Add latest changes from gitlab-org/gitlab@master

15 files changed, 20 insertions, 31 deletions

diff --git a/app/controllers/projects/blame_controller.rb b/app/controllers/projects/blame_controller.rb
index 01ed5473b41..cfff281604e 100644
--- a/app/controllers/projects/blame_controller.rb
+++ b/app/controllers/projects/blame_controller.rb
@@ -7,7 +7,7 @@ class Projects::BlameController < Projects::ApplicationController
 
   before_action :require_non_empty_project
   before_action :assign_ref_vars
-  before_action :authorize_download_code!
+  before_action :authorize_read_code!
 
   feature_category :source_code_management
   urgency :low, [:show]
diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb
index f5188e28b81..4eda76f4f21 100644
--- a/app/controllers/projects/blob_controller.rb
+++ b/app/controllers/projects/blob_controller.rb
@@ -18,7 +18,8 @@ class Projects::BlobController < Projects::ApplicationController
   around_action :allow_gitaly_ref_name_caching, only: [:show]
 
   before_action :require_non_empty_project, except: [:new, :create]
-  before_action :authorize_download_code!
+  before_action :authorize_download_code!, except: [:show]
+  before_action :authorize_read_code!, only: [:show]
 
   # We need to assign the blob vars before `authorize_edit_tree!` so we can
   # validate access to a specific ref.
diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb
index 27969cb1a75..7b01e4db42a 100644
--- a/app/controllers/projects/branches_controller.rb
+++ b/app/controllers/projects/branches_controller.rb
@@ -6,7 +6,7 @@ class Projects::BranchesController < Projects::ApplicationController
 
   # Authorize
   before_action :require_non_empty_project, except: :create
-  before_action :authorize_download_code!
+  before_action :authorize_read_code!
   before_action :authorize_push_code!, only: [:new, :create, :destroy, :destroy_all_merged]
 
   # Support legacy URLs
diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb
index 870320a79d9..583b572d4b1 100644
--- a/app/controllers/projects/commit_controller.rb
+++ b/app/controllers/projects/commit_controller.rb
@@ -12,7 +12,7 @@ class Projects::CommitController < Projects::ApplicationController
 
   # Authorize
   before_action :require_non_empty_project
-  before_action :authorize_download_code!
+  before_action :authorize_read_code!
   before_action :authorize_read_pipeline!, only: [:pipelines]
   before_action :commit
   before_action :define_commit_vars, only: [:show, :diff_for_path, :diff_files, :pipelines, :merge_requests]
diff --git a/app/controllers/projects/commits_controller.rb b/app/controllers/projects/commits_controller.rb
index dd900173c40..c006d56ae81 100644
--- a/app/controllers/projects/commits_controller.rb
+++ b/app/controllers/projects/commits_controller.rb
@@ -12,7 +12,7 @@ class Projects::CommitsController < Projects::ApplicationController
   around_action :allow_gitaly_ref_name_caching
   before_action :require_non_empty_project
   before_action :assign_ref_vars, except: :commits_root
-  before_action :authorize_download_code!
+  before_action :authorize_read_code!
   before_action :validate_ref!, except: :commits_root
   before_action :set_commits, except: :commits_root
 
diff --git a/app/controllers/projects/compare_controller.rb b/app/controllers/projects/compare_controller.rb
index 61308f24412..266edd506d5 100644
--- a/app/controllers/projects/compare_controller.rb
+++ b/app/controllers/projects/compare_controller.rb
@@ -10,7 +10,7 @@ class Projects::CompareController < Projects::ApplicationController
 
   # Authorize
   before_action :require_non_empty_project
-  before_action :authorize_download_code!
+  before_action :authorize_read_code!
   # Defining ivars
   before_action :define_diffs, only: [:show, :diff_for_path]
   before_action :define_environment, only: [:show]
@@ -95,7 +95,7 @@ class Projects::CompareController < Projects::ApplicationController
       target_project = target_projects(source_project).find_by_id(compare_params[:from_project_id])
 
       # Just ignore the field if it points at a non-existent or hidden project
-      next source_project unless target_project && can?(current_user, :download_code, target_project)
+      next source_project unless target_project && can?(current_user, :read_code, target_project)
 
       target_project
     end
diff --git a/app/controllers/projects/find_file_controller.rb b/app/controllers/projects/find_file_controller.rb
index c6bc115e737..b5099d555ae 100644
--- a/app/controllers/projects/find_file_controller.rb
+++ b/app/controllers/projects/find_file_controller.rb
@@ -8,7 +8,7 @@ class Projects::FindFileController < Projects::ApplicationController
 
   before_action :require_non_empty_project
   before_action :assign_ref_vars
-  before_action :authorize_download_code!
+  before_action :authorize_read_code!
 
   feature_category :source_code_management
   urgency :low, [:show, :list]
diff --git a/app/controllers/projects/forks_controller.rb b/app/controllers/projects/forks_controller.rb
index 3208a5076e7..ff3dc71b6cc 100644
--- a/app/controllers/projects/forks_controller.rb
+++ b/app/controllers/projects/forks_controller.rb
@@ -9,9 +9,9 @@ class Projects::ForksController < Projects::ApplicationController
   # Authorize
   before_action :disable_query_limiting, only: [:create]
   before_action :require_non_empty_project
-  before_action :authorize_download_code!
+  before_action :authorize_read_code!
   before_action :authenticate_user!, only: [:new, :create]
-  before_action :authorize_fork_project!, only: [:new, :create]
+  before_action :authorize_fork_project!, except: [:index]
   before_action :authorize_fork_namespace!, only: [:create]
 
   feature_category :source_code_management
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index beb5584c3f4..5a1783ea53d 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -37,7 +37,7 @@ class Projects::IssuesController < Projects::ApplicationController
   before_action :authorize_create_merge_request_from!, only: [:create_merge_request]
 
