8 files changed, 216 insertions, 14 deletions

diff --git a/app/models/concerns/cache_markdown_field.rb b/app/models/concerns/cache_markdown_field.rb
index 95152dcd68c..48547a938fc 100644
--- a/app/models/concerns/cache_markdown_field.rb
+++ b/app/models/concerns/cache_markdown_field.rb
@@ -11,7 +11,7 @@ module CacheMarkdownField
   extend ActiveSupport::Concern
 
   # Increment this number every time the renderer changes its output
-  CACHE_VERSION = 1
+  CACHE_VERSION = 2
 
   # changes to these attributes cause the cache to be invalidates
   INVALIDATED_BY = %w[author project].freeze
diff --git a/app/models/concerns/issuable.rb b/app/models/concerns/issuable.rb
index 13fe9d09c69..935ffe343ff 100644
--- a/app/models/concerns/issuable.rb
+++ b/app/models/concerns/issuable.rb
@@ -71,9 +71,8 @@ module Issuable
     scope :of_projects, ->(ids) { where(project_id: ids) }
     scope :of_milestones, ->(ids) { where(milestone_id: ids) }
     scope :with_milestone, ->(title) { left_joins_milestones.where(milestones: { title: title }) }
-    scope :opened, -> { with_state(:opened, :reopened) }
+    scope :opened, -> { with_state(:opened) }
     scope :only_opened, -> { with_state(:opened) }
-    scope :only_reopened, -> { with_state(:reopened) }
     scope :closed, -> { with_state(:closed) }
 
     scope :left_joins_milestones,    -> { joins("LEFT OUTER JOIN milestones ON #{table_name}.milestone_id = milestones.id") }
@@ -234,7 +233,7 @@ module Issuable
   end
 
   def open?
-    opened? || reopened?
+    opened?
   end
 
   def user_notes_count
diff --git a/app/models/concerns/protected_branch_access.rb b/app/models/concerns/protected_branch_access.rb
index a40148a4394..fde1cc44afa 100644
--- a/app/models/concerns/protected_branch_access.rb
+++ b/app/models/concerns/protected_branch_access.rb
@@ -1,6 +1,12 @@
 module ProtectedBranchAccess
   extend ActiveSupport::Concern
 
+  ALLOWED_ACCESS_LEVELS ||= [
+    Gitlab::Access::MASTER,
+    Gitlab::Access::DEVELOPER,
+    Gitlab::Access::NO_ACCESS
+  ].freeze
+
   included do
     include ProtectedRefAccess
 
@@ -9,11 +15,7 @@ module ProtectedBranchAccess
     delegate :project, to: :protected_branch
 
     validates :access_level, presence: true, inclusion: {
-      in: [
-        Gitlab::Access::MASTER,
-        Gitlab::Access::DEVELOPER,
-        Gitlab::Access::NO_ACCESS
-      ]
+      in: ALLOWED_ACCESS_LEVELS
     }
 
     def self.human_access_levels
diff --git a/app/models/concerns/protected_ref.rb b/app/models/concerns/protected_ref.rb
index fc6b840f7a8..ef95d6b0f98 100644
--- a/app/models/concerns/protected_ref.rb
+++ b/app/models/concerns/protected_ref.rb
@@ -17,7 +17,13 @@ module ProtectedRef
   class_methods do
     def protected_ref_access_levels(*types)
       types.each do |type|
-        has_many :"#{type}_access_levels", dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
+        # We need to set `inverse_of` to make sure the `belongs_to`-object is set
+        # when creating children using `accepts_nested_attributes_for`.
+        #
+        # If we don't `protected_branch` or `protected_tag` would be empty and
+        # `project` cannot be delegated to it, which in turn would cause validations
+        # to fail.
+        has_many :"#{type}_access_levels", dependent: :destroy, inverse_of: self.model_name.singular # rubocop:disable Cop/ActiveRecordDependent
 
         validates :"#{type}_access_levels", length: { is: 1, message: "are restricted to a single instance per #{self.model_name.human}." }
 
@@ -25,8 +31,8 @@ module ProtectedRef
       end
     end
 
-    def protected_ref_accessible_to?(ref, user, action:)
-      access_levels_for_ref(ref, action: action).any? do |access_level|
+    def protected_ref_accessible_to?(ref, user, action:, protected_refs: nil)
+      access_levels_for_ref(ref, action: action, protected_refs: protected_refs).any? do |access_level|
         access_level.check_access(user)
       end
     end
@@ -37,8 +43,9 @@ module ProtectedRef
       end
     end
 
-    def access_levels_for_ref(ref, action:)
-      self.matching(ref).map(&:"#{action}_access_levels").flatten
+    def access_levels_for_ref(ref, action:, protected_refs: nil)
+      self.matching(ref, protected_refs: protected_refs)
+        .map(&:"#{action}_access_levels").flatten
     end
 
     def matching(ref_name, protected_refs: nil)
diff --git a/app/models/concerns/storage/legacy_namespace.rb b/app/models/concerns/storage/legacy_namespace.rb
new file mode 100644
index 00000000000..5ab5c80a2f5
--- /dev/null
+++ b/app/models/concerns/storage/legacy_namespace.rb
@@ -0,0 +1,102 @@
+module Storage
+  module LegacyNamespace
+    extend ActiveSupport::Concern
+
+    def move_dir
+      if any_project_has_container_registry_tags?
+        raise Gitlab::UpdatePathError.new('Namespace cannot be moved, because at least one project has tags in container registry')
+      end
+
+      # Move the namespace directory in all storage paths used by member projects
+      repository_storage_paths.each do |repository_storage_path|
+        # Ensure old directory exists before moving it
+        gitlab_shell.add_namespace(repository_storage_path, full_path_was)
+
+        unless gitlab_shell.mv_namespace(repository_storage_path, full_path_was, full_path)
+          Rails.logger.error "Exception moving path #{repository_storage_path} from #{full_path_was} to #{full_path}"
+
+          # if we cannot move namespace directory we should rollback
+          # db changes in order to prevent out of sync between db and fs
+          raise Gitlab::UpdatePathError.new('namespace directory cannot be moved')
+        end
+      end
+
+      Gitlab::UploadsTransfer.new.rename_namespace(full_path_was, full_path)
+      Gitlab::PagesTransfer.new.rename_namespace(full_path_was, full_path)
+
+      remove_exports!
+
+      # If repositories moved successfully we need to
+      # send update instructions to users.
+      # However we cannot allow rollback since we moved namespace dir
+      # So we basically we mute exceptions in next actions
+      begin
+        send_update_instructions
+        true
+      rescue
+        # Returning false does not rollback after_* transaction but gives
+        # us information about failing some of tasks
+        false
+      end
+    end
+
+    # Hooks
+
+    # Save the storage paths before the projects are destroyed to use them on after destroy
+    def prepare_for_destroy
+      old_repository_storage_paths
+    end
+
+    private
+
+    def old_repository_storage_paths
+      @old_repository_storage_paths ||= repository_storage_paths
+    end
+
+    def repository_storage_paths
+      # We need to get the storage paths for all the projects, even the ones that are
+      # pending delete. Unscoping also get rids of the default order, which causes
+      # problems with SELECT DISTINCT.
+      Project.unscoped do
+        all_projects.select('distinct(repository_storage)').to_a.map(&:repository_storage_path)
+      end
+    end
+
+    def rm_dir
+      # Remove the namespace directory in all storages paths used by member projects
+      old_repository_storage_paths.each do |repository_storage_path|
+        # Move namespace directory into trash.
+        # We will remove it later async
+        new_path = "#{full_path}+#{id}+deleted"
+
+        if gitlab_shell.mv_namespace(repository_storage_path, full_path, new_path)
+          Gitlab::AppLogger.info %Q(Namespace directory "#{full_path}" moved to "#{new_path}")
+
+          # Remove namespace directroy async with delay so
+          # GitLab has time to remove all projects first
+          run_after_commit do
+            GitlabShellWorker.perform_in(5.minutes, :rm_namespace, repository_storage_path, new_path)
+          end
+        end
+      end
+
+      remove_exports!
+    end
+
+    def remove_exports!
+      Gitlab::Popen.popen(%W(find #{export_path} -not -path #{export_path} -delete))
+    end
+
+    def export_path
+      File.join(Gitlab::ImportExport.storage_path, full_path_was)
+    end
+
+    def full_path_was
+      if parent
+        parent.full_path + '/' + path_was
+      else
+        path_was
+      end
+    end
+  end
+end
diff --git a/app/models/concerns/storage/legacy_project.rb b/app/models/concerns/storage/legacy_project.rb
new file mode 100644
index 00000000000..815db712285
--- /dev/null
+++ b/app/models/concerns/storage/legacy_project.rb
@@ -0,0 +1,76 @@
+module Storage
+  module LegacyProject
+    extend ActiveSupport::Concern
+
+    def disk_path
+      full_path
+    end
+
+    def ensure_storage_path_exist
+      gitlab_shell.add_namespace(repository_storage_path, namespace.full_path)
+    end
+
+    def rename_repo
+      path_was = previous_changes['path'].first
+      old_path_with_namespace = File.join(namespace.full_path, path_was)
+      new_path_with_namespace = File.join(namespace.full_path, path)
+
+      Rails.logger.error "Attempting to rename #{old_path_with_namespace} -> #{new_path_with_namespace}"
+
+      if has_container_registry_tags?
+        Rails.logger.error "Project #{old_path_with_namespace} cannot be renamed because container registry tags are present!"
+
+        # we currently doesn't support renaming repository if it contains images in container registry
+        raise StandardError.new('Project cannot be renamed, because images are present in its container registry')
+      end
+
+      expire_caches_before_rename(old_path_with_namespace)
+
+      if gitlab_shell.mv_repository(repository_storage_path, old_path_with_namespace, new_path_with_namespace)
+        # If repository moved successfully we need to send update instructions to users.
+        # However we cannot allow rollback since we moved repository
+        # So we basically we mute exceptions in next actions
+        begin
+          gitlab_shell.mv_repository(repository_storage_path, "#{old_path_with_namespace}.wiki", "#{new_path_with_namespace}.wiki")
+          send_move_instructions(old_path_with_namespace)
+          expires_full_path_cache
+
+          @old_path_with_namespace = old_path_with_namespace
+
+          SystemHooksService.new.execute_hooks_for(self, :rename)
+
+          @repository = nil
+        rescue => e
+          Rails.logger.error "Exception renaming #{old_path_with_namespace} -> #{new_path_with_namespace}: #{e}"
+          # Returning false does not rollback after_* transaction but gives
+          # us information about failing some of tasks
+          false
+        end
+      else
+        Rails.logger.error "Repository could not be renamed: #{old_path_with_namespace} -> #{new_path_with_namespace}"
+
+        # if we cannot move namespace directory we should rollback
+        # db changes in order to prevent out of sync between db and fs
+        raise StandardError.new('repository cannot be renamed')
+      end
+
+      Gitlab::AppLogger.info "Project was renamed: #{old_path_with_namespace} -> #{new_path_with_namespace}"
+
+      Gitlab::UploadsTransfer.new.rename_project(path_was, path, namespace.full_path)
+      Gitlab::PagesTransfer.new.rename_project(path_was, path, namespace.full_path)
+    end
+
+    def create_repository(force: false)
+      # Forked import is handled asynchronously
+      return if forked? && !force
+
+      if gitlab_shell.add_repository(repository_storage_path, path_with_namespace)
+        repository.after_create
+        true
+      else
+        errors.add(:base, 'Failed to create repository via gitlab-shell')
+        false
+      end
+    end
+  end
+end
diff --git a/app/models/concerns/storage/legacy_project_wiki.rb b/app/models/concerns/storage/legacy_project_wiki.rb
new file mode 100644
index 00000000000..ff82cb0ffa9
--- /dev/null
+++ b/app/models/concerns/storage/legacy_project_wiki.rb
@@ -0,0 +1,9 @@
+module Storage
+  module LegacyProjectWiki
+    extend ActiveSupport::Concern
+
+    def disk_path
+      project.disk_path + '.wiki'
+    end
+  end
+end
diff --git a/app/models/concerns/storage/legacy_repository.rb b/app/models/concerns/storage/legacy_repository.rb
new file mode 100644
index 00000000000..593749bf019
--- /dev/null
+++ b/app/models/concerns/storage/legacy_repository.rb
@@ -0,0 +1,7 @@
+module Storage
+  module LegacyRepository
+    extend ActiveSupport::Concern
+
+    delegate :disk_path, to: :project
+  end
+end