Merge branch 'master' into 8-9-stable

.gitlab-ci.yml

@@ -92,9 +92,7 @@ update-knapsack:
     - export KNAPSACK_REPORT_PATH=knapsack/spinach_node_${CI_NODE_INDEX}_${CI_NODE_TOTAL}_report.json
     - export KNAPSACK_GENERATE_REPORT=true
     - cp knapsack/spinach_report.json ${KNAPSACK_REPORT_PATH}
-    - knapsack spinach "-r rerun"
-    # retry failed tests 3 times
-    - retry '[ ! -e tmp/spinach-rerun.txt ] || bin/spinach -r rerun $(cat tmp/spinach-rerun.txt)'
+    - knapsack spinach "-r rerun" || retry '[ ! -e tmp/spinach-rerun.txt ] || bundle exec spinach -r rerun $(cat tmp/spinach-rerun.txt)'
   artifacts:
     paths:
     - knapsack/

CHANGELOG

@@ -2,12 +2,15 @@ Please view this file on the master branch, on stable branches it's out of date.
 
 v 8.9.0 (unreleased)
   - Fix Error 500 when using closes_issues API with an external issue tracker
+  - Add more information into RSS feed for issues (Alexander Matyushentsev)
   - Bulk assign/unassign labels to issues.
   - Ability to prioritize labels !4009 / !3205 (Thijs Wouters)
   - Fix endless redirections when accessing user OAuth applications when they are disabled
   - Allow enabling wiki page events from Webhook management UI
   - Bump rouge to 1.11.0
   - Fix issue with arrow keys not working in search autocomplete dropdown
+  - Fix an issue where note polling stopped working if a window was in the
+    background during a refresh.
   - Make EmailsOnPushWorker use Sidekiq mailers queue
   - Fix wiki page events' webhook to point to the wiki repository
   - Don't show tags for revert and cherry-pick operations
@@ -21,9 +24,14 @@ v 8.9.0 (unreleased)
   - Reduce number of fog gem dependencies
   - Remove project notification settings associated with deleted projects
   - Fix 404 page when viewing TODOs that contain milestones or labels in different projects
+  - Add a metric for the number of new Redis connections created by a transaction
+  - Fix Error 500 when viewing a blob with binary characters after the 1024-byte mark
   - Redesign navigation for project pages
   - Fix groups API to list only user's accessible projects
+  - Add Environments and Deployments
   - Redesign account and email confirmation emails
+  - Don't fail builds for projects that are deleted
+  - Support Docker Registry manifest v1
   - `git clone https://host/namespace/project` now works, in addition to using the `.git` suffix
   - Bump nokogiri to 1.6.8
   - Use gitlab-shell v3.0.0
@@ -38,6 +46,8 @@ v 8.9.0 (unreleased)
   - Add option to project to only allow merge requests to be merged if the build succeeds (Rui Santos)
   - Fix issues filter when ordering by milestone
   - Added artifacts:when to .gitlab-ci.yml - this requires GitLab Runner 1.3
+  - Bamboo Service: Fix missing credentials & URL handling when base URL contains a path (Benjamin Schmid)
+  - TeamCity Service: Fix URL handling when base URL contains a path
   - Todos will display target state if issuable target is 'Closed' or 'Merged'
   - Fix bug when sorting issues by milestone due date and filtering by two or more labels
   - Add support for using Yubikeys (U2F) for two-factor authentication
@@ -54,6 +64,7 @@ v 8.9.0 (unreleased)
   - Use Knapsack only in CI environment
   - Cache project build count in sidebar nav
   - Add milestone expire date to the right sidebar
+  - Manually mark a issue or merge request as a todo
   - Fix markdown_spec to use before instead of before(:all) to properly cleanup database after testing
   - Reduce number of queries needed to render issue labels in the sidebar
   - Improve error handling importing projects
@@ -66,6 +77,7 @@ v 8.9.0 (unreleased)
   - RepositoryCheck::SingleRepositoryWorker public and private methods are now instrumented
   - Improve issuables APIs performance when accessing notes !4471
   - External links now open in a new tab
+  - Prevent default actions of disabled buttons and links
   - Markdown editor now correctly resets the input value on edit cancellation !4175
   - Toggling a task list item in a issue/mr description does not creates a Todo for mentions
   - Improved UX of date pickers on issue & milestone forms
@@ -73,6 +85,20 @@ v 8.9.0 (unreleased)
   - Put project Labels and Milestones pages links under Issues and Merge Requests tabs as subnav
   - All classes in the Banzai::ReferenceParser namespace are now instrumented
   - Remove deprecated issues_tracker and issues_tracker_id from project model
+  - Allow users to create confidential issues in private projects
+  - Measure CPU time for instrumented methods
+  - Instrument private methods and private instance methods by default instead just public methods
+  - Only show notes through JSON on confidential issues that the user has access to
+  - Updated the allocations Gem to version 1.0.5
+  - The background sampler now ignores classes without names
+  - Update design for `Close` buttons
+  - New custom icons for navigation
+  - Horizontally scrolling navigation on project, group, and profile settings pages
+  - Hide global side navigation by default
+  - Fix project Star/Unstar project button tooltip
+  - Remove tanuki logo from side navigation; center on top nav
+  - Include user relationships when retrieving award_emoji
+  - Various associations are now eager loaded when parsing issue references to reduce the number of queries executed
 
