From 946f00ed7f2b487273bb5dabdb5997da60f1dc92 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Sun, 18 Oct 2015 13:03:26 +0200
Subject: Update style of snippets pages

---
 app/controllers/projects/snippets_controller.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/snippets_controller.rb b/app/controllers/projects/snippets_controller.rb
index b07a2a8db2f..2104c7a7a71 100644
--- a/app/controllers/projects/snippets_controller.rb
+++ b/app/controllers/projects/snippets_controller.rb
@@ -21,6 +21,7 @@ class Projects::SnippetsController < Projects::ApplicationController
       filter: :by_project,
       project: @project
     })
+    @snippets = @snippets.page(params[:page]).per(PER_PAGE)
   end
 
   def new
-- 
cgit v1.2.3


From 3d50b99d016af91c06a40f7a8bf4c298e241220a Mon Sep 17 00:00:00 2001
From: Dirceu Pereira Tiegs <dirceutiegs@gmail.com>
Date: Mon, 19 Oct 2015 20:25:35 -0200
Subject: Add option to create merge request when editing/creating a file

---
 app/controllers/application_controller.rb   | 30 +++++++++++++++++++++++++++++
 app/controllers/projects/blob_controller.rb | 18 +++++++++++++++--
 2 files changed, 46 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index f0124c6bd60..258e37e98c0 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -22,6 +22,7 @@ class ApplicationController < ActionController::Base
 
   helper_method :abilities, :can?, :current_application_settings
   helper_method :import_sources_enabled?, :github_import_enabled?, :github_import_configured?, :gitlab_import_enabled?, :gitlab_import_configured?, :bitbucket_import_enabled?, :bitbucket_import_configured?, :gitorious_import_enabled?, :google_code_import_enabled?, :fogbugz_import_enabled?, :git_import_enabled?
+  helper_method :new_mr_from_push_event, :new_mr_path_for_fork_from_push_event, :new_mr_path_from_push_event
 
   rescue_from Encoding::CompatibilityError do |exception|
     log_exception(exception)
@@ -343,4 +344,33 @@ class ApplicationController < ActionController::Base
   def git_import_enabled?
     current_application_settings.import_sources.include?('git')
   end
+
+  # new merge requests routing helpers
+  def new_mr_path_from_push_event(event, target_branch=nil)
+    target_project = event.project.forked_from_project || event.project
+    new_namespace_project_merge_request_path(
+      event.project.namespace,
+      event.project,
+      new_mr_from_push_event(event, target_project, target_branch)
+    )
+  end
+
+  def new_mr_path_for_fork_from_push_event(event, target_branch=nil)
+    new_namespace_project_merge_request_path(
+      event.project.namespace,
+      event.project,
+      new_mr_from_push_event(event, event.project.forked_from_project, target_branch)
+    )
+  end
+
+  def new_mr_from_push_event(event, target_project, target_branch)
+    {
+      merge_request: {
+        source_project_id: event.project.id,
+        target_project_id: target_project.id,
+        source_branch: event.branch_name,
+        target_branch: target_branch || target_project.repository.root_ref
+      }
+    }
+  end
 end
diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb
index 8cc2f21d887..f49c094b591 100644
--- a/app/controllers/projects/blob_controller.rb
+++ b/app/controllers/projects/blob_controller.rb
@@ -27,7 +27,14 @@ class Projects::BlobController < Projects::ApplicationController
     if result[:status] == :success
       flash[:notice] = "The changes have been successfully committed"
       respond_to do |format|
-        format.html { redirect_to namespace_project_blob_path(@project.namespace, @project, File.join(@target_branch, @file_path)) }
+        format.html do
+          url = if params[:create_merge_request]
+            new_mr_path_from_push_event(current_user.recent_push(@project.id), @ref)
+          else
+            namespace_project_blob_path(@project.namespace, @project, File.join(@target_branch, @file_path))
+          end
+          redirect_to url
+        end
         format.json { render json: { message: "success", filePath: namespace_project_blob_path(@project.namespace, @project, File.join(@target_branch, @file_path)) } }
       end
     else
@@ -52,7 +59,14 @@ class Projects::BlobController < Projects::ApplicationController
     if result[:status] == :success
       flash[:notice] = "Your changes have been successfully committed"
       respond_to do |format|
-        format.html { redirect_to after_edit_path }
+        format.html do
+          url = if params[:create_merge_request]
+            new_mr_path_from_push_event(current_user.recent_push(@project.id), @ref)
+          else
+            after_edit_path
+          end
+          redirect_to url
+        end
         format.json { render json: { message: "success", filePath: after_edit_path } }
       end
     else
-- 
cgit v1.2.3


From 2f7fc7e9f7e7a43914abe81a510bd0dffa113979 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Tue, 20 Oct 2015 16:16:08 +0200
Subject: Prefer project with exact path to differently cased one when both
 exist.

---
 app/controllers/application_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index f0124c6bd60..38e6b44eb6f 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -118,8 +118,8 @@ class ApplicationController < ActionController::Base
       end
 
       project_path = "#{namespace}/#{id}"
-      @project = Project.find_with_namespace(project_path)
-
+      @project = Project.find_with_namespace(project_path) ||
+        Project.find_with_namespace(project_path, case_sensitive: false)
 
       if @project and can?(current_user, :read_project, @project)
         if @project.path_with_namespace != project_path
-- 
cgit v1.2.3


From e17e5a5ce462022761d3cdc29d677f968ca9738a Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Wed, 21 Oct 2015 10:09:32 +0200
Subject: Move case sensitivity check to find_with_namespace.

---
 app/controllers/application_controller.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 38e6b44eb6f..1a47a3c0ee3 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -118,8 +118,7 @@ class ApplicationController < ActionController::Base
       end
 
       project_path = "#{namespace}/#{id}"
-      @project = Project.find_with_namespace(project_path) ||
-        Project.find_with_namespace(project_path, case_sensitive: false)
+      @project = Project.find_with_namespace(project_path)
 
       if @project and can?(current_user, :read_project, @project)
         if @project.path_with_namespace != project_path
-- 
cgit v1.2.3


From 40934ae39bc9aea6ffb176f96bba72fa688de837 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Thu, 22 Oct 2015 11:13:19 +0200
Subject: Fix 500 when editing CI services

---
 app/controllers/projects/ci_services_controller.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/ci_services_controller.rb b/app/controllers/projects/ci_services_controller.rb
index 406f313ae79..550a019e8e2 100644
--- a/app/controllers/projects/ci_services_controller.rb
+++ b/app/controllers/projects/ci_services_controller.rb
@@ -14,17 +14,17 @@ class Projects::CiServicesController < Projects::ApplicationController
   end
 
   def update
-    if @service.update_attributes(service_params)
-      redirect_to edit_namespace_project_ci_service_path(@project, @project.namespace, @service.to_param)
+    if service.update_attributes(service_params)
+      redirect_to edit_namespace_project_ci_service_path(@project.namespace, @project, service.to_param)
     else
       render 'edit'
     end
   end
 
   def test
-    last_build = @project.builds.last
+    last_build = @project.ci_builds.last
 
-    if @service.execute(last_build)
+    if service.execute(last_build)
       message = { notice: 'We successfully tested the service' }
     else
       message = { alert: 'We tried to test the service but error occurred' }
-- 
cgit v1.2.3


From 95df86638d364a87469550cce852871634ace262 Mon Sep 17 00:00:00 2001
From: Valery Sizov <valery@gitlab.com>
Date: Thu, 22 Oct 2015 18:38:00 +0200
Subject: Fix: Inability to reply to code comments in the MR view, if the MR
 comes from a fork

---
 app/controllers/projects/commits_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/commits_controller.rb b/app/controllers/projects/commits_controller.rb
index d1c15174aea..58fb946dbc2 100644
--- a/app/controllers/projects/commits_controller.rb
+++ b/app/controllers/projects/commits_controller.rb
@@ -12,7 +12,7 @@ class Projects::CommitsController < Projects::ApplicationController
     @limit, @offset = (params[:limit] || 40), (params[:offset] || 0)
 
     @commits = @repo.commits(@ref, @path, @limit, @offset)
-    @note_counts = Note.where(commit_id: @commits.map(&:id)).
+    @note_counts = project.notes.where(commit_id: @commits.map(&:id)).
       group(:commit_id).count
 
     respond_to do |format|
-- 
cgit v1.2.3


From 127836dd541ce0ecd4976d002d97b3e9e57f4947 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Fri, 23 Oct 2015 11:40:57 +0200
Subject: Fix small CI UI regressions

---
 app/controllers/projects/builds_controller.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/builds_controller.rb b/app/controllers/projects/builds_controller.rb
index 816012762ce..ad0adc17866 100644
--- a/app/controllers/projects/builds_controller.rb
+++ b/app/controllers/projects/builds_controller.rb
@@ -9,16 +9,17 @@ class Projects::BuildsController < Projects::ApplicationController
   def index
     @scope = params[:scope]
     @all_builds = project.ci_builds
+    @builds = @all_builds.order('created_at DESC')
     @builds =
       case @scope
       when 'all'
-        @all_builds
+        @builds
       when 'finished'
-        @all_builds.finished
+        @builds.finished
       else
-        @all_builds.running_or_pending
+        @builds.running_or_pending.reverse_order
       end
-    @builds = @builds.order('created_at DESC').page(params[:page]).per(30)
+    @builds = @builds.page(params[:page]).per(30)
   end
 
   def cancel_all
-- 
cgit v1.2.3


From 3adfee1c8724d56e051da21e18d83435e8b6ba31 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Fri, 23 Oct 2015 11:41:22 +0200
Subject: Allow developer to manage builds

---
 app/controllers/ci/application_controller.rb  |  8 --------
 app/controllers/projects/builds_controller.rb |  8 +++++++-
 app/controllers/projects/commit_controller.rb | 11 ++++++++++-
 3 files changed, 17 insertions(+), 10 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/ci/application_controller.rb b/app/controllers/ci/application_controller.rb
index 9be470660e6..848f2b4e314 100644
--- a/app/controllers/ci/application_controller.rb
+++ b/app/controllers/ci/application_controller.rb
@@ -8,14 +8,6 @@ module Ci
 
     private
 
-    def authenticate_public_page!
-      unless project.public
-        authenticate_user!
-
-        return access_denied! unless can?(current_user, :read_project, gl_project)
-      end
-    end
-
     def authenticate_token!
       unless project.valid_token?(params[:token])
         return head(403)
diff --git a/app/controllers/projects/builds_controller.rb b/app/controllers/projects/builds_controller.rb
index ad0adc17866..7d72e0b951b 100644
--- a/app/controllers/projects/builds_controller.rb
+++ b/app/controllers/projects/builds_controller.rb
@@ -2,7 +2,7 @@ class Projects::BuildsController < Projects::ApplicationController
   before_action :ci_project
   before_action :build, except: [:index, :cancel_all]
 
-  before_action :authorize_admin_project!, except: [:index, :show, :status]
+  before_action :authorize_manage_builds!, except: [:index, :show, :status]
 
   layout "project"
 
@@ -74,4 +74,10 @@ class Projects::BuildsController < Projects::ApplicationController
   def build_path(build)
     namespace_project_build_path(build.gl_project.namespace, build.gl_project, build)
   end
+
+  def authorize_manage_builds!
+    unless can?(current_user, :manage_builds, project)
+      return page_404
+    end
+  end
 end
diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb
index 7886f3c6deb..878c3a66e7d 100644
--- a/app/controllers/projects/commit_controller.rb
+++ b/app/controllers/projects/commit_controller.rb
@@ -4,7 +4,8 @@
 class Projects::CommitController < Projects::ApplicationController
   # Authorize
   before_action :require_non_empty_project
-  before_action :authorize_download_code!
+  before_action :authorize_download_code!, except: [:cancel_builds]
+  before_action :authorize_manage_builds!, only: [:cancel_builds]
   before_action :commit
 
   def show
@@ -55,4 +56,12 @@ class Projects::CommitController < Projects::ApplicationController
   def commit
     @commit ||= @project.commit(params[:id])
   end
+
+  private
+
+  def authorize_manage_builds!
+    unless can?(current_user, :manage_builds, project)
+      return page_404
+    end
+  end
 end
-- 
cgit v1.2.3


From 2afb2d3c6788d14039c64dcc2b1ee290c48a0de4 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Fri, 23 Oct 2015 12:41:17 +0200
Subject: Fix broken Runners admin page

---
 app/controllers/ci/admin/runners_controller.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/controllers')

diff --git a/app/controllers/ci/admin/runners_controller.rb b/app/controllers/ci/admin/runners_controller.rb
index 110954a612d..0cafad27418 100644
--- a/app/controllers/ci/admin/runners_controller.rb
+++ b/app/controllers/ci/admin/runners_controller.rb
@@ -17,6 +17,7 @@ module Ci
         @projects = @projects.where(gitlab_id: @gl_projects.select(:id))
       end
       @projects = @projects.where("ci_projects.id NOT IN (?)", @runner.projects.pluck(:id)) if @runner.projects.any?
+      @projects = @projects.joins(:gl_project)
       @projects = @projects.page(params[:page]).per(30)
     end
 
-- 
cgit v1.2.3


From c3d48f97355371d6c8760e05637f666f23c2a76a Mon Sep 17 00:00:00 2001
From: kazubu <kazubu@jtime.net>
Date: Mon, 26 Oct 2015 00:02:32 +0900
Subject: Fix: 500 error returned if destroy request without HTTP referer

---
 app/controllers/projects_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 82119022cf9..743c429b72e 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -124,7 +124,7 @@ class ProjectsController < ApplicationController
     ::Projects::DestroyService.new(@project, current_user, {}).execute
     flash[:alert] = "Project '#{@project.name}' was deleted."
 
-    if request.referer.include?('/admin')
+    if request.referer.present? && request.referer.include?('/admin')
       redirect_to admin_namespaces_projects_path
     else
       redirect_to dashboard_projects_path
-- 
cgit v1.2.3


From 0bfb9cbf38c72f801255b910430fdbff6536b73d Mon Sep 17 00:00:00 2001
From: kazubu <kazubu@jtime.net>
Date: Mon, 26 Oct 2015 14:58:09 +0900
Subject: modify to use redirect_back_or_default function

---
 app/controllers/projects_controller.rb | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 743c429b72e..05c7d3de8bc 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -124,11 +124,7 @@ class ProjectsController < ApplicationController
     ::Projects::DestroyService.new(@project, current_user, {}).execute
     flash[:alert] = "Project '#{@project.name}' was deleted."
 
-    if request.referer.present? && request.referer.include?('/admin')
-      redirect_to admin_namespaces_projects_path
-    else
-      redirect_to dashboard_projects_path
-    end
+    redirect_back_or_default(default: dashboard_projects_path, options: {})
   rescue Projects::DestroyService::DestroyError => ex
     redirect_to edit_project_path(@project), alert: ex.message
   end
-- 
cgit v1.2.3


From 6db014987d3c9cd4595adad70bb8a11ccacf9545 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Fri, 23 Oct 2015 18:15:13 +0200
Subject: Fix specific runner visibility

---
 app/controllers/projects/runners_controller.rb | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/runners_controller.rb b/app/controllers/projects/runners_controller.rb
index deb07a21416..bfbcf2567f3 100644
--- a/app/controllers/projects/runners_controller.rb
+++ b/app/controllers/projects/runners_controller.rb
@@ -6,11 +6,10 @@ class Projects::RunnersController < Projects::ApplicationController
   layout 'project_settings'
 
   def index
-    @runners = @ci_project.runners.order('id DESC')
-    @specific_runners =
-      Ci::Runner.specific.includes(:runner_projects).
-      where(Ci::RunnerProject.table_name => { project_id: current_user.authorized_projects } ).
-      where.not(id: @runners).order("#{Ci::Runner.table_name}.id DESC").page(params[:page]).per(20)
+    @runners = @ci_project.runners.ordered
+    @specific_runners = current_user.ci_authorized_runners.
+      where.not(id: @ci_project.runners).
+      ordered.page(params[:page]).per(20)
     @shared_runners = Ci::Runner.shared.active
     @shared_runners_count = @shared_runners.count(:all)
   end
-- 
cgit v1.2.3


From c9af886df9b83e7f3f9b131f19184546fbeac9de Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Wed, 28 Oct 2015 12:33:54 +0100
Subject: Remove deprecated CI events from project settings page

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/ci/events_controller.rb          | 21 ---------------------
 app/controllers/ci/runner_projects_controller.rb |  2 --
 2 files changed, 23 deletions(-)
 delete mode 100644 app/controllers/ci/events_controller.rb

(limited to 'app/controllers')

diff --git a/app/controllers/ci/events_controller.rb b/app/controllers/ci/events_controller.rb
deleted file mode 100644
index 89b784a1e89..00000000000
--- a/app/controllers/ci/events_controller.rb
+++ /dev/null
@@ -1,21 +0,0 @@
-module Ci
-  class EventsController < Ci::ApplicationController
-    EVENTS_PER_PAGE = 50
-
-    before_action :authenticate_user!
-    before_action :project
-    before_action :authorize_manage_project!
-
-    layout 'ci/project'
-
-    def index
-      @events = project.events.order("created_at DESC").page(params[:page]).per(EVENTS_PER_PAGE)
-    end
-
-    private
-
-    def project
-      @project ||= Ci::Project.find(params[:project_id])
-    end
-  end
-end
diff --git a/app/controllers/ci/runner_projects_controller.rb b/app/controllers/ci/runner_projects_controller.rb
index 97f01d40af5..9d555313369 100644
--- a/app/controllers/ci/runner_projects_controller.rb
+++ b/app/controllers/ci/runner_projects_controller.rb
@@ -4,8 +4,6 @@ module Ci
     before_action :project
     before_action :authorize_manage_project!
 
-    layout 'ci/project'
-
     def create
       @runner = Ci::Runner.find(params[:runner_project][:runner_id])
 
-- 
cgit v1.2.3


From 5a5069969ce8e9184e36abbb7623bf474d5869e9 Mon Sep 17 00:00:00 2001
From: Jonathan Schoeffling <jonathan.schoeffling@lmco.com>
Date: Sun, 14 Jun 2015 18:04:20 -0400
Subject: Add support for searching commit log messages

Include the log messages of recent commits in project-level search
results, providing functionality similar to 'git log --grep'.

Update repository model rspec tests to validate the output of
Repository#commits_with_log_matching.
---
 app/controllers/search_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index eb0408a95e5..9bb42ec86b3 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -23,8 +23,8 @@ class SearchController < ApplicationController
 
     @search_results =
       if @project
-        unless %w(blobs notes issues merge_requests milestones wiki_blobs).
-          include?(@scope)
+        unless %w(blobs notes issues merge_requests milestones wiki_blobs
+                  commits).include?(@scope)
           @scope = 'blobs'
         end
 
-- 
cgit v1.2.3


From 3bb626f91cb50bd2eff58681e22db942b7d6a087 Mon Sep 17 00:00:00 2001
From: James Newton <hello@jamesnewton.com>
Date: Wed, 28 Oct 2015 16:39:23 +0100
Subject: refactor login as to be impersonation with better login/logout

Modifies the existing "login as" feature to be called impersonation, as
well as keeping track of who is impersonating to revert back to that
user without having to log out.
---
 app/controllers/admin/application_controller.rb   |  6 +++++
 app/controllers/admin/impersonation_controller.rb | 32 +++++++++++++++++++++++
 app/controllers/admin/users_controller.rb         |  6 -----
 3 files changed, 38 insertions(+), 6 deletions(-)
 create mode 100644 app/controllers/admin/impersonation_controller.rb

(limited to 'app/controllers')

diff --git a/app/controllers/admin/application_controller.rb b/app/controllers/admin/application_controller.rb
index 56e24386463..9083bfb41cf 100644
--- a/app/controllers/admin/application_controller.rb
+++ b/app/controllers/admin/application_controller.rb
@@ -8,4 +8,10 @@ class Admin::ApplicationController < ApplicationController
   def authenticate_admin!
     return render_404 unless current_user.is_admin?
   end
+
+  def authorize_impersonator!
+    if session[:impersonator_id]
+      User.find_by!(username: session[:impersonator_id]).admin?
+    end
+  end
 end
diff --git a/app/controllers/admin/impersonation_controller.rb b/app/controllers/admin/impersonation_controller.rb
new file mode 100644
index 00000000000..0382402afa6
--- /dev/null
+++ b/app/controllers/admin/impersonation_controller.rb
@@ -0,0 +1,32 @@
+class Admin::ImpersonationController < Admin::ApplicationController
+  skip_before_action :authenticate_admin!, only: :destroy
+
+  before_action :user
+  before_action :authorize_impersonator!
+
+  def create
+    session[:impersonator_id] = current_user.username
+    session[:impersonator_return_to] = request.env['HTTP_REFERER']
+
+    warden.set_user(user, scope: 'user')
+
+    flash[:alert] = "You are impersonating #{user.username}."
+
+    redirect_to root_path
+  end
+
+  def destroy
+    redirect = session[:impersonator_return_to]
+
+    warden.set_user(user, scope: 'user')
+
+    session[:impersonator_return_to] = nil
+    session[:impersonator_id] = nil
+
+    redirect_to redirect || root_path
+  end
+
+  def user
+    @user ||= User.find_by!(username: params[:id] || session[:impersonator_id])
+  end
+end
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index c63d0793e31..d7c927d444c 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -63,12 +63,6 @@ class Admin::UsersController < Admin::ApplicationController
     end
   end
 
-  def login_as
-    sign_in(user)
-    flash[:alert] = "Logged in as #{user.username}"
-    redirect_to root_path
-  end
-
   def disable_two_factor
     user.disable_two_factor!
     redirect_to admin_user_path(user),
-- 
cgit v1.2.3


From 3be9d2c422b8651498abec3a2ee9bb6a3685f040 Mon Sep 17 00:00:00 2001
From: Ben Ford <ben.ford@puppetlabs.com>
Date: Mon, 19 Oct 2015 14:52:46 -0700
Subject: Add ability to create directories in the editor

Simply type a name with a `/` directory separator and new directories
will be created. This does not do the fancy UI work that github.com
does, but it will get the job done.

I could not find tests for file creation, so I didn't add a test for
this slight behaviour modification. I did test directory traversals
though, using both absolute paths like `/tmp/foo.txt` and relative paths
like `../../foo.txt`. Neither case escaped the repository, though
attempting to traverse with a relative path resulted in a 500 error that
did not affect application stability upon reload.
---
 app/controllers/projects/blob_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb
index 8cc2f21d887..93738aa1ee5 100644
--- a/app/controllers/projects/blob_controller.rb
+++ b/app/controllers/projects/blob_controller.rb
@@ -161,7 +161,7 @@ class Projects::BlobController < Projects::ApplicationController
         if params[:file].present?
           params[:file_name] = params[:file].original_filename
         end
-        File.join(@path, File.basename(params[:file_name]))
+        File.join(@path, params[:file_name])
       else
         @path
       end
-- 
cgit v1.2.3


From c8fe42151291593f0f43509a70235c46fce169a1 Mon Sep 17 00:00:00 2001
From: Douglas Barbosa Alexandre <dbalexandre@gmail.com>
Date: Thu, 29 Oct 2015 18:42:29 -0200
Subject: Improve personal snippet access workflow. Fixes #3258

---
 app/controllers/snippets_controller.rb | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb
index 9f9f9a92f11..8498efc89d0 100644
--- a/app/controllers/snippets_controller.rb
+++ b/app/controllers/snippets_controller.rb
@@ -1,6 +1,9 @@
 class SnippetsController < ApplicationController
   before_action :snippet, only: [:show, :edit, :destroy, :update, :raw]
 
+  # Allow read snippet
+  before_action :authorize_show_snippet!, only: [:show]
+
   # Allow modify snippet
   before_action :authorize_update_snippet!, only: [:edit, :update]
 
@@ -79,10 +82,14 @@ class SnippetsController < ApplicationController
                      [Snippet::PUBLIC, Snippet::INTERNAL]).
                      find(params[:id])
                  else
-                   PersonalSnippet.are_public.find(params[:id])
+                   PersonalSnippet.find(params[:id])
                  end
   end
 
+  def authorize_show_snippet!
+    authenticate_user! unless can?(current_user, :read_personal_snippet, @snippet)
+  end
+
   def authorize_update_snippet!
     return render_404 unless can?(current_user, :update_personal_snippet, @snippet)
   end
-- 
cgit v1.2.3


From 31723eb9f0f9490d873a6ecddc897fef3ea1885c Mon Sep 17 00:00:00 2001
From: KON YUICHI <konpyu@gmail.com>
Date: Sat, 31 Oct 2015 22:32:06 +0900
Subject: fix deprecated

---
 app/controllers/projects_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 05c7d3de8bc..00d13a83ce8 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -1,7 +1,7 @@
 class ProjectsController < ApplicationController
   include ExtractsPath
 
-  prepend_before_filter :render_go_import, only: [:show]
+  prepend_before_action :render_go_import, only: [:show]
   skip_before_action :authenticate_user!, only: [:show, :activity]
   before_action :project, except: [:new, :create]
   before_action :repository, except: [:new, :create]
-- 
cgit v1.2.3


From c843722de2d778b6ec8fef0656797fd5a8074666 Mon Sep 17 00:00:00 2001
From: Jeff Stubler <brunsa2@gmail.com>
Date: Mon, 20 Jul 2015 20:34:19 -0500
Subject: Add graphs showing commits ahead and behind default to branches page

---
 app/controllers/projects/branches_controller.rb | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb
index 3ac0a75fa70..c3cd7642dd2 100644
--- a/app/controllers/projects/branches_controller.rb
+++ b/app/controllers/projects/branches_controller.rb
@@ -9,6 +9,12 @@ class Projects::BranchesController < Projects::ApplicationController
     @sort = params[:sort] || 'name'
     @branches = @repository.branches_sorted_by(@sort)
     @branches = Kaminari.paginate_array(@branches).page(params[:page]).per(PER_PAGE)
+    
+    @max_commits = @branches.reduce(0) do
+      |memo, branch|
+      diverging_commit_counts = repository.diverging_commit_counts(branch)
+      [memo, diverging_commit_counts[:behind], diverging_commit_counts[:ahead]].max
+    end
   end
 
   def recent
-- 
cgit v1.2.3


From 2dec5ec99042cd8da6c127d4bcfa7f5f84ef94eb Mon Sep 17 00:00:00 2001
From: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
Date: Wed, 28 Oct 2015 17:39:22 +0100
Subject: Only redirect to homepage url when its not the root url

It was possible to create an infi redirect when the user set up the
`home_page_url` to redirect to the main URL of the gitlab instance.

This fix makes sure this redirect is not possible.

Fixes !1020

Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
---
 app/controllers/application_controller.rb | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 1b0609e279e..0d182e8eb04 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -59,13 +59,8 @@ class ApplicationController < ActionController::Base
   end
 
   def authenticate_user!(*args)
-    # If user is not signed-in and tries to access root_path - redirect him to landing page
-    # Don't redirect to the default URL to prevent endless redirections
-    if current_application_settings.home_page_url.present? &&
-        current_application_settings.home_page_url.chomp('/') != Gitlab.config.gitlab['url'].chomp('/')
-      if current_user.nil? && root_path == request.path
-        redirect_to current_application_settings.home_page_url and return
-      end
+    if redirect_to_home_page_url?
+      redirect_to current_application_settings.home_page_url and return
     end
 
     super(*args)
@@ -346,4 +341,17 @@ class ApplicationController < ActionController::Base
   def git_import_enabled?
     current_application_settings.import_sources.include?('git')
   end
+
+  def redirect_to_home_page_url?
+    # If user is not signed-in and tries to access root_path - redirect him to landing page
+    # Don't redirect to the default URL to prevent endless redirections
+    return false unless current_application_settings.home_page_url.present?
+
+    home_page_url = current_application_settings.home_page_url.chomp('/')
+    root_urls = [Gitlab.config.gitlab['url'].chomp('/'), root_url.chomp('/')]
+
+    return false if root_urls.include?(home_page_url)
+
+    current_user.nil? && root_path == request.path
+  end
 end
-- 
cgit v1.2.3


From 93672c502010787be9102b25a4f93722526968b9 Mon Sep 17 00:00:00 2001
From: Douglas Barbosa Alexandre <dbalexandre@gmail.com>
Date: Mon, 2 Nov 2015 14:03:42 -0200
Subject: Use `read` rather than `show` like the ability name

---
 app/controllers/snippets_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb
index 8498efc89d0..08f2483af33 100644
--- a/app/controllers/snippets_controller.rb
+++ b/app/controllers/snippets_controller.rb
@@ -2,7 +2,7 @@ class SnippetsController < ApplicationController
   before_action :snippet, only: [:show, :edit, :destroy, :update, :raw]
 
   # Allow read snippet
-  before_action :authorize_show_snippet!, only: [:show]
+  before_action :authorize_read_snippet!, only: [:show]
 
   # Allow modify snippet
   before_action :authorize_update_snippet!, only: [:edit, :update]
@@ -86,7 +86,7 @@ class SnippetsController < ApplicationController
                  end
   end
 
-  def authorize_show_snippet!
+  def authorize_read_snippet!
     authenticate_user! unless can?(current_user, :read_personal_snippet, @snippet)
   end
 
-- 
cgit v1.2.3


From 77f8a1e392b64f51326df8aebdc77e97af07bfed Mon Sep 17 00:00:00 2001
From: Zeger-Jan van de Weg <mail@zjvandeweg.nl>
Date: Mon, 2 Nov 2015 17:27:38 +0100
Subject: Merge when build succeeds

---
 .../projects/merge_requests_controller.rb          | 35 ++++++++++++++++++----
 1 file changed, 29 insertions(+), 6 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 16c42386623..2f9b8a25edf 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -2,7 +2,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
   before_action :module_enabled
   before_action :merge_request, only: [
     :edit, :update, :show, :diffs, :commits, :merge, :merge_check,
-    :ci_status, :toggle_subscription
+    :ci_status, :toggle_subscription, :cancel_merge_when_build_succeeds
   ]
   before_action :closes_issues, only: [:edit, :update, :show, :diffs, :commits]
   before_action :validates_merge_request, only: [:show, :diffs, :commits]
@@ -149,15 +149,34 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     render partial: "projects/merge_requests/widget/show.html.haml", layout: false
   end
 
+  def cancel_merge_when_build_succeeds
+    return access_denied! unless @merge_request.can_be_merged_by?(current_user)
+
+    if @merge_request.merge_when_build_succeeds?
+      @merge_request.reset_merge_when_build_succeeds
+      SystemNoteService.cancel_merge_when_build_succeeds(merge_request, @project, @current_user)
+    end
+  end
+
   def merge
     return access_denied! unless @merge_request.can_be_merged_by?(current_user)
 
-    if @merge_request.mergeable?
-      @merge_request.update(merge_error: nil)
-      MergeWorker.perform_async(@merge_request.id, current_user.id, params)
-      @status = true
+    unless @merge_request.mergeable?
+      @status = :failed
+      return
+    end
+
+    @merge_request.update(merge_error: nil)
+
+    if params[:merge_when_build_succeeds] && @merge_request.ci_commit.active?
+      MergeRequests::MergeWhenBuildSucceedsService.new(@project,
+                                                      current_user,
+                                                      merge_params: merge_params)
+                                                      .execute(@merge_request)
+      @status = :merge_when_build_succeeds
     else
-      @status = false
+      MergeWorker.perform_async(@merge_request.id, current_user.id, params)
+      @status = :success
     end
   end
 
@@ -282,6 +301,10 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     )
   end
 
+  def merge_params
+    params.permit(:should_remove_source_branch, :commit_message)
+  end
+
   # Make sure merge requests created before 8.0
   # have head file in refs/merge-requests/
   def ensure_ref_fetched
-- 
cgit v1.2.3


From 63b234706d46f75c0c0f93bdfdc576e328981eb5 Mon Sep 17 00:00:00 2001
From: Zeger-Jan van de Weg <mail@zjvandeweg.nl>
Date: Mon, 2 Nov 2015 20:02:51 +0100
Subject: MRs author can cancel automatic merge

---
 app/controllers/projects/merge_requests_controller.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 2f9b8a25edf..d58dab2d666 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -150,7 +150,9 @@ class Projects::MergeRequestsController < Projects::ApplicationController
   end
 
   def cancel_merge_when_build_succeeds
-    return access_denied! unless @merge_request.can_be_merged_by?(current_user)
+    unless @merge_request.can_be_merged_by?(current_user) || @merge_request.author == current_user
+      return access_denied!
+    end
 
     if @merge_request.merge_when_build_succeeds?
       @merge_request.reset_merge_when_build_succeeds
-- 
cgit v1.2.3


From 33b8f002636ad6171637108b53732c74d90b14ad Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Thu, 5 Nov 2015 10:51:12 +0100
Subject: Add edit/update tag actions for future release notes

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/projects/tags_controller.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb
index f565fbbbbc3..a30c284c41f 100644
--- a/app/controllers/projects/tags_controller.rb
+++ b/app/controllers/projects/tags_controller.rb
@@ -10,6 +10,14 @@ class Projects::TagsController < Projects::ApplicationController
     @tags = Kaminari.paginate_array(sorted).page(params[:page]).per(PER_PAGE)
   end
 
+  def edit
+    # TODO: implement
+  end
+
+  def update
+    # TODO: implement
+  end
+
   def create
     result = CreateTagService.new(@project, current_user).
       execute(params[:tag_name], params[:ref], params[:message])
-- 
cgit v1.2.3


From ba67af79a9ec0d37d08e51af034dd6c21170713c Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Thu, 5 Nov 2015 11:16:41 +0100
Subject: More release related logic to separate resource

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/projects/releases_controller.rb | 32 +++++++++++++++++++++++++
 app/controllers/projects/tags_controller.rb     |  8 -------
 2 files changed, 32 insertions(+), 8 deletions(-)
 create mode 100644 app/controllers/projects/releases_controller.rb

(limited to 'app/controllers')

diff --git a/app/controllers/projects/releases_controller.rb b/app/controllers/projects/releases_controller.rb
new file mode 100644
index 00000000000..877cc0f3674
--- /dev/null
+++ b/app/controllers/projects/releases_controller.rb
@@ -0,0 +1,32 @@
+class Projects::ReleasesController < Projects::ApplicationController
+  # Authorize
+  before_action :require_non_empty_project
+  before_action :authorize_download_code!
+  before_action :authorize_push_code!
+  before_action :tag
+  before_action :release
+
+  def show
+  end
+
+  def edit
+  end
+
+  def update
+    description = params[:release][:description]
+    release.update_attributes(description: description)
+    release.save
+
+    redirect_to namespace_project_tag_release_path(@project.namespace, @project, @tag.name)
+  end
+
+  private
+
+  def tag
+    @tag ||= @repository.find_tag(params[:tag_id])
+  end
+
+  def release
+    @release ||= @project.releases.find_or_initialize_by(tag: @tag.name)
+  end
+end
diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb
index a30c284c41f..f565fbbbbc3 100644
--- a/app/controllers/projects/tags_controller.rb
+++ b/app/controllers/projects/tags_controller.rb
@@ -10,14 +10,6 @@ class Projects::TagsController < Projects::ApplicationController
     @tags = Kaminari.paginate_array(sorted).page(params[:page]).per(PER_PAGE)
   end
 
-  def edit
-    # TODO: implement
-  end
-
-  def update
-    # TODO: implement
-  end
-
   def create
     result = CreateTagService.new(@project, current_user).
       execute(params[:tag_name], params[:ref], params[:message])
-- 
cgit v1.2.3


From a4d75e3aec2e721231bc1e01a2e5e87aefe15113 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Thu, 5 Nov 2015 12:15:25 +0100
Subject: Add ability to edit and show release notes

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/projects/releases_controller.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/releases_controller.rb b/app/controllers/projects/releases_controller.rb
index 877cc0f3674..7d1a011cc0a 100644
--- a/app/controllers/projects/releases_controller.rb
+++ b/app/controllers/projects/releases_controller.rb
@@ -7,6 +7,7 @@ class Projects::ReleasesController < Projects::ApplicationController
   before_action :release
 
   def show
+    @commit = @repository.commit(@tag.target)
   end
 
   def edit
-- 
cgit v1.2.3


From 6051c28fc03b4d9928ee2f2855f210845f9c0579 Mon Sep 17 00:00:00 2001
From: Valery Sizov <valery@gitlab.com>
Date: Thu, 5 Nov 2015 12:38:00 +0200
Subject:  Allow groups to appear in the search results if the group owner
 allows it

---
 app/controllers/groups_controller.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb
index 40fb15a5b36..fb4eb094f27 100644
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -4,12 +4,12 @@ class GroupsController < Groups::ApplicationController
   before_action :group, except: [:new, :create]
 
   # Authorize
-  before_action :authorize_read_group!, except: [:show, :new, :create]
+  before_action :authorize_read_group!, except: [:show, :new, :create, :autocomplete]
   before_action :authorize_admin_group!, only: [:edit, :update, :destroy, :projects]
   before_action :authorize_create_group!, only: [:new, :create]
 
   # Load group projects
-  before_action :load_projects, except: [:new, :create, :projects, :edit, :update]
+  before_action :load_projects, except: [:new, :create, :projects, :edit, :update, :autocomplete]
   before_action :event_filter, only: :show
 
   layout :determine_layout
@@ -133,7 +133,7 @@ class GroupsController < Groups::ApplicationController
   end
 
   def group_params
-    params.require(:group).permit(:name, :description, :path, :avatar)
+    params.require(:group).permit(:name, :description, :path, :avatar, :public)
   end
 
   def load_events
-- 
cgit v1.2.3


From 850bb21b12b21fe0cf943278bc8cadad85d48dc5 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Thu, 5 Nov 2015 13:49:34 +0100
Subject: Create show page for tag and render release notes there and on index
 page

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/projects/releases_controller.rb | 6 +-----
 app/controllers/projects/tags_controller.rb     | 7 +++++++
 2 files changed, 8 insertions(+), 5 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/releases_controller.rb b/app/controllers/projects/releases_controller.rb
index 7d1a011cc0a..f69a4bc729e 100644
--- a/app/controllers/projects/releases_controller.rb
+++ b/app/controllers/projects/releases_controller.rb
@@ -6,10 +6,6 @@ class Projects::ReleasesController < Projects::ApplicationController
   before_action :tag
   before_action :release
 
-  def show
-    @commit = @repository.commit(@tag.target)
-  end
-
   def edit
   end
 
@@ -18,7 +14,7 @@ class Projects::ReleasesController < Projects::ApplicationController
     release.update_attributes(description: description)
     release.save
 
-    redirect_to namespace_project_tag_release_path(@project.namespace, @project, @tag.name)
+    redirect_to namespace_project_tag_path(@project.namespace, @project, @tag.name)
   end
 
   private
diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb
index f565fbbbbc3..dfc8dbe01c5 100644
--- a/app/controllers/projects/tags_controller.rb
+++ b/app/controllers/projects/tags_controller.rb
@@ -8,6 +8,13 @@ class Projects::TagsController < Projects::ApplicationController
   def index
     sorted = VersionSorter.rsort(@repository.tag_names)
     @tags = Kaminari.paginate_array(sorted).page(params[:page]).per(PER_PAGE)
+    @releases = project.releases.where(tag: @tags)
+  end
+
+  def show
+    @tag = @repository.find_tag(params[:id])
+    @release = @project.releases.find_or_initialize_by(tag: @tag.name)
+    @commit = @repository.commit(@tag.target)
   end
 
   def create
-- 
cgit v1.2.3


From 312cf11b61e6bbee8283dfb267516e6b42454431 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Thu, 5 Nov 2015 14:03:48 +0100
Subject: Add release description to new tag form

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/projects/tags_controller.rb | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb
index dfc8dbe01c5..c4a3e3dca94 100644
--- a/app/controllers/projects/tags_controller.rb
+++ b/app/controllers/projects/tags_controller.rb
@@ -23,6 +23,13 @@ class Projects::TagsController < Projects::ApplicationController
 
     if result[:status] == :success
       @tag = result[:tag]
+
+      if params[:release_description]
+        release = @project.releases.find_or_initialize_by(tag: @tag.name)
+        release.update_attributes(description: params[:release_description])
+        release.save
+      end
+
       redirect_to namespace_project_tags_path(@project.namespace, @project)
     else
       @error = result[:message]
-- 
cgit v1.2.3


From 26677fbe213069a3820f9f20d528bd560d447bea Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Thu, 5 Nov 2015 14:07:55 +0100
Subject: After tag is created - redirect to tag page

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/projects/tags_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb
index c4a3e3dca94..055f328677f 100644
--- a/app/controllers/projects/tags_controller.rb
+++ b/app/controllers/projects/tags_controller.rb
@@ -30,7 +30,7 @@ class Projects::TagsController < Projects::ApplicationController
         release.save
       end
 
-      redirect_to namespace_project_tags_path(@project.namespace, @project)
+      redirect_to namespace_project_tag_path(@project.namespace, @project, @tag.name)
     else
       @error = result[:message]
       render action: 'new'
-- 
cgit v1.2.3


From ba68facf8d744f6de49b40a2e9923e6555c92cd7 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Tue, 3 Nov 2015 11:44:07 +0100
Subject: CI details cleanup

- Add page titles to CI settings.
- Fix CI admin navigation.
- Remove duplicated scope.
- Use monospace font for commit sha.
- Add page title and header title to build page.
- Proper authorization for cancel/retry builds.
- Use gitlab pagination theme for builds and group members.
- Don't paginate builds widget on build page.
- Add badges to commit page Changes/Builds tabs.
- Add "Builds" to commit Builds tab page title.
- Add and use Ci::Build#retryable? method.
- Add CI::Build#retried? method.
- Allow all failed commit builds to be retried.
- Proper authorization for cancel/retry all builds.
- Remove unused param.
- Use time_ago_with_tooltip where appropriate.
- Tweak builds index text
- Remove duplication between builds/build and commit_statuses/commit_status.
- Use POST rather than GET for canceling and retrying builds.
- Remove redundant URL helpers.
- Add build ID to build page.
- Link branch name on build page.
- Move commit/:sha/ci to commit/:sha/builds.
---
 app/controllers/projects/builds_controller.rb | 10 +++----
 app/controllers/projects/commit_controller.rb | 38 ++++++++++++++++++---------
 2 files changed, 29 insertions(+), 19 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/builds_controller.rb b/app/controllers/projects/builds_controller.rb
index 7d72e0b951b..953f30e7c03 100644
--- a/app/controllers/projects/builds_controller.rb
+++ b/app/controllers/projects/builds_controller.rb
@@ -30,7 +30,7 @@ class Projects::BuildsController < Projects::ApplicationController
 
   def show
     @builds = @ci_project.commits.find_by_sha(@build.sha).builds.order('id DESC')
-    @builds = @builds.where("id not in (?)", @build.id).page(params[:page]).per(20)
+    @builds = @builds.where("id not in (?)", @build.id)
     @commit = @build.commit
 
     respond_to do |format|
@@ -42,17 +42,13 @@ class Projects::BuildsController < Projects::ApplicationController
   end
 
   def retry
-    if @build.commands.blank?
+    unless @build.retryable?
       return page_404
     end
 
     build = Ci::Build.retry(@build)
 
-    if params[:return_to]
-      redirect_to URI.parse(params[:return_to]).path
-    else
-      redirect_to build_path(build)
-    end
+    redirect_to build_path(build)
   end
 
   def status
diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb
index 878c3a66e7d..deefdd76667 100644
--- a/app/controllers/projects/commit_controller.rb
+++ b/app/controllers/projects/commit_controller.rb
@@ -7,14 +7,14 @@ class Projects::CommitController < Projects::ApplicationController
   before_action :authorize_download_code!, except: [:cancel_builds]
   before_action :authorize_manage_builds!, only: [:cancel_builds]
   before_action :commit
+  before_action :authorize_manage_builds!, only: [:cancel_builds, :retry_builds]
+  before_action :define_show_vars, only: [:show, :builds]
 
   def show
     return git_not_found! unless @commit
 
     @line_notes = commit.notes.inline
-    @diffs = @commit.diffs
     @note = @project.build_commit_note(commit)
-    @notes_count = commit.notes.count
     @notes = commit.notes.not_inline.fresh
     @noteable = @commit
     @comments_allowed = @reply_allowed = true
@@ -23,8 +23,6 @@ class Projects::CommitController < Projects::ApplicationController
       commit_id: @commit.id
     }
 
-    @ci_commit = project.ci_commit(commit.sha)
-
     respond_to do |format|
       format.html
       format.diff  { render text: @commit.to_diff }
@@ -32,20 +30,25 @@ class Projects::CommitController < Projects::ApplicationController
     end
   end
 
-  def ci
-    @ci_commit = @project.ci_commit(@commit.sha)
-    @builds = @ci_commit.builds if @ci_commit
-    @notes_count = @commit.notes.count
+  def builds
     @ci_project = @project.gitlab_ci_project
   end
 
   def cancel_builds
-    @ci_commit = @project.ci_commit(@commit.sha)
-    @ci_commit.builds.running_or_pending.each(&:cancel)
+    ci_commit.builds.running_or_pending.each(&:cancel)
 
-    redirect_to ci_namespace_project_commit_path(project.namespace, project, commit.sha)
+    redirect_to builds_namespace_project_commit_path(project.namespace, project, commit.sha)
   end
 
+  def retry_builds
+    ci_commit.builds.latest.failed.each do |build|
+      if build.retryable?
+        Ci::Build.retry(build)
+      end
+    end
+
+    redirect_to builds_namespace_project_commit_path(project.namespace, project, commit.sha)
+  end
 
   def branches
     @branches = @project.repository.branch_names_contains(commit.id)
@@ -53,11 +56,22 @@ class Projects::CommitController < Projects::ApplicationController
     render layout: false
   end
 
+  private
+
   def commit
     @commit ||= @project.commit(params[:id])
   end
 
-  private
+  def ci_commit
+    @ci_commit ||= project.ci_commit(commit.sha)
+  end
+
+  def define_show_vars
+    @diffs = commit.diffs
+    @notes_count = commit.notes.count
+    
+    @builds = ci_commit.builds if ci_commit
+  end
 
   def authorize_manage_builds!
     unless can?(current_user, :manage_builds, project)
-- 
cgit v1.2.3


From b18671a1b2c565a87663544441000063f6b83c8e Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Tue, 3 Nov 2015 14:45:41 +0100
Subject: Enable shared runners for all new projects

---
 app/controllers/admin/application_settings_controller.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/controllers')

diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index 039f18f23e0..3d9c59050ff 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -57,6 +57,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
       :version_check_enabled,
       :admin_notification_email,
       :user_oauth_applications,
+      :shared_runners_enabled,
       restricted_visibility_levels: [],
       import_sources: []
     )
-- 
cgit v1.2.3


From 900419c43c5a540cde22f5488675121b3ce05d31 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Thu, 5 Nov 2015 17:08:47 +0100
Subject: Improve UI for tags page

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/projects/tags_controller.rb | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb
index 055f328677f..670f5d3067b 100644
--- a/app/controllers/projects/tags_controller.rb
+++ b/app/controllers/projects/tags_controller.rb
@@ -39,13 +39,9 @@ class Projects::TagsController < Projects::ApplicationController
 
   def destroy
     DeleteTagService.new(project, current_user).execute(params[:id])
+    release = project.releases.find_by(tag: params[:id])
+    release.destroy if release
 
-    respond_to do |format|
-      format.html do
-        redirect_to namespace_project_tags_path(@project.namespace,
-                                                @project)
-      end
-      format.js
-    end
+    redirect_to namespace_project_tags_path(@project.namespace, @project)
   end
 end
-- 
cgit v1.2.3


From dec3e4ce64df5f71a7cba7734cada1baa79242cd Mon Sep 17 00:00:00 2001
From: Yorick Peterse <yorickpeterse@gmail.com>
Date: Wed, 4 Nov 2015 19:13:19 +0100
Subject: Added Sherlock, a custom profiling tool for GitLab

Sherlock will be a new GitLab specific tool for measuring the
performance of Rails requests (and SideKiq jobs at some point). Some of
the things that are currently tracked:

* SQL queries along with their timings, backtraces and query plans
  (using "EXPLAIN ANALYZE" for PostgreSQL and regular "EXPLAIN" for
  MySQL)
* Timings of application files (including views) on a per line basis
* Some meta data such as the request method, path, total duration, etc

More tracking (e.g. Rugged or gitlab-shell timings) might be added in
the future.

Sherlock will replace any existing tools we have used so far (e.g.
active_record_query_trace and rack-mini-profiler), hence the
corresponding Gems have been removed from the Gemfile.

Sherlock can be enabled by starting Rails as following:

    ENABLE_SHERLOCK=1 bundle exec rails s

Recorded transactions can be found at `/sherlock/transactions`.
---
 app/controllers/sherlock/application_controller.rb  | 12 ++++++++++++
 app/controllers/sherlock/file_samples_controller.rb |  7 +++++++
 app/controllers/sherlock/queries_controller.rb      |  7 +++++++
 app/controllers/sherlock/transactions_controller.rb | 19 +++++++++++++++++++
 4 files changed, 45 insertions(+)
 create mode 100644 app/controllers/sherlock/application_controller.rb
 create mode 100644 app/controllers/sherlock/file_samples_controller.rb
 create mode 100644 app/controllers/sherlock/queries_controller.rb
 create mode 100644 app/controllers/sherlock/transactions_controller.rb

(limited to 'app/controllers')

diff --git a/app/controllers/sherlock/application_controller.rb b/app/controllers/sherlock/application_controller.rb
new file mode 100644
index 00000000000..682ca5e3821
--- /dev/null
+++ b/app/controllers/sherlock/application_controller.rb
@@ -0,0 +1,12 @@
+module Sherlock
+  class ApplicationController < ::ApplicationController
+    before_action :find_transaction
+
+    def find_transaction
+      if params[:transaction_id]
+        @transaction = Gitlab::Sherlock.collection.
+          find_transaction(params[:transaction_id])
+      end
+    end
+  end
+end
diff --git a/app/controllers/sherlock/file_samples_controller.rb b/app/controllers/sherlock/file_samples_controller.rb
new file mode 100644
index 00000000000..0c3bc100106
--- /dev/null
+++ b/app/controllers/sherlock/file_samples_controller.rb
@@ -0,0 +1,7 @@
+module Sherlock
+  class FileSamplesController < Sherlock::ApplicationController
+    def show
+      @file_sample = @transaction.find_file_sample(params[:id])
+    end
+  end
+end
diff --git a/app/controllers/sherlock/queries_controller.rb b/app/controllers/sherlock/queries_controller.rb
new file mode 100644
index 00000000000..63b26aab1a4
--- /dev/null
+++ b/app/controllers/sherlock/queries_controller.rb
@@ -0,0 +1,7 @@
+module Sherlock
+  class QueriesController < Sherlock::ApplicationController
+    def show
+      @query = @transaction.find_query(params[:id])
+    end
+  end
+end
diff --git a/app/controllers/sherlock/transactions_controller.rb b/app/controllers/sherlock/transactions_controller.rb
new file mode 100644
index 00000000000..ccc739da879
--- /dev/null
+++ b/app/controllers/sherlock/transactions_controller.rb
@@ -0,0 +1,19 @@
+module Sherlock
+  class TransactionsController < Sherlock::ApplicationController
+    def index
+      @transactions = Gitlab::Sherlock.collection.newest_first
+    end
+
+    def show
+      @transaction = Gitlab::Sherlock.collection.find_transaction(params[:id])
+
+      render_404 unless @transaction
+    end
+
+    def destroy_all
+      Gitlab::Sherlock.collection.clear
+
+      redirect_to(:back)
+    end
+  end
+end
-- 
cgit v1.2.3


From b67fdfff3c245538ee5a5e9360a2613b76ebada5 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Mon, 9 Nov 2015 15:30:50 +0100
Subject: Refactor release code a bit

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/projects/releases_controller.rb | 8 +++++---
 app/controllers/projects/tags_controller.rb     | 8 --------
 2 files changed, 5 insertions(+), 11 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/releases_controller.rb b/app/controllers/projects/releases_controller.rb
index f69a4bc729e..0825a4311cb 100644
--- a/app/controllers/projects/releases_controller.rb
+++ b/app/controllers/projects/releases_controller.rb
@@ -10,9 +10,7 @@ class Projects::ReleasesController < Projects::ApplicationController
   end
 
   def update
-    description = params[:release][:description]
-    release.update_attributes(description: description)
-    release.save
+    release.update_attributes(release_params)
 
     redirect_to namespace_project_tag_path(@project.namespace, @project, @tag.name)
   end
@@ -26,4 +24,8 @@ class Projects::ReleasesController < Projects::ApplicationController
   def release
     @release ||= @project.releases.find_or_initialize_by(tag: @tag.name)
   end
+
+  def release_params
+    params.require(:release).permit(:description)
+  end
 end
diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb
index 670f5d3067b..f512f01dc78 100644
--- a/app/controllers/projects/tags_controller.rb
+++ b/app/controllers/projects/tags_controller.rb
@@ -24,12 +24,6 @@ class Projects::TagsController < Projects::ApplicationController
     if result[:status] == :success
       @tag = result[:tag]
 
-      if params[:release_description]
-        release = @project.releases.find_or_initialize_by(tag: @tag.name)
-        release.update_attributes(description: params[:release_description])
-        release.save
-      end
-
       redirect_to namespace_project_tag_path(@project.namespace, @project, @tag.name)
     else
       @error = result[:message]
@@ -39,8 +33,6 @@ class Projects::TagsController < Projects::ApplicationController
 
   def destroy
     DeleteTagService.new(project, current_user).execute(params[:id])
-    release = project.releases.find_by(tag: params[:id])
-    release.destroy if release
 
     redirect_to namespace_project_tags_path(@project.namespace, @project)
   end
-- 
cgit v1.2.3


From b7619dad52504f8fc61bfb3b42e7f8bcc42dc06d Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Mon, 9 Nov 2015 15:39:18 +0100
Subject: Add missing param and title for tag

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/projects/tags_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb
index f512f01dc78..cb39c2b8782 100644
--- a/app/controllers/projects/tags_controller.rb
+++ b/app/controllers/projects/tags_controller.rb
@@ -19,7 +19,7 @@ class Projects::TagsController < Projects::ApplicationController
 
   def create
     result = CreateTagService.new(@project, current_user).
-      execute(params[:tag_name], params[:ref], params[:message])
+      execute(params[:tag_name], params[:ref], params[:message], params[:release_description])
 
     if result[:status] == :success
       @tag = result[:tag]
-- 
cgit v1.2.3


From 746e49fee9a28f509f115074d9985830de45513d Mon Sep 17 00:00:00 2001
From: Anton Baklanov <antonbaklanov@gmail.com>
Date: Tue, 3 Nov 2015 16:44:14 +0200
Subject: Display target branch on MR list when it is different from project's
 default

---
 app/controllers/projects/merge_requests_controller.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 16c42386623..b0788a2d073 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -31,6 +31,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     end
 
     @merge_requests = @merge_requests.page(params[:page]).per(PER_PAGE)
+    @merge_requests = @merge_requests.preload(:target_project)
 
     respond_to do |format|
       format.html
-- 
cgit v1.2.3


From d024db0cc816d03063f889a6d3d570f70e8e896c Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Tue, 10 Nov 2015 12:14:32 +0100
Subject: Remove deprecated dumped yaml file generated from previous job
 definitions

---
 app/controllers/ci/projects_controller.rb | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/ci/projects_controller.rb b/app/controllers/ci/projects_controller.rb
index 809b44387ba..8406399fb60 100644
--- a/app/controllers/ci/projects_controller.rb
+++ b/app/controllers/ci/projects_controller.rb
@@ -26,10 +26,6 @@ module Ci
       redirect_to namespace_project_runners_path(project.gl_project.namespace, project.gl_project)
     end
 
-    def dumped_yaml
-      send_data @project.generated_yaml_config, filename: '.gitlab-ci.yml'
-    end
-
     protected
 
     def project
-- 
cgit v1.2.3


From d0e3e823a2dd56260550aec648b0cbfae64543ae Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Mon, 12 Oct 2015 23:47:32 +0200
Subject: Implement Build Artifacts

- Offloads uploading to GitLab Workhorse
- Use /authorize request for fast uploading
- Added backup recipes for artifacts
- Support download acceleration using X-Sendfile
---
 .../admin/application_settings_controller.rb       |  1 +
 app/controllers/projects/builds_controller.rb      | 27 ++++++++++++++++++++++
 2 files changed, 28 insertions(+)

(limited to 'app/controllers')

diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index 3d9c59050ff..a9bcfc7456a 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -58,6 +58,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
       :admin_notification_email,
       :user_oauth_applications,
       :shared_runners_enabled,
+      :max_artifacts_size,
       restricted_visibility_levels: [],
       import_sources: []
     )
diff --git a/app/controllers/projects/builds_controller.rb b/app/controllers/projects/builds_controller.rb
index 953f30e7c03..4638f77b887 100644
--- a/app/controllers/projects/builds_controller.rb
+++ b/app/controllers/projects/builds_controller.rb
@@ -3,6 +3,7 @@ class Projects::BuildsController < Projects::ApplicationController
   before_action :build, except: [:index, :cancel_all]
 
   before_action :authorize_manage_builds!, except: [:index, :show, :status]
+  before_action :authorize_download_build_artifacts!, only: [:download]
 
   layout "project"
 
@@ -51,6 +52,18 @@ class Projects::BuildsController < Projects::ApplicationController
     redirect_to build_path(build)
   end
 
+  def download
+    unless artifacts_file.file_storage?
+      return redirect_to artifacts_file.url
+    end
+
+    unless artifacts_file.exists?
+      return not_found!
+    end
+
+    send_file artifacts_file.path, disposition: 'attachment'
+  end
+
   def status
     render json: @build.to_json(only: [:status, :id, :sha, :coverage], methods: :sha)
   end
@@ -67,6 +80,10 @@ class Projects::BuildsController < Projects::ApplicationController
     @build ||= ci_project.builds.unscoped.find_by!(id: params[:id])
   end
 
+  def artifacts_file
+    build.artifacts_file
+  end
+
   def build_path(build)
     namespace_project_build_path(build.gl_project.namespace, build.gl_project, build)
   end
@@ -76,4 +93,14 @@ class Projects::BuildsController < Projects::ApplicationController
       return page_404
     end
   end
+
+  def authorize_download_build_artifacts!
+    unless can?(current_user, :download_build_artifacts, @project)
+      if current_user.nil?
+        return authenticate_user!
+      else
+        return render_404
+      end
+    end
+  end
 end
-- 
cgit v1.2.3


From 752d528019fc9f9c58d458380a6594d358458b4d Mon Sep 17 00:00:00 2001
From: Drew Blessing <drew@gitlab.com>
Date: Mon, 14 Sep 2015 12:07:50 -0500
Subject: Fix trailing space issue with merge requests and issues. Fixes #2514

---
 app/controllers/projects/issues_controller.rb         | 4 +++-
 app/controllers/projects/merge_requests_controller.rb | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index e767efbdc0c..e74c2905e48 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -158,10 +158,12 @@ class Projects::IssuesController < Projects::ApplicationController
   end
 
   def issue_params
-    params.require(:issue).permit(
+    permitted = params.require(:issue).permit(
       :title, :assignee_id, :position, :description,
       :milestone_id, :state_event, :task_num, label_ids: []
     )
+    params[:issue][:title].strip! if params[:issue][:title]
+    permitted
   end
 
   def bulk_update_params
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index b0788a2d073..188f0cc4cea 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -276,11 +276,13 @@ class Projects::MergeRequestsController < Projects::ApplicationController
   end
 
   def merge_request_params
-    params.require(:merge_request).permit(
+    permitted = params.require(:merge_request).permit(
       :title, :assignee_id, :source_project_id, :source_branch,
       :target_project_id, :target_branch, :milestone_id,
       :state_event, :description, :task_num, label_ids: []
     )
+    params[:merge_request][:title].strip! if params[:merge_request][:title]
+    permitted
   end
 
   # Make sure merge requests created before 8.0
-- 
cgit v1.2.3


From e0c64fac68b4b3acc48300956146b85e03b426ce Mon Sep 17 00:00:00 2001
From: Jeff Stubler <brunsa2@gmail.com>
Date: Wed, 11 Nov 2015 16:29:29 -0600
Subject: Refactor for style issues

---
 app/controllers/projects/branches_controller.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb
index c3cd7642dd2..87884420952 100644
--- a/app/controllers/projects/branches_controller.rb
+++ b/app/controllers/projects/branches_controller.rb
@@ -10,8 +10,7 @@ class Projects::BranchesController < Projects::ApplicationController
     @branches = @repository.branches_sorted_by(@sort)
     @branches = Kaminari.paginate_array(@branches).page(params[:page]).per(PER_PAGE)
     
-    @max_commits = @branches.reduce(0) do
-      |memo, branch|
+    @max_commits = @branches.reduce(0) do |memo, branch|
       diverging_commit_counts = repository.diverging_commit_counts(branch)
       [memo, diverging_commit_counts[:behind], diverging_commit_counts[:ahead]].max
     end
-- 
cgit v1.2.3


From 1974087114f3f365d16547c8a5c3ec2e03a66104 Mon Sep 17 00:00:00 2001
From: Jason Lee <huacnlee@gmail.com>
Date: Thu, 12 Nov 2015 13:16:35 +0800
Subject: Avoid render edit_form in each notes.

Use RJS to render edit note feature.

Before:

```
Rendered projects/notes/_note.html.haml (27.9ms)
Rendered projects/_zen.html.haml (0.3ms)
Rendered projects/notes/_hints.html.haml (0.7ms)
Rendered projects/_md_preview.html.haml (3.9ms)
Rendered projects/notes/_edit_form.html.haml (6.9ms)
Rendered projects/notes/_note.html.haml (17.7ms)
Rendered projects/_zen.html.haml (0.3ms)
Rendered projects/notes/_hints.html.haml (0.6ms)
Rendered projects/_md_preview.html.haml (3.4ms)
Rendered projects/notes/_edit_form.html.haml (7.0ms)
```

After:

```
Rendered projects/notes/_note.html.haml (13.8ms)
Rendered projects/notes/_note.html.haml (7.1ms)
Rendered projects/notes/_note.html.haml (9.5ms)
Rendered projects/notes/_note.html.haml (8.5ms)
```

This change reduce at least 6ms * N ('N' - number of notes).
---
 app/controllers/projects/notes_controller.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index 41cd08c93c6..0c98e2f1bfd 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -3,7 +3,7 @@ class Projects::NotesController < Projects::ApplicationController
   before_action :authorize_read_note!
   before_action :authorize_create_note!, only: [:create]
   before_action :authorize_admin_note!, only: [:update, :destroy]
-  before_action :find_current_user_notes, except: [:destroy, :delete_attachment]
+  before_action :find_current_user_notes, except: [:destroy, :edit, :delete_attachment]
 
   def index
     current_fetched_at = Time.now.to_i
@@ -29,6 +29,11 @@ class Projects::NotesController < Projects::ApplicationController
     end
   end
 
+  def edit
+    @note = note
+    render layout: false
+  end
+
   def update
     @note = Notes::UpdateService.new(project, current_user, note_params).execute(note)
 
-- 
cgit v1.2.3


From 3d0efa8e0a359c84485a0fd7a3317745bf5648b8 Mon Sep 17 00:00:00 2001
From: Minsik Yoon <yms9654@gmail.com>
Date: Thu, 22 Oct 2015 09:55:35 +0900
Subject: Add ignore white space option in merge request diff

fix this issue(https://gitlab.com/gitlab-org/gitlab-ce/issues/1393).

Add ignore whitespace optoin to Commits Compare view
---
 app/controllers/projects/compare_controller.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/compare_controller.rb b/app/controllers/projects/compare_controller.rb
index 71aaad1fad6..55134e11d15 100644
--- a/app/controllers/projects/compare_controller.rb
+++ b/app/controllers/projects/compare_controller.rb
@@ -12,9 +12,10 @@ class Projects::CompareController < Projects::ApplicationController
   def show
     base_ref = Addressable::URI.unescape(params[:from])
     @ref = head_ref = Addressable::URI.unescape(params[:to])
+    diff_options = { ignore_whitespace_change: true } if params[:w] == '1'
 
     compare_result = CompareService.new.
-      execute(@project, head_ref, @project, base_ref)
+      execute(@project, head_ref, @project, base_ref, diff_options)
 
     if compare_result
       @commits = Commit.decorate(compare_result.commits, @project)
-- 
cgit v1.2.3


From 6384c757b7ce6d1c0c3e2a3828b0cfac26dfb7f9 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Mon, 9 Nov 2015 16:48:03 +0100
Subject: Expose CI enable option in project features

- Enable CI by default for all new projects
---
 app/controllers/projects/application_controller.rb | 2 +-
 app/controllers/projects_controller.rb             | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/application_controller.rb b/app/controllers/projects/application_controller.rb
index 519d6d6127e..d3f926b62bc 100644
--- a/app/controllers/projects/application_controller.rb
+++ b/app/controllers/projects/application_controller.rb
@@ -29,7 +29,7 @@ class Projects::ApplicationController < ApplicationController
   private
 
   def ci_enabled
-    return render_404 unless @project.gitlab_ci?
+    return render_404 unless @project.builds_enabled?
   end
 
   def ci_project
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 00d13a83ce8..30b166334a9 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -213,7 +213,8 @@ class ProjectsController < ApplicationController
     params.require(:project).permit(
       :name, :path, :description, :issues_tracker, :tag_list,
       :issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id, :default_branch,
-      :wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar
+      :wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar,
+      :builds_enabled
     )
   end
 
-- 
cgit v1.2.3


From 14032d8eb1a60ae5920286249c1044be2fa27278 Mon Sep 17 00:00:00 2001
From: Marin Jankovski <maxlazio@gmail.com>
Date: Mon, 12 Oct 2015 16:42:14 +0200
Subject: Add support for git lfs.

---
 app/controllers/projects_controller.rb | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 30b166334a9..23453195e85 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -72,8 +72,7 @@ class ProjectsController < ApplicationController
   def remove_fork
     return access_denied! unless can?(current_user, :remove_fork_project, @project)
 
-    if @project.forked?
-      @project.forked_project_link.destroy
+    if @project.unlink_fork
       flash[:notice] = 'The fork relationship has been removed.'
     end
   end
@@ -243,7 +242,7 @@ class ProjectsController < ApplicationController
     project.repository_exists? && !project.empty_repo?
   end
 
-  # Override get_id from ExtractsPath, which returns the branch and file path 
+  # Override get_id from ExtractsPath, which returns the branch and file path
   # for the blob/tree, which in this case is just the root of the default branch.
   def get_id
     project.repository.root_ref
-- 
cgit v1.2.3


From 05335a3c8584c48a9317bd0919eccee6948de742 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Fri, 13 Nov 2015 16:07:27 +0100
Subject: Create milestones in the group

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/groups/milestones_controller.rb | 36 +++++++++++++++++++++----
 1 file changed, 31 insertions(+), 5 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/groups/milestones_controller.rb b/app/controllers/groups/milestones_controller.rb
index 669f7f3126d..8779376d93c 100644
--- a/app/controllers/groups/milestones_controller.rb
+++ b/app/controllers/groups/milestones_controller.rb
@@ -1,16 +1,34 @@
 class Groups::MilestonesController < Groups::ApplicationController
   before_action :authorize_group_milestone!, only: :update
+  before_action :group
 
   def index
-    project_milestones = case params[:state]
-                         when 'all'; state
-                         when 'closed'; state('closed')
-                         else state('active')
-                         end
+    project_milestones =
+      case params[:state]
+      when 'all'; state
+      when 'closed'; state('closed')
+      else state('active')
+      end
+
     @group_milestones = Milestones::GroupService.new(project_milestones).execute
     @group_milestones = Kaminari.paginate_array(@group_milestones).page(params[:page]).per(PER_PAGE)
   end
 
+  def new
+    @group_milestone = OpenStruct.new(title: nil, description: nil)
+  end
+
+  def create
+    project_ids = params[:milestone][:project_ids]
+    title = milestone_params[:title]
+
+    @group.projects.where(id: project_ids).each do |project|
+      Milestones::CreateService.new(project, current_user, milestone_params).execute
+    end
+
+    redirect_to group_milestone_path(@group, title.parameterize, title: title)
+  end
+
   def show
     project_milestones = Milestone.where(project_id: group.projects).order("due_date ASC")
     @group_milestone = Milestones::GroupService.new(project_milestones).milestone(title)
@@ -51,4 +69,12 @@ class Groups::MilestonesController < Groups::ApplicationController
   def authorize_group_milestone!
     return render_404 unless can?(current_user, :admin_group, group)
   end
+
+  def milestone_params
+    params.require(:milestone).permit(
+      :title,
+      :description,
+      :due_date
+    )
+  end
 end
-- 
cgit v1.2.3


From 986695e136a8f6afa326048b30be77a9265d3bf7 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Fri, 13 Nov 2015 19:20:48 +0100
Subject: Refactor global and group milestones logic

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/concerns/global_milestones.rb      | 19 +++++++
 app/controllers/dashboard/milestones_controller.rb | 29 +++-------
 app/controllers/groups/application_controller.rb   | 11 ++--
 app/controllers/groups/avatars_controller.rb       |  2 -
 app/controllers/groups/group_members_controller.rb |  5 --
 app/controllers/groups/milestones_controller.rb    | 63 +++++++---------------
 6 files changed, 53 insertions(+), 76 deletions(-)
 create mode 100644 app/controllers/concerns/global_milestones.rb

(limited to 'app/controllers')

diff --git a/app/controllers/concerns/global_milestones.rb b/app/controllers/concerns/global_milestones.rb
new file mode 100644
index 00000000000..b428249acd3
--- /dev/null
+++ b/app/controllers/concerns/global_milestones.rb
@@ -0,0 +1,19 @@
+module GlobalMilestones
+  extend ActiveSupport::Concern
+
+  def milestones
+    @milestones = MilestonesFinder.new.execute(@projects, params)
+    @milestones = GlobalMilestone.build_collection(@milestones)
+    @milestones = Kaminari.paginate_array(@milestones).page(params[:page]).per(ApplicationController::PER_PAGE)
+  end
+
+  def milestone
+    milestones = Milestone.of_projects(@projects).where(title: params[:title])
+
+    if milestones.present?
+      @milestone = GlobalMilestone.new(params[:title], milestones)
+    else
+      render_404
+    end
+  end
+end
diff --git a/app/controllers/dashboard/milestones_controller.rb b/app/controllers/dashboard/milestones_controller.rb
index 53896d4f2c7..2bdce0f8a00 100644
--- a/app/controllers/dashboard/milestones_controller.rb
+++ b/app/controllers/dashboard/milestones_controller.rb
@@ -1,34 +1,19 @@
 class Dashboard::MilestonesController < Dashboard::ApplicationController
-  before_action :load_projects
+  include GlobalMilestones
+
+  before_action :projects
+  before_action :milestones, only: [:index]
+  before_action :milestone, only: [:show]
 
   def index
-    project_milestones = case params[:state]
-                         when 'all'; state
-                         when 'closed'; state('closed')
-                         else state('active')
-                         end
-    @dashboard_milestones = Milestones::GroupService.new(project_milestones).execute
-    @dashboard_milestones = Kaminari.paginate_array(@dashboard_milestones).page(params[:page]).per(PER_PAGE)
   end
 
   def show
-    project_milestones = Milestone.where(project_id: @projects).order("due_date ASC")
-    @dashboard_milestone = Milestones::GroupService.new(project_milestones).milestone(title)
   end
 
   private
 
-  def load_projects
-    @projects = current_user.authorized_projects.sorted_by_activity.non_archived
-  end
-
-  def title
-    params[:title]
-  end
-
-  def state(state = nil)
-    conditions = { project_id: @projects }
-    conditions.reverse_merge!(state: state) if state
-    Milestone.where(conditions).order("title ASC")
+  def projects
+    @projects ||= current_user.authorized_projects.sorted_by_activity.non_archived
   end
 end
diff --git a/app/controllers/groups/application_controller.rb b/app/controllers/groups/application_controller.rb
index 6878d4bc07e..be801858eaf 100644
--- a/app/controllers/groups/application_controller.rb
+++ b/app/controllers/groups/application_controller.rb
@@ -1,8 +1,13 @@
 class Groups::ApplicationController < ApplicationController
   layout 'group'
+  before_action :group
 
   private
-  
+
+  def group
+    @group ||= Group.find_by(path: params[:group_id])
+  end
+
   def authorize_read_group!
     unless @group and can?(current_user, :read_group, @group)
       if current_user.nil?
@@ -12,13 +17,13 @@ class Groups::ApplicationController < ApplicationController
       end
     end
   end
-  
+
   def authorize_admin_group!
     unless can?(current_user, :admin_group, group)
       return render_404
     end
   end
-  
+
   def authorize_admin_group_member!
     unless can?(current_user, :admin_group_member, group)
       return render_403
diff --git a/app/controllers/groups/avatars_controller.rb b/app/controllers/groups/avatars_controller.rb
index 6aa64222f77..f390705dc6a 100644
--- a/app/controllers/groups/avatars_controller.rb
+++ b/app/controllers/groups/avatars_controller.rb
@@ -1,8 +1,6 @@
 class Groups::AvatarsController < ApplicationController
   def destroy
-    @group = Group.find_by(path: params[:group_id])
     @group.remove_avatar!
-
     @group.save
 
     redirect_to edit_group_path(@group)
diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb
index 91518c44a98..b25957a06e2 100644
--- a/app/controllers/groups/group_members_controller.rb
+++ b/app/controllers/groups/group_members_controller.rb
@@ -1,6 +1,5 @@
 class Groups::GroupMembersController < Groups::ApplicationController
   skip_before_action :authenticate_user!, only: [:index]
-  before_action :group
 
   # Authorize
   before_action :authorize_read_group!
@@ -80,10 +79,6 @@ class Groups::GroupMembersController < Groups::ApplicationController
 
   protected
 
-  def group
-    @group ||= Group.find_by(path: params[:group_id])
-  end
-
   def member_params
     params.require(:group_member).permit(:access_level, :user_id)
   end
diff --git a/app/controllers/groups/milestones_controller.rb b/app/controllers/groups/milestones_controller.rb
index 8779376d93c..6833a550c9e 100644
--- a/app/controllers/groups/milestones_controller.rb
+++ b/app/controllers/groups/milestones_controller.rb
@@ -1,21 +1,16 @@
 class Groups::MilestonesController < Groups::ApplicationController
-  before_action :authorize_group_milestone!, only: :update
-  before_action :group
+  include GlobalMilestones
 
-  def index
-    project_milestones =
-      case params[:state]
-      when 'all'; state
-      when 'closed'; state('closed')
-      else state('active')
-      end
+  before_action :projects
+  before_action :milestones, only: [:index]
+  before_action :milestone, only: [:show, :update]
+  before_action :authorize_group_milestone!, only: [:create, :update]
 
-    @group_milestones = Milestones::GroupService.new(project_milestones).execute
-    @group_milestones = Kaminari.paginate_array(@group_milestones).page(params[:page]).per(PER_PAGE)
+  def index
   end
 
   def new
-    @group_milestone = OpenStruct.new(title: nil, description: nil)
+    @milestone = Milestone.new
   end
 
   def create
@@ -26,55 +21,35 @@ class Groups::MilestonesController < Groups::ApplicationController
       Milestones::CreateService.new(project, current_user, milestone_params).execute
     end
 
-    redirect_to group_milestone_path(@group, title.parameterize, title: title)
+    redirect_to milestone_path(title)
   end
 
   def show
-    project_milestones = Milestone.where(project_id: group.projects).order("due_date ASC")
-    @group_milestone = Milestones::GroupService.new(project_milestones).milestone(title)
   end
 
   def update
-    project_milestones = Milestone.where(project_id: group.projects).order("due_date ASC")
-    @group_milestones = Milestones::GroupService.new(project_milestones).milestone(title)
-
-    @group_milestones.milestones.each do |milestone|
-      Milestones::UpdateService.new(milestone.project, current_user, params[:milestone]).execute(milestone)
+    @milestone.milestones.each do |milestone|
+      Milestones::UpdateService.new(milestone.project, current_user, milestone_params).execute(milestone)
     end
 
-    respond_to do |format|
-      format.js
-      format.html do
-        redirect_to group_milestones_path(group)
-      end
-    end
+    redirect_back_or_default(default: milestone_path(@milestone.title))
   end
 
   private
 
-  def group
-    @group ||= Group.find_by(path: params[:group_id])
-  end
-
-  def title
-    params[:title]
+  def authorize_group_milestone!
+    return render_404 unless can?(current_user, :admin_group, group)
   end
 
-  def state(state = nil)
-    conditions = { project_id: group.projects }
-    conditions.reverse_merge!(state: state) if state
-    Milestone.where(conditions).order("title ASC")
+  def milestone_params
+    params.require(:milestone).permit(:title, :description, :due_date, :state_event)
   end
 
-  def authorize_group_milestone!
-    return render_404 unless can?(current_user, :admin_group, group)
+  def milestone_path(title)
+    group_milestone_path(@group, title.parameterize, title: title)
   end
 
-  def milestone_params
-    params.require(:milestone).permit(
-      :title,
-      :description,
-      :due_date
-    )
+  def projects
+    @projects ||= @group.projects
   end
 end
-- 
cgit v1.2.3


From c79d801bf58c58ec21e64cb782176d6dc879a60f Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Fri, 13 Nov 2015 19:31:02 +0100
Subject: Fix a bug when milestone/label filter was empty for dashboard issues
 page

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/dashboard_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'app/controllers')

diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb
index 4ebb3d7276e..b2c1fa4230c 100644
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@@ -1,5 +1,6 @@
 class DashboardController < Dashboard::ApplicationController
   before_action :event_filter, only: :activity
+  before_action :projects, only: [:issues, :merge_requests]
 
   respond_to :html
 
@@ -47,4 +48,8 @@ class DashboardController < Dashboard::ApplicationController
     @events = @event_filter.apply_filter(@events).with_associations
     @events = @events.limit(20).offset(params[:offset] || 0)
   end
+
+  def projects
+    @projects ||= current_user.authorized_projects.sorted_by_activity.non_archived
+  end
 end
-- 
cgit v1.2.3


From 929ab909c88e9ac5d87acacb376a39dcfa6a639c Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Mon, 16 Nov 2015 16:14:19 +0100
Subject: Group masters should be able to create/close milestones

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/groups/milestones_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/groups/milestones_controller.rb b/app/controllers/groups/milestones_controller.rb
index 6833a550c9e..10233222ee1 100644
--- a/app/controllers/groups/milestones_controller.rb
+++ b/app/controllers/groups/milestones_controller.rb
@@ -38,7 +38,7 @@ class Groups::MilestonesController < Groups::ApplicationController
   private
 
   def authorize_group_milestone!
-    return render_404 unless can?(current_user, :admin_group, group)
+    return render_404 unless can?(current_user, :admin_milestones, group)
   end
 
   def milestone_params
-- 
cgit v1.2.3


From 32f1a7196817b1073327c607905ee40b9140e6df Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Mon, 16 Nov 2015 17:24:14 +0100
Subject: Fix removing avatar for group

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/groups/avatars_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/groups/avatars_controller.rb b/app/controllers/groups/avatars_controller.rb
index f390705dc6a..76c87366baa 100644
--- a/app/controllers/groups/avatars_controller.rb
+++ b/app/controllers/groups/avatars_controller.rb
@@ -1,4 +1,4 @@
-class Groups::AvatarsController < ApplicationController
+class Groups::AvatarsController < Groups::ApplicationController
   def destroy
     @group.remove_avatar!
     @group.save
-- 
cgit v1.2.3


From c8e53d4467e1e8cce4db04aafba00d55f014e283 Mon Sep 17 00:00:00 2001
From: Robert Speicher <rspeicher@gmail.com>
Date: Sun, 15 Nov 2015 15:30:05 -0500
Subject: Revert "Merge pull request #9820 from
 huacnlee/avoid-render-form-in-notes-list"

This reverts commit 63144cd062f6d259f1f30b6e06eb92a16caa8dec, reversing
changes made to 8ab5df9d872414b2cca3ebd16d57b89e2f19e06a.
---
 app/controllers/projects/notes_controller.rb | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index 0c98e2f1bfd..41cd08c93c6 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -3,7 +3,7 @@ class Projects::NotesController < Projects::ApplicationController
   before_action :authorize_read_note!
   before_action :authorize_create_note!, only: [:create]
   before_action :authorize_admin_note!, only: [:update, :destroy]
-  before_action :find_current_user_notes, except: [:destroy, :edit, :delete_attachment]
+  before_action :find_current_user_notes, except: [:destroy, :delete_attachment]
 
   def index
     current_fetched_at = Time.now.to_i
@@ -29,11 +29,6 @@ class Projects::NotesController < Projects::ApplicationController
     end
   end
 
-  def edit
-    @note = note
-    render layout: false
-  end
-
   def update
     @note = Notes::UpdateService.new(project, current_user, note_params).execute(note)
 
-- 
cgit v1.2.3


From 3cebe9e78064030553e62939ec3612993c63ad76 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Tue, 17 Nov 2015 11:03:18 +0100
Subject: Refactor duplciate code for groups_controller.rb and
 slack_service/note_message.rb

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/concerns/issues_action.rb         | 14 ++++++++++++++
 app/controllers/concerns/merge_requests_action.rb |  9 +++++++++
 app/controllers/dashboard_controller.rb           | 20 +++-----------------
 app/controllers/groups_controller.rb              | 20 +++-----------------
 4 files changed, 29 insertions(+), 34 deletions(-)
 create mode 100644 app/controllers/concerns/issues_action.rb
 create mode 100644 app/controllers/concerns/merge_requests_action.rb

(limited to 'app/controllers')

diff --git a/app/controllers/concerns/issues_action.rb b/app/controllers/concerns/issues_action.rb
new file mode 100644
index 00000000000..effd4721949
--- /dev/null
+++ b/app/controllers/concerns/issues_action.rb
@@ -0,0 +1,14 @@
+module IssuesAction
+  extend ActiveSupport::Concern
+
+  def issues
+    @issues = get_issues_collection
+    @issues = @issues.page(params[:page]).per(ApplicationController::PER_PAGE)
+    @issues = @issues.preload(:author, :project)
+
+    respond_to do |format|
+      format.html
+      format.atom { render layout: false }
+    end
+  end
+end
diff --git a/app/controllers/concerns/merge_requests_action.rb b/app/controllers/concerns/merge_requests_action.rb
new file mode 100644
index 00000000000..f7a25111db9
--- /dev/null
+++ b/app/controllers/concerns/merge_requests_action.rb
@@ -0,0 +1,9 @@
+module MergeRequestsAction
+  extend ActiveSupport::Concern
+
+  def merge_requests
+    @merge_requests = get_merge_requests_collection
+    @merge_requests = @merge_requests.page(params[:page]).per(ApplicationController::PER_PAGE)
+    @merge_requests = @merge_requests.preload(:author, :target_project)
+  end
+end
diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb
index b2c1fa4230c..087da935087 100644
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@@ -1,26 +1,12 @@
 class DashboardController < Dashboard::ApplicationController
+  include IssuesAction
+  include MergeRequestsAction
+
   before_action :event_filter, only: :activity
   before_action :projects, only: [:issues, :merge_requests]
 
   respond_to :html
 
-  def merge_requests
-    @merge_requests = get_merge_requests_collection
-    @merge_requests = @merge_requests.page(params[:page]).per(PER_PAGE)
-    @merge_requests = @merge_requests.preload(:author, :target_project)
-  end
-
-  def issues
-    @issues = get_issues_collection
-    @issues = @issues.page(params[:page]).per(PER_PAGE)
-    @issues = @issues.preload(:author, :project)
-
-    respond_to do |format|
-      format.html
-      format.atom { render layout: false }
-    end
-  end
-
   def activity
     @last_push = current_user.recent_push
 
diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb
index fb4eb094f27..fb26a4e6fc3 100644
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -1,4 +1,7 @@
 class GroupsController < Groups::ApplicationController
+  include IssuesAction
+  include MergeRequestsAction
+
   skip_before_action :authenticate_user!, only: [:show, :issues, :merge_requests]
   respond_to :html
   before_action :group, except: [:new, :create]
@@ -53,23 +56,6 @@ class GroupsController < Groups::ApplicationController
     end
   end
 
-  def merge_requests
-    @merge_requests = get_merge_requests_collection
-    @merge_requests = @merge_requests.page(params[:page]).per(PER_PAGE)
-    @merge_requests = @merge_requests.preload(:author, :target_project)
-  end
-
-  def issues
-    @issues = get_issues_collection
-    @issues = @issues.page(params[:page]).per(PER_PAGE)
-    @issues = @issues.preload(:author, :project)
-
-    respond_to do |format|
-      format.html
-      format.atom { render layout: false }
-    end
-  end
-
   def edit
   end
 
-- 
cgit v1.2.3


From 24cf6865d3c0d47615a814c091cdb40bf513307e Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Tue, 17 Nov 2015 13:10:01 +0100
Subject: Correctly set comparison first commit when range includes a merge
 commit

---
 app/controllers/projects/compare_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/compare_controller.rb b/app/controllers/projects/compare_controller.rb
index 71aaad1fad6..3517b2bece6 100644
--- a/app/controllers/projects/compare_controller.rb
+++ b/app/controllers/projects/compare_controller.rb
@@ -19,8 +19,8 @@ class Projects::CompareController < Projects::ApplicationController
     if compare_result
       @commits = Commit.decorate(compare_result.commits, @project)
       @diffs = compare_result.diffs
-      @commit = @commits.last
-      @first_commit = @commits.first
+      @commit = @project.commit(head_ref)
+      @first_commit = @project.commit(base_ref)
       @line_notes = []
     end
   end
-- 
cgit v1.2.3


From e3fe3da63d23981f5a0f3bd629046cbe0533a132 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Tue, 17 Nov 2015 15:51:40 +0100
Subject: Use project member abilities more extensively

---
 app/controllers/groups/group_members_controller.rb | 30 +++++++++----------
 .../projects/project_members_controller.rb         | 34 +++++++++++++---------
 2 files changed, 36 insertions(+), 28 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb
index b25957a06e2..0e902c4bb43 100644
--- a/app/controllers/groups/group_members_controller.rb
+++ b/app/controllers/groups/group_members_controller.rb
@@ -3,8 +3,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
 
   # Authorize
   before_action :authorize_read_group!
-  before_action :authorize_admin_group!, except: [:index, :leave]
-  before_action :authorize_admin_group_member!, only: [:create, :resend_invite]
+  before_action :authorize_admin_group_member!, except: [:index, :leave]
 
   def index
     @project = @group.projects.find(params[:project_id]) if params[:project_id]
@@ -17,7 +16,8 @@ class Groups::GroupMembersController < Groups::ApplicationController
     end
 
     @members = @members.order('access_level DESC').page(params[:page]).per(50)
-    @group_member = GroupMember.new
+
+    @group_member = @group.group_members.new
   end
 
   def create
@@ -27,24 +27,23 @@ class Groups::GroupMembersController < Groups::ApplicationController
   end
 
   def update
-    @member = @group.group_members.find(params[:id])
+    @group_member = @group.group_members.find(params[:id])
 
-    return render_403 unless can?(current_user, :update_group_member, @member)
+    return render_403 unless can?(current_user, :update_group_member, @group_member)
 
-    @member.update_attributes(member_params)
+    @group_member.update_attributes(member_params)
   end
 
   def destroy
     @group_member = @group.group_members.find(params[:id])
 
-    if can?(current_user, :destroy_group_member, @group_member)  # May fail if last owner.
-      @group_member.destroy
-      respond_to do |format|
-        format.html { redirect_to group_group_members_path(@group), notice: 'User was successfully removed from group.' }
-        format.js { render nothing: true }
-      end
-    else
-      return render_403
+    return render_403 unless can?(current_user, :destroy_group_member, @group_member)
+
+    @group_member.destroy
+
+    respond_to do |format|
+      format.html { redirect_to group_group_members_path(@group), notice: 'User was successfully removed from group.' }
+      format.js { render nothing: true }
     end
   end
 
@@ -63,10 +62,11 @@ class Groups::GroupMembersController < Groups::ApplicationController
   end
 
   def leave
-    @group_member = @group.group_members.where(user_id: current_user.id).first
+    @group_member = @group.group_members.find_by(user_id: current_user)
 
     if can?(current_user, :destroy_group_member, @group_member)
       @group_member.destroy
+
       redirect_to(dashboard_groups_path, notice: "You left #{group.name} group.")
     else
       if @group.last_owner?(current_user)
diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb
index 9de5269cd25..07eb94e4f48 100644
--- a/app/controllers/projects/project_members_controller.rb
+++ b/app/controllers/projects/project_members_controller.rb
@@ -1,6 +1,6 @@
 class Projects::ProjectMembersController < Projects::ApplicationController
   # Authorize
-  before_action :authorize_admin_project!, except: :leave
+  before_action :authorize_admin_project_member!, except: :leave
 
   def index
     @project_members = @project.project_members
@@ -29,10 +29,6 @@ class Projects::ProjectMembersController < Projects::ApplicationController
     @project_member = @project.project_members.new
   end
 
-  def new
-    @project_member = @project.project_members.new
-  end
-
   def create
     @project.team.add_users(params[:user_ids].split(','), params[:access_level], current_user)
 
@@ -41,11 +37,17 @@ class Projects::ProjectMembersController < Projects::ApplicationController
 
   def update
     @project_member = @project.project_members.find(params[:id])
+
+    return render_403 unless can?(current_user, :update_project_member, @project_member)
+
     @project_member.update_attributes(member_params)
   end
 
   def destroy
     @project_member = @project.project_members.find(params[:id])
+
+    return render_403 unless can?(current_user, :destroy_project_member, @project_member)
+
     @project_member.destroy
 
     respond_to do |format|
@@ -71,16 +73,22 @@ class Projects::ProjectMembersController < Projects::ApplicationController
   end
 
   def leave
-    if @project.namespace == current_user.namespace
-      message = 'You can not leave your own project. Transfer or delete the project.'
-      return redirect_back_or_default(default: { action: 'index' }, options: { alert: message })
-    end
+    @project_member = @project.project_members.find_by(user_id: current_user)
 
-    @project.project_members.find_by(user_id: current_user).destroy
+    if can?(current_user, :destroy_project_member, @project_member)
+      @project_member.destroy
 
-    respond_to do |format|
-      format.html { redirect_to dashboard_projects_path }
-      format.js { render nothing: true }
+      respond_to do |format|
+        format.html { redirect_to dashboard_projects_path, notice: "You left the project." }
+        format.js { render nothing: true }
+      end
+    else
+      if current_user == @project.owner
+        message = 'You can not leave your own project. Transfer or delete the project.'
+        redirect_back_or_default(default: { action: 'index' }, options: { alert: message })
+      else
+        render_403
+      end
     end
   end
 
-- 
cgit v1.2.3


From e945ec02804bb28dbd228d8002a159c8da0fcc38 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Tue, 17 Nov 2015 18:53:56 +0100
Subject: Add "Start a new merge request" option to every commit form

---
 app/controllers/application_controller.rb          | 30 ------------
 .../concerns/creates_merge_request_for_commit.rb   | 28 ++++++++++++
 app/controllers/projects/blob_controller.rb        | 53 ++++++++++++----------
 app/controllers/projects/tree_controller.rb        | 13 +++++-
 4 files changed, 69 insertions(+), 55 deletions(-)
 create mode 100644 app/controllers/concerns/creates_merge_request_for_commit.rb

(limited to 'app/controllers')

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 6f87ee08b2d..0d182e8eb04 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -22,7 +22,6 @@ class ApplicationController < ActionController::Base
 
   helper_method :abilities, :can?, :current_application_settings
   helper_method :import_sources_enabled?, :github_import_enabled?, :github_import_configured?, :gitlab_import_enabled?, :gitlab_import_configured?, :bitbucket_import_enabled?, :bitbucket_import_configured?, :gitorious_import_enabled?, :google_code_import_enabled?, :fogbugz_import_enabled?, :git_import_enabled?
-  helper_method :new_mr_from_push_event, :new_mr_path_for_fork_from_push_event, :new_mr_path_from_push_event
 
   rescue_from Encoding::CompatibilityError do |exception|
     log_exception(exception)
@@ -343,35 +342,6 @@ class ApplicationController < ActionController::Base
     current_application_settings.import_sources.include?('git')
   end
 
-  # new merge requests routing helpers
-  def new_mr_path_from_push_event(event, target_branch=nil)
-    target_project = event.project.forked_from_project || event.project
-    new_namespace_project_merge_request_path(
-      event.project.namespace,
-      event.project,
-      new_mr_from_push_event(event, target_project, target_branch)
-    )
-  end
-
-  def new_mr_path_for_fork_from_push_event(event, target_branch=nil)
-    new_namespace_project_merge_request_path(
-      event.project.namespace,
-      event.project,
-      new_mr_from_push_event(event, event.project.forked_from_project, target_branch)
-    )
-  end
-
-  def new_mr_from_push_event(event, target_project, target_branch)
-    {
-      merge_request: {
-        source_project_id: event.project.id,
-        target_project_id: target_project.id,
-        source_branch: event.branch_name,
-        target_branch: target_branch || target_project.repository.root_ref
-      }
-    }
-  end
-
   def redirect_to_home_page_url?
     # If user is not signed-in and tries to access root_path - redirect him to landing page
     # Don't redirect to the default URL to prevent endless redirections
diff --git a/app/controllers/concerns/creates_merge_request_for_commit.rb b/app/controllers/concerns/creates_merge_request_for_commit.rb
new file mode 100644
index 00000000000..c7527822158
--- /dev/null
+++ b/app/controllers/concerns/creates_merge_request_for_commit.rb
@@ -0,0 +1,28 @@
+module CreatesMergeRequestForCommit
+  extend ActiveSupport::Concern
+
+  def new_merge_request_path
+    if @project.forked?
+      target_project = @project.forked_from_project || @project
+      target_branch = target_project.repository.root_ref
+    else
+      target_project = @project
+      target_branch = @ref
+    end
+
+    new_namespace_project_merge_request_path(
+      @project.namespace,
+      @project,
+      merge_request: {
+        source_project_id: @project.id,
+        target_project_id: target_project.id,
+        source_branch: @new_branch,
+        target_branch: target_branch
+      }
+    )
+  end
+
+  def create_merge_request?
+    params[:create_merge_request] && @new_branch != @ref
+  end
+end
diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb
index d7fae64fcdd..41ec7bde45d 100644
--- a/app/controllers/projects/blob_controller.rb
+++ b/app/controllers/projects/blob_controller.rb
@@ -1,6 +1,7 @@
 # Controller for viewing a file's blame
 class Projects::BlobController < Projects::ApplicationController
   include ExtractsPath
+  include CreatesMergeRequestForCommit
   include ActionView::Helpers::SanitizeHelper
 
   # Raised when given an invalid file path
@@ -27,15 +28,8 @@ class Projects::BlobController < Projects::ApplicationController
     if result[:status] == :success
       flash[:notice] = "The changes have been successfully committed"
       respond_to do |format|
-        format.html do
-          url = if params[:create_merge_request]
-            new_mr_path_from_push_event(current_user.recent_push(@project.id), @ref)
-          else
-            namespace_project_blob_path(@project.namespace, @project, File.join(@target_branch, @file_path))
-          end
-          redirect_to url
-        end
-        format.json { render json: { message: "success", filePath: namespace_project_blob_path(@project.namespace, @project, File.join(@target_branch, @file_path)) } }
+        format.html { redirect_to after_create_path }
+        format.json { render json: { message: "success", filePath: after_create_path } }
       end
     else
       flash[:alert] = result[:message]
@@ -59,14 +53,7 @@ class Projects::BlobController < Projects::ApplicationController
     if result[:status] == :success
       flash[:notice] = "Your changes have been successfully committed"
       respond_to do |format|
-        format.html do
-          url = if params[:create_merge_request]
-            new_mr_path_from_push_event(current_user.recent_push(@project.id), @ref)
-          else
-            after_edit_path
-          end
-          redirect_to url
-        end
+        format.html { redirect_to after_edit_path }
         format.json { render json: { message: "success", filePath: after_edit_path } }
       end
     else
@@ -91,7 +78,7 @@ class Projects::BlobController < Projects::ApplicationController
 
     if result[:status] == :success
       flash[:notice] = "Your changes have been successfully committed"
-      redirect_to namespace_project_tree_path(@project.namespace, @project, @target_branch)
+      redirect_to after_destroy_path
     else
       flash[:alert] = result[:message]
       render :show
@@ -145,15 +132,33 @@ class Projects::BlobController < Projects::ApplicationController
     render_404
   end
 
+  def after_create_path
+    @after_create_path ||=
+      if create_merge_request?
+        new_merge_request_path
+      else
+        namespace_project_blob_path(@project.namespace, @project, File.join(@new_branch, @file_path))
+      end
+  end
+
   def after_edit_path
     @after_edit_path ||=
-      if from_merge_request
+      if create_merge_request?
+        new_merge_request_path
+      elsif from_merge_request && @new_branch == @ref
         diffs_namespace_project_merge_request_path(from_merge_request.target_project.namespace, from_merge_request.target_project, from_merge_request) +
           "#file-path-#{hexdigest(@path)}"
-      elsif @target_branch.present?
-        namespace_project_blob_path(@project.namespace, @project, File.join(@target_branch, @path))
       else
-        namespace_project_blob_path(@project.namespace, @project, @id)
+        namespace_project_blob_path(@project.namespace, @project, File.join(@new_branch, @path))
+      end
+  end
+
+  def after_destroy_path
+    @after_destroy_path ||=
+      if create_merge_request?
+        new_merge_request_path
+      else
+        namespace_project_tree_path(@project.namespace, @project, @new_branch)
       end
   end
 
@@ -168,7 +173,7 @@ class Projects::BlobController < Projects::ApplicationController
 
   def editor_variables
     @current_branch = @ref
-    @target_branch = params[:new_branch].present? ? sanitized_new_branch_name : @ref
+    @new_branch = params[:new_branch].present? ? sanitized_new_branch_name : @ref
 
     @file_path =
       if action_name.to_s == 'create'
@@ -188,7 +193,7 @@ class Projects::BlobController < Projects::ApplicationController
     @commit_params = {
       file_path: @file_path,
       current_branch: @current_branch,
-      target_branch: @target_branch,
+      target_branch: @new_branch,
       commit_message: params[:commit_message],
       file_content: params[:content],
       file_content_encoding: params[:encoding]
diff --git a/app/controllers/projects/tree_controller.rb b/app/controllers/projects/tree_controller.rb
index bdcb1a3e297..8f272ad1281 100644
--- a/app/controllers/projects/tree_controller.rb
+++ b/app/controllers/projects/tree_controller.rb
@@ -1,6 +1,7 @@
 # Controller for viewing a repository's file structure
 class Projects::TreeController < Projects::ApplicationController
   include ExtractsPath
+  include CreatesMergeRequestForCommit
   include ActionView::Helpers::SanitizeHelper
 
   before_action :require_non_empty_project, except: [:new, :create]
@@ -43,7 +44,7 @@ class Projects::TreeController < Projects::ApplicationController
     if result && result[:status] == :success
       flash[:notice] = "The directory has been successfully created"
       respond_to do |format|
-        format.html { redirect_to namespace_project_blob_path(@project.namespace, @project, File.join(@new_branch, @dir_name)) }
+        format.html { redirect_to after_create_dir_path }
       end
     else
       flash[:alert] = message
@@ -53,6 +54,8 @@ class Projects::TreeController < Projects::ApplicationController
     end
   end
 
+  private
+
   def assign_dir_vars
     @new_branch = params[:new_branch].present? ? sanitize(strip_tags(params[:new_branch])) : @ref
     @dir_name = File.join(@path, params[:dir_name])
@@ -63,4 +66,12 @@ class Projects::TreeController < Projects::ApplicationController
       commit_message: params[:commit_message],
     }
   end
+
+  def after_create_dir_path
+    if create_merge_request?
+      new_merge_request_path
+    else
+      namespace_project_blob_path(@project.namespace, @project, File.join(@new_branch, @dir_name))
+    end
+  end
 end
-- 
cgit v1.2.3


From 2f048df4a4a83ff009d2ef2d14ee04e5a2798618 Mon Sep 17 00:00:00 2001
From: Zeger-Jan van de Weg <mail@zjvandeweg.nl>
Date: Wed, 18 Nov 2015 11:17:41 +0100
Subject: API support, incorporated feedback

---
 app/controllers/projects/merge_requests_controller.rb | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index d58dab2d666..931298df5d8 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -171,9 +171,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     @merge_request.update(merge_error: nil)
 
     if params[:merge_when_build_succeeds] && @merge_request.ci_commit.active?
-      MergeRequests::MergeWhenBuildSucceedsService.new(@project,
-                                                      current_user,
-                                                      merge_params: merge_params)
+      MergeRequests::MergeWhenBuildSucceedsService.new(@project, current_user, merge_params)
                                                       .execute(@merge_request)
       @status = :merge_when_build_succeeds
     else
-- 
cgit v1.2.3


From 7b405d306431448f384591de792497e719d71caa Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Wed, 11 Nov 2015 16:25:01 +0100
Subject: Fix redirect after import fails.