   before_action :authorize_import_issues!, only: [:import_csv]
-  before_action :authorize_download_code!, only: [:related_branches]
+  before_action :authorize_read_code!, only: [:related_branches]
 
   before_action do
     push_frontend_feature_flag(:preserve_unchanged_markdown, project)
diff --git a/app/controllers/projects/network_controller.rb b/app/controllers/projects/network_controller.rb
index 84ac9fb01fd..a85875b8983 100644
--- a/app/controllers/projects/network_controller.rb
+++ b/app/controllers/projects/network_controller.rb
@@ -6,7 +6,7 @@ class Projects::NetworkController < Projects::ApplicationController
 
   before_action :require_non_empty_project
   before_action :assign_ref_vars
-  before_action :authorize_download_code!
+  before_action :authorize_read_code!
   before_action :assign_options
   before_action :assign_commit
 
diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb
index 9707b70f26f..924de0ee7ea 100644
--- a/app/controllers/projects/raw_controller.rb
+++ b/app/controllers/projects/raw_controller.rb
@@ -12,7 +12,7 @@ class Projects::RawController < Projects::ApplicationController
 
   before_action :set_ref_and_path
   before_action :require_non_empty_project
-  before_action :authorize_download_code!
+  before_action :authorize_read_code!
   before_action :check_show_rate_limit!, only: [:show], unless: :external_storage_request?
   before_action :redirect_to_external_storage, only: :show, if: :static_objects_external_storage_enabled?
 
@@ -21,7 +21,7 @@ class Projects::RawController < Projects::ApplicationController
   def show
     @blob = @repository.blob_at(@ref, @path, limit: Gitlab::Git::Blob::LFS_POINTER_MAX_SIZE)
 
-    send_blob(@repository, @blob, inline: (params[:inline] != 'false'), allow_caching: Guest.can?(:download_code, @project))
+    send_blob(@repository, @blob, inline: (params[:inline] != 'false'), allow_caching: Guest.can?(:read_code, @project))
   end
 
   private
diff --git a/app/controllers/projects/refs_controller.rb b/app/controllers/projects/refs_controller.rb
index 05fe34ceb5b..4ba856149b5 100644
--- a/app/controllers/projects/refs_controller.rb
+++ b/app/controllers/projects/refs_controller.rb
@@ -9,7 +9,7 @@ class Projects::RefsController < Projects::ApplicationController
   before_action :require_non_empty_project
   before_action :validate_ref_id
   before_action :assign_ref_vars
-  before_action :authorize_download_code!
+  before_action :authorize_read_code!
 
   feature_category :source_code_management
   urgency :low, [:switch, :logs_tree]
diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb
index 847b1baca10..3c1735c728c 100644
--- a/app/controllers/projects/tags_controller.rb
+++ b/app/controllers/projects/tags_controller.rb
@@ -7,7 +7,7 @@ class Projects::TagsController < Projects::ApplicationController
 
   # Authorize
   before_action :require_non_empty_project
-  before_action :authorize_download_code!
+  before_action :authorize_read_code!
   before_action :authorize_admin_tag!, only: [:new, :create, :destroy]
 
   feature_category :source_code_management
diff --git a/app/controllers/projects/tree_controller.rb b/app/controllers/projects/tree_controller.rb
index fea2689db14..ce1b9af648f 100644
--- a/app/controllers/projects/tree_controller.rb
+++ b/app/controllers/projects/tree_controller.rb
@@ -13,7 +13,7 @@ class Projects::TreeController < Projects::ApplicationController
   before_action :require_non_empty_project, except: [:new, :create]
   before_action :assign_ref_vars
   before_action :assign_dir_vars, only: [:create_dir]
-  before_action :authorize_download_code!
+  before_action :authorize_read_code!
   before_action :authorize_edit_tree!, only: [:create_dir]
 
   before_action do
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index a5dacbf7f2f..c705122818a 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -26,7 +26,7 @@ class ProjectsController < Projects::ApplicationController
   before_action :verify_git_import_enabled, only: [:create]
   before_action :project_export_enabled, only: [:export, :download_export, :remove_export, :generate_new_export]
   before_action :present_project, only: [:edit]
-  before_action :authorize_download_code!, only: [:refs]
+  before_action :authorize_read_code!, only: [:refs]
 
   # Authorize
   before_action :authorize_admin_project!, only: [:edit, :update, :housekeeping, :download_export, :export, :remove_export, :generate_new_export]
@@ -369,7 +369,7 @@ class ProjectsController < Projects::ApplicationController
   def render_landing_page
     Gitlab::Tracking.event('project_overview', 'render', user: current_user, project: @project.project)
 
-    if can?(current_user, :download_code, @project)
+    if can?(current_user, :read_code, @project)
       return render 'projects/no_repo' unless @project.repository_exists?
 
       render 'projects/empty' if @project.empty_repo?
@@ -520,14 +520,6 @@ class ProjectsController < Projects::ApplicationController
     false
   end
 
-  def project_view_files?
-    if current_user
-      current_user.project_view == 'files'
-    else
-      project_view_files_allowed?
-    end
-  end
-
   # Override extract_ref from ExtractsPath, which returns the branch and file path
   # for the blob/tree, which in this case is just the root of the default branch.
   # This way we avoid to access the repository.ref_names.
@@ -540,10 +532,6 @@ class ProjectsController < Projects::ApplicationController
     project.repository.root_ref
   end
 
-  def project_view_files_allowed?
-    !project.empty_repo? && can?(current_user, :download_code, project)
-  end
-
   def build_canonical_path(project)
     params[:namespace_id] = project.namespace.to_param
     params[:id] = project.to_param