 v 8.8.5 (unreleased)
   - Ensure branch cleanup regardless of whether the GitHub import process succeeds

Gemfile

@@ -210,6 +210,9 @@ gem 'mousetrap-rails', '~> 1.4.6'
 # Detect and convert string character encoding
 gem 'charlock_holmes', '~> 0.7.3'
 
+# Parse duration
+gem 'chronic_duration', '~> 0.10.6'
+
 gem "sass-rails", '~> 5.0.0'
 gem "coffee-rails", '~> 4.1.0'
 gem "uglifier", '~> 2.7.2'

Gemfile.lock

@@ -50,7 +50,7 @@ GEM
     after_commit_queue (1.3.0)
       activerecord (>= 3.0)
     akismet (2.0.0)
-    allocations (1.0.4)
+    allocations (1.0.5)
     arel (6.0.3)
     asana (0.4.0)
       faraday (~> 0.9)
@@ -124,6 +124,8 @@ GEM
       mime-types (>= 1.16)
     cause (0.1)
     charlock_holmes (0.7.3)
+    chronic_duration (0.10.6)
+      numerizer (~> 0.1.1)
     chunky_png (1.3.5)
     cliver (0.3.2)
     coderay (1.1.0)
@@ -275,7 +277,7 @@ GEM
       posix-spawn (~> 0.3)
     gitlab_emoji (0.3.1)
       gemojione (~> 2.2, >= 2.2.1)
-    gitlab_git (10.1.0)
+    gitlab_git (10.1.3)
       activesupport (~> 4.0)
       charlock_holmes (~> 0.7.3)
       github-linguist (~> 4.7.0)
@@ -398,7 +400,7 @@ GEM
       mime-types (>= 1.16, < 4)
     mail_room (0.7.0)
     method_source (0.8.2)
-    mime-types (2.99.1)
+    mime-types (2.99.2)
     mimemagic (0.3.0)
     mini_portile2 (2.1.0)
     minitest (5.7.0)
@@ -414,6 +416,7 @@ GEM
     nokogiri (1.6.8)
       mini_portile2 (~> 2.1.0)
       pkg-config (~> 1.1.7)
+    numerizer (0.1.1)
     oauth (0.4.7)
     oauth2 (1.0.0)
       faraday (>= 0.8, < 0.10)
@@ -839,6 +842,7 @@ DEPENDENCIES
   capybara-screenshot (~> 1.0.0)
   carrierwave (~> 0.10.0)
   charlock_holmes (~> 0.7.3)
+  chronic_duration (~> 0.10.6)
   coffee-rails (~> 4.1.0)
   connection_pool (~> 2.0)
   coveralls (~> 0.8.2)

app/assets/javascripts/application.js.coffee

@@ -125,6 +125,7 @@ window.onload = ->
     setTimeout shiftWindow, 100
 
 $ ->
+  gl.utils.preventDisabledButtons()
   bootstrapBreakpoint = bp.getBreakpointSize()
 
   $(".nicescroll").niceScroll(cursoropacitymax: '0.4', cursorcolor: '#FFF', cursorborder: "1px solid #FFF")

app/assets/javascripts/ci/build.coffee

@@ -17,6 +17,8 @@ class @CiBuild
       .off 'resize.build'
       .on 'resize.build', @hideSidebar
 
+    @updateArtifactRemoveDate()
+
     if $('#build-trace').length
       @getInitialBuildTrace()
       @initScrollButtonAffix()
@@ -103,3 +105,10 @@ class @CiBuild
       $('.js-build-sidebar')
         .removeClass 'right-sidebar-collapsed'
         .addClass 'right-sidebar-expanded'
+
+  updateArtifactRemoveDate: ->
+    $date = $('.js-artifacts-remove')
+
+    if $date.length
+      date = $date.text()
+      $date.text $.timefor(new Date(date), ' ')

app/assets/javascripts/dispatcher.js.coffee

@@ -53,9 +53,13 @@ class Dispatcher
         new Diff()
         shortcut_handler = new ShortcutsIssuable(true)
         new ZenMode()
+        new MergedButtons()
+      when 'projects:merge_requests:commits', 'projects:merge_requests:builds'
+        new MergedButtons()
       when "projects:merge_requests:diffs"
         new Diff()
         new ZenMode()
+        new MergedButtons()
       when 'projects:merge_requests:index'
         shortcut_handler = new ShortcutsNavigation()
         Issuable.init()

app/assets/javascripts/issuable.js.coffee

@@ -56,13 +56,6 @@ issuable_created = false
         Issuable.filterResults $('.filter-form')
         $('.js-label-select').trigger('update.label')
 
-  toggleLabelFilters: ->
-    $filteredLabels = $('.filtered-labels')
-    if $filteredLabels.find('.label-row').length > 0
-      $filteredLabels.removeClass('hidden')
-    else
-      $filteredLabels.addClass('hidden')
-
   filterResults: (form) =>
     formData = form.serialize()
 
@@ -71,58 +64,16 @@ issuable_created = false
     issuesUrl = formAction
     issuesUrl += ("#{if formAction.indexOf('?') < 0 then '?' else '&'}")
     issuesUrl += formData
-    $.ajax
-      type: 'GET'
-      url: formAction
-      data: formData
-      complete: ->
-        $('.issues-holder, .merge-requests-holder').css('opacity', '1.0')
-      success: (data) ->
-        $('.issues-holder, .merge-requests-holder').html(data.html)
-        # Change url so if user reload a page - search results are saved
-        history.replaceState {page: issuesUrl}, document.title, issuesUrl
-        Issuable.reload()
-        Issuable.updateStateFilters()
-        $filteredLabels = $('.filtered-labels')
-
-        if typeof Issuable.labelRow is 'function'
-          $filteredLabels.html(Issuable.labelRow(data))
 
-        Issuable.toggleLabelFilters()
-
-      dataType: "json"
-
-  reload: ->
-    if Issuable.created
-      Issuable.initChecks()
-
-    $('#filter_issue_search').val($('#issue_search').val())
+    Turbolinks.visit(issuesUrl);
 
   initChecks: ->
-    $('.check_all_issues').on 'click', ->
+    $('.check_all_issues').off('click').on('click', ->
       $('.selected_issue').prop('checked', @checked)
       Issuable.checkChanged()
+    )
 
-    $('.selected_issue').on 'change', Issuable.checkChanged
-
-  updateStateFilters: ->
-    stateFilters =  $('.issues-state-filters, .dropdown-menu-sort')
-    newParams = {}
-    paramKeys = ['author_id', 'milestone_title', 'assignee_id', 'issue_search', 'issue_search']
-
-    for paramKey in paramKeys
-      newParams[paramKey] = gl.utils.getParameterValues(paramKey)[0] or ''
-
-    if stateFilters.length
-      stateFilters.find('a').each ->
-        initialUrl = gl.utils.removeParamQueryString($(this).attr('href'), 'label_name[]')
-        labelNameValues = gl.utils.getParameterValues('label_name[]')
-        if labelNameValues
-          labelNameQueryString = ("label_name[]=#{value}" for value in labelNameValues).join('&')
-          newUrl = "#{gl.utils.mergeUrlParams(newParams, initialUrl)}&#{labelNameQueryString}"
-        else
-          newUrl = gl.utils.mergeUrlParams(newParams, initialUrl)
-        $(this).attr 'href', newUrl
+    $('.selected_issue').off('change').on('change', Issuable.checkChanged)
 
   checkChanged: ->
     checked_issues = $('.selected_issue:checked')

app/assets/javascripts/issuable_form.js.coffee

@@ -102,6 +102,10 @@ class @IssuableForm
             return {
               results: data
             }
+          data: (query) ->
+            {
+              search: query
+            }
         formatResult: (project) ->
           project.name_with_namespace
         formatSelection: (project) ->

app/assets/javascripts/issues-bulk-assignment.js.coffee

@@ -9,6 +9,9 @@ class @IssuableBulkActions
 
     @bindEvents()
 
+    # Fixes bulk-assign not working when navigating through pages
+    Issuable.initChecks();
+
   getElement: (selector) ->
     @container.find selector
 

app/assets/javascripts/layout_nav.js.coffee

-class @LayoutNav
-  $ ->
-    $('.fade-left').addClass('end-scroll')
-    $('.scrolling-tabs').on 'scroll', (event) ->
-      $this = $(this)
-      $el = $(event.target)
-      currentPosition = $this.scrollLeft()
-      size = bp.getBreakpointSize()
-      controlBtnWidth = $('.controls').width()
-      maxPosition = $this.get(0).scrollWidth - $this.parent().width()
-      maxPosition += controlBtnWidth if size isnt 'xs' and $('.nav-control').length
-
-      $el.find('.fade-left').toggleClass('end-scroll', currentPosition is 0)
-      $el.find('.fade-right').toggleClass('end-scroll', currentPosition is maxPosition)
+hideEndFade = ($scrollingTabs) ->
+  $scrollingTabs.each ->
+    $this = $(@)
+
+    $this
+      .find('.fade-right')
+      .toggleClass('end-scroll', $this.width() is $this.prop('scrollWidth'))
+
+$ ->
+  $('.fade-left').addClass('end-scroll')
+
+  hideEndFade($('.scrolling-tabs'))
+
+  $(window)
+    .off 'resize.nav'
+    .on 'resize.nav', ->
+      hideEndFade($('.scrolling-tabs'))
+
+  $('.scrolling-tabs').on 'scroll', (event) ->
+    $this = $(this)
+    currentPosition = $this.scrollLeft()
+    maxPosition = $this.prop('scrollWidth') - $this.outerWidth()
+
+    $this.find('.fade-left').toggleClass('end-scroll', currentPosition is 0)
+    $this.find('.fade-right').toggleClass('end-scroll', currentPosition is maxPosition)

app/assets/javascripts/lib/common_utils.js.coffee

 ((w) ->
 
+  window.gl or= {}
+  window.gl.utils or= {}
+
   jQuery.timefor = (time, suffix, expiredLabel) ->
 
     return '' unless time
@@ -21,4 +24,20 @@
 
     return timefor
 
+
+  gl.utils.updateTooltipTitle = ($tooltipEl, newTitle) ->
+
+    $tooltipEl
+      .tooltip 'destroy'
+      .attr    'title', newTitle
+      .tooltip 'fixTitle'
+
+  gl.utils.preventDisabledButtons = ->
+
+    $('.btn').click (e) ->
+      if $(this).hasClass 'disabled'
+        e.preventDefault()
+        e.stopImmediatePropagation()
+        return false
+
 ) window

app/assets/javascripts/logo.js.coffee

@@ -42,9 +42,3 @@ work = ->
 
 $(document).on('page:fetch',  start)
 $(document).on('page:change', stop)
-
-$ ->
-  # Make logo clickable as part of a workaround for Safari visited
-  # link behaviour (See !2690).
-  $('#logo').on 'click', ->
-    Turbolinks.visit('/')

app/assets/javascripts/merged_buttons.js.coffee

+class @MergedButtons
+  constructor: ->
+    @$removeBranchWidget = $('.remove_source_branch_widget')
+    @$removeBranchProgress = $('.remove_source_branch_in_progress')
+    @$removeBranchFailed = $('.remove_source_branch_widget.failed')
+
+    @cleanEventListeners()
+    @initEventListeners()
+
+  cleanEventListeners: ->
+    $(document).off 'click', '.remove_source_branch'
+    $(document).off 'ajax:success', '.remove_source_branch'
+    $(document).off 'ajax:error', '.remove_source_branch'
+
+  initEventListeners: ->
+    $(document).on 'click', '.remove_source_branch', @removeSourceBranch
+    $(document).on 'ajax:success', '.remove_source_branch', @removeBranchSuccess
+    $(document).on 'ajax:error', '.remove_source_branch', @removeBranchError
+
+  removeSourceBranch: =>
+    @$removeBranchWidget.hide()
+    @$removeBranchProgress.show()
+
+  removeBranchSuccess: ->
+    location.reload()
+
+  removeBranchError: ->
+    @$removeBranchWidget.hide()
+    @$removeBranchProgress.hide()
+    @$removeBranchFailed.show()

app/assets/javascripts/milestone_select.js.coffee

@@ -116,7 +116,7 @@ class @MilestoneSelect
               .val()
             data = {}
             data[abilityName] = {}
-            data[abilityName].milestone_id = selected
+            data[abilityName].milestone_id = if selected? then selected else null
             $loading
               .fadeIn()
             $dropdown.trigger('loading.gl.dropdown')

app/assets/javascripts/notes.js.coffee

@@ -115,12 +115,14 @@ class @Notes
     , @pollingInterval
 
   refresh: =>
-    return if @refreshing is true
-    @refreshing = true
     if not document.hidden and document.URL.indexOf(@noteable_url) is 0
       @getContent()
 
   getContent: ->
+    return if @refreshing
+
+    @refreshing = true
+
     $.ajax
       url: @notes_url
       data: "last_fetched_at=" + @last_fetched_at

app/assets/javascripts/right_sidebar.js.coffee

@@ -43,6 +43,55 @@ class @Sidebar
             $('.right-sidebar')
               .hasClass('right-sidebar-collapsed'), { path: '/' })
 
+    $(document)
+      .off 'click', '.js-issuable-todo'
+      .on 'click', '.js-issuable-todo', @toggleTodo
+
+  toggleTodo: (e) =>
+    $this = $(e.currentTarget)
+    $todoLoading = $('.js-issuable-todo-loading')
+    $btnText = $('.js-issuable-todo-text', $this)
+    ajaxType = if $this.attr('data-id') then 'PATCH' else 'POST'
+    ajaxUrlExtra = if $this.attr('data-id') then "/#{$this.attr('data-id')}" else ''
+
+    $.ajax(
+      url: "#{$this.data('url')}#{ajaxUrlExtra}"
+      type: ajaxType
+      dataType: 'json'
+      data:
+        issuable_id: $this.data('issuable')
+        issuable_type: $this.data('issuable-type')
+      beforeSend: =>
+        @beforeTodoSend($this, $todoLoading)
+    ).done (data) =>
+      @todoUpdateDone(data, $this, $btnText, $todoLoading)
+
+  beforeTodoSend: ($btn, $todoLoading) ->
+    $btn.disable()
+    $todoLoading.removeClass 'hidden'
+
+  todoUpdateDone: (data, $btn, $btnText, $todoLoading) ->
+    $todoPendingCount = $('.todos-pending-count')
+    $todoPendingCount.text data.count
+
+    $btn.enable()
+    $todoLoading.addClass 'hidden'
+
+    if data.count is 0
+      $todoPendingCount.addClass 'hidden'
+    else
+      $todoPendingCount.removeClass 'hidden'
+
+    if data.todo?
+      $btn
+        .attr 'aria-label', $btn.data('mark-text')
+        .attr 'data-id', data.todo.id
+      $btnText.text $btn.data('mark-text')
+    else
+      $btn
+        .attr 'aria-label', $btn.data('todo-text')
+        .removeAttr 'data-id'
+      $btnText.text $btn.data('todo-text')
 
   sidebarDropdownLoading: (e) ->
     $sidebarCollapsedIcon = $(@).closest('.block').find('.sidebar-collapsed-icon')
@@ -117,5 +166,3 @@ class @Sidebar
 
   getBlock: (name) ->
     @sidebar.find(".block.#{name}")
-
-

app/assets/javascripts/star.js.coffee

@@ -9,9 +9,11 @@ class @Star
         $this.parent().find('.star-count').text data.star_count
         if isStarred
           $starSpan.removeClass('starred').text 'Star'
+          gl.utils.updateTooltipTitle $this, 'Star project'
           $starIcon.removeClass('fa-star').addClass 'fa-star-o'
         else
           $starSpan.addClass('starred').text 'Unstar'
+          gl.utils.updateTooltipTitle $this, 'Unstar project'
           $starIcon.removeClass('fa-star-o').addClass 'fa-star'
         return
 

app/assets/javascripts/users_select.js.coffee

@@ -31,7 +31,7 @@ class @UsersSelect
       assignTo = (selected) ->
         data = {}
         data[abilityName] = {}
-        data[abilityName].assignee_id = selected
+        data[abilityName].assignee_id = if selected? then selected else null
         $loading
           .fadeIn()
         $dropdown.trigger('loading.gl.dropdown')

app/assets/stylesheets/framework/nav.scss

@@ -74,6 +74,7 @@
 
     .container-fluid {
       background-color: $background-color;
+      margin-bottom: 0;
     }
 
     li {
@@ -280,11 +281,10 @@
     }
 
     .dropdown {
-      margin-left: 7px;
-
-      @media (max-width: $screen-xs-min) {
-        margin-left: 0;
-      }
+      position: absolute;
+      top: 7px;
+      right: 15px;
+      z-index: 2;
 
       li.active {
         font-weight: bold;

app/assets/stylesheets/framework/sidebar.scss

@@ -83,6 +83,12 @@
       margin-top: 10px;
     }
 
+    .icon-container {
+      width: 34px;
+      display: inline-block;
+      text-align: center;
+    }
+
     a {
       width: $sidebar_width;
       padding: 7px 15px 7px 23px;

app/assets/stylesheets/pages/environments.scss

+.environments {
+  .commit-title {
+    margin: 0;
+  }
+}

app/assets/stylesheets/pages/groups.scss

@@ -39,3 +39,20 @@
     }
   }
 }
+
+.groups-cover-block {
+
+  .container-fluid {
+    position: relative;
+  }
+
+  .access-request-button {
+    @include btn-gray;
+    position: absolute;
+    right: 16px;
+    bottom: 32px;
+    padding: 3px 10px;
+    text-transform: none;
+    background-color: $background-color;
+  }
+}

app/assets/stylesheets/pages/issuable.scss

@@ -34,6 +34,10 @@
     color: inherit;
   }
 
+  .issuable-header-text {
+    margin-top: 7px;
+  }
+
   .block {
     @include clearfix;
     padding: $gl-padding 0;
@@ -60,10 +64,6 @@
       margin-top: 0;
     }
 
-    .issuable-count {
-      margin-top: 7px;
-    }
-
     .gutter-toggle {
       margin-left: 20px;
       padding-left: 10px;
@@ -250,7 +250,7 @@
     }
   }
 
-  .issuable-pager {
+  .issuable-header-btn {
     background: $gray-normal;
     border: 1px solid $border-gray-normal;
     &:hover {
@@ -263,7 +263,7 @@
     }
   }
 
-  a:not(.issuable-pager) {
+  a {
     &:hover {
       color: $md-link-color;
       text-decoration: none;

app/assets/stylesheets/pages/merge_requests.scss

@@ -313,3 +313,13 @@
     }
   }
 }
+
+.merged-buttons {
+  .btn {
+    float: left;
+
+    &:not(:last-child) {
+      margin-right: 10px;
+    }
+  }
+}

app/assets/stylesheets/pages/projects.scss

@@ -229,13 +229,20 @@
     right: 16px;
     bottom: 0;
 
-    .btn {
-      padding: 3px 10px;
-      background-color: $background-color;
+    @media (max-width: $screen-lg-min) {
+      top: 0;
     }
 
-    @media (max-width: 1304px) {
-      top: 0;
+    .access-request-button {
+      position: absolute;
+      right: 0;
+      bottom: 61px;
+
+      @media (max-width: $screen-lg-min) {
+        position: relative;
+        bottom: 0;
+        margin-right: 10px;
+      }
     }
   }
 
@@ -286,10 +293,6 @@
   color: #555;
 }
 
-.project_member_row form {
-  margin: 0;
-}
-
 .transfer-project .select2-container {
   min-width: 200px;
 }

app/controllers/autocomplete_controller.rb

@@ -35,6 +35,7 @@ class AutocompleteController < ApplicationController
     project = Project.find_by_id(params[:project_id])
 
     projects = current_user.authorized_projects
+    projects = projects.search(params[:search]) if params[:search].present?
     projects = projects.select do |project|
       current_user.can?(:admin_issue, project)
     end

app/controllers/concerns/membership_actions.rb

+module MembershipActions
+  extend ActiveSupport::Concern
+  include MembersHelper
+
+  def request_access
+    membershipable.request_access(current_user)
+
+    redirect_to polymorphic_path(membershipable),
+                notice: 'Your request for access has been queued for review.'
+  end
+
+  def approve_access_request
+    @member = membershipable.members.request.find(params[:id])
+
+    return render_403 unless can?(current_user, action_member_permission(:update, @member), @member)
+
+    @member.accept_request
+
+    redirect_to polymorphic_url([membershipable, :members])
+  end
+
+  def leave
+    @member = membershipable.members.find_by(user_id: current_user)
+    return render_403 unless @member
+
+    source_type = @member.real_source_type.humanize(capitalize: false)
+
+    if can?(current_user, action_member_permission(:destroy, @member), @member)
+      notice =
+        if @member.request?
+          "Your access request to the #{source_type} has been withdrawn."
+        else
+          "You left the \"#{@member.source.human_name}\" #{source_type}."
+        end
+      @member.destroy
+
+      redirect_to [:dashboard, @member.real_source_type.tableize], notice: notice
+    else
+      if cannot_leave?
+        alert = "You can not leave the \"#{@member.source.human_name}\" #{source_type}."
+        alert << " Transfer or delete the #{source_type}."
+        redirect_to polymorphic_url(membershipable), alert: alert
+      else
+        render_403
+      end
+    end
+  end
+
+  protected
+
+  def membershipable
+    raise NotImplementedError
+  end
+
+  def cannot_leave?
+    raise NotImplementedError
+  end
+end

app/controllers/groups/group_members_controller.rb

 class Groups::GroupMembersController < Groups::ApplicationController
+  include MembershipActions
+
   # Authorize
-  before_action :authorize_admin_group_member!, except: [:index, :leave]
+  before_action :authorize_admin_group_member!, except: [:index, :leave, :request_access]
 
   def index
     @project = @group.projects.find(params[:project_id]) if params[:project_id]
     @members = @group.group_members
-    @members = @members.non_invite unless can?(current_user, :admin_group, @group)
+    @members = @members.non_pending unless can?(current_user, :admin_group, @group)
 
     if params[:search].present?
       users = @group.users.search(params[:search]).to_a
@@ -58,25 +60,16 @@ class Groups::GroupMembersController < Groups::ApplicationController
     end
   end
 
-  def leave
-    @group_member = @group.group_members.find_by(user_id: current_user)
-
-    if can?(current_user, :destroy_group_member, @group_member)
-      @group_member.destroy
-
-      redirect_to(dashboard_groups_path, notice: "You left #{group.name} group.")
-    else
-      if @group.last_owner?(current_user)
-        redirect_to(dashboard_groups_path, alert: "You can not leave #{group.name} group because you're the last owner. Transfer or delete the group.")
-      else
-        return render_403
-      end
-    end
-  end
-
   protected
 
   def member_params
     params.require(:group_member).permit(:access_level, :user_id)
   end
+
+  # MembershipActions concern
+  alias_method :membershipable, :group
+
+  def cannot_leave?
+    @group.last_owner?(current_user)
+  end
 end

app/controllers/projects/artifacts_controller.rb

 class Projects::ArtifactsController < Projects::ApplicationController
   layout 'project'
   before_action :authorize_read_build!
+  before_action :authorize_update_build!, only: [:keep]
+  before_action :validate_artifacts!
 
   def download
     unless artifacts_file.file_storage?
       return redirect_to artifacts_file.url
     end
 
-    unless artifacts_file.exists?
-      return render_404
-    end
-
     send_file artifacts_file.path, disposition: 'attachment'
   end
 
   def browse
-    return render_404 unless build.artifacts?
-
     directory = params[:path] ? "#{params[:path]}/" : ''
     @entry = build.artifacts_metadata_entry(directory)
 
@@ -34,8 +30,17 @@ class Projects::ArtifactsController < Projects::ApplicationController
     end
   end
 
+  def keep
+    build.keep_artifacts!
+    redirect_to namespace_project_build_path(project.namespace, project, build)
+  end
+
   private
 
+  def validate_artifacts!
+    render_404 unless build.artifacts?
+  end
+
   def build
     @build ||= project.builds.find_by!(id: params[:build_id])
   end

app/controllers/projects/builds_controller.rb

@@ -51,7 +51,7 @@ class Projects::BuildsController < Projects::ApplicationController
       return render_404
     end
 
-    build = Ci::Build.retry(@build)
+    build = Ci::Build.retry(@build, current_user)
     redirect_to build_path(build)
   end
 

app/controllers/projects/commit_controller.rb

@@ -46,7 +46,7 @@ class Projects::CommitController < Projects::ApplicationController
   def retry_builds
     ci_builds.latest.failed.each do |build|
       if build.retryable?
-        Ci::Build.retry(build)
+        Ci::Build.retry(build, current_user)
       end
     end
 

app/controllers/projects/environments_controller.rb

+class Projects::EnvironmentsController < Projects::ApplicationController
+  layout 'project'
+  before_action :authorize_read_environment!
+  before_action :authorize_create_environment!, only: [:new, :create]
+  before_action :authorize_update_environment!, only: [:destroy]
+  before_action :environment, only: [:show, :destroy]
+
+  def index
+    @environments = project.environments
+  end
+
+  def show
+    @deployments = environment.deployments.order(id: :desc).page(params[:page])
+  end
+
+  def new
+    @environment = project.environments.new
+  end
+
+  def create
+    @environment = project.environments.create(create_params)
+
+    if @environment.persisted?
+      redirect_to namespace_project_environment_path(project.namespace, project, @environment)
+    else
+      render 'new'
+    end
+  end
+
+  def destroy
+    if @environment.destroy
+      flash[:notice] = 'Environment was successfully removