namespace) { build(:namespace) }