---
 app/controllers/projects/imports_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/imports_controller.rb b/app/controllers/projects/imports_controller.rb
index 066b66014f8..fb8788f0818 100644
--- a/app/controllers/projects/imports_controller.rb
+++ b/app/controllers/projects/imports_controller.rb
@@ -28,8 +28,8 @@ class Projects::ImportsController < Projects::ApplicationController
       if @project.import_finished?
         redirect_to(project_path(@project)) and return
       else
-        redirect_to new_namespace_project_import_path(@project.namespace,
-                                                      @project) && return
+        redirect_to(new_namespace_project_import_path(@project.namespace,
+                                                      @project)) and return
       end
     end
   end
-- 
cgit v1.2.3


From fbdf3767495cd60b002f24ab4e9aa4d0c019de95 Mon Sep 17 00:00:00 2001
From: Yorick Peterse <yorickpeterse@gmail.com>
Date: Wed, 18 Nov 2015 12:32:35 +0100
Subject: Refactor UsersController to not kill the database

Previously this controller would in multiple places load tons (read:
around 65000) project and/or group IDs into memory. These changes in
combination with the previous commits significantly cut down loading
times of user profile pages and the Atom feeds of users.
---
 app/controllers/users_controller.rb | 29 +++++++++++------------------
 1 file changed, 11 insertions(+), 18 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 1484356a7f4..30cb869eb2a 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -3,14 +3,11 @@ class UsersController < ApplicationController
   before_action :set_user
 
   def show
-    @contributed_projects = contributed_projects.joined(@user).
-      reject(&:forked?)
+    @contributed_projects = contributed_projects.joined(@user).reject(&:forked?)
 
-    @projects = @user.personal_projects.
-      where(id: authorized_projects_ids).includes(:namespace)
+    @projects = PersonalProjectsFinder.new(@user).execute(current_user)
 
-    # Collect only groups common for both users
-    @groups = @user.groups & GroupsFinder.new.execute(current_user)
+    @groups = JoinedGroupsFinder.new(@user).execute(current_user)
 
     respond_to do |format|
       format.html
@@ -53,16 +50,8 @@ class UsersController < ApplicationController
     @user = User.find_by_username!(params[:username])
   end
 
-  def authorized_projects_ids
-    # Projects user can view
-    @authorized_projects_ids ||=
-      ProjectsFinder.new.execute(current_user).pluck(:id)
-  end
-
   def contributed_projects
-    @contributed_projects = Project.
-      where(id: authorized_projects_ids & @user.contributed_projects_ids).
-      includes(:namespace)
+    ContributedProjectsFinder.new(@user).execute(current_user)
   end
 
   def contributions_calendar
@@ -73,9 +62,13 @@ class UsersController < ApplicationController
   def load_events
     # Get user activity feed for projects common for both users
     @events = @user.recent_events.
-      where(project_id: authorized_projects_ids).
-      with_associations
+      merge(projects_for_current_user).
+      references(:project).
+      with_associations.
+      limit_recent(20, params[:offset])
+  end
 
-    @events = @events.limit(20).offset(params[:offset] || 0)
+  def projects_for_current_user
+    ProjectsFinder.new.execute(current_user)
   end
 end
-- 
cgit v1.2.3


From f3cfd20952411dc7302c78933346a9a11d8e58af Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Wed, 18 Nov 2015 17:10:06 +0100
Subject: DRY up code

---
 app/controllers/projects/blob_controller.rb | 54 +++++++++++++----------------
 1 file changed, 24 insertions(+), 30 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb
index 41ec7bde45d..31a33bfd237 100644
--- a/app/controllers/projects/blob_controller.rb
+++ b/app/controllers/projects/blob_controller.rb
@@ -23,21 +23,9 @@ class Projects::BlobController < Projects::ApplicationController
   end
 
   def create
-    result = Files::CreateService.new(@project, current_user, @commit_params).execute
-
-    if result[:status] == :success
-      flash[:notice] = "The changes have been successfully committed"
-      respond_to do |format|
-        format.html { redirect_to after_create_path }
-        format.json { render json: { message: "success", filePath: after_create_path } }
-      end
-    else
-      flash[:alert] = result[:message]
-      respond_to do |format|
-        format.html { render :new }
-        format.json { render json: { message: "failed", filePath: namespace_project_blob_path(@project.namespace, @project, @id) } }
-      end
-    end
+    create_commit(Files::CreateService, success_path: after_create_path,
+                                        failure_view: :new,
+                                        failure_path: namespace_project_new_blob_path(@project.namespace, @project, @ref))
   end
 
   def show
@@ -48,21 +36,9 @@ class Projects::BlobController < Projects::ApplicationController
   end
 
   def update
-    result = Files::UpdateService.new(@project, current_user, @commit_params).execute
-
-    if result[:status] == :success
-      flash[:notice] = "Your changes have been successfully committed"
-      respond_to do |format|
-        format.html { redirect_to after_edit_path }
-        format.json { render json: { message: "success", filePath: after_edit_path } }
-      end
-    else
-      flash[:alert] = result[:message]
-      respond_to do |format|
-        format.html { render :edit }
-        format.json { render json: { message: "failed", filePath: namespace_project_new_blob_path(@project.namespace, @project, @id) } }
-      end
-    end
+    create_commit(Files::UpdateService, success_path: after_edit_path,
+                                        failure_view: :edit,
+                                        failure_path: namespace_project_blob_path(@project.namespace, @project, @id))
   end
 
   def preview
@@ -132,6 +108,24 @@ class Projects::BlobController < Projects::ApplicationController
     render_404
   end
 
+  def create_commit(service, success_path:, failure_view:, failure_path:)
+    result = service.new(@project, current_user, @commit_params).execute
+
+    if result[:status] == :success
+      flash[:notice] = "Your changes have been successfully committed"
+      respond_to do |format|
+        format.html { redirect_to success_path }
+        format.json { render json: { message: "success", filePath: success_path } }
+      end
+    else
+      flash[:alert] = result[:message]
+      respond_to do |format|
+        format.html { render failure_view }
+        format.json { render json: { message: "failed", filePath: failure_path } }
+      end
+    end
+  end
+
   def after_create_path
     @after_create_path ||=
       if create_merge_request?
-- 
cgit v1.2.3


From fd2c0fe446c7f761b845c91307ef8110d869e8e8 Mon Sep 17 00:00:00 2001
From: Valery Sizov <vsv2711@gmail.com>
Date: Wed, 11 Nov 2015 15:12:51 +0200
Subject: award emoji

---
 app/controllers/projects/issues_controller.rb      |  2 +-
 .../projects/merge_requests_controller.rb          |  2 +-
 app/controllers/projects/notes_controller.rb       | 25 +++++++++++++++++++++-
 3 files changed, 26 insertions(+), 3 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index e74c2905e48..5250a0f5e67 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -60,7 +60,7 @@ class Projects::IssuesController < Projects::ApplicationController
   def show
     @participants = @issue.participants(current_user)
     @note = @project.notes.new(noteable: @issue)
-    @notes = @issue.notes.with_associations.fresh
+    @notes = @issue.notes.nonawards.with_associations.fresh
     @noteable = @issue
 
     respond_with(@issue)
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 188f0cc4cea..a0468c65d5a 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -254,7 +254,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
 
     # Build a note object for comment form
     @note = @project.notes.new(noteable: @merge_request)
-    @notes = @merge_request.mr_and_commit_notes.inc_author.fresh
+    @notes = @merge_request.nonawards.mr_and_commit_notes.inc_author.fresh
     @discussions = Note.discussions_from_notes(@notes)
     @noteable = @merge_request
 
diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index 41cd08c93c6..357b292980d 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -3,7 +3,7 @@ class Projects::NotesController < Projects::ApplicationController
   before_action :authorize_read_note!
   before_action :authorize_create_note!, only: [:create]
   before_action :authorize_admin_note!, only: [:update, :destroy]
-  before_action :find_current_user_notes, except: [:destroy, :delete_attachment]
+  before_action :find_current_user_notes, except: [:destroy, :delete_attachment, :award_toggle]]
 
   def index
     current_fetched_at = Time.now.to_i
@@ -58,6 +58,27 @@ class Projects::NotesController < Projects::ApplicationController
     end
   end
 
+  def award_toggle
+    noteable = params[:noteable_type] == "Issue" ? Issue : MergeRequest
+    noteable = noteable.find(params[:noteable_id])
+    data = {
+      noteable: noteable,
+      author: current_user,
+      is_award: true,
+      note: params[:emoji]
+    }
+
+    note = project.notes.find_by(data)
+
+    if note
+      note.destroy
+    else
+      project.notes.create(data)
+    end
+
+    render json: {ok: true}
+  end
+
   private
 
   def note
@@ -111,6 +132,8 @@ class Projects::NotesController < Projects::ApplicationController
       id: note.id,
       discussion_id: note.discussion_id,
       html: note_to_html(note),
+      award: note.is_award,
+      note: note.note,
       discussion_html: note_to_discussion_html(note),
       discussion_with_diff_html: note_to_discussion_with_diff_html(note)
     }
-- 
cgit v1.2.3


From 2f6f99d300675b0794b2e96be564db9d405fac36 Mon Sep 17 00:00:00 2001
From: Valery Sizov <valery@gitlab.com>
Date: Wed, 18 Nov 2015 16:48:37 +0200
Subject: award for merge requests[ci skip]

---
 app/controllers/projects/merge_requests_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index a0468c65d5a..6378a1f56b0 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -254,7 +254,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
 
     # Build a note object for comment form
     @note = @project.notes.new(noteable: @merge_request)
-    @notes = @merge_request.nonawards.mr_and_commit_notes.inc_author.fresh
+    @notes = @merge_request.mr_and_commit_notes.nonawards.inc_author.fresh
     @discussions = Note.discussions_from_notes(@notes)
     @noteable = @merge_request
 
-- 
cgit v1.2.3


From 23df515fd09661a690c0c0a651e131bc3a6d0191 Mon Sep 17 00:00:00 2001
From: Valery Sizov <vsv2711@gmail.com>
Date: Wed, 18 Nov 2015 23:59:58 +0200
Subject: Emoji: fix image of emoji when it is submitted via comment

---
 app/controllers/projects/notes_controller.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index 357b292980d..98bf056a605 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -133,6 +133,7 @@ class Projects::NotesController < Projects::ApplicationController
       discussion_id: note.discussion_id,
       html: note_to_html(note),
       award: note.is_award,
+      emoji_path: note.is_award ? ::AwardEmoji.path_to_emoji_image(note.note) : "",
       note: note.note,
       discussion_html: note_to_discussion_html(note),
       discussion_with_diff_html: note_to_discussion_with_diff_html(note)
-- 
cgit v1.2.3


From a2912074be67deb6345a37787c14b7e640be26f8 Mon Sep 17 00:00:00 2001
From: Valery Sizov <vsv2711@gmail.com>
Date: Thu, 19 Nov 2015 01:31:15 +0200
Subject: satisfy rubocop

---
 app/controllers/projects/notes_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index 98bf056a605..8159cc50838 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -3,7 +3,7 @@ class Projects::NotesController < Projects::ApplicationController
   before_action :authorize_read_note!
   before_action :authorize_create_note!, only: [:create]
   before_action :authorize_admin_note!, only: [:update, :destroy]
-  before_action :find_current_user_notes, except: [:destroy, :delete_attachment, :award_toggle]]
+  before_action :find_current_user_notes, except: [:destroy, :delete_attachment, :award_toggle]
 
   def index
     current_fetched_at = Time.now.to_i
@@ -76,7 +76,7 @@ class Projects::NotesController < Projects::ApplicationController
       project.notes.create(data)
     end
 
-    render json: {ok: true}
+    render json: { ok: true }
   end
 
   private
-- 
cgit v1.2.3


From bdf4007cb7b18ed6892455d0a9adf78476188563 Mon Sep 17 00:00:00 2001
From: Valery Sizov <vsv2711@gmail.com>
Date: Thu, 19 Nov 2015 18:12:17 +0200
Subject: adressing comments

---
 app/controllers/projects/notes_controller.rb | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index 8159cc50838..263b8b8d94e 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -59,21 +59,21 @@ class Projects::NotesController < Projects::ApplicationController
   end
 
   def award_toggle
-    noteable = params[:noteable_type] == "Issue" ? Issue : MergeRequest
-    noteable = noteable.find(params[:noteable_id])
+    noteable = note_params[:noteable_type] == "issue" ? Issue : MergeRequest
+    noteable = noteable.find_by!(id: note_params[:noteable_id], project: project)
+
     data = {
-      noteable: noteable,
       author: current_user,
       is_award: true,
-      note: params[:emoji]
+      note: note_params[:note]
     }
 
-    note = project.notes.find_by(data)
+    note = noteable.notes.find_by(data)
 
     if note
       note.destroy
     else
-      project.notes.create(data)
+      Notes::CreateService.new(project, current_user, note_params).execute
     end
 
     render json: { ok: true }
-- 
cgit v1.2.3


From 8248314bc9256d3a0252ad6322df098edca7385a Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Thu, 19 Nov 2015 20:16:56 +0100
Subject: Don't rescue Exception, but StandardError

---
 app/controllers/ci/lints_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/ci/lints_controller.rb b/app/controllers/ci/lints_controller.rb
index 24dd1b5c93a..a4f6aff49b4 100644
--- a/app/controllers/ci/lints_controller.rb
+++ b/app/controllers/ci/lints_controller.rb
@@ -15,10 +15,10 @@ module Ci
         @builds = @config_processor.builds
         @status = true
       end
-    rescue Ci::GitlabCiYamlProcessor::ValidationError => e
+    rescue Ci::GitlabCiYamlProcessor::ValidationError, Psych::SyntaxError => e
       @error = e.message
       @status = false
-    rescue Exception
+    rescue
       @error = "Undefined error"
       @status = false
     end
-- 
cgit v1.2.3


From f31ee525070d335aba8a189b304e3c446aedf1fb Mon Sep 17 00:00:00 2001
From: Valery Sizov <vsv2711@gmail.com>
Date: Fri, 20 Nov 2015 11:13:43 +0200
Subject: Fix for Emoji

---
 app/controllers/projects/notes_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index 263b8b8d94e..1e3f1d8fd2f 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -65,7 +65,7 @@ class Projects::NotesController < Projects::ApplicationController
     data = {
       author: current_user,
       is_award: true,
-      note: note_params[:note]
+      note: note_params[:note].gsub(":", '')
     }
 
     note = noteable.notes.find_by(data)
-- 
cgit v1.2.3


From 5a4c56c38dd7aef414582edb880b343bf67b65b8 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Thu, 19 Nov 2015 14:49:35 +0100
Subject: Reduce method complexity in AutocompleteController

---
 app/controllers/autocomplete_controller.rb | 49 ++++++++++++++----------------
 1 file changed, 22 insertions(+), 27 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb
index 202e9da9eee..aa0268b8d62 100644
--- a/app/controllers/autocomplete_controller.rb
+++ b/app/controllers/autocomplete_controller.rb
@@ -1,34 +1,8 @@
 class AutocompleteController < ApplicationController
   skip_before_action :authenticate_user!, only: [:users]
+  before_action :find_users, only: [:users]
 
   def users
-    begin
-      @users =
-        if params[:project_id].present?
-          project = Project.find(params[:project_id])
-
-          if can?(current_user, :read_project, project)
-            project.team.users
-          end
-        elsif params[:group_id]
-          group = Group.find(params[:group_id])
-
-          if can?(current_user, :read_group, group)
-            group.users
-          end
-        elsif current_user
-          User.all
-        end
-    rescue ActiveRecord::RecordNotFound
-      if current_user
-        return render json: {}, status: 404
-      end
-    end
-
-    if @users.nil? && current_user.nil?
-      authenticate_user!
-    end
-
     @users ||= User.none
     @users = @users.search(params[:search]) if params[:search].present?
     @users = @users.active
@@ -49,4 +23,25 @@ class AutocompleteController < ApplicationController
     @user = User.find(params[:id])
     render json: @user, only: [:name, :username, :id], methods: [:avatar_url]
   end
+
+  private
+
+  def find_users
+    @users =
+      if params[:project_id].present?
+        project = Project.find(params[:project_id])
+        return render_404 unless can?(current_user, :read_project, project)
+
+        project.team.users
+      elsif params[:group_id].present?
+        group = Group.find(params[:group_id])
+        return render_404 unless can?(current_user, :read_group, group)
+
+        group.users
+      elsif current_user
+        User.all
+      else
+        User.none
+      end
+  end
 end
-- 
cgit v1.2.3


From fbac9e106dd6acf35ba679b106b438a3bbfd191f Mon Sep 17 00:00:00 2001
From: Valery Sizov <vsv2711@gmail.com>
Date: Sat, 21 Nov 2015 18:32:59 +0200
Subject: Award: merge request fix

---
 app/controllers/projects/notes_controller.rb | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index 1e3f1d8fd2f..ead940aea6c 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -59,8 +59,11 @@ class Projects::NotesController < Projects::ApplicationController
   end
 
   def award_toggle
-    noteable = note_params[:noteable_type] == "issue" ? Issue : MergeRequest
-    noteable = noteable.find_by!(id: note_params[:noteable_id], project: project)
+    noteable = if note_params[:noteable_type] == "issue"
+                 project.issues.find(note_params[:noteable_id])
+               else
+                 project.merge_requests.find(note_params[:noteable_id])
+               end
 
     data = {
       author: current_user,
-- 
cgit v1.2.3


From 3fc10d46f180d5b1904496e4f4e528d215057dbd Mon Sep 17 00:00:00 2001
From: Valery Sizov <vsv2711@gmail.com>
Date: Sun, 22 Nov 2015 01:51:00 +0200
Subject: Emoji bug: Invalid url to image

---
 app/controllers/projects/notes_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index ead940aea6c..5ac18446aa7 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -136,7 +136,7 @@ class Projects::NotesController < Projects::ApplicationController
       discussion_id: note.discussion_id,
       html: note_to_html(note),
       award: note.is_award,
-      emoji_path: note.is_award ? ::AwardEmoji.path_to_emoji_image(note.note) : "",
+      emoji_path: note.is_award ? view_context.image_url(::AwardEmoji.path_to_emoji_image(note.note)) : "",
       note: note.note,
       discussion_html: note_to_discussion_html(note),
       discussion_with_diff_html: note_to_discussion_with_diff_html(note)
-- 
cgit v1.2.3


From 075e3661c534a06753065e9e3323168b786cdbe5 Mon Sep 17 00:00:00 2001
From: Felipe Orlando <bee.sql@gmail.com>
Date: Sun, 22 Nov 2015 06:04:20 -0200
Subject: Update autocomplete_controller to be more readable

---
 app/controllers/autocomplete_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb
index aa0268b8d62..77c8dafc012 100644
--- a/app/controllers/autocomplete_controller.rb
+++ b/app/controllers/autocomplete_controller.rb
@@ -9,7 +9,7 @@ class AutocompleteController < ApplicationController
     @users = @users.reorder(:name)
     @users = @users.page(params[:page]).per(PER_PAGE)
 
-    unless params[:search].present?
+    if params[:search].blank?
       # Include current user if available to filter by "Me"
       if params[:current_user] && current_user
         @users = [*@users, current_user].uniq
-- 
cgit v1.2.3


From 8608c6325e19f529f7b43ff881c562d3a0114e1c Mon Sep 17 00:00:00 2001
From: Zeger-Jan van de Weg <mail@zjvandeweg.nl>
Date: Mon, 23 Nov 2015 09:42:20 +0100
Subject: Refactor MergeWhenBuildSucceedsService and incorporate feedback

---
 app/controllers/projects/merge_requests_controller.rb | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 9db6ed5022d..f2e9a34dd2e 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -151,14 +151,9 @@ class Projects::MergeRequestsController < Projects::ApplicationController
   end
 
   def cancel_merge_when_build_succeeds
-    unless @merge_request.can_be_merged_by?(current_user) || @merge_request.author == current_user
-      return access_denied!
-    end
+    return access_denied! unless @merge_request.can_cancel_merge_when_build_succeeds?(current_user)
 
-    if @merge_request.merge_when_build_succeeds?
-      @merge_request.reset_merge_when_build_succeeds
-      SystemNoteService.cancel_merge_when_build_succeeds(merge_request, @project, @current_user)
-    end
+    MergeRequests::MergeWhenBuildSucceedsService.new(@project, current_user).cancel(@merge_request)
   end
 
   def merge
@@ -171,7 +166,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
 
     @merge_request.update(merge_error: nil)
 
-    if params[:merge_when_build_succeeds] && @merge_request.ci_commit.active?
+    if params[:merge_when_build_succeeds] && @merge_request.ci_commit && @merge_request.ci_commit.active?
       MergeRequests::MergeWhenBuildSucceedsService.new(@project, current_user, merge_params)
                                                       .execute(@merge_request)
       @status = :merge_when_build_succeeds
-- 
cgit v1.2.3


From 8dcef120cd94717b4f82db864191698826ca02a5 Mon Sep 17 00:00:00 2001
From: Douglas Barbosa Alexandre <dbalexandre@gmail.com>
Date: Wed, 25 Nov 2015 17:24:07 -0200
Subject: Fix raw private snippets access workflow

---
 app/controllers/snippets_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb
index 08f2483af33..c72df73af46 100644
--- a/app/controllers/snippets_controller.rb
+++ b/app/controllers/snippets_controller.rb
@@ -2,7 +2,7 @@ class SnippetsController < ApplicationController
   before_action :snippet, only: [:show, :edit, :destroy, :update, :raw]
 
   # Allow read snippet
-  before_action :authorize_read_snippet!, only: [:show]
+  before_action :authorize_read_snippet!, only: [:show, :raw]
 
   # Allow modify snippet
   before_action :authorize_update_snippet!, only: [:edit, :update]
-- 
cgit v1.2.3


From 2497d3d550dc0d4e095c8c3fe75d4452fb163252 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Wed, 25 Nov 2015 23:11:35 -0800
Subject: Fix 404 in redirection after removing a project

Closes https://github.com/gitlabhq/gitlabhq/issues/9844

Closes #3559
---
 app/controllers/projects_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 23453195e85..10c75370d7b 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -123,7 +123,7 @@ class ProjectsController < ApplicationController
     ::Projects::DestroyService.new(@project, current_user, {}).execute
     flash[:alert] = "Project '#{@project.name}' was deleted."
 
-    redirect_back_or_default(default: dashboard_projects_path, options: {})
+    redirect_to dashboard_projects_path
   rescue Projects::DestroyService::DestroyError => ex
     redirect_to edit_project_path(@project), alert: ex.message
   end
-- 
cgit v1.2.3


From 7f214cee74796ceaf7b01bd6e133d4d54c5123db Mon Sep 17 00:00:00 2001
From: Valery Sizov <vsv2711@gmail.com>
Date: Thu, 26 Nov 2015 15:48:01 +0200
Subject: Migrate mailers to ActiveJob

---
 app/controllers/abuse_reports_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/abuse_reports_controller.rb b/app/controllers/abuse_reports_controller.rb
index 2f4054eaa11..d8e90594332 100644
--- a/app/controllers/abuse_reports_controller.rb
+++ b/app/controllers/abuse_reports_controller.rb
@@ -10,7 +10,7 @@ class AbuseReportsController < ApplicationController
 
     if @abuse_report.save
       if current_application_settings.admin_notification_email.present?
-        AbuseReportMailer.delay.notify(@abuse_report.id)
+        AbuseReportMailer.deliver_later.notify(@abuse_report.id)
       end
 
       message = "Thank you for your report. A GitLab administrator will look into it shortly."
-- 
cgit v1.2.3


From b9df1a63550c78396d43b661bd24d2745604f6fc Mon Sep 17 00:00:00 2001
From: Jose Corcuera <jzcorcuera@gmail.com>
Date: Thu, 26 Nov 2015 10:16:50 -0500
Subject: Strip attributes for Milestone and Issuable. #3428

---
 app/controllers/projects/issues_controller.rb         | 4 +---
 app/controllers/projects/merge_requests_controller.rb | 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index 5250a0f5e67..ae474cf8d68 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -158,12 +158,10 @@ class Projects::IssuesController < Projects::ApplicationController
   end
 
   def issue_params
-    permitted = params.require(:issue).permit(
+    params.require(:issue).permit(
       :title, :assignee_id, :position, :description,
       :milestone_id, :state_event, :task_num, label_ids: []
     )
-    params[:issue][:title].strip! if params[:issue][:title]
-    permitted
   end
 
   def bulk_update_params
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 6378a1f56b0..3f47f2ddb2c 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -276,13 +276,11 @@ class Projects::MergeRequestsController < Projects::ApplicationController
   end
 
   def merge_request_params
-    permitted = params.require(:merge_request).permit(
+    params.require(:merge_request).permit(
       :title, :assignee_id, :source_project_id, :source_branch,
       :target_project_id, :target_branch, :milestone_id,
       :state_event, :description, :task_num, label_ids: []
     )
-    params[:merge_request][:title].strip! if params[:merge_request][:title]
-    permitted
   end
 
   # Make sure merge requests created before 8.0
-- 
cgit v1.2.3


From e92ceb7b57139e985674a44cfe75534c52ed4acd Mon Sep 17 00:00:00 2001
From: Valery Sizov <valery@gitlab.com>
Date: Mon, 30 Nov 2015 16:12:31 +0200
Subject: fix specs

---
 app/controllers/abuse_reports_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/abuse_reports_controller.rb b/app/controllers/abuse_reports_controller.rb
index d8e90594332..20bc5173f1d 100644
--- a/app/controllers/abuse_reports_controller.rb
+++ b/app/controllers/abuse_reports_controller.rb
@@ -10,7 +10,7 @@ class AbuseReportsController < ApplicationController
 
     if @abuse_report.save
       if current_application_settings.admin_notification_email.present?
-        AbuseReportMailer.deliver_later.notify(@abuse_report.id)
+        AbuseReportMailer.notify(@abuse_report.id).deliver_later
       end
 
       message = "Thank you for your report. A GitLab administrator will look into it shortly."
-- 
cgit v1.2.3


From 8c4a3c77d87e89bf3fd237fef49fc87fb6170d86 Mon Sep 17 00:00:00 2001
From: Minsik Yoon <yms9654@gmail.com>
Date: Mon, 30 Nov 2015 18:30:44 +0900
Subject: Add ignore whitespace change option to commit view

---
 app/controllers/projects/commit_controller.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb
index deefdd76667..3f137440e28 100644
--- a/app/controllers/projects/commit_controller.rb
+++ b/app/controllers/projects/commit_controller.rb
@@ -67,7 +67,12 @@ class Projects::CommitController < Projects::ApplicationController
   end
 
   def define_show_vars
-    @diffs = commit.diffs
+    if params[:w].to_i == 1
+      @diffs = commit.diffs({ ignore_whitespace_change: true })
+    else
+      @diffs = commit.diffs
+    end
+
     @notes_count = commit.notes.count
     
     @builds = ci_commit.builds if ci_commit
-- 
cgit v1.2.3


From daca985a6e75d6f43c5cc5b487a0942d5bf93f68 Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Tue, 1 Dec 2015 23:40:24 -0500
Subject: Prevent impersonation if blocked

---
 app/controllers/admin/impersonation_controller.rb | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/admin/impersonation_controller.rb b/app/controllers/admin/impersonation_controller.rb
index 0382402afa6..102dd437402 100644
--- a/app/controllers/admin/impersonation_controller.rb
+++ b/app/controllers/admin/impersonation_controller.rb
@@ -5,14 +5,20 @@ class Admin::ImpersonationController < Admin::ApplicationController
   before_action :authorize_impersonator!
 
   def create
-    session[:impersonator_id] = current_user.username
-    session[:impersonator_return_to] = request.env['HTTP_REFERER']
+    if @user.blocked?
+      flash[:alert] = "You cannot impersonate a blocked user"
 
-    warden.set_user(user, scope: 'user')
+      redirect_to admin_user_path(@user)
+    else
+      session[:impersonator_id] = current_user.username
+      session[:impersonator_return_to] = request.env['HTTP_REFERER']
+
+      warden.set_user(user, scope: 'user')
 
-    flash[:alert] = "You are impersonating #{user.username}."
+      flash[:alert] = "You are impersonating #{user.username}."
 
-    redirect_to root_path
+      redirect_to root_path
+    end
   end
 
   def destroy
-- 
cgit v1.2.3


From ec754d221368fad2b765fa60c665a461b2b29c78 Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Wed, 2 Dec 2015 13:21:07 -0500
Subject: Be more explicit with the impersonate return URL

---
 app/controllers/admin/impersonation_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/admin/impersonation_controller.rb b/app/controllers/admin/impersonation_controller.rb
index 102dd437402..bf98af78615 100644
--- a/app/controllers/admin/impersonation_controller.rb
+++ b/app/controllers/admin/impersonation_controller.rb
@@ -11,7 +11,7 @@ class Admin::ImpersonationController < Admin::ApplicationController
       redirect_to admin_user_path(@user)
     else
       session[:impersonator_id] = current_user.username
-      session[:impersonator_return_to] = request.env['HTTP_REFERER']
+      session[:impersonator_return_to] = admin_user_path(@user)
 
       warden.set_user(user, scope: 'user')
 
-- 
cgit v1.2.3


From bfce5d716835f07b98b6d26ccc121d3ac8322aa9 Mon Sep 17 00:00:00 2001
From: Grzegorz Bizon <grzegorz.bizon@ntsn.pl>
Date: Wed, 2 Dec 2015 10:13:29 +0100
Subject: Render json message with errors if note didn't pass validation

---
 app/controllers/projects/notes_controller.rb | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index 5ac18446aa7..a7ff5fcd09a 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -131,16 +131,20 @@ class Projects::NotesController < Projects::ApplicationController
   end
 
   def render_note_json(note)
-    render json: {
-      id: note.id,
-      discussion_id: note.discussion_id,
-      html: note_to_html(note),
-      award: note.is_award,
-      emoji_path: note.is_award ? view_context.image_url(::AwardEmoji.path_to_emoji_image(note.note)) : "",
-      note: note.note,
-      discussion_html: note_to_discussion_html(note),
-      discussion_with_diff_html: note_to_discussion_with_diff_html(note)
-    }
+    if note.valid?
+      render json: {
+        id: note.id,
+        discussion_id: note.discussion_id,
+        html: note_to_html(note),
+        award: note.is_award,
+        emoji_path: note.is_award ? view_context.image_url(::AwardEmoji.path_to_emoji_image(note.note)) : "",
+        note: note.note,
+        discussion_html: note_to_discussion_html(note),
+        discussion_with_diff_html: note_to_discussion_with_diff_html(note)
+      }
+    else
+      render json: { invalid: true, errors: note.errors }
+    end
   end
 
   def authorize_admin_note!
-- 
cgit v1.2.3


From a527f5c27ff92d2ee7e2d5e78dc20b6d1d982aa0 Mon Sep 17 00:00:00 2001
From: Grzegorz Bizon <grzegorz.bizon@ntsn.pl>
Date: Wed, 2 Dec 2015 10:51:46 +0100
Subject: Notify user when award-emoji comment is invalid

---
 app/controllers/projects/notes_controller.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index a7ff5fcd09a..88b949a27ab 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -133,6 +133,7 @@ class Projects::NotesController < Projects::ApplicationController
   def render_note_json(note)
     if note.valid?
       render json: {
+        valid: true,
         id: note.id,
         discussion_id: note.discussion_id,
         html: note_to_html(note),
@@ -143,7 +144,11 @@ class Projects::NotesController < Projects::ApplicationController
         discussion_with_diff_html: note_to_discussion_with_diff_html(note)
       }
     else
-      render json: { invalid: true, errors: note.errors }
+      render json: {
+        valid: false,
+        award: note.is_award,
+        errors: note.errors
+      }
     end
   end
 
-- 
cgit v1.2.3


From 0a081e7eff9730beebd4bea1eb40873d907b6293 Mon Sep 17 00:00:00 2001
From: Marin Jankovski <maxlazio@gmail.com>
Date: Thu, 3 Dec 2015 14:59:10 +0100
Subject: If a user clicks on the LFS object, it should be served if the user
 has access to the object.

---
 app/controllers/projects/blob_controller.rb | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb
index 31a33bfd237..d0108c823a9 100644
--- a/app/controllers/projects/blob_controller.rb
+++ b/app/controllers/projects/blob_controller.rb
@@ -17,6 +17,7 @@ class Projects::BlobController < Projects::ApplicationController
   before_action :require_branch_head, only: [:edit, :update]
   before_action :editor_variables, except: [:show, :preview, :diff]
   before_action :after_edit_path, only: [:edit, :update]
+  before_action :show_lfs_object, only: :show
 
   def new
     commit unless @repository.empty?
@@ -193,4 +194,20 @@ class Projects::BlobController < Projects::ApplicationController
       file_content_encoding: params[:encoding]
     }
   end
+
+  def show_lfs_object
+    return unless @blob && @blob.text? && @blob.data.present?
+
+    if @blob.data.starts_with?("version https://git-lfs.github.com/spec")
+      oid = @blob.data.match(/#{LfsObject::MATCH_FROM_POINTER_REGEX}/)
+      if oid && oid[1]
+        lfs_object = LfsObject.find_by_oid(oid[1])
+        return nil unless lfs_object && lfs_object.file.exists?
+
+        if lfs_object.projects.exists?(lfs_object.storage_project(@project).id)
+          send_file lfs_object.file.path, filename: @blob.name, disposition: 'attachment'
+        end
+      end
+    end
+  end
 end
-- 
cgit v1.2.3


From dbbd2b863b402e460ac1dc90f852fcae617a2351 Mon Sep 17 00:00:00 2001
From: Greg Smethells <smethells@icloud.com>
Date: Mon, 30 Nov 2015 14:47:44 -0600
Subject: sort milestones by due_date

---
 app/controllers/concerns/global_milestones.rb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'app/controllers')

diff --git a/app/controllers/concerns/global_milestones.rb b/app/controllers/concerns/global_milestones.rb
index b428249acd3..3e4c0e63601 100644
--- a/app/controllers/concerns/global_milestones.rb
+++ b/app/controllers/concerns/global_milestones.rb
@@ -2,8 +2,10 @@ module GlobalMilestones
   extend ActiveSupport::Concern
 
   def milestones
+    epoch = DateTime.parse('1970-01-01')
     @milestones = MilestonesFinder.new.execute(@projects, params)
     @milestones = GlobalMilestone.build_collection(@milestones)
+    @milestones = @milestones.sort_by { |x| x.due_date.nil? ? epoch : x.due_date }
     @milestones = Kaminari.paginate_array(@milestones).page(params[:page]).per(ApplicationController::PER_PAGE)
   end
 
-- 
cgit v1.2.3


From ea52a81da4888af232e9868d722cc91d5e442723 Mon Sep 17 00:00:00 2001
From: Marin Jankovski <maxlazio@gmail.com>
Date: Thu, 3 Dec 2015 17:08:09 +0100
Subject: Move the file serving to Raw controller, add a few ifs to view.

---
 app/controllers/projects/blob_controller.rb | 17 ----------------
 app/controllers/projects/raw_controller.rb  | 31 ++++++++++++++++++++++-------
 2 files changed, 24 insertions(+), 24 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb
index d0108c823a9..31a33bfd237 100644
--- a/app/controllers/projects/blob_controller.rb
+++ b/app/controllers/projects/blob_controller.rb
@@ -17,7 +17,6 @@ class Projects::BlobController < Projects::ApplicationController
   before_action :require_branch_head, only: [:edit, :update]
   before_action :editor_variables, except: [:show, :preview, :diff]
   before_action :after_edit_path, only: [:edit, :update]
-  before_action :show_lfs_object, only: :show
 
   def new
     commit unless @repository.empty?
@@ -194,20 +193,4 @@ class Projects::BlobController < Projects::ApplicationController
       file_content_encoding: params[:encoding]
     }
   end
-
-  def show_lfs_object
-    return unless @blob && @blob.text? && @blob.data.present?
-
-    if @blob.data.starts_with?("version https://git-lfs.github.com/spec")
-      oid = @blob.data.match(/#{LfsObject::MATCH_FROM_POINTER_REGEX}/)
-      if oid && oid[1]
-        lfs_object = LfsObject.find_by_oid(oid[1])
-        return nil unless lfs_object && lfs_object.file.exists?
-
-        if lfs_object.projects.exists?(lfs_object.storage_project(@project).id)
-          send_file lfs_object.file.path, filename: @blob.name, disposition: 'attachment'
-        end
-      end
-    end
-  end
 end
diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb
index d5ee6ac8663..c56f432a1f1 100644
--- a/app/controllers/projects/raw_controller.rb
+++ b/app/controllers/projects/raw_controller.rb
@@ -10,15 +10,13 @@ class Projects::RawController < Projects::ApplicationController
     @blob = @repository.blob_at(@commit.id, @path)
 
     if @blob
-      type = get_blob_type
-
       headers['X-Content-Type-Options'] = 'nosniff'
 
-      send_data(
-        @blob.data,
-        type: type,
-        disposition: 'inline'
-      )
+      if @blob.lfs_pointer?
+        send_lfs_object
+      else
+        stream_data
+      end
     else
       render_404
     end
@@ -35,4 +33,23 @@ class Projects::RawController < Projects::ApplicationController
       'application/octet-stream'
     end
   end
+
+  def stream_data
+    type = get_blob_type
+
+    send_data(
+        @blob.data,
+        type: type,
+        disposition: 'inline'
+      )
+  end
+
+  def send_lfs_object
+    lfs_object = LfsObject.find_by_oid(@blob.lfs_oid)
+    return nil unless lfs_object && lfs_object.file.exists?
+
+    if lfs_object.projects.exists?(lfs_object.storage_project(@project).id)
+      send_file lfs_object.file.path, filename: @blob.name, disposition: 'attachment'
+    end
+  end
 end
-- 
cgit v1.2.3


From a89d6d1428d61bd2ae6f530acfc5a34d5a9c46e8 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Thu, 3 Dec 2015 18:53:17 +0100
Subject: Add authorization to new branch/tag pages.

---
 app/controllers/projects/branches_controller.rb | 2 +-
 app/controllers/projects/tags_controller.rb     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb
index 3ac0a75fa70..3c2849a7601 100644
--- a/app/controllers/projects/branches_controller.rb
+++ b/app/controllers/projects/branches_controller.rb
@@ -3,7 +3,7 @@ class Projects::BranchesController < Projects::ApplicationController
   # Authorize
   before_action :require_non_empty_project
   before_action :authorize_download_code!
-  before_action :authorize_push_code!, only: [:create, :destroy]
+  before_action :authorize_push_code!, only: [:new, :create, :destroy]
 
   def index
     @sort = params[:sort] || 'name'
diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb
index cb39c2b8782..280fe12cc7c 100644
--- a/app/controllers/projects/tags_controller.rb
+++ b/app/controllers/projects/tags_controller.rb
@@ -2,7 +2,7 @@ class Projects::TagsController < Projects::ApplicationController
   # Authorize
   before_action :require_non_empty_project
   before_action :authorize_download_code!
-  before_action :authorize_push_code!, only: [:create]
+  before_action :authorize_push_code!, only: [:new, :create]
   before_action :authorize_admin_project!, only: [:destroy]
 
   def index
-- 
cgit v1.2.3


From a120b78940b6c7150f405091d620b34c0fccbd28 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Tue, 1 Dec 2015 16:15:01 -0800
Subject: Handle and report SSL errors in Web hook test. Check for status 200
 for success.

If a Web hook test fails due to an SSL error or some other error, report
the result back to the user instead of an Error 500.

Closes #3656

Handle response
---
 app/controllers/projects/hooks_controller.rb | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/hooks_controller.rb b/app/controllers/projects/hooks_controller.rb
index c7569541899..6a62880cb71 100644
--- a/app/controllers/projects/hooks_controller.rb
+++ b/app/controllers/projects/hooks_controller.rb
@@ -25,13 +25,12 @@ class Projects::HooksController < Projects::ApplicationController
 
   def test
     if !@project.empty_repo?
-      status = TestHookService.new.execute(hook, current_user)
+      status, message = TestHookService.new.execute(hook, current_user)
 
       if status
         flash[:notice] = 'Hook successfully executed.'
       else
-        flash[:alert] = 'Hook execution failed. '\
-                        'Ensure hook URL is correct and service is up.'
+        flash[:alert] = "Hook execution failed: #{message}"
       end
     else
       flash[:alert] = 'Hook execution failed. Ensure the project has commits.'
-- 
cgit v1.2.3


From d800a949d2d5497e8aff3ae28ec8520e5b99cdb8 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Thu, 3 Dec 2015 23:33:52 -0800
Subject: Fix Error 500 when creating global milestones with Unicode characters
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two issues:

1. The constraints in the resources were incorrect. Here's what it was before:
```
group_milestone  GET /groups/:group_id/milestones/:id(.:format)  groups/milestones#show {:id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/, :group_id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/}
```

In this case, id is actually the title of the milestone, which can be anything at the moment.

After:

```
group_milestone  GET /groups/:group_id/milestones/:id(.:format)  groups/milestones#show {:id=>/[^\/]+/, :group_id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/}
```

2. `parameterize` would strip all Unicode characters, leaving a blank string. Rails would report something like:

ActionView::Template::Error (No route matches {:action=>"show", :controller=>"groups/milestones", :group_id=>#<Group id: 48, name: "ops-dev", path: "ops-dev", owner_id: nil, created_at: "2015-11-15 08:55:30", updated_at: "2015-12-02 06:23:26", type: "Group", description: "", avatar: "sha1.c71e73d51af1865c1bbbf6208e10044d46c9bb93.png", public: false>, :id=>"", :title=>"肯定不是中文的问题"} missing required keys: [:id]):

This change uses the babosa library to create a better slug, which surprisingly
isn't actually used by the global milestone controllers. Instead, they use the
title passed as a query string for some reason.

Closes https://github.com/gitlabhq/gitlabhq/issues/9881

Fix constraints
---
 app/controllers/groups/milestones_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/groups/milestones_controller.rb b/app/controllers/groups/milestones_controller.rb
index 10233222ee1..0c2a350bc39 100644
--- a/app/controllers/groups/milestones_controller.rb
+++ b/app/controllers/groups/milestones_controller.rb
@@ -46,7 +46,7 @@ class Groups::MilestonesController < Groups::ApplicationController
   end
 
   def milestone_path(title)
-    group_milestone_path(@group, title.parameterize, title: title)
+    group_milestone_path(@group, title.to_slug.to_s, title: title)
   end
 
   def projects
-- 
cgit v1.2.3


From 1c53dc28b505f2853750ed4ea8b954385c5bf598 Mon Sep 17 00:00:00 2001
From: Andrew Tomaka <atomaka@gmail.com>
Date: Wed, 2 Dec 2015 19:02:15 -0500
Subject: Notify user if they cannot create projects

---
 app/controllers/profiles_controller.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/controllers')

diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
index 8da7b4d50ea..28803164fcf 100644
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -70,6 +70,7 @@ class ProfilesController < Profiles::ApplicationController
       :email,
       :hide_no_password,
       :hide_no_ssh_key,
+      :hide_project_limit,
       :linkedin,
       :location,
       :name,
-- 
cgit v1.2.3


From e53b350cb6db7438c1a50c500b324fd87afc41c4 Mon Sep 17 00:00:00 2001
From: Marin Jankovski <maxlazio@gmail.com>
Date: Mon, 7 Dec 2015 15:03:50 +0100
Subject: Add specs for showing lfs object in UI.

---
 app/controllers/projects/raw_controller.rb | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb
index c56f432a1f1..be7d5c187fe 100644
--- a/app/controllers/projects/raw_controller.rb
+++ b/app/controllers/projects/raw_controller.rb
@@ -38,18 +38,28 @@ class Projects::RawController < Projects::ApplicationController
     type = get_blob_type
 
     send_data(
-        @blob.data,
-        type: type,
-        disposition: 'inline'
-      )
+      @blob.data,
+      type: type,
+      disposition: 'inline'
+    )
   end
 
   def send_lfs_object
-    lfs_object = LfsObject.find_by_oid(@blob.lfs_oid)
-    return nil unless lfs_object && lfs_object.file.exists?
+    lfs_object = find_lfs_object
 
-    if lfs_object.projects.exists?(lfs_object.storage_project(@project).id)
+    if lfs_object && lfs_object.project_allowed_access?(@project)
       send_file lfs_object.file.path, filename: @blob.name, disposition: 'attachment'
+    else
+      render_404
+    end
+  end
+
+  def find_lfs_object
+    lfs_object = LfsObject.find_by_oid(@blob.lfs_oid)
+    if lfs_object && lfs_object.file.exists?
+      lfs_object
+    else
+      nil
     end
   end
 end
-- 
cgit v1.2.3


From 9b561e7e15723a82e1f0dcf780aeb7fac5ec139b Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Tue, 8 Dec 2015 02:35:34 +0100
Subject: Implement languages graph page

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/projects/graphs_controller.rb | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/graphs_controller.rb b/app/controllers/projects/graphs_controller.rb
index 418b92040bc..c3942c52c6c 100644
--- a/app/controllers/projects/graphs_controller.rb
+++ b/app/controllers/projects/graphs_controller.rb
@@ -34,6 +34,26 @@ class Projects::GraphsController < Projects::ApplicationController
     @charts[:build_times] = Ci::Charts::BuildTime.new(ci_project)
   end
 
+  def languages
+    @languages = Linguist::Repository.new(@repository.rugged, @repository.rugged.head.target_id).languages
+    total = @languages.map(&:last).sum
+
+    @languages = @languages.map do |language|
+      name, share = language
+      color = Digest::SHA256.hexdigest(name)[0...6]
+      {
+        value: (share.to_f * 100 / total).round(2),
+        label: name,
+        color: "##{color}",
+        highlight: "##{color}"
+      }
+    end
+
+    @languages.sort! do |x, y|
+      y[:value] <=> x[:value]
+    end
+  end
+
   private
 
   def fetch_graph
-- 
cgit v1.2.3


From 86a09cfaf1f1b8106f1538e8bf5a1aac5f086554 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Tue, 8 Dec 2015 12:55:38 +0100
Subject: `builds_enabled` rather than `ci_enabled`

---
 app/controllers/projects/application_controller.rb | 2 +-
 app/controllers/projects/graphs_controller.rb      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/application_controller.rb b/app/controllers/projects/application_controller.rb
index d3f926b62bc..c2aaf094e68 100644
--- a/app/controllers/projects/application_controller.rb
+++ b/app/controllers/projects/application_controller.rb
@@ -28,7 +28,7 @@ class Projects::ApplicationController < ApplicationController
 
   private
 
-  def ci_enabled
+  def builds_enabled
     return render_404 unless @project.builds_enabled?
   end
 
diff --git a/app/controllers/projects/graphs_controller.rb b/app/controllers/projects/graphs_controller.rb
index 418b92040bc..734697839c6 100644
--- a/app/controllers/projects/graphs_controller.rb
+++ b/app/controllers/projects/graphs_controller.rb
@@ -5,7 +5,7 @@ class Projects::GraphsController < Projects::ApplicationController
   before_action :require_non_empty_project
   before_action :assign_ref_vars
   before_action :authorize_download_code!
-  before_action :ci_enabled, only: :ci
+  before_action :builds_enabled, only: :ci
 
   def show
     respond_to do |format|
-- 
cgit v1.2.3


From 9907a7e6ed7dbfac4c927cefd16ac8e4b3c681f6 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Tue, 8 Dec 2015 13:02:13 +0100
Subject: Get ci_commit in MR controller

---
 app/controllers/projects/merge_requests_controller.rb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 3f47f2ddb2c..c5fb49de46a 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -264,6 +264,8 @@ class Projects::MergeRequestsController < Projects::ApplicationController
 
     @merge_request_diff = @merge_request.merge_request_diff
 
+    @ci_commit = @merge_request.ci_commit
+
     if @merge_request.locked_long_ago?
       @merge_request.unlock_mr
       @merge_request.close
-- 
cgit v1.2.3


From a17ba43bfd05cd49bab18d6c7f80226004870bc2 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Tue, 8 Dec 2015 13:03:28 +0100
Subject: Move commit builds to partial

---
 app/controllers/projects/commit_controller.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb
index 3f137440e28..e8af205b788 100644
--- a/app/controllers/projects/commit_controller.rb
+++ b/app/controllers/projects/commit_controller.rb
@@ -37,7 +37,7 @@ class Projects::CommitController < Projects::ApplicationController
   def cancel_builds
     ci_commit.builds.running_or_pending.each(&:cancel)
 
-    redirect_to builds_namespace_project_commit_path(project.namespace, project, commit.sha)
+    redirect_back_or_default default: builds_namespace_project_commit_path(project.namespace, project, commit.sha)
   end
 
   def retry_builds
@@ -47,7 +47,7 @@ class Projects::CommitController < Projects::ApplicationController
       end
     end
 
-    redirect_to builds_namespace_project_commit_path(project.namespace, project, commit.sha)
+    redirect_back_or_default default: builds_namespace_project_commit_path(project.namespace, project, commit.sha)
   end
 
   def branches
@@ -74,8 +74,8 @@ class Projects::CommitController < Projects::ApplicationController
     end
 
     @notes_count = commit.notes.count
-    
-    @builds = ci_commit.builds if ci_commit
+
+    @statuses = ci_commit.statuses if ci_commit
   end
 
   def authorize_manage_builds!
-- 
cgit v1.2.3


From 1567572e79bbeace4a68f00c01e64ed0dad9106a Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Tue, 8 Dec 2015 13:04:24 +0100
Subject: Add Builds tab to MR detail page

---
 .../projects/merge_requests_controller.rb          | 41 +++++++++++++++-------
 1 file changed, 29 insertions(+), 12 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 3f47f2ddb2c..04642294cd3 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -1,13 +1,13 @@
 class Projects::MergeRequestsController < Projects::ApplicationController
   before_action :module_enabled
   before_action :merge_request, only: [
-    :edit, :update, :show, :diffs, :commits, :merge, :merge_check,
+    :edit, :update, :show, :diffs, :commits, :builds, :merge, :merge_check,
     :ci_status, :toggle_subscription
   ]
-  before_action :closes_issues, only: [:edit, :update, :show, :diffs, :commits]
-  before_action :validates_merge_request, only: [:show, :diffs, :commits]
-  before_action :define_show_vars, only: [:show, :diffs, :commits]
-  before_action :ensure_ref_fetched, only: [:show, :commits, :diffs]
+  before_action :closes_issues, only: [:edit, :update, :show, :diffs, :commits, :builds]
+  before_action :validates_merge_request, only: [:show, :diffs, :commits, :builds]
+  before_action :define_show_vars, only: [:show, :diffs, :commits, :builds]
+  before_action :ensure_ref_fetched, only: [:show, :diffs, :commits, :builds]
 
   # Allow read any merge_request
   before_action :authorize_read_merge_request!
@@ -79,6 +79,15 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     end
   end
 
+  def builds
+    @ci_project = @merge_request.source_project.gitlab_ci_project
+
+    respond_to do |format|
+      format.html { render 'show' }
+      format.json { render json: { html: view_to_html_string('projects/merge_requests/show/_builds') } }
+    end
+  end
+
   def new
     params[:merge_request] ||= ActionController::Parameters.new(source_project: @project)
     @merge_request = MergeRequests::BuildService.new(project, current_user, merge_request_params).execute
@@ -91,20 +100,19 @@ class Projects::MergeRequestsController < Projects::ApplicationController
 
     @target_project = merge_request.target_project
     @source_project = merge_request.source_project
-    @commits = @merge_request.compare_commits
+    @commits = @merge_request.compare_commits.reverse
     @commit = @merge_request.last_commit
     @first_commit = @merge_request.first_commit
     @diffs = @merge_request.compare_diffs
+
+    @ci_project = @source_project.gitlab_ci_project
+    @ci_commit = @merge_request.ci_commit
+    @statuses = @ci_commit.statuses if @ci_commit
+
     @note_counts = Note.where(commit_id: @commits.map(&:id)).
       group(:commit_id).count
   end
 
-  def edit
-    @source_project = @merge_request.source_project
-    @target_project = @merge_request.target_project
-    @target_branches = @merge_request.target_project.repository.branch_names
-  end
-
   def create
     @target_branches ||= []
     @merge_request = MergeRequests::CreateService.new(project, current_user, merge_request_params).execute
@@ -118,6 +126,12 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     end
   end
 
+  def edit
+    @source_project = @merge_request.source_project
+    @target_project = @merge_request.target_project
+    @target_branches = @merge_request.target_project.repository.branch_names
+  end
+
   def update
     @merge_request = MergeRequests::UpdateService.new(project, current_user, merge_request_params).execute(@merge_request)
 
@@ -264,6 +278,9 @@ class Projects::MergeRequestsController < Projects::ApplicationController
 
     @merge_request_diff = @merge_request.merge_request_diff
 
+    @ci_commit = @merge_request.ci_commit
+    @statuses = @ci_commit.statuses if @ci_commit
+
     if @merge_request.locked_long_ago?
       @merge_request.unlock_mr
       @merge_request.close
-- 
cgit v1.2.3


From df6750d3d6b562c8a6a0a57c12dfd694da38a0e8 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Tue, 8 Dec 2015 16:42:10 +0100
Subject: Default target branch to patch-n when editing file in protected
 branch

---
 app/controllers/projects/blob_controller.rb | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb
index 31a33bfd237..62163682936 100644
--- a/app/controllers/projects/blob_controller.rb
+++ b/app/controllers/projects/blob_controller.rb
@@ -162,12 +162,20 @@ class Projects::BlobController < Projects::ApplicationController
   end
 
   def sanitized_new_branch_name
-    @new_branch ||= sanitize(strip_tags(params[:new_branch]))
+    sanitize(strip_tags(params[:new_branch]))
   end
 
   def editor_variables
     @current_branch = @ref
-    @new_branch = params[:new_branch].present? ? sanitized_new_branch_name : @ref
+
+    @new_branch =
+      if params[:new_branch].present?
+        sanitized_new_branch_name
+      elsif ::Gitlab::GitAccess.new(current_user, @project).can_push_to_branch?(@ref)
+        @ref
+      else
+        @repository.next_patch_branch
+      end
 
     @file_path =
       if action_name.to_s == 'create'
-- 
cgit v1.2.3


From 57d71520bdc2ba79ba8182802cd944d4fb42a192 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Tue, 8 Dec 2015 22:30:40 +0100
Subject: Make tooltip less confusing

---
 app/controllers/projects/application_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/application_controller.rb b/app/controllers/projects/application_controller.rb
index d3f926b62bc..eea41dbeeb1 100644
--- a/app/controllers/projects/application_controller.rb
+++ b/app/controllers/projects/application_controller.rb
@@ -21,7 +21,7 @@ class Projects::ApplicationController < ApplicationController
     unless @repository.branch_names.include?(@ref)
       redirect_to(
         namespace_project_tree_path(@project.namespace, @project, @ref),
-        notice: "This action is not allowed unless you are on top of a branch"
+        notice: "This action is not allowed unless you are on a branch"
       )
     end
   end
-- 
cgit v1.2.3


From 9dd26749634648e2cd27b223eea5d291c0a78f37 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Wed, 9 Dec 2015 01:43:57 +0100
Subject: Fix only 20 group members showing on project member page

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/projects/project_members_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb
index 07eb94e4f48..8364fc293b7 100644
--- a/app/controllers/projects/project_members_controller.rb
+++ b/app/controllers/projects/project_members_controller.rb
@@ -23,7 +23,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController
         @group_members = @group_members.where(user_id: users)
       end
 
-      @group_members = @group_members.order('access_level DESC').limit(20)
+      @group_members = @group_members.order('access_level DESC')
     end
 
     @project_member = @project.project_members.new
-- 
cgit v1.2.3


From 28351806aa1f89f584d6905365fd34f5f0e8bbc7 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Wed, 9 Dec 2015 09:59:19 +0100
Subject: Give merge request widget the vars it desires

---
 app/controllers/projects/merge_requests_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 3240c77e994..530f3d3dcb8 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -7,6 +7,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
   before_action :closes_issues, only: [:edit, :update, :show, :diffs, :commits, :builds]
   before_action :validates_merge_request, only: [:show, :diffs, :commits, :builds]
   before_action :define_show_vars, only: [:show, :diffs, :commits, :builds]
+  before_action :define_widget_vars, only: [:merge, :cancel_merge_when_build_succeeds]
   before_action :ensure_ref_fetched, only: [:show, :diffs, :commits, :builds]
 
   # Allow read any merge_request
@@ -301,6 +302,10 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     end
   end
 
+  def define_widget_vars
+    @ci_commit = @merge_request.ci_commit
+  end
+
   def invalid_mr
     # Render special view for MR with removed source or target branch
     render 'invalid'
-- 
cgit v1.2.3


From f4ec906e90b2f8dbf18b359b773e3b31f5da89ff Mon Sep 17 00:00:00 2001
From: Drew Blessing <drew@gitlab.com>
Date: Wed, 9 Dec 2015 11:45:26 -0600
Subject: Use devise paranoid mode and ensure the same message is returned
 every time

Skipped CI because it has already passed. Had to rebase due to CHANGELOG.
---
 app/controllers/passwords_controller.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb
index 2025158d065..f74daff3bd0 100644
--- a/app/controllers/passwords_controller.rb
+++ b/app/controllers/passwords_controller.rb
@@ -40,7 +40,9 @@ class PasswordsController < Devise::PasswordsController
   def throttle_reset
     return unless resource && resource.recently_sent_password_reset?
 
-    redirect_to new_password_path(resource_name),
-      alert: I18n.t('devise.passwords.recently_reset')
+    # Throttle reset attempts, but return a normal message to
+    # avoid user enumeration attack.
+    redirect_to new_user_session_path,
+      notice: I18n.t('devise.passwords.send_paranoid_instructions')
   end
 end
-- 
cgit v1.2.3


From 2988e1fbf50b3c9e803a9358933e3e969e64dcc3 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Mon, 7 Dec 2015 13:23:23 +0100
Subject: Migrate CI::Services and CI::WebHooks to Services and WebHooks

---
 app/controllers/projects/ci_services_controller.rb | 49 ----------------------
 .../projects/ci_web_hooks_controller.rb            | 45 --------------------
 app/controllers/projects/hooks_controller.rb       |  3 +-
 app/controllers/projects/services_controller.rb    |  4 +-
 4 files changed, 5 insertions(+), 96 deletions(-)
 delete mode 100644 app/controllers/projects/ci_services_controller.rb
 delete mode 100644 app/controllers/projects/ci_web_hooks_controller.rb

(limited to 'app/controllers')

diff --git a/app/controllers/projects/ci_services_controller.rb b/app/controllers/projects/ci_services_controller.rb
deleted file mode 100644
index 550a019e8e2..00000000000
--- a/app/controllers/projects/ci_services_controller.rb
+++ /dev/null
@@ -1,49 +0,0 @@
-class Projects::CiServicesController < Projects::ApplicationController
-  before_action :ci_project
-  before_action :authorize_admin_project!
-
-  layout "project_settings"
-
-  def index
-    @ci_project.build_missing_services
-    @services = @ci_project.services.reload
-  end
-
-  def edit
-    service
-  end
-
-  def update
-    if service.update_attributes(service_params)
-      redirect_to edit_namespace_project_ci_service_path(@project.namespace, @project, service.to_param)
-    else
-      render 'edit'
-    end
-  end
-
-  def test
-    last_build = @project.ci_builds.last
-
-    if service.execute(last_build)
-      message = { notice: 'We successfully tested the service' }
-    else
-      message = { alert: 'We tried to test the service but error occurred' }
-    end
-
-    redirect_back_or_default(options: message)
-  end
-
-  private
-
-  def service
-    @service ||= @ci_project.services.find { |service| service.to_param == params[:id] }
-  end
-
-  def service_params
-    params.require(:service).permit(
-      :type, :active, :webhook, :notify_only_broken_builds,
-      :email_recipients, :email_only_broken_builds, :email_add_pusher,
-      :hipchat_token, :hipchat_room, :hipchat_server
-    )
-  end
-end
diff --git a/app/controllers/projects/ci_web_hooks_controller.rb b/app/controllers/projects/ci_web_hooks_controller.rb
deleted file mode 100644
index a2d470d4a69..00000000000
--- a/app/controllers/projects/ci_web_hooks_controller.rb
+++ /dev/null
@@ -1,45 +0,0 @@
-class Projects::CiWebHooksController < Projects::ApplicationController
-  before_action :ci_project
-  before_action :authorize_admin_project!
-
-  layout "project_settings"
-
-  def index
-    @web_hooks = @ci_project.web_hooks
-    @web_hook = Ci::WebHook.new
-  end
-
-  def create
-    @web_hook = @ci_project.web_hooks.new(web_hook_params)
-    @web_hook.save
-
-    if @web_hook.valid?
-      redirect_to namespace_project_ci_web_hooks_path(@project.namespace, @project)
-    else
-      @web_hooks = @ci_project.web_hooks.select(&:persisted?)
-      render :index
-    end
-  end
-
-  def test
-    Ci::TestHookService.new.execute(hook, current_user)
-
-    redirect_back_or_default(default: { action: 'index' })
-  end
-
-  def destroy
-    hook.destroy
-
-    redirect_to namespace_project_ci_web_hooks_path(@project.namespace, @project)
-  end
-
-  private
-
-  def hook
-    @web_hook ||= @ci_project.web_hooks.find(params[:id])
-  end
-
-  def web_hook_params
-    params.require(:web_hook).permit(:url)
-  end
-end
diff --git a/app/controllers/projects/hooks_controller.rb b/app/controllers/projects/hooks_controller.rb
index 6a62880cb71..5fd4f855dec 100644
--- a/app/controllers/projects/hooks_controller.rb
+++ b/app/controllers/projects/hooks_controller.rb
@@ -53,6 +53,7 @@ class Projects::HooksController < Projects::ApplicationController
 
   def hook_params
     params.require(:hook).permit(:url, :push_events, :issues_events,
-      :merge_requests_events, :tag_push_events, :note_events, :enable_ssl_verification)
+      :merge_requests_events, :tag_push_events, :note_events,
+      :build_events, :enable_ssl_verification)
   end
 end
diff --git a/app/controllers/projects/services_controller.rb b/app/controllers/projects/services_controller.rb
index 42dbb497e01..6e7590260ff 100644
--- a/app/controllers/projects/services_controller.rb
+++ b/app/controllers/projects/services_controller.rb
@@ -6,7 +6,9 @@ class Projects::ServicesController < Projects::ApplicationController
                     :description, :issues_url, :new_issue_url, :restrict_to_branch, :channel,
                     :colorize_messages, :channels,
                     :push_events, :issues_events, :merge_requests_events, :tag_push_events,
-                    :note_events, :send_from_committer_email, :disable_diffs, :external_wiki_url,
+                    :note_events, :build_events,
+                    :notify_only_broken_builds, :add_pusher,
+                    :send_from_committer_email, :disable_diffs, :external_wiki_url,
                     :notify, :color,
                     :server_host, :server_port, :default_irc_uri, :enable_ssl_verification]
 
-- 
cgit v1.2.3


From 2da3cf314651d22f85059d99476ec7952950b44f Mon Sep 17 00:00:00 2001
From: Grzegorz Bizon <grzegorz.bizon@ntsn.pl>
Date: Fri, 11 Dec 2015 10:22:05 +0100
Subject: Add CI runners registration token reset button

---
 app/controllers/admin/application_settings_controller.rb | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'app/controllers')

diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index a9bcfc7456a..48040359389 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -13,6 +13,12 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
     end
   end
 
+  def reset_runners_token
+    @application_setting.reset_runners_registration_token!
+    flash[:notice] = 'New runners registration token has been generated!'
+    redirect_to ci_admin_runners_path
+  end
+
   private
 
   def set_application_setting
-- 
cgit v1.2.3


From 0272f27401d25faed97419611a78a968f801a42f Mon Sep 17 00:00:00 2001
From: Greg Smethells <smethells@icloud.com>
Date: Fri, 4 Dec 2015 13:00:07 -0600
Subject: display referenced merge requests in issue description with CI status

---
 app/controllers/projects/issues_controller.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index ae474cf8d68..cf617d53ed6 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -62,6 +62,7 @@ class Projects::IssuesController < Projects::ApplicationController
     @note = @project.notes.new(noteable: @issue)
     @notes = @issue.notes.nonawards.with_associations.fresh
     @noteable = @issue
+    @merge_requests = @issue.referenced_merge_requests
 
     respond_with(@issue)
   end
-- 
cgit v1.2.3


From e80e3f5372d6bcad1fbe04a85b3086bb66794828 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Fri, 4 Dec 2015 12:55:23 +0100
Subject: Migrate CI::Project to Project

---
 app/controllers/admin/builds_controller.rb         | 23 +++++++
 .../admin/runner_projects_controller.rb            | 35 +++++++++++
 app/controllers/admin/runners_controller.rb        | 63 +++++++++++++++++++
 app/controllers/ci/admin/application_controller.rb | 10 ---
 .../ci/admin/application_settings_controller.rb    | 31 ---------
 app/controllers/ci/admin/builds_controller.rb      | 18 ------
 app/controllers/ci/admin/events_controller.rb      |  9 ---
 app/controllers/ci/admin/projects_controller.rb    | 19 ------
 .../ci/admin/runner_projects_controller.rb         | 34 ----------
 app/controllers/ci/admin/runners_controller.rb     | 73 ----------------------
 app/controllers/ci/application_controller.rb       | 12 +---
 app/controllers/ci/lints_controller.rb             |  2 +-
 app/controllers/ci/projects_controller.rb          | 12 +---
 app/controllers/ci/runner_projects_controller.rb   | 34 ----------
 app/controllers/projects/application_controller.rb |  4 --
 app/controllers/projects/builds_controller.rb      |  7 +--
 app/controllers/projects/ci_settings_controller.rb | 36 -----------
 app/controllers/projects/commit_controller.rb      |  1 -
 app/controllers/projects/graphs_controller.rb      | 10 ++-
 .../projects/runner_projects_controller.rb         | 26 ++++++++
 app/controllers/projects/runners_controller.rb     | 15 +++--
 app/controllers/projects/triggers_controller.rb    |  9 ++-
 app/controllers/projects/variables_controller.rb   |  7 +--
 app/controllers/projects_controller.rb             |  4 +-
 24 files changed, 179 insertions(+), 315 deletions(-)
 create mode 100644 app/controllers/admin/builds_controller.rb
 create mode 100644 app/controllers/admin/runner_projects_controller.rb
 create mode 100644 app/controllers/admin/runners_controller.rb
 delete mode 100644 app/controllers/ci/admin/application_controller.rb
 delete mode 100644 app/controllers/ci/admin/application_settings_controller.rb
 delete mode 100644 app/controllers/ci/admin/builds_controller.rb
 delete mode 100644 app/controllers/ci/admin/events_controller.rb
 delete mode 100644 app/controllers/ci/admin/projects_controller.rb
 delete mode 100644 app/controllers/ci/admin/runner_projects_controller.rb
 delete mode 100644 app/controllers/ci/admin/runners_controller.rb
 delete mode 100644 app/controllers/ci/runner_projects_controller.rb
 delete mode 100644 app/controllers/projects/ci_settings_controller.rb
 create mode 100644 app/controllers/projects/runner_projects_controller.rb

(limited to 'app/controllers')

diff --git a/app/controllers/admin/builds_controller.rb b/app/controllers/admin/builds_controller.rb
new file mode 100644
index 00000000000..83d9684c706
--- /dev/null
+++ b/app/controllers/admin/builds_controller.rb
@@ -0,0 +1,23 @@
+class Admin::BuildsController < Admin::ApplicationController
+  def index
+    @scope = params[:scope]
+    @all_builds = Ci::Build
+    @builds = @all_builds.order('created_at DESC')
+    @builds =
+      case @scope
+      when 'all'
+        @builds
+      when 'finished'
+        @builds.finished
+      else
+        @builds.running_or_pending.reverse_order
+      end
+    @builds = @builds.page(params[:page]).per(30)
+  end
+
+  def cancel_all
+    Ci::Build.running_or_pending.each(&:cancel)
+
+    redirect_to admin_builds_path
+  end
+end
diff --git a/app/controllers/admin/runner_projects_controller.rb b/app/controllers/admin/runner_projects_controller.rb
new file mode 100644
index 00000000000..20d621742f9
--- /dev/null
+++ b/app/controllers/admin/runner_projects_controller.rb
@@ -0,0 +1,35 @@
+class Admin::RunnerProjectsController < Admin::ApplicationController
+  before_action :project, only: [:create]
+
+  def index
+    @runner_projects = project.ci_runner_projects.all
+    @runner_project = project.ci_runner_projects.new
+  end
+
+  def create
+    @runner = Ci::Runner.find(params[:runner_project][:runner_id])
+
+    if @runner.assign_to(@project, current_user)
+      redirect_to admin_runner_path(@runner)
+    else
+      redirect_to admin_runner_path(@runner), alert: 'Failed adding runner to project'
+    end
+  end
+
+  def destroy
+    rp = Ci::RunnerProject.find(params[:id])
+    runner = rp.runner
+    rp.destroy
+
+    redirect_to admin_runner_path(runner)
+  end
+
+  private
+
+  def project
+    @project = Project.find_with_namespace(
+      [params[:namespace_id], '/', params[:project_id]].join('')
+    )
+    @project || render_404
+  end
+end
diff --git a/app/controllers/admin/runners_controller.rb b/app/controllers/admin/runners_controller.rb
new file mode 100644
index 00000000000..a701d49b844
--- /dev/null
+++ b/app/controllers/admin/runners_controller.rb
@@ -0,0 +1,63 @@
+class Admin::RunnersController < Admin::ApplicationController
+  before_action :runner, except: :index
+
+  def index
+    @runners = Ci::Runner.order('id DESC')
+    @runners = @runners.search(params[:search]) if params[:search].present?
+    @runners = @runners.page(params[:page]).per(30)
+    @active_runners_cnt = Ci::Runner.online.count
+  end
+
+  def show
+    @builds = @runner.builds.order('id DESC').first(30)
+    @projects =
+      if params[:search].present?
+        ::Project.search(params[:search])
+      else
+        Project.all
+      end
+    @projects = @projects.where.not(id: @runner.projects.select(:id)) if @runner.projects.any?
+    @projects = @projects.page(params[:page]).per(30)
+  end
+
+  def update
+    @runner.update_attributes(runner_params)
+
+    respond_to do |format|
+      format.js
+      format.html { redirect_to admin_runner_path(@runner) }
+    end
+  end
+
+  def destroy
+    @runner.destroy
+
+    redirect_to admin_runners_path
+  end
+
+  def resume
+    if @runner.update_attributes(active: true)
+      redirect_to admin_runners_path, notice: 'Runner was successfully updated.'
+    else
+      redirect_to admin_runners_path, alert: 'Runner was not updated.'
+    end
+  end
+
+  def pause
+    if @runner.update_attributes(active: false)
+      redirect_to admin_runners_path, notice: 'Runner was successfully updated.'
+    else
+      redirect_to admin_runners_path, alert: 'Runner was not updated.'
+    end
+  end
+
+  private
+
+  def runner
+    @runner ||= Ci::Runner.find(params[:id])
+  end
+
+  def runner_params
+    params.require(:runner).permit(:token, :description, :tag_list, :active)
+  end
+end
diff --git a/app/controllers/ci/admin/application_controller.rb b/app/controllers/ci/admin/application_controller.rb
deleted file mode 100644
index 4ec2dc9c2cf..00000000000
--- a/app/controllers/ci/admin/application_controller.rb
+++ /dev/null
@@ -1,10 +0,0 @@
-module Ci
-  module Admin
-    class ApplicationController < Ci::ApplicationController
-      before_action :authenticate_user!
-      before_action :authenticate_admin!
-
-      layout "ci/admin"
-    end
-  end
-end
diff --git a/app/controllers/ci/admin/application_settings_controller.rb b/app/controllers/ci/admin/application_settings_controller.rb
deleted file mode 100644
index 71e253fac67..00000000000
--- a/app/controllers/ci/admin/application_settings_controller.rb
+++ /dev/null
@@ -1,31 +0,0 @@
-module Ci
-  class Admin::ApplicationSettingsController < Ci::Admin::ApplicationController
-    before_action :set_application_setting
-
-    def show
-    end
-
-    def update
-      if @application_setting.update_attributes(application_setting_params)
-        redirect_to ci_admin_application_settings_path,
-          notice: 'Application settings saved successfully'
-      else
-        render :show
-      end
-    end
-
-    private
-
-    def set_application_setting
-      @application_setting = Ci::ApplicationSetting.current
-      @application_setting ||= Ci::ApplicationSetting.create_from_defaults
-    end
-
-    def application_setting_params
-      params.require(:application_setting).permit(
-        :all_broken_builds,
-        :add_pusher,
-      )
-    end
-  end
-end
diff --git a/app/controllers/ci/admin/builds_controller.rb b/app/controllers/ci/admin/builds_controller.rb
deleted file mode 100644
index 38abfdeafbf..00000000000
--- a/app/controllers/ci/admin/builds_controller.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-module Ci
-  class Admin::BuildsController < Ci::Admin::ApplicationController
-    def index
-      @scope = params[:scope]
-      @builds = Ci::Build.order('created_at DESC').page(params[:page]).per(30)
-
-      @builds =
-        case @scope
-        when "pending"
-          @builds.pending
-        when "running"
-          @builds.running
-        else
-          @builds
-        end
-    end
-  end
-end
diff --git a/app/controllers/ci/admin/events_controller.rb b/app/controllers/ci/admin/events_controller.rb
deleted file mode 100644
index 5939efff980..00000000000
--- a/app/controllers/ci/admin/events_controller.rb
+++ /dev/null
@@ -1,9 +0,0 @@
-module Ci
-  class Admin::EventsController < Ci::Admin::ApplicationController
-    EVENTS_PER_PAGE = 50
-
-    def index
-      @events = Ci::Event.admin.order('created_at DESC').page(params[:page]).per(EVENTS_PER_PAGE)
-    end
-  end
-end
diff --git a/app/controllers/ci/admin/projects_controller.rb b/app/controllers/ci/admin/projects_controller.rb
deleted file mode 100644
index 5bbd0ce7396..00000000000
--- a/app/controllers/ci/admin/projects_controller.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-module Ci
-  class Admin::ProjectsController < Ci::Admin::ApplicationController
-    def index
-      @projects = Ci::Project.ordered_by_last_commit_date.page(params[:page]).per(30)
-    end
-
-    def destroy
-      project.destroy
-
-      redirect_to ci_projects_url
-    end
-
-    protected
-
-    def project
-      @project ||= Ci::Project.find(params[:id])
-    end
-  end
-end
diff --git a/app/controllers/ci/admin/runner_projects_controller.rb b/app/controllers/ci/admin/runner_projects_controller.rb
deleted file mode 100644
index e7de6eb12ca..00000000000
--- a/app/controllers/ci/admin/runner_projects_controller.rb
+++ /dev/null
@@ -1,34 +0,0 @@
-module Ci
-  class Admin::RunnerProjectsController < Ci::Admin::ApplicationController
-    layout 'ci/project'
-
-    def index
-      @runner_projects = project.runner_projects.all
-      @runner_project = project.runner_projects.new
-    end
-
-    def create
-      @runner = Ci::Runner.find(params[:runner_project][:runner_id])
-
-      if @runner.assign_to(project, current_user)
-        redirect_to ci_admin_runner_path(@runner)
-      else
-        redirect_to ci_admin_runner_path(@runner), alert: 'Failed adding runner to project'
-      end
-    end
-
-    def destroy
-      rp = Ci::RunnerProject.find(params[:id])
-      runner = rp.runner
-      rp.destroy
-
-      redirect_to ci_admin_runner_path(runner)
-    end
-
-    private
-
-    def project
-      @project ||= Ci::Project.find(params[:project_id])
-    end
-  end
-end
diff --git a/app/controllers/ci/admin/runners_controller.rb b/app/controllers/ci/admin/runners_controller.rb
deleted file mode 100644
index 0cafad27418..00000000000
--- a/app/controllers/ci/admin/runners_controller.rb
+++ /dev/null
@@ -1,73 +0,0 @@
-module Ci
-  class Admin::RunnersController < Ci::Admin::ApplicationController
-    before_action :runner, except: :index
-
-    def index
-      @runners = Ci::Runner.order('id DESC')
-      @runners = @runners.search(params[:search]) if params[:search].present?
-      @runners = @runners.page(params[:page]).per(30)
-      @active_runners_cnt = Ci::Runner.online.count
-    end
-
-    def show
-      @builds = @runner.builds.order('id DESC').first(30)
-      @projects = Ci::Project.all
-      if params[:search].present?
-        @gl_projects = ::Project.search(params[:search])
-        @projects = @projects.where(gitlab_id: @gl_projects.select(:id))
-      end
-      @projects = @projects.where("ci_projects.id NOT IN (?)", @runner.projects.pluck(:id)) if @runner.projects.any?
-      @projects = @projects.joins(:gl_project)
-      @projects = @projects.page(params[:page]).per(30)
-    end
-
-    def update
-      @runner.update_attributes(runner_params)
-
-      respond_to do |format|
-        format.js
-        format.html { redirect_to ci_admin_runner_path(@runner) }
-      end
-    end
-
-    def destroy
-      @runner.destroy
-
-      redirect_to ci_admin_runners_path
-    end
-
-    def resume
-      if @runner.update_attributes(active: true)
-        redirect_to ci_admin_runners_path, notice: 'Runner was successfully updated.'
-      else
-        redirect_to ci_admin_runners_path, alert: 'Runner was not updated.'
-      end
-    end
-
-    def pause
-      if @runner.update_attributes(active: false)
-        redirect_to ci_admin_runners_path, notice: 'Runner was successfully updated.'
-      else
-        redirect_to ci_admin_runners_path, alert: 'Runner was not updated.'
-      end
-    end
-
-    def assign_all
-      Ci::Project.unassigned(@runner).all.each do |project|
-        @runner.assign_to(project, current_user)
-      end
-
-      redirect_to ci_admin_runner_path(@runner), notice: "Runner was assigned to all projects"
-    end
-
-    private
-
-    def runner
-      @runner ||= Ci::Runner.find(params[:id])
-    end
-
-    def runner_params
-      params.require(:runner).permit(:token, :description, :tag_list, :active)
-    end
-  end
-end
diff --git a/app/controllers/ci/application_controller.rb b/app/controllers/ci/application_controller.rb
index 848f2b4e314..bc7f48b3c87 100644
--- a/app/controllers/ci/application_controller.rb
+++ b/app/controllers/ci/application_controller.rb
@@ -4,8 +4,6 @@ module Ci
       "app/helpers/ci"
     end
 
-    helper_method :gl_project
-
     private
 
     def authenticate_token!
@@ -15,13 +13,13 @@ module Ci
     end
 
     def authorize_access_project!
-      unless can?(current_user, :read_project, gl_project)
+      unless can?(current_user, :read_project, project)
         return page_404
       end
     end
 
     def authorize_manage_builds!
-      unless can?(current_user, :manage_builds, gl_project)
+      unless can?(current_user, :manage_builds, project)
         return page_404
       end
     end
@@ -31,7 +29,7 @@ module Ci
     end
 
     def authorize_manage_project!
-      unless can?(current_user, :admin_project, gl_project)
+      unless can?(current_user, :admin_project, project)
         return page_404
       end
     end
@@ -58,9 +56,5 @@ module Ci
         count: count
       }
     end
-
-    def gl_project
-      ::Project.find(@project.gitlab_id)
-    end
   end
 end
diff --git a/app/controllers/ci/lints_controller.rb b/app/controllers/ci/lints_controller.rb
index a4f6aff49b4..7ed78ff8e98 100644
--- a/app/controllers/ci/lints_controller.rb
+++ b/app/controllers/ci/lints_controller.rb
@@ -1,5 +1,5 @@
 module Ci
-  class LintsController < Ci::ApplicationController
+  class LintsController < ApplicationController
     before_action :authenticate_user!
 
     def show
diff --git a/app/controllers/ci/projects_controller.rb b/app/controllers/ci/projects_controller.rb
index 8406399fb60..7e62320bf21 100644
--- a/app/controllers/ci/projects_controller.rb
+++ b/app/controllers/ci/projects_controller.rb
@@ -3,13 +3,12 @@ module Ci
     before_action :project, except: [:index]
     before_action :authenticate_user!, except: [:index, :build, :badge]
     before_action :authorize_access_project!, except: [:index, :badge]
-    before_action :authorize_manage_project!, only: [:toggle_shared_runners, :dumped_yaml]
     before_action :no_cache, only: [:badge]
     protect_from_forgery
 
     def show
       # Temporary compatibility with CI badges pointing to CI project page
-      redirect_to namespace_project_path(project.gl_project.namespace, project.gl_project)
+      redirect_to namespace_project_path(project.namespace, project)
     end
 
     # Project status badge
@@ -20,16 +19,11 @@ module Ci
       send_file image.path, filename: image.name, disposition: 'inline', type:"image/svg+xml"
     end
 
-    def toggle_shared_runners
-      project.toggle!(:shared_runners_enabled)
-
-      redirect_to namespace_project_runners_path(project.gl_project.namespace, project.gl_project)
-    end
-
     protected
 
     def project
-      @project ||= Ci::Project.find(params[:id])
+      # TODO: what to do here?
+      @project ||= Project.find_by_ci_id(params[:id])
     end
 
     def no_cache
diff --git a/app/controllers/ci/runner_projects_controller.rb b/app/controllers/ci/runner_projects_controller.rb
deleted file mode 100644
index 9d555313369..00000000000
--- a/app/controllers/ci/runner_projects_controller.rb
+++ /dev/null
@@ -1,34 +0,0 @@
-module Ci
-  class RunnerProjectsController < Ci::ApplicationController
-    before_action :authenticate_user!
-    before_action :project
-    before_action :authorize_manage_project!
-
-    def create
-      @runner = Ci::Runner.find(params[:runner_project][:runner_id])
-
-      return head(403) unless current_user.ci_authorized_runners.include?(@runner)
-
-      path = runners_path(@project.gl_project)
-
-      if @runner.assign_to(project, current_user)
-        redirect_to path
-      else
-        redirect_to path, alert: 'Failed adding runner to project'
-      end
-    end
-
-    def destroy
-      runner_project = project.runner_projects.find(params[:id])
-      runner_project.destroy
-
-      redirect_to runners_path(@project.gl_project)
-    end
-
-    private
-
-    def project
-      @project ||= Ci::Project.find(params[:project_id])
-    end
-  end
-end
diff --git a/app/controllers/projects/application_controller.rb b/app/controllers/projects/application_controller.rb
index 7d0d57858e0..dd32d509191 100644
--- a/app/controllers/projects/application_controller.rb
+++ b/app/controllers/projects/application_controller.rb
@@ -31,8 +31,4 @@ class Projects::ApplicationController < ApplicationController
   def builds_enabled
     return render_404 unless @project.builds_enabled?
   end
-
-  def ci_project
-    @ci_project ||= @project.ensure_gitlab_ci_project
-  end
 end
diff --git a/app/controllers/projects/builds_controller.rb b/app/controllers/projects/builds_controller.rb
index 4638f77b887..e7e2ab43130 100644
--- a/app/controllers/projects/builds_controller.rb
+++ b/app/controllers/projects/builds_controller.rb
@@ -1,5 +1,4 @@
 class Projects::BuildsController < Projects::ApplicationController
-  before_action :ci_project
   before_action :build, except: [:index, :cancel_all]
 
   before_action :authorize_manage_builds!, except: [:index, :show, :status]
@@ -30,7 +29,7 @@ class Projects::BuildsController < Projects::ApplicationController
   end
 
   def show
-    @builds = @ci_project.commits.find_by_sha(@build.sha).builds.order('id DESC')
+    @builds = @project.ci_commits.find_by_sha(@build.sha).builds.order('id DESC')
     @builds = @builds.where("id not in (?)", @build.id)
     @commit = @build.commit
 
@@ -77,7 +76,7 @@ class Projects::BuildsController < Projects::ApplicationController
   private
 
   def build
-    @build ||= ci_project.builds.unscoped.find_by!(id: params[:id])
+    @build ||= project.ci_builds.unscoped.find_by!(id: params[:id])
   end
 
   def artifacts_file
@@ -85,7 +84,7 @@ class Projects::BuildsController < Projects::ApplicationController
   end
 
   def build_path(build)
-    namespace_project_build_path(build.gl_project.namespace, build.gl_project, build)
+    namespace_project_build_path(build.project.namespace, build.project, build)
   end
 
   def authorize_manage_builds!
diff --git a/app/controllers/projects/ci_settings_controller.rb b/app/controllers/projects/ci_settings_controller.rb
deleted file mode 100644
index a263242a850..00000000000
--- a/app/controllers/projects/ci_settings_controller.rb
+++ /dev/null
@@ -1,36 +0,0 @@
-class Projects::CiSettingsController < Projects::ApplicationController
-  before_action :ci_project
-  before_action :authorize_admin_project!
-
-  layout "project_settings"
-
-  def edit
-  end
-
-  def update
-    if ci_project.update_attributes(project_params)
-      Ci::EventService.new.change_project_settings(current_user, ci_project)
-
-      redirect_to edit_namespace_project_ci_settings_path(project.namespace, project), notice: 'Project was successfully updated.'
-    else
-      render action: "edit"
-    end
-  end
-
-  def destroy
-    ci_project.destroy
-    Ci::EventService.new.remove_project(current_user, ci_project)
-    project.gitlab_ci_service.update_attributes(active: false)
-
-    redirect_to project_path(project), notice: "CI was disabled for this project"
-  end
-
-  protected
-
-  def project_params
-    params.require(:project).permit(:path, :timeout, :timeout_in_minutes, :default_ref, :always_build,
-                                    :polling_interval, :public, :ssh_url_to_repo, :allow_git_fetch, :email_recipients,
-                                    :email_add_pusher, :email_only_broken_builds, :coverage_regex, :shared_runners_enabled, :token,
-                                    { variables_attributes: [:id, :key, :value, :_destroy] })
-  end
-end
diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb
index e8af205b788..0aaba3792bf 100644
--- a/app/controllers/projects/commit_controller.rb
+++ b/app/controllers/projects/commit_controller.rb
@@ -31,7 +31,6 @@ class Projects::CommitController < Projects::ApplicationController
   end
 
   def builds
-    @ci_project = @project.gitlab_ci_project
   end
 
   def cancel_builds
diff --git a/app/controllers/projects/graphs_controller.rb b/app/controllers/projects/graphs_controller.rb
index a8f47069bb4..d13ea9f34b6 100644
--- a/app/controllers/projects/graphs_controller.rb
+++ b/app/controllers/projects/graphs_controller.rb
@@ -25,13 +25,11 @@ class Projects::GraphsController < Projects::ApplicationController
   end
 
   def ci
-    ci_project = @project.gitlab_ci_project
-
     @charts = {}
-    @charts[:week] = Ci::Charts::WeekChart.new(ci_project)
-    @charts[:month] = Ci::Charts::MonthChart.new(ci_project)
-    @charts[:year] = Ci::Charts::YearChart.new(ci_project)
-    @charts[:build_times] = Ci::Charts::BuildTime.new(ci_project)
+    @charts[:week] = Ci::Charts::WeekChart.new(project)
+    @charts[:month] = Ci::Charts::MonthChart.new(project)
+    @charts[:year] = Ci::Charts::YearChart.new(project)
+    @charts[:build_times] = Ci::Charts::BuildTime.new(project)
   end
 
   def languages
diff --git a/app/controllers/projects/runner_projects_controller.rb b/app/controllers/projects/runner_projects_controller.rb
new file mode 100644
index 00000000000..69863387354
--- /dev/null
+++ b/app/controllers/projects/runner_projects_controller.rb
@@ -0,0 +1,26 @@
+class Projects::RunnerProjectsController < Projects::ApplicationController
+  before_action :authorize_admin_project!
+
+  layout 'project_settings'
+
+  def create
+    @runner = Ci::Runner.find(params[:runner_project][:runner_id])
+
+    return head(403) unless current_user.ci_authorized_runners.include?(@runner)
+
+    path = runners_path(project)
+
+    if @runner.assign_to(project, current_user)
+      redirect_to path
+    else
+      redirect_to path, alert: 'Failed adding runner to project'
+    end
+  end
+
+  def destroy
+    runner_project = project.ci_runner_projects.find(params[:id])
+    runner_project.destroy
+
+    redirect_to runners_path(project)
+  end
+end
diff --git a/app/controllers/projects/runners_controller.rb b/app/controllers/projects/runners_controller.rb
index bfbcf2567f3..863c5d131ab 100644
--- a/app/controllers/projects/runners_controller.rb
+++ b/app/controllers/projects/runners_controller.rb
@@ -1,14 +1,13 @@
 class Projects::RunnersController < Projects::ApplicationController
-  before_action :ci_project
   before_action :set_runner, only: [:edit, :update, :destroy, :pause, :resume, :show]
   before_action :authorize_admin_project!
 
   layout 'project_settings'
 
   def index
-    @runners = @ci_project.runners.ordered
+    @runners = project.ci_runners.ordered
     @specific_runners = current_user.ci_authorized_runners.
-      where.not(id: @ci_project.runners).
+      where.not(id: project.ci_runners).
       ordered.page(params[:page]).per(20)
     @shared_runners = Ci::Runner.shared.active
     @shared_runners_count = @shared_runners.count(:all)
@@ -26,7 +25,7 @@ class Projects::RunnersController < Projects::ApplicationController
   end
 
   def destroy
-    if @runner.only_for?(@ci_project)
+    if @runner.only_for?(project)
       @runner.destroy
     end
 
@@ -52,10 +51,16 @@ class Projects::RunnersController < Projects::ApplicationController
   def show
   end
 
+  def toggle_shared_runners
+    project.toggle!(:shared_runners_enabled)
+
+    redirect_to namespace_project_runners_path(project.namespace, project)
+  end
+
   protected
 
   def set_runner
-    @runner ||= @ci_project.runners.find(params[:id])
+    @runner ||= project.ci_runners.find(params[:id])
   end
 
   def runner_params
diff --git a/app/controllers/projects/triggers_controller.rb b/app/controllers/projects/triggers_controller.rb
index 782ebd01b05..421e648a2dd 100644
--- a/app/controllers/projects/triggers_controller.rb
+++ b/app/controllers/projects/triggers_controller.rb
@@ -1,22 +1,21 @@
 class Projects::TriggersController < Projects::ApplicationController
-  before_action :ci_project
   before_action :authorize_admin_project!
 
   layout 'project_settings'
 
   def index
-    @triggers = @ci_project.triggers
+    @triggers = project.ci_triggers
     @trigger = Ci::Trigger.new
   end
 
   def create
-    @trigger = @ci_project.triggers.new
+    @trigger = project.ci_triggers.new
     @trigger.save
 
     if @trigger.valid?
       redirect_to namespace_project_triggers_path(@project.namespace, @project)
     else
-      @triggers = @ci_project.triggers.select(&:persisted?)
+      @triggers = project.ci_triggers.select(&:persisted?)
       render :index
     end
   end
@@ -30,6 +29,6 @@ class Projects::TriggersController < Projects::ApplicationController
   private
 
   def trigger
-    @trigger ||= @ci_project.triggers.find(params[:id])
+    @trigger ||= project.ci_triggers.find(params[:id])
   end
 end
diff --git a/app/controllers/projects/variables_controller.rb b/app/controllers/projects/variables_controller.rb
index d6561a45a70..1dab978f462 100644
--- a/app/controllers/projects/variables_controller.rb
+++ b/app/controllers/projects/variables_controller.rb
@@ -1,5 +1,4 @@
 class Projects::VariablesController < Projects::ApplicationController
-  before_action :ci_project
   before_action :authorize_admin_project!
 
   layout 'project_settings'
@@ -8,9 +7,7 @@ class Projects::VariablesController < Projects::ApplicationController
   end
 
   def update
-    if ci_project.update_attributes(project_params)
-      Ci::EventService.new.change_project_settings(current_user, ci_project)
-
+    if project.update_attributes(project_params)
       redirect_to namespace_project_variables_path(project.namespace, project), notice: 'Variables were successfully updated.'
     else
       render action: 'show'
@@ -20,6 +17,6 @@ class Projects::VariablesController < Projects::ApplicationController
   private
 
   def project_params
-    params.require(:project).permit({ variables_attributes: [:id, :key, :value, :_destroy] })
+    params.require(:project).permit({ ci_variables_attributes: [:id, :key, :value, :_destroy] })
   end
 end
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 10c75370d7b..e9917109f3e 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -210,10 +210,10 @@ class ProjectsController < ApplicationController
 
   def project_params
     params.require(:project).permit(
-      :name, :path, :description, :issues_tracker, :tag_list,
+      :name, :path, :description, :issues_tracker, :tag_list, :token,
       :issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id, :default_branch,
       :wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar,
-      :builds_enabled
+      :builds_enabled, :build_allow_git_fetch, :build_timeout_in_minutes, :build_coverage_regex,
     )
   end
 
-- 
cgit v1.2.3


From 8cdd54cc0696b76daa2baf463d02d944b50bac6a Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Thu, 10 Dec 2015 17:29:44 +0100
Subject: Add runners token

---
 app/controllers/ci/application_controller.rb | 6 ------
 app/controllers/ci/projects_controller.rb    | 3 +--
 2 files changed, 1 insertion(+), 8 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/ci/application_controller.rb b/app/controllers/ci/application_controller.rb
index bc7f48b3c87..c420b59c3a2 100644
--- a/app/controllers/ci/application_controller.rb
+++ b/app/controllers/ci/application_controller.rb
@@ -6,12 +6,6 @@ module Ci
 
     private
 
-    def authenticate_token!
-      unless project.valid_token?(params[:token])
-        return head(403)
-      end
-    end
-
     def authorize_access_project!
       unless can?(current_user, :read_project, project)
         return page_404
diff --git a/app/controllers/ci/projects_controller.rb b/app/controllers/ci/projects_controller.rb
index 7e62320bf21..3004c2d27f0 100644
--- a/app/controllers/ci/projects_controller.rb
+++ b/app/controllers/ci/projects_controller.rb
@@ -22,8 +22,7 @@ module Ci
     protected
 
     def project
-      # TODO: what to do here?
-      @project ||= Project.find_by_ci_id(params[:id])
+      @project ||= Project.find_by(ci_id: params[:id].to_i)
     end
 
     def no_cache
-- 
cgit v1.2.3


From 64bfd9d71a4017e0b5336a2c1565926f4b8beedd Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Thu, 10 Dec 2015 17:44:06 +0100
Subject: Remove ci_ prefix from all ci related things

---
 app/controllers/admin/runner_projects_controller.rb    | 4 ++--
 app/controllers/projects/builds_controller.rb          | 6 +++---
 app/controllers/projects/runner_projects_controller.rb | 2 +-
 app/controllers/projects/runners_controller.rb         | 6 +++---
 app/controllers/projects/triggers_controller.rb        | 8 ++++----
 app/controllers/projects/variables_controller.rb       | 2 +-
 6 files changed, 14 insertions(+), 14 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/admin/runner_projects_controller.rb b/app/controllers/admin/runner_projects_controller.rb
index 20d621742f9..d25619d94e0 100644
--- a/app/controllers/admin/runner_projects_controller.rb
+++ b/app/controllers/admin/runner_projects_controller.rb
@@ -2,8 +2,8 @@ class Admin::RunnerProjectsController < Admin::ApplicationController
   before_action :project, only: [:create]
 
   def index
-    @runner_projects = project.ci_runner_projects.all
-    @runner_project = project.ci_runner_projects.new
+    @runner_projects = project.runner_projects.all
+    @runner_project = project.runner_projects.new
   end
 
   def create
diff --git a/app/controllers/projects/builds_controller.rb b/app/controllers/projects/builds_controller.rb
index e7e2ab43130..26ba12520c7 100644
--- a/app/controllers/projects/builds_controller.rb
+++ b/app/controllers/projects/builds_controller.rb
@@ -8,7 +8,7 @@ class Projects::BuildsController < Projects::ApplicationController
 
   def index
     @scope = params[:scope]
-    @all_builds = project.ci_builds
+    @all_builds = project.builds
     @builds = @all_builds.order('created_at DESC')
     @builds =
       case @scope
@@ -23,7 +23,7 @@ class Projects::BuildsController < Projects::ApplicationController
   end
 
   def cancel_all
-    @project.ci_builds.running_or_pending.each(&:cancel)
+    @project.builds.running_or_pending.each(&:cancel)
 
     redirect_to namespace_project_builds_path(project.namespace, project)
   end
@@ -76,7 +76,7 @@ class Projects::BuildsController < Projects::ApplicationController
   private
 
   def build
-    @build ||= project.ci_builds.unscoped.find_by!(id: params[:id])
+    @build ||= project.builds.unscoped.find_by!(id: params[:id])
   end
 
   def artifacts_file
diff --git a/app/controllers/projects/runner_projects_controller.rb b/app/controllers/projects/runner_projects_controller.rb
index 69863387354..e2785caa2fb 100644
--- a/app/controllers/projects/runner_projects_controller.rb
+++ b/app/controllers/projects/runner_projects_controller.rb
@@ -18,7 +18,7 @@ class Projects::RunnerProjectsController < Projects::ApplicationController
   end
 
   def destroy
-    runner_project = project.ci_runner_projects.find(params[:id])
+    runner_project = project.runner_projects.find(params[:id])
     runner_project.destroy
 
     redirect_to runners_path(project)
diff --git a/app/controllers/projects/runners_controller.rb b/app/controllers/projects/runners_controller.rb
index 863c5d131ab..4993b2648a5 100644
--- a/app/controllers/projects/runners_controller.rb
+++ b/app/controllers/projects/runners_controller.rb
@@ -5,9 +5,9 @@ class Projects::RunnersController < Projects::ApplicationController
   layout 'project_settings'
 
   def index
-    @runners = project.ci_runners.ordered
+    @runners = project.runners.ordered
     @specific_runners = current_user.ci_authorized_runners.
-      where.not(id: project.ci_runners).
+      where.not(id: project.runners).
       ordered.page(params[:page]).per(20)
     @shared_runners = Ci::Runner.shared.active
     @shared_runners_count = @shared_runners.count(:all)
@@ -60,7 +60,7 @@ class Projects::RunnersController < Projects::ApplicationController
   protected
 
   def set_runner
-    @runner ||= project.ci_runners.find(params[:id])
+    @runner ||= project.runners.find(params[:id])
   end
 
   def runner_params
diff --git a/app/controllers/projects/triggers_controller.rb b/app/controllers/projects/triggers_controller.rb
index 421e648a2dd..30adfad1daa 100644
--- a/app/controllers/projects/triggers_controller.rb
+++ b/app/controllers/projects/triggers_controller.rb
@@ -4,18 +4,18 @@ class Projects::TriggersController < Projects::ApplicationController
   layout 'project_settings'
 
   def index
-    @triggers = project.ci_triggers
+    @triggers = project.triggers
     @trigger = Ci::Trigger.new
   end
 
   def create
-    @trigger = project.ci_triggers.new
+    @trigger = project.triggers.new
     @trigger.save
 
     if @trigger.valid?
       redirect_to namespace_project_triggers_path(@project.namespace, @project)
     else
-      @triggers = project.ci_triggers.select(&:persisted?)
+      @triggers = project.triggers.select(&:persisted?)
       render :index
     end
   end
@@ -29,6 +29,6 @@ class Projects::TriggersController < Projects::ApplicationController
   private
 
   def trigger
-    @trigger ||= project.ci_triggers.find(params[:id])
+    @trigger ||= project.triggers.find(params[:id])
   end
 end
diff --git a/app/controllers/projects/variables_controller.rb b/app/controllers/projects/variables_controller.rb
index 1dab978f462..10efafea9db 100644
--- a/app/controllers/projects/variables_controller.rb
+++ b/app/controllers/projects/variables_controller.rb
@@ -17,6 +17,6 @@ class Projects::VariablesController < Projects::ApplicationController
   private
 
   def project_params
-    params.require(:project).permit({ ci_variables_attributes: [:id, :key, :value, :_destroy] })
+    params.require(:project).permit({ variables_attributes: [:id, :key, :value, :_destroy] })
   end
 end
-- 
cgit v1.2.3


From 73b04bebad23ce6750d7747c821a93cfeb73a9d2 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Fri, 11 Dec 2015 13:34:11 +0100
Subject: Fix errors

---
 app/controllers/projects/merge_requests_controller.rb | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 530f3d3dcb8..3ae4c5b099f 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -81,8 +81,6 @@ class Projects::MergeRequestsController < Projects::ApplicationController
   end
 
   def builds
-    @ci_project = @merge_request.source_project.gitlab_ci_project
-
     respond_to do |format|
       format.html { render 'show' }
       format.json { render json: { html: view_to_html_string('projects/merge_requests/show/_builds') } }
@@ -106,7 +104,6 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     @first_commit = @merge_request.first_commit
     @diffs = @merge_request.compare_diffs
 
-    @ci_project = @source_project.gitlab_ci_project
     @ci_commit = @merge_request.ci_commit
     @statuses = @ci_commit.statuses if @ci_commit
 
-- 
cgit v1.2.3


From 513d551c8f7078e263d31ef2c30a1f72cbab3fae Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Fri, 11 Dec 2015 13:39:43 +0100
Subject: Fix after column rename

---
 app/controllers/projects_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index e9917109f3e..bf5e25ff895 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -210,7 +210,7 @@ class ProjectsController < ApplicationController
 
   def project_params
     params.require(:project).permit(
-      :name, :path, :description, :issues_tracker, :tag_list, :token,
+      :name, :path, :description, :issues_tracker, :tag_list, :runners_token,
       :issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id, :default_branch,
       :wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar,
       :builds_enabled, :build_allow_git_fetch, :build_timeout_in_minutes, :build_coverage_regex,
-- 
cgit v1.2.3


From c6c244315a4a0959894cf24aa931e4f027d02c3b Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Thu, 10 Dec 2015 19:04:58 +0100
Subject: Implement new sidebar for merge request page

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/controllers/projects/issues_controller.rb         | 1 -
 app/controllers/projects/merge_requests_controller.rb | 2 --
 2 files changed, 3 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index cf617d53ed6..b59b52291fb 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -58,7 +58,6 @@ class Projects::IssuesController < Projects::ApplicationController
   end
 
   def show
-    @participants = @issue.participants(current_user)
     @note = @project.notes.new(noteable: @issue)
     @notes = @issue.notes.nonawards.with_associations.fresh
     @noteable = @issue
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 530f3d3dcb8..e8fa10fafb1 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -279,8 +279,6 @@ class Projects::MergeRequestsController < Projects::ApplicationController
   end
 
   def define_show_vars
-    @participants = @merge_request.participants(current_user)
-
     # Build a note object for comment form
     @note = @project.notes.new(noteable: @merge_request)
     @notes = @merge_request.mr_and_commit_notes.nonawards.inc_author.fresh
-- 
cgit v1.2.3


From 118d96906ae3923206ca91ca9ccd3c5bc6c2fd3a Mon Sep 17 00:00:00 2001
From: Robert Speicher <rspeicher@gmail.com>
Date: Sat, 12 Dec 2015 12:38:12 -0500
Subject: Fix note polling

Closes #4032
---
 app/controllers/projects/notes_controller.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index 88b949a27ab..ae6e9f6fd38 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -13,7 +13,8 @@ class Projects::NotesController < Projects::ApplicationController
     @notes.each do |note|
       notes_json[:notes] << {
         id: note.id,
-        html: note_to_html(note)
+        html: note_to_html(note),
+        valid: note.valid?
       }
     end
 
-- 
cgit v1.2.3


From 6586856a1572535e0b9ca2f9021dfd88a158ffdd Mon Sep 17 00:00:00 2001
From: Grzegorz Bizon <grzegorz.bizon@ntsn.pl>
Date: Mon, 14 Dec 2015 14:03:58 +0100
Subject: Use a new admin runners path when reseting runners token

---
 app/controllers/admin/application_settings_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index 48040359389..9dd16f8c735 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -16,7 +16,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
   def reset_runners_token
     @application_setting.reset_runners_registration_token!
     flash[:notice] = 'New runners registration token has been generated!'
-    redirect_to ci_admin_runners_path
+    redirect_to admin_runners_path
   end
 
   private
-- 
cgit v1.2.3


From b5291f95996743067bbec5a32f9c6cf0d34b36c7 Mon Sep 17 00:00:00 2001
From: Gabriel Mazetto <gabriel@gitlab.com>
Date: Tue, 15 Dec 2015 00:53:52 -0200
Subject: Fixed Rubocop offenses

---
 app/controllers/dashboard/snippets_controller.rb          | 3 ++-
 app/controllers/projects/notes_controller.rb              | 2 +-
 app/controllers/projects/protected_branches_controller.rb | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/dashboard/snippets_controller.rb b/app/controllers/dashboard/snippets_controller.rb
index f4354c6d8ca..b3594d82530 100644
--- a/app/controllers/dashboard/snippets_controller.rb
+++ b/app/controllers/dashboard/snippets_controller.rb
@@ -1,6 +1,7 @@
 class Dashboard::SnippetsController < Dashboard::ApplicationController
   def index
-    @snippets = SnippetsFinder.new.execute(current_user,
+    @snippets = SnippetsFinder.new.execute(
+      current_user,
       filter: :by_user,
       user: current_user,
       scope: params[:scope]
diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index 88b949a27ab..4f1fddb4583 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -68,7 +68,7 @@ class Projects::NotesController < Projects::ApplicationController
     data = {
       author: current_user,
       is_award: true,
-      note: note_params[:note].gsub(":", '')
+      note: note_params[:note].delete(":")
     }
 
     note = noteable.notes.find_by(data)
diff --git a/app/controllers/projects/protected_branches_controller.rb b/app/controllers/projects/protected_branches_controller.rb
index 6b52eccebf7..e49259c34b6 100644
--- a/app/controllers/projects/protected_branches_controller.rb
+++ b/app/controllers/projects/protected_branches_controller.rb
@@ -21,7 +21,7 @@ class Projects::ProtectedBranchesController < Projects::ApplicationController
 
     if protected_branch &&
        protected_branch.update_attributes(
-        developers_can_push: params[:developers_can_push]
+         developers_can_push: params[:developers_can_push]
        )
 
       respond_to do |format|
-- 
cgit v1.2.3


From 8e3f1fa629a61741282214b293c1bc9438aada59 Mon Sep 17 00:00:00 2001
From: tduehr <tduehr@gmail.com>
Date: Wed, 11 Nov 2015 22:25:31 -0600
Subject: add CAS authentication support

---
 app/controllers/application_controller.rb        | 15 +++++++++++++++
 app/controllers/omniauth_callbacks_controller.rb | 16 +++++++++++++++-
 2 files changed, 30 insertions(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0d182e8eb04..01e2e7b2f98 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -10,6 +10,7 @@ class ApplicationController < ActionController::Base
 
   before_action :authenticate_user_from_token!
   before_action :authenticate_user!
+  before_action :validate_user_service_ticket!
   before_action :reject_blocked!
   before_action :check_password_expiration
   before_action :ldap_security_check
@@ -202,6 +203,20 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def validate_user_service_ticket!
+    return unless signed_in? && session[:service_tickets]
+
+    valid = session[:service_tickets].all? do |provider, ticket|
+      Gitlab::OAuth::Session.valid?(provider, ticket)
+    end
+
+    unless valid
+      session[:service_tickets] = nil
+      sign_out current_user
+      redirect_to new_user_session_path
+    end
+  end
+
   def check_password_expiration
     if current_user && current_user.password_expires_at && current_user.password_expires_at < Time.now  && !current_user.ldap_user?
       redirect_to new_profile_password_path and return
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb
index f809fa7500a..4cad98b8e98 100644
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -1,6 +1,6 @@
 class OmniauthCallbacksController < Devise::OmniauthCallbacksController
 
-  protect_from_forgery except: [:kerberos, :saml]
+  protect_from_forgery except: [:kerberos, :saml, :cas3]
 
   Gitlab.config.omniauth.providers.each do |provider|
     define_method provider['name'] do
@@ -42,6 +42,14 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
     render 'errors/omniauth_error', layout: "errors", status: 422
   end
 
+  def cas3
+    ticket = params['ticket']
+    if ticket
+      handle_service_ticket oauth['provider'], ticket
+    end
+    handle_omniauth
+  end
+
   private
 
   def handle_omniauth
@@ -84,6 +92,12 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
     redirect_to new_user_session_path
   end
 
+  def handle_service_ticket provider, ticket
+    Gitlab::OAuth::Session.create provider, ticket
+    session[:service_tickets] ||= {}
+    session[:service_tickets][provider] = ticket
+  end
+
   def oauth
     @oauth ||= request.env['omniauth.auth']
   end
-- 
cgit v1.2.3


From 577448ab6ab35abbf0263bf8677dfde6d9770c3f Mon Sep 17 00:00:00 2001
From: Drew Blessing <drew@gitlab.com>
Date: Fri, 11 Dec 2015 14:33:15 -0600
Subject: Allow admin to create new user identities

---
 app/controllers/admin/identities_controller.rb | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/admin/identities_controller.rb b/app/controllers/admin/identities_controller.rb
index d28614731f9..e383fe38ea6 100644
--- a/app/controllers/admin/identities_controller.rb
+++ b/app/controllers/admin/identities_controller.rb
@@ -1,6 +1,21 @@
 class Admin::IdentitiesController < Admin::ApplicationController
   before_action :user
-  before_action :identity, except: :index
+  before_action :identity, except: [:index, :new, :create]
+
+  def new
+    @identity = Identity.new
+  end
+
+  def create
+    @identity = Identity.new(identity_params)
+    @identity.user_id = user.id
+
+    if @identity.save
+      redirect_to admin_user_identities_path(@user), notice: 'User identity was successfully created.'
+    else
+      render :new
+    end
+  end
 
   def index
     @identities = @user.identities
-- 
cgit v1.2.3


From 95c03f245f2fd25d6d38715630859859965965ee Mon Sep 17 00:00:00 2001
From: Zeger-Jan van de Weg <mail@zjvandeweg.nl>
Date: Wed, 16 Dec 2015 15:20:53 +0100
Subject: Fix endpoint not setting needed @ci_commit

---
 app/controllers/projects/merge_requests_controller.rb | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index e8fa10fafb1..f98401d4bbf 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -7,7 +7,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
   before_action :closes_issues, only: [:edit, :update, :show, :diffs, :commits, :builds]
   before_action :validates_merge_request, only: [:show, :diffs, :commits, :builds]
   before_action :define_show_vars, only: [:show, :diffs, :commits, :builds]
-  before_action :define_widget_vars, only: [:merge, :cancel_merge_when_build_succeeds]
+  before_action :define_widget_vars, only: [:merge, :cancel_merge_when_build_succeeds, :merge_check]
   before_action :ensure_ref_fetched, only: [:show, :diffs, :commits, :builds]
 
   # Allow read any merge_request
@@ -156,11 +156,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
   end
 
   def merge_check
-    if @merge_request.unchecked?
-      @merge_request.check_if_can_be_merged
-    end
-
-    closes_issues
+    @merge_request.check_if_can_be_merged if @merge_request.unchecked?
 
     render partial: "projects/merge_requests/widget/show.html.haml", layout: false
   end
@@ -302,6 +298,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
 
   def define_widget_vars
     @ci_commit = @merge_request.ci_commit
+    closes_issues
   end
 
   def invalid_mr
-- 
cgit v1.2.3


From 5843d09f079946f60a8969c467d9a24e161cd84a Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Wed, 16 Dec 2015 17:38:58 +0100
Subject: Fix 'Merge Immediately' button

---
 app/controllers/projects/merge_requests_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index fffd90d87eb..0838978dd1e 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -178,7 +178,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
 
     @merge_request.update(merge_error: nil)
 
-    if params[:merge_when_build_succeeds] && @merge_request.ci_commit && @merge_request.ci_commit.active?
+    if params[:merge_when_build_succeeds].present? && @merge_request.ci_commit && @merge_request.ci_commit.active?
       MergeRequests::MergeWhenBuildSucceedsService.new(@project, current_user, merge_params)
                                                       .execute(@merge_request)
       @status = :merge_when_build_succeeds
-- 
cgit v1.2.3


From d9c82d679fd622aead99aeb90369361a05e02a36 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Fri, 18 Dec 2015 10:03:34 +0100
Subject: Automatically fork a project when not allowed to edit a file.

---
 app/controllers/concerns/creates_commit.rb         | 103 +++++++++++++++++++++
 .../concerns/creates_merge_request_for_commit.rb   |  28 ------
 app/controllers/projects/blob_controller.rb        |  94 ++++---------------
 app/controllers/projects/forks_controller.rb       |  19 +++-
 app/controllers/projects/imports_controller.rb     |  24 +++--
 app/controllers/projects/tree_controller.rb        |  38 ++------
 6 files changed, 158 insertions(+), 148 deletions(-)
 create mode 100644 app/controllers/concerns/creates_commit.rb
 delete mode 100644 app/controllers/concerns/creates_merge_request_for_commit.rb

(limited to 'app/controllers')

diff --git a/app/controllers/concerns/creates_commit.rb b/app/controllers/concerns/creates_commit.rb
new file mode 100644
index 00000000000..62127a09081
--- /dev/null
+++ b/app/controllers/concerns/creates_commit.rb
@@ -0,0 +1,103 @@
+module CreatesCommit
+  extend ActiveSupport::Concern
+
+  def create_commit(service, success_path:, failure_path:, failure_view: nil, success_notice: nil)
+    set_commit_variables
+
+    commit_params = @commit_params.merge(
+      source_project: @project,
+      source_branch: @ref,
+      target_branch: @target_branch
+    )
+
+    result = service.new(@tree_edit_project, current_user, commit_params).execute
+
+    if result[:status] == :success
+      flash[:notice] = success_notice || "Your changes have been successfully committed."
+
+      if create_merge_request?
+        success_path = new_merge_request_path
+        target = different_project? ? "project" : "branch"
+        flash[:notice] << " You can now submit a merge request to get this change into the original #{target}."
+      end
+
+      respond_to do |format|
+        format.html { redirect_to success_path }
+        format.json { render json: { message: "success", filePath: success_path } }
+      end
+    else
+      flash[:alert] = result[:message]
+      respond_to do |format|
+        format.html do
+          if failure_view
+            render failure_view
+          else
+            redirect_to failure_path
+          end
+        end
+        format.json { render json: { message: "failed", filePath: failure_path } }
+      end
+    end
+  end
+
+  def authorize_edit_tree!
+    return if can?(current_user, :push_code, project)
+    return if current_user && current_user.already_forked?(project)
+
+    access_denied!
+  end
+
+  private
+
+  def new_merge_request_path
+    new_namespace_project_merge_request_path(
+      @mr_source_project.namespace,
+      @mr_source_project,
+      merge_request: {
+        source_project_id: @mr_source_project.id,
+        target_project_id: @mr_target_project.id,
+        source_branch: @mr_source_branch,
+        target_branch: @mr_target_branch
+      }
+    )
+  end
+
+  def different_project?
+    @mr_source_project != @mr_target_project
+  end
+
+  def different_branch?
+    @mr_source_branch != @mr_target_branch || different_project?
+  end
+
+  def create_merge_request?
+    params[:create_merge_request].present? && different_branch?
+  end
+
+  def set_commit_variables
+    @mr_source_branch = @target_branch
+
+    if can?(current_user, :push_code, @project)
+      # Edit file in this project
+      @tree_edit_project = @project
+      @mr_source_project = @project
+
+      if @project.forked?
+        # Merge request from this project to fork origin
+        @mr_target_project = @project.forked_from_project
+        @mr_target_branch = @mr_target_project.repository.root_ref
+      else
+        # Merge request to this project
+        @mr_target_project = @project
+        @mr_target_branch = @ref
+      end
+    else
+      # Edit file in fork
+      @tree_edit_project = current_user.fork_of(@project)
+      # Merge request from fork to this project
+      @mr_source_project = @tree_edit_project
+      @mr_target_project = @project
+      @mr_target_branch = @mr_target_project.repository.root_ref
+    end
+  end
+end
diff --git a/app/controllers/concerns/creates_merge_request_for_commit.rb b/app/controllers/concerns/creates_merge_request_for_commit.rb
deleted file mode 100644
index c7527822158..00000000000
--- a/app/controllers/concerns/creates_merge_request_for_commit.rb
+++ /dev/null
@@ -1,28 +0,0 @@
-module CreatesMergeRequestForCommit
-  extend ActiveSupport::Concern
-
-  def new_merge_request_path
-    if @project.forked?
-      target_project = @project.forked_from_project || @project
-      target_branch = target_project.repository.root_ref
-    else
-      target_project = @project
-      target_branch = @ref
-    end
-
-    new_namespace_project_merge_request_path(
-      @project.namespace,
-      @project,
-      merge_request: {
-        source_project_id: @project.id,
-        target_project_id: target_project.id,
-        source_branch: @new_branch,
-        target_branch: target_branch
-      }
-    )
-  end
-
-  def create_merge_request?
-    params[:create_merge_request] && @new_branch != @ref
-  end
-end
diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb
index 62163682936..c56a3497bb2 100644
--- a/app/controllers/projects/blob_controller.rb
+++ b/app/controllers/projects/blob_controller.rb
@@ -1,7 +1,7 @@
 # Controller for viewing a file's blame
 class Projects::BlobController < Projects::ApplicationController
   include ExtractsPath
-  include CreatesMergeRequestForCommit
+  include CreatesCommit
   include ActionView::Helpers::SanitizeHelper
 
   # Raised when given an invalid file path
@@ -9,21 +9,21 @@ class Projects::BlobController < Projects::ApplicationController
 
   before_action :require_non_empty_project, except: [:new, :create]
   before_action :authorize_download_code!
-  before_action :authorize_push_code!, only: [:destroy, :create]
+  before_action :authorize_edit_tree!, only: [:new, :create, :edit, :update, :destroy]
   before_action :assign_blob_vars
   before_action :commit, except: [:new, :create]
   before_action :blob, except: [:new, :create]
   before_action :from_merge_request, only: [:edit, :update]
   before_action :require_branch_head, only: [:edit, :update]
   before_action :editor_variables, except: [:show, :preview, :diff]
-  before_action :after_edit_path, only: [:edit, :update]
 
   def new
     commit unless @repository.empty?
   end
 
   def create
-    create_commit(Files::CreateService, success_path: after_create_path,
+    create_commit(Files::CreateService, success_notice: "The file has been successfully created.",
+                                        success_path: namespace_project_blob_path(@project.namespace, @project, File.join(@target_branch, @file_path)),
                                         failure_view: :new,
                                         failure_path: namespace_project_new_blob_path(@project.namespace, @project, @ref))
   end
@@ -36,6 +36,14 @@ class Projects::BlobController < Projects::ApplicationController
   end
 
   def update
+    after_edit_path =
+      if from_merge_request && @target_branch == @ref
+        diffs_namespace_project_merge_request_path(from_merge_request.target_project.namespace, from_merge_request.target_project, from_merge_request) +
+          "#file-path-#{hexdigest(@path)}"
+      else
+        namespace_project_blob_path(@project.namespace, @project, File.join(@target_branch, @path))
+      end
+
     create_commit(Files::UpdateService, success_path: after_edit_path,
                                         failure_view: :edit,
                                         failure_path: namespace_project_blob_path(@project.namespace, @project, @id))
@@ -50,15 +58,10 @@ class Projects::BlobController < Projects::ApplicationController
   end
 
   def destroy
-    result = Files::DeleteService.new(@project, current_user, @commit_params).execute
-
-    if result[:status] == :success
-      flash[:notice] = "Your changes have been successfully committed"
-      redirect_to after_destroy_path
-    else
-      flash[:alert] = result[:message]
-      render :show
-    end
+    create_commit(Files::DeleteService, success_notice: "The file has been successfully deleted.",
+                                        success_path: namespace_project_tree_path(@project.namespace, @project, @target_branch),
+                                        failure_view: :show,
+                                        failure_path: namespace_project_blob_path(@project.namespace, @project, @id))
   end
 
   def diff
@@ -108,74 +111,13 @@ class Projects::BlobController < Projects::ApplicationController
     render_404
   end
 
-  def create_commit(service, success_path:, failure_view:, failure_path:)
-    result = service.new(@project, current_user, @commit_params).execute
-
-    if result[:status] == :success
-      flash[:notice] = "Your changes have been successfully committed"
-      respond_to do |format|
-        format.html { redirect_to success_path }
-        format.json { render json: { message: "success", filePath: success_path } }
-      end
-    else
-      flash[:alert] = result[:message]
-      respond_to do |format|
-        format.html { render failure_view }
-        format.json { render json: { message: "failed", filePath: failure_path } }
-      end
-    end
-  end
-
-  def after_create_path
-    @after_create_path ||=
-      if create_merge_request?
-        new_merge_request_path
-      else
-        namespace_project_blob_path(@project.namespace, @project, File.join(@new_branch, @file_path))
-      end
-  end
-
-  def after_edit_path
-    @after_edit_path ||=
-      if create_merge_request?
-        new_merge_request_path
-      elsif from_merge_request && @new_branch == @ref
-        diffs_namespace_project_merge_request_path(from_merge_request.target_project.namespace, from_merge_request.target_project, from_merge_request) +
-          "#file-path-#{hexdigest(@path)}"
-      else
-        namespace_project_blob_path(@project.namespace, @project, File.join(@new_branch, @path))
-      end
-  end
-
-  def after_destroy_path
-    @after_destroy_path ||=
-      if create_merge_request?
-        new_merge_request_path
-      else
-        namespace_project_tree_path(@project.namespace, @project, @new_branch)
-      end
-  end
-
   def from_merge_request
     # If blob edit was initiated from merge request page
     @from_merge_request ||= MergeRequest.find_by(id: params[:from_merge_request_id])
   end
 
-  def sanitized_new_branch_name
-    sanitize(strip_tags(params[:new_branch]))
-  end
-
   def editor_variables
-    @current_branch = @ref
-
-    @new_branch =
-      if params[:new_branch].present?
-        sanitized_new_branch_name
-      elsif ::Gitlab::GitAccess.new(current_user, @project).can_push_to_branch?(@ref)
-        @ref
-      else
-        @repository.next_patch_branch
-      end
+    @target_branch = params[:target_branch]
 
     @file_path =
       if action_name.to_s == 'create'
@@ -194,8 +136,6 @@ class Projects::BlobController < Projects::ApplicationController
 
     @commit_params = {
       file_path: @file_path,
-      current_branch: @current_branch,
-      target_branch: @new_branch,
       commit_message: params[:commit_message],
       file_content: params[:content],
       file_content_encoding: params[:encoding]
diff --git a/app/controllers/projects/forks_controller.rb b/app/controllers/projects/forks_controller.rb
index 8a785076bb7..51181b8042e 100644
--- a/app/controllers/projects/forks_controller.rb
+++ b/app/controllers/projects/forks_controller.rb
@@ -13,16 +13,25 @@ class Projects::ForksController < Projects::ApplicationController
     @forked_project = ::Projects::ForkService.new(project, current_user, namespace: namespace).execute
 
     if @forked_project.saved? && @forked_project.forked?
+      continue_params[:notice] ||= "The project was successfully forked."
+
       if @forked_project.import_in_progress?
-        redirect_to namespace_project_import_path(@forked_project.namespace, @forked_project)
+        redirect_to namespace_project_import_path(@forked_project.namespace, @forked_project, continue: continue_params)
       else
-        redirect_to(
-          namespace_project_path(@forked_project.namespace, @forked_project),
-          notice: 'Project was successfully forked.'
-        )
+        if continue_params
+          redirect_to continue_params[:to], notice: continue_params[:notice]
+        else
+          redirect_to namespace_project_path(@forked_project.namespace, @forked_project)
+        end
       end
     else
       render :error
     end
   end
+
+  private
+
+  def continue_params
+    params[:continue].permit(:to, :notice, :notice_now)
+  end
 end
diff --git a/app/controllers/projects/imports_controller.rb b/app/controllers/projects/imports_controller.rb
index fb8788f0818..e9c9edd3a3c 100644
--- a/app/controllers/projects/imports_controller.rb
+++ b/app/controllers/projects/imports_controller.rb
@@ -1,7 +1,7 @@
 class Projects::ImportsController < Projects::ApplicationController
   # Authorize
   before_action :authorize_admin_project!
-  before_action :require_no_repo
+  before_action :require_no_repo, except: :show
   before_action :redirect_if_progress, except: :show
 
   def new
@@ -24,21 +24,31 @@ class Projects::ImportsController < Projects::ApplicationController
   end
 
   def show
-    unless @project.import_in_progress?
-      if @project.import_finished?
-        redirect_to(project_path(@project)) and return
+    if @project.repository_exists? || @project.import_finished?
+      if continue_params
+        redirect_to continue_params[:to], notice: continue_params[:notice]
       else
-        redirect_to(new_namespace_project_import_path(@project.namespace,
-                                                      @project)) and return
+        redirect_to project_path(@project)
       end
+    elsif @project.import_failed?
+      redirect_to new_namespace_project_import_path(@project.namespace, @project)
+    else
+      if continue_params && continue_params[:notice_now]
+        flash.now[:notice] = continue_params[:notice_now]
+      end
+      # Render
     end
   end
 
   private
 
+  def continue_params
+    @continue_params ||= params[:continue].permit(:to, :notice, :notice_now)
+  end
+
   def require_no_repo
     if @project.repository_exists? && !@project.import_in_progress?
-      redirect_to(namespace_project_path(@project.namespace, @project)) and return
+      redirect_to(namespace_project_path(@project.namespace, @project))
     end
   end
 
diff --git a/app/controllers/projects/tree_controller.rb b/app/controllers/projects/tree_controller.rb
index 8f272ad1281..4f78bde2d2d 100644
--- a/app/controllers/projects/tree_controller.rb
+++ b/app/controllers/projects/tree_controller.rb
@@ -1,14 +1,14 @@
 # Controller for viewing a repository's file structure
 class Projects::TreeController < Projects::ApplicationController
   include ExtractsPath
-  include CreatesMergeRequestForCommit
+  include CreatesCommit
   include ActionView::Helpers::SanitizeHelper
 
   before_action :require_non_empty_project, except: [:new, :create]
   before_action :assign_ref_vars
   before_action :assign_dir_vars, only: [:create_dir]
   before_action :authorize_download_code!
-  before_action :authorize_push_code!, only: [:create_dir]
+  before_action :authorize_edit_tree!, only: [:create_dir]
 
   def show
     return render_404 unless @repository.commit(@ref)
@@ -34,44 +34,20 @@ class Projects::TreeController < Projects::ApplicationController
   def create_dir
     return render_404 unless @commit_params.values.all?
 
-    begin
-      result = Files::CreateDirService.new(@project, current_user, @commit_params).execute
-      message = result[:message]
-    rescue => e
-      message = e.to_s
-    end
-
-    if result && result[:status] == :success
-      flash[:notice] = "The directory has been successfully created"
-      respond_to do |format|
-        format.html { redirect_to after_create_dir_path }
-      end
-    else
-      flash[:alert] = message
-      respond_to do |format|
-        format.html { redirect_to namespace_project_blob_path(@project.namespace, @project, @new_branch) }
-      end
-    end
+    create_commit(Files::CreateDirService,  success_notice: "The directory has been successfully created.",
+                                            success_path: namespace_project_blob_path(@project.namespace, @project, File.join(@target_branch, @dir_name)),
+                                            failure_path: namespace_project_tree_path(@project.namespace, @project, @ref))
   end
 
   private
 
   def assign_dir_vars
-    @new_branch = params[:new_branch].present? ? sanitize(strip_tags(params[:new_branch])) : @ref
+    @target_branch = params[:target_branch]
+
     @dir_name = File.join(@path, params[:dir_name])
     @commit_params = {
       file_path: @dir_name,
-      current_branch: @ref,
-      target_branch: @new_branch,
       commit_message: params[:commit_message],
     }
   end
-
-  def after_create_dir_path
-    if create_merge_request?
-      new_merge_request_path
-    else
-      namespace_project_blob_path(@project.namespace, @project, File.join(@new_branch, @dir_name))
-    end
-  end
 end
-- 
cgit v1.2.3


From f4f4a6b5303a0889f3fdb1bfe0bb014a6788c4d6 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Fri, 18 Dec 2015 16:14:12 +0100
Subject: Fix specs and behavior for LFS files

---
 app/controllers/projects/forks_controller.rb   | 11 +++++++----
 app/controllers/projects/imports_controller.rb |  9 +++++++--
 app/controllers/projects/tree_controller.rb    |  2 +-
 3 files changed, 15 insertions(+), 7 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/forks_controller.rb b/app/controllers/projects/forks_controller.rb
index 51181b8042e..1d599b6c427 100644
--- a/app/controllers/projects/forks_controller.rb
+++ b/app/controllers/projects/forks_controller.rb
@@ -13,15 +13,13 @@ class Projects::ForksController < Projects::ApplicationController
     @forked_project = ::Projects::ForkService.new(project, current_user, namespace: namespace).execute
 
     if @forked_project.saved? && @forked_project.forked?
-      continue_params[:notice] ||= "The project was successfully forked."
-
       if @forked_project.import_in_progress?
         redirect_to namespace_project_import_path(@forked_project.namespace, @forked_project, continue: continue_params)
       else
         if continue_params
           redirect_to continue_params[:to], notice: continue_params[:notice]
         else
-          redirect_to namespace_project_path(@forked_project.namespace, @forked_project)
+          redirect_to namespace_project_path(@forked_project.namespace, @forked_project), notice: "The project was successfully forked."
         end
       end
     else
@@ -32,6 +30,11 @@ class Projects::ForksController < Projects::ApplicationController
   private
 
   def continue_params
-    params[:continue].permit(:to, :notice, :notice_now)
+    continue_params = params[:continue]
+    if continue_params
+      continue_params.permit(:to, :notice, :notice_now)
+    else
+      nil
+    end
   end
 end
diff --git a/app/controllers/projects/imports_controller.rb b/app/controllers/projects/imports_controller.rb
index e9c9edd3a3c..8d8035ef5ff 100644
--- a/app/controllers/projects/imports_controller.rb
+++ b/app/controllers/projects/imports_controller.rb
@@ -28,7 +28,7 @@ class Projects::ImportsController < Projects::ApplicationController
       if continue_params
         redirect_to continue_params[:to], notice: continue_params[:notice]
       else
-        redirect_to project_path(@project)
+        redirect_to project_path(@project), notice: "The project was successfully forked."
       end
     elsif @project.import_failed?
       redirect_to new_namespace_project_import_path(@project.namespace, @project)
@@ -43,7 +43,12 @@ class Projects::ImportsController < Projects::ApplicationController
   private
 
   def continue_params
-    @continue_params ||= params[:continue].permit(:to, :notice, :notice_now)
+    continue_params = params[:continue]
+    if continue_params
+      continue_params.permit(:to, :notice, :notice_now)
+    else
+      nil
+    end
   end
 
   def require_no_repo
diff --git a/app/controllers/projects/tree_controller.rb b/app/controllers/projects/tree_controller.rb
index 4f78bde2d2d..cb3ed0f6f9c 100644
--- a/app/controllers/projects/tree_controller.rb
+++ b/app/controllers/projects/tree_controller.rb
@@ -35,7 +35,7 @@ class Projects::TreeController < Projects::ApplicationController
     return render_404 unless @commit_params.values.all?
 
     create_commit(Files::CreateDirService,  success_notice: "The directory has been successfully created.",
-                                            success_path: namespace_project_blob_path(@project.namespace, @project, File.join(@target_branch, @dir_name)),
+                                            success_path: namespace_project_tree_path(@project.namespace, @project, File.join(@target_branch, @dir_name)),
                                             failure_path: namespace_project_tree_path(@project.namespace, @project, @ref))
   end
 
-- 
cgit v1.2.3


From f177aaa5fa789654dc440d6ec4ae3546544c1401 Mon Sep 17 00:00:00 2001
From: Drew Blessing <drew@gitlab.com>
Date: Thu, 17 Dec 2015 16:08:14 -0600
Subject: Backport JIRA service

---
 app/controllers/projects/services_controller.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/services_controller.rb b/app/controllers/projects/services_controller.rb
index 6e7590260ff..8b2577aebe1 100644
--- a/app/controllers/projects/services_controller.rb
+++ b/app/controllers/projects/services_controller.rb
@@ -1,5 +1,5 @@
 class Projects::ServicesController < Projects::ApplicationController
-  ALLOWED_PARAMS = [:title, :token, :type, :active, :api_key, :api_version, :subdomain,
+  ALLOWED_PARAMS = [:title, :token, :type, :active, :api_key, :api_url, :api_version, :subdomain,
                     :room, :recipients, :project_url, :webhook,
                     :user_key, :device, :priority, :sound, :bamboo_url, :username, :password,
                     :build_key, :server, :teamcity_url, :drone_url, :build_type,
@@ -10,7 +10,8 @@ class Projects::ServicesController < Projects::ApplicationController
                     :notify_only_broken_builds, :add_pusher,
                     :send_from_committer_email, :disable_diffs, :external_wiki_url,
                     :notify, :color,
-                    :server_host, :server_port, :default_irc_uri, :enable_ssl_verification]
+                    :server_host, :server_port, :default_irc_uri, :enable_ssl_verification,
+                    :jira_issue_transition_id]
 
   # Parameters to ignore if no value is specified
   FILTER_BLANK_PARAMS = [:password]
-- 
cgit v1.2.3


From c910bca730561da3361faec56ef509e25a798c66 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Mon, 21 Dec 2015 11:57:51 +0100
Subject: Add tests for new functionality

---
 app/controllers/projects/forks_controller.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/forks_controller.rb b/app/controllers/projects/forks_controller.rb
index 1d599b6c427..750181f0c19 100644
--- a/app/controllers/projects/forks_controller.rb
+++ b/app/controllers/projects/forks_controller.rb
@@ -10,7 +10,11 @@ class Projects::ForksController < Projects::ApplicationController
 
   def create
     namespace = Namespace.find(params[:namespace_key])
-    @forked_project = ::Projects::ForkService.new(project, current_user, namespace: namespace).execute
+    
+    @forked_project = namespace.projects.find_by(path: project.path)
+    @forked_project = nil unless @forked_project && @forked_project.forked_from_project == project
+
+    @forked_project ||= ::Projects::ForkService.new(project, current_user, namespace: namespace).execute
 
     if @forked_project.saved? && @forked_project.forked?
       if @forked_project.import_in_progress?
-- 
cgit v1.2.3


From d74b254d97e253e857a53e0320295966ac27ecff Mon Sep 17 00:00:00 2001
From: Grzegorz Bizon <grzesiek.bizon@gmail.com>
Date: Tue, 22 Dec 2015 09:40:32 +0100
Subject: Make CI Lint form synchronous

This removes `remote: true` from CI Lint form, making it synchronous
form. This also removes some complexity related to displaying lint
messages.

View also has been updated, removed deprecated Bootstrap 2 tags.
Improved design.

Closes #4206
---
 app/controllers/ci/lints_controller.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/ci/lints_controller.rb b/app/controllers/ci/lints_controller.rb
index 7ed78ff8e98..e782a51e7eb 100644
--- a/app/controllers/ci/lints_controller.rb
+++ b/app/controllers/ci/lints_controller.rb
@@ -19,8 +19,10 @@ module Ci
       @error = e.message
       @status = false
     rescue
-      @error = "Undefined error"
+      @error = 'Undefined error'
       @status = false
+    ensure
+      render :show
     end
   end
 end
-- 
cgit v1.2.3


From a48dd40a926fdeddfdd76cea5db468a82096c7f4 Mon Sep 17 00:00:00 2001
From: Valery Sizov <vsv2711@gmail.com>
Date: Thu, 17 Dec 2015 14:29:55 +0200
Subject: base implementation of emoji picker [ci skip]

---
 app/controllers/projects/notes_controller.rb | 1 -
 1 file changed, 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index ee705f32e81..6f1e186d408 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -139,7 +139,6 @@ class Projects::NotesController < Projects::ApplicationController
         discussion_id: note.discussion_id,
         html: note_to_html(note),
         award: note.is_award,
-        emoji_path: note.is_award ? view_context.image_url(::AwardEmoji.path_to_emoji_image(note.note)) : "",
         note: note.note,
         discussion_html: note_to_discussion_html(note),
         discussion_with_diff_html: note_to_discussion_with_diff_html(note)
-- 
cgit v1.2.3


From 011a7a32978ea6cfc7857f9afa7f2f242a753634 Mon Sep 17 00:00:00 2001
From: Jacob Schatz <jschatz1@gmail.com>
Date: Fri, 18 Dec 2015 16:06:48 -0500
Subject: adds starring and unstarring text to star button, also adds partial
 new styles

---
 app/controllers/projects_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index bf5e25ff895..2dab04f2a7c 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -171,7 +171,7 @@ class ProjectsController < ApplicationController
     @project.reload
 
     render json: {
-      html: view_to_html_string("projects/buttons/_star")
+      star_count: @project.star_count
     }
   end
 
-- 
cgit v1.2.3


From 672cbbff959c66ba10740ed17671d93060410d93 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Thu, 24 Dec 2015 15:33:51 +0100
Subject: Only allow group/project members to mention `@all`

---
 app/controllers/projects_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index bf5e25ff895..682dbf2766a 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -178,7 +178,7 @@ class ProjectsController < ApplicationController
   def markdown_preview
     text = params[:text]
 
-    ext = Gitlab::ReferenceExtractor.new(@project, current_user)
+    ext = Gitlab::ReferenceExtractor.new(@project, current_user, current_user)
     ext.analyze(text)
 
     render json: {
-- 
cgit v1.2.3


From 33964469b38e2b36b200b20fe3061371a5f5ab18 Mon Sep 17 00:00:00 2001
From: Gabriel Mazetto <gabriel@gitlab.com>
Date: Fri, 18 Dec 2015 18:29:13 -0200
Subject: WIP require two factor authentication

---
 app/controllers/application_controller.rb               | 12 ++++++++++++
 app/controllers/profiles/two_factor_auths_controller.rb |  2 ++
 2 files changed, 14 insertions(+)

(limited to 'app/controllers')

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 01e2e7b2f98..e15d83631b3 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -13,6 +13,7 @@ class ApplicationController < ActionController::Base
   before_action :validate_user_service_ticket!
   before_action :reject_blocked!
   before_action :check_password_expiration
+  before_action :check_tfa_requirement
   before_action :ldap_security_check
   before_action :default_headers
   before_action :add_gon_variables
@@ -223,6 +224,13 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def check_tfa_requirement
+    if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled
+      redirect_to new_profile_two_factor_auth_path,
+                  alert: 'You must configure Two-Factor Authentication in your account'
+    end
+  end
+
   def ldap_security_check
     if current_user && current_user.requires_ldap_check?
       unless Gitlab::LDAP::Access.allowed?(current_user)
@@ -357,6 +365,10 @@ class ApplicationController < ActionController::Base
     current_application_settings.import_sources.include?('git')
   end
 
+  def two_factor_authentication_required?
+    current_application_settings.require_two_factor_authentication
+  end
+
   def redirect_to_home_page_url?
     # If user is not signed-in and tries to access root_path - redirect him to landing page
     # Don't redirect to the default URL to prevent endless redirections
diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index e6b99be37fb..05c84fb720e 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -1,4 +1,6 @@
 class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
+  skip_before_action :check_tfa_requirement
+
   def new
     unless current_user.otp_secret
       current_user.otp_secret = User.generate_otp_secret(32)
-- 
cgit v1.2.3


From 31fb2b7702345fbf597c2cb17466567776433a56 Mon Sep 17 00:00:00 2001
From: Gabriel Mazetto <gabriel@gitlab.com>
Date: Thu, 24 Dec 2015 00:02:52 -0200
Subject: Grace period support for TFA

---
 app/controllers/application_controller.rb            | 20 ++++++++++++++++++--
 .../profiles/two_factor_auths_controller.rb          | 14 +++++++++++++-
 2 files changed, 31 insertions(+), 3 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index e15d83631b3..978a269ca52 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -225,9 +225,13 @@ class ApplicationController < ActionController::Base
   end
 
   def check_tfa_requirement
-    if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled
+    if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled && !skip_two_factor?
+      grace_period_started = current_user.otp_grace_period_started_at
+      grace_period_deadline = grace_period_started + two_factor_grace_period.hours
+
+      deadline_text = "until #{l(grace_period_deadline)}" unless two_factor_grace_period_expired?(grace_period_started)
       redirect_to new_profile_two_factor_auth_path,
-                  alert: 'You must configure Two-Factor Authentication in your account'
+                  alert: "You must configure Two-Factor Authentication in your account #{deadline_text}"
     end
   end
 
@@ -369,6 +373,18 @@ class ApplicationController < ActionController::Base
     current_application_settings.require_two_factor_authentication
   end
 
+  def two_factor_grace_period
+    current_application_settings.two_factor_grace_period
+  end
+
+  def two_factor_grace_period_expired?(date)
+    date && (date + two_factor_grace_period.hours) < Time.current
+  end
+
+  def skip_two_factor?
+    session[:skip_tfa] && session[:skip_tfa] > Time.current
+  end
+
   def redirect_to_home_page_url?
     # If user is not signed-in and tries to access root_path - redirect him to landing page
     # Don't redirect to the default URL to prevent endless redirections
diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index 05c84fb720e..49629e9894a 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -4,8 +4,11 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
   def new
     unless current_user.otp_secret
       current_user.otp_secret = User.generate_otp_secret(32)
-      current_user.save!
     end
+    unless current_user.otp_grace_period_started_at && two_factor_grace_period
+      current_user.otp_grace_period_started_at = Time.current
+    end
+    current_user.save! if current_user.changed?
 
     @qr_code = build_qr_code
   end
@@ -36,6 +39,15 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
     redirect_to profile_account_path
   end
 
+  def skip
+    if two_factor_grace_period_expired?(current_user.otp_grace_period_started_at)
+      redirect_to new_profile_two_factor_auth_path, alert: 'Cannot skip two factor authentication setup'
+    else
+      session[:skip_tfa] = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
+      redirect_to root_path
+    end
+  end
+
   private
 
   def build_qr_code
-- 
cgit v1.2.3


From b61a5bc20cbfcd8a2c914f19e8786a989bf69198 Mon Sep 17 00:00:00 2001
From: Gabriel Mazetto <gabriel@gitlab.com>
Date: Thu, 24 Dec 2015 02:04:41 -0200
Subject: specs for forced two-factor authentication and grace period

simplified code and fixed stuffs
---
 app/controllers/application_controller.rb               | 10 +++-------
 app/controllers/profiles/two_factor_auths_controller.rb |  9 ++++++++-
 2 files changed, 11 insertions(+), 8 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 978a269ca52..a945b38e35f 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -226,12 +226,7 @@ class ApplicationController < ActionController::Base
 
   def check_tfa_requirement
     if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled && !skip_two_factor?
-      grace_period_started = current_user.otp_grace_period_started_at
-      grace_period_deadline = grace_period_started + two_factor_grace_period.hours
-
-      deadline_text = "until #{l(grace_period_deadline)}" unless two_factor_grace_period_expired?(grace_period_started)
-      redirect_to new_profile_two_factor_auth_path,
-                  alert: "You must configure Two-Factor Authentication in your account #{deadline_text}"
+      redirect_to new_profile_two_factor_auth_path
     end
   end
 
@@ -377,7 +372,8 @@ class ApplicationController < ActionController::Base
     current_application_settings.two_factor_grace_period
   end
 
-  def two_factor_grace_period_expired?(date)
+  def two_factor_grace_period_expired?
+    date = current_user.otp_grace_period_started_at
     date && (date + two_factor_grace_period.hours) < Time.current
   end
 
diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index 49629e9894a..4f125eb7e05 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -10,6 +10,13 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
     end
     current_user.save! if current_user.changed?
 
+    if two_factor_grace_period_expired?
+      flash.now[:alert] = 'You must configure Two-Factor Authentication in your account.'
+    else
+      grace_period_deadline = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
+      flash.now[:alert] = "You must configure Two-Factor Authentication in your account until #{l(grace_period_deadline)}."
+    end
+
     @qr_code = build_qr_code
   end
 
@@ -40,7 +47,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
   end
 
   def skip
-    if two_factor_grace_period_expired?(current_user.otp_grace_period_started_at)
+    if two_factor_grace_period_expired?
       redirect_to new_profile_two_factor_auth_path, alert: 'Cannot skip two factor authentication setup'
     else
       session[:skip_tfa] = current_user.otp_grace_period_started_at + two_factor_grace_period.hours
-- 
cgit v1.2.3


From cde06999c939c6856a62cfdf764857d712d7a863 Mon Sep 17 00:00:00 2001
From: Gabriel Mazetto <gabriel@gitlab.com>
Date: Thu, 24 Dec 2015 04:18:34 -0200
Subject: Add to application_settings forced TFA options

---
 app/controllers/admin/application_settings_controller.rb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'app/controllers')

diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index 9dd16f8c735..2f4a855c118 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -49,6 +49,8 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
       :default_branch_protection,
       :signup_enabled,
       :signin_enabled,
+      :require_two_factor_authentication,
+      :two_factor_grace_period,
       :gravatar_enabled,
       :twitter_sharing_enabled,
       :sign_in_text,
-- 
cgit v1.2.3


From 1249289f89feba725109ce769e685b07cf746e4b Mon Sep 17 00:00:00 2001
From: Gabriel Mazetto <gabriel@gitlab.com>
Date: Thu, 24 Dec 2015 18:58:46 -0200
Subject: Fixed codestyle and added 2FA documentation

---
 app/controllers/application_controller.rb               | 4 ++--
 app/controllers/profiles/two_factor_auths_controller.rb | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index a945b38e35f..d9a37a4d45f 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -13,7 +13,7 @@ class ApplicationController < ActionController::Base
   before_action :validate_user_service_ticket!
   before_action :reject_blocked!
   before_action :check_password_expiration
-  before_action :check_tfa_requirement
+  before_action :check_2fa_requirement
   before_action :ldap_security_check
   before_action :default_headers
   before_action :add_gon_variables
@@ -224,7 +224,7 @@ class ApplicationController < ActionController::Base
     end
   end
 
-  def check_tfa_requirement
+  def check_2fa_requirement
     if two_factor_authentication_required? && current_user && !current_user.two_factor_enabled && !skip_two_factor?
       redirect_to new_profile_two_factor_auth_path
     end
diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index 4f125eb7e05..6e91d9b4ad9 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -1,13 +1,15 @@
 class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
-  skip_before_action :check_tfa_requirement
+  skip_before_action :check_2fa_requirement
 
   def new
     unless current_user.otp_secret
       current_user.otp_secret = User.generate_otp_secret(32)
     end
+
     unless current_user.otp_grace_period_started_at && two_factor_grace_period
       current_user.otp_grace_period_started_at = Time.current
     end
+
     current_user.save! if current_user.changed?
 
     if two_factor_grace_period_expired?
-- 
cgit v1.2.3


From 9f7d379c2a018c86671bfc157fe1f0cf4e31e25e Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Sun, 27 Dec 2015 09:03:06 -0800
Subject: Add support for Google reCAPTCHA in user registration to prevent
 spammers

---
 app/controllers/registrations_controller.rb | 23 +++++++++++++++++++++++
 app/controllers/sessions_controller.rb      | 13 +++++++------
 2 files changed, 30 insertions(+), 6 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index 3b3dc86cb68..283831f8149 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -1,10 +1,21 @@
 class RegistrationsController < Devise::RegistrationsController
   before_action :signup_enabled?
+  include Recaptcha::Verify
 
   def new
     redirect_to(new_user_session_path)
   end
 
+  def create
+    if !Gitlab.config.recaptcha.enabled || verify_recaptcha
+      super
+    else
+      flash[:alert] = "There was an error with the reCAPTCHA code below. Please re-enter the code."
+      flash.delete :recaptcha_error
+      render action: 'new'
+    end
+  end
+
   def destroy
     DeleteUserService.new(current_user).execute(current_user)
 
@@ -38,4 +49,16 @@ class RegistrationsController < Devise::RegistrationsController
   def sign_up_params
     params.require(:user).permit(:username, :email, :name, :password, :password_confirmation)
   end
+
+  def resource_name
+    :user
+  end
+
+  def resource
+    @resource ||= User.new
+  end
+
+  def devise_mapping
+    @devise_mapping ||= Devise.mappings[:user]
+  end
 end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 1b60d3e27d0..da4b35d322b 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,5 +1,6 @@
 class SessionsController < Devise::SessionsController
   include AuthenticatesWithTwoFactor
+  include Recaptcha::ClientHelper
 
   prepend_before_action :authenticate_with_two_factor, only: [:create]
   prepend_before_action :store_redirect_path, only: [:new]
@@ -40,7 +41,7 @@ class SessionsController < Devise::SessionsController
       User.find(session[:otp_user_id])
     end
   end
-  
+
   def store_redirect_path
     redirect_path =
       if request.referer.present? && (params['redirect_to_referer'] == 'yes')
@@ -87,14 +88,14 @@ class SessionsController < Devise::SessionsController
     provider = Gitlab.config.omniauth.auto_sign_in_with_provider
     return unless provider.present?
 
-    # Auto sign in with an Omniauth provider only if the standard "you need to sign-in" alert is 
-    # registered or no alert at all. In case of another alert (such as a blocked user), it is safer  
+    # Auto sign in with an Omniauth provider only if the standard "you need to sign-in" alert is
+    # registered or no alert at all. In case of another alert (such as a blocked user), it is safer
     # to do nothing to prevent redirection loops with certain Omniauth providers.
     return unless flash[:alert].blank? || flash[:alert] == I18n.t('devise.failure.unauthenticated')
-    
+
     # Prevent alert from popping up on the first page shown after authentication.
-    flash[:alert] = nil 
-    
+    flash[:alert] = nil
+
     redirect_to user_omniauth_authorize_path(provider.to_sym)
   end
 
-- 
cgit v1.2.3


From 1bda2e43a2f5ffdd4afa7ae73798ca4e36c0de9f Mon Sep 17 00:00:00 2001
From: Robert Speicher <rspeicher@gmail.com>
Date: Sun, 27 Dec 2015 21:19:14 -0500
Subject: Prevent an XSS warning from the updated Brakeman

---
 app/controllers/projects/commits_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/projects/commits_controller.rb b/app/controllers/projects/commits_controller.rb
index 58fb946dbc2..04a88990bf4 100644
--- a/app/controllers/projects/commits_controller.rb
+++ b/app/controllers/projects/commits_controller.rb
@@ -9,7 +9,7 @@ class Projects::CommitsController < Projects::ApplicationController
 
   def show
     @repo = @project.repository
-    @limit, @offset = (params[:limit] || 40), (params[:offset] || 0)
+    @limit, @offset = (params[:limit] || 40).to_i, (params[:offset] || 0).to_i
 
     @commits = @repo.commits(@ref, @path, @limit, @offset)
     @note_counts = project.notes.where(commit_id: @commits.map(&:id)).
-- 
cgit v1.2.3


From 6f0ee5c9089d469a59879fbc0ffd6a2f3d69687e Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Sun, 27 Dec 2015 19:47:10 -0800
Subject: Fix failed spec

---
 app/controllers/registrations_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index 283831f8149..ee1006dea49 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -55,7 +55,7 @@ class RegistrationsController < Devise::RegistrationsController
   end
 
   def resource
-    @resource ||= User.new
+    @resource ||= User.new(sign_up_params)
   end
 
   def devise_mapping
-- 
cgit v1.2.3


From 4d925f2147884812e349031a19f0d7ced9d5fdaf Mon Sep 17 00:00:00 2001
From: Yorick Peterse <yorickpeterse@gmail.com>
Date: Mon, 28 Dec 2015 18:00:32 +0100
Subject: Move InfluxDB settings to ApplicationSetting

---
 app/controllers/admin/application_settings_controller.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'app/controllers')

diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index 2f4a855c118..3c332adf1fa 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -67,6 +67,14 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
       :user_oauth_applications,
       :shared_runners_enabled,
       :max_artifacts_size,
+      :metrics_enabled,
+      :metrics_host,
+      :metrics_database,
+      :metrics_username,
+      :metrics_password,
+      :metrics_pool_size,
+      :metrics_timeout,
+      :metrics_method_call_threshold,
       restricted_visibility_levels: [],
       import_sources: []
     )
-- 
cgit v1.2.3


From a3469d914aaf28a1184247cbe72e5197ce7ca006 Mon Sep 17 00:00:00 2001
From: Gabriel Mazetto <gabriel@gitlab.com>
Date: Mon, 28 Dec 2015 18:21:34 -0200
Subject: reCAPTCHA is configurable through Admin Settings, no reload needed.

---
 app/controllers/admin/application_settings_controller.rb | 3 +++
 app/controllers/registrations_controller.rb              | 2 +-
 app/controllers/sessions_controller.rb                   | 5 +++++
 3 files changed, 9 insertions(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index 3c332adf1fa..005db13fb9b 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -75,6 +75,9 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
       :metrics_pool_size,
       :metrics_timeout,
       :metrics_method_call_threshold,
+      :recaptcha_enabled,
+      :recaptcha_site_key,
+      :recaptcha_private_key,
       restricted_visibility_levels: [],
       import_sources: []
     )
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index ee1006dea49..485aaf45b01 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -7,7 +7,7 @@ class RegistrationsController < Devise::RegistrationsController
   end
 
   def create
-    if !Gitlab.config.recaptcha.enabled || verify_recaptcha
+    if Gitlab::Recaptcha.load_configurations! && verify_recaptcha
       super
     else
       flash[:alert] = "There was an error with the reCAPTCHA code below. Please re-enter the code."
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index da4b35d322b..825f85199be 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -5,6 +5,7 @@ class SessionsController < Devise::SessionsController
   prepend_before_action :authenticate_with_two_factor, only: [:create]
   prepend_before_action :store_redirect_path, only: [:new]
   before_action :auto_sign_in_with_provider, only: [:new]
+  before_action :load_recaptcha
 
   def new
     if Gitlab.config.ldap.enabled
@@ -108,4 +109,8 @@ class SessionsController < Devise::SessionsController
     AuditEventService.new(user, user, options).
       for_authentication.security_event
   end
+
+  def load_recaptcha
+    Gitlab::Recaptcha.load_configurations!
+  end
 end
-- 
cgit v1.2.3


From e619d0b615a394a08ca1d0be59f0028c8e390b88 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Mon, 28 Dec 2015 16:59:59 -0800
Subject: When reCAPTCHA is disabled, allow registrations to go through without
 a code

---
 app/controllers/registrations_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index 485aaf45b01..c48175a4c5a 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -7,7 +7,7 @@ class RegistrationsController < Devise::RegistrationsController
   end
 
   def create
-    if Gitlab::Recaptcha.load_configurations! && verify_recaptcha
+    if !Gitlab::Recaptcha.load_configurations! || verify_recaptcha
       super
     else
       flash[:alert] = "There was an error with the reCAPTCHA code below. Please re-enter the code."
-- 
cgit v1.2.3


From 620e7bb3d60c3685b494b26e256b793a47621da4 Mon Sep 17 00:00:00 2001
From: Yorick Peterse <yorickpeterse@gmail.com>
Date: Tue, 29 Dec 2015 13:40:42 +0100
Subject: Write to InfluxDB directly via UDP

This removes the need for Sidekiq and any overhead/problems introduced
by TCP. There are a few things to take into account:

1. When writing data to InfluxDB you may still get an error if the
   server becomes unavailable during the write. Because of this we're
   catching all exceptions and just ignore them (for now).
2. Writing via UDP apparently requires the timestamp to be in
   nanoseconds. Without this data either isn't written properly.
3. Due to the restrictions on UDP buffer sizes we're writing metrics one
   by one, instead of writing all of them at once.
---
 app/controllers/admin/application_settings_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/controllers')

diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index 005db13fb9b..10e736fd362 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -69,7 +69,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
       :max_artifacts_size,
       :metrics_enabled,
       :metrics_host,
-      :metrics_database,
+      :metrics_port,
       :metrics_username,
       :metrics_password,
       :metrics_pool_size,
-- 
cgit v1.2.3


From 567dc62b6dd114ac129eb2f45baa8155f5f11a51 Mon Sep 17 00:00:00 2001
From: Douglas Barbosa Alexandre <dbalexandre@gmail.com>
Date: Wed, 30 Dec 2015 12:25:42 -0200
Subject: Show 'All' tab by default in the builds page

---
 app/controllers/admin/builds_controller.rb    | 6 +++---
 app/controllers/projects/builds_controller.rb | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/admin/builds_controller.rb b/app/controllers/admin/builds_controller.rb
index 83d9684c706..0db91eaaf2e 100644
--- a/app/controllers/admin/builds_controller.rb
+++ b/app/controllers/admin/builds_controller.rb
@@ -5,12 +5,12 @@ class Admin::BuildsController < Admin::ApplicationController
     @builds = @all_builds.order('created_at DESC')
     @builds =
       case @scope
-      when 'all'
-        @builds
+      when 'running'
+        @builds.running_or_pending.reverse_order
       when 'finished'
         @builds.finished
       else
-        @builds.running_or_pending.reverse_order
+        @builds
       end
     @builds = @builds.page(params[:page]).per(30)
   end
diff --git a/app/controllers/projects/builds_controller.rb b/app/controllers/projects/builds_controller.rb
index 26ba12520c7..39d3ba26ba2 100644
--- a/app/controllers/projects/builds_controller.rb
+++ b/app/controllers/projects/builds_controller.rb
@@ -12,12 +12,12 @@ class Projects::BuildsController < Projects::ApplicationController
     @builds = @all_builds.order('created_at DESC')
     @builds =
       case @scope
-      when 'all'
-        @builds
+      when 'running'
+        @builds.running_or_pending.reverse_order
       when 'finished'
         @builds.finished
       else
-        @builds.running_or_pending.reverse_order
+        @builds
       end
     @builds = @builds.page(params[:page]).per(30)
   end
-- 
cgit v1.2.3


From 8b1844912561a7e6dd0cc361ea1514f2a340e275 Mon Sep 17 00:00:00 2001
From: Valery Sizov <vsv2711@gmail.com>
Date: Mon, 28 Dec 2015 13:32:18 +0200
Subject: remove public field from namespace and refactoring

---
 app/controllers/explore/groups_controller.rb | 2 +-
 app/controllers/users_controller.rb          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/explore/groups_controller.rb b/app/controllers/explore/groups_controller.rb
index 9575a87ee41..a9bf4321f73 100644
--- a/app/controllers/explore/groups_controller.rb
+++ b/app/controllers/explore/groups_controller.rb
@@ -1,6 +1,6 @@
 class Explore::GroupsController < Explore::ApplicationController
   def index
-    @groups = GroupsFinder.new.execute(current_user)
+    @groups = Group.order_id_desc
     @groups = @groups.search(params[:search]) if params[:search].present?
     @groups = @groups.sort(@sort = params[:sort])
     @groups = @groups.page(params[:page]).per(PER_PAGE)
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 30cb869eb2a..280228dbcc0 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -7,7 +7,7 @@ class UsersController < ApplicationController
 
     @projects = PersonalProjectsFinder.new(@user).execute(current_user)
 
-    @groups = JoinedGroupsFinder.new(@user).execute(current_user)
+    @groups = @user.groups.order_id_desc
 
     respond_to do |format|
       format.html
-- 
cgit v1.2.3


From 0e60282e36faab8b0f4faee0b71716987df28416 Mon Sep 17 00:00:00 2001
From: Robert Speicher <rspeicher@gmail.com>
Date: Mon, 4 Jan 2016 18:46:43 -0500
Subject: Redirect back to user profile page after abuse report

Now the reporter will see the fruits of their labor, namely, the red
icon!
---
 app/controllers/abuse_reports_controller.rb | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/abuse_reports_controller.rb b/app/controllers/abuse_reports_controller.rb
index 20bc5173f1d..5718fd22de9 100644
--- a/app/controllers/abuse_reports_controller.rb
+++ b/app/controllers/abuse_reports_controller.rb
@@ -14,7 +14,7 @@ class AbuseReportsController < ApplicationController
       end
 
       message = "Thank you for your report. A GitLab administrator will look into it shortly."
-      redirect_to root_path, notice: message
+      redirect_to @abuse_report.user, notice: message
     else
       render :new
     end
@@ -23,6 +23,9 @@ class AbuseReportsController < ApplicationController
   private
 
   def report_params
-    params.require(:abuse_report).permit(:user_id, :message)
+    params.require(:abuse_report).permit(%i(
+      message
+      user_id
+    ))
   end
 end
-- 
cgit v1.2.3


From 46a220ae3c0e646aac63a3230399fcc8979df6ec Mon Sep 17 00:00:00 2001
From: Robert Speicher <rspeicher@gmail.com>
Date: Mon, 4 Jan 2016 18:59:42 -0500
Subject: Add `AbuseReport#notify`

Tell, Don't Ask.
---
 app/controllers/abuse_reports_controller.rb | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/abuse_reports_controller.rb b/app/controllers/abuse_reports_controller.rb
index 5718fd22de9..38814459f66 100644
--- a/app/controllers/abuse_reports_controller.rb
+++ b/app/controllers/abuse_reports_controller.rb
@@ -9,9 +9,7 @@ class AbuseReportsController < ApplicationController
     @abuse_report.reporter = current_user
 
     if @abuse_report.save
-      if current_application_settings.admin_notification_email.present?
-        AbuseReportMailer.notify(@abuse_report.id).deliver_later
-      end
+      @abuse_report.notify
 
       message = "Thank you for your report. A GitLab administrator will look into it shortly."
       redirect_to @abuse_report.user, notice: message
-- 
cgit v1.2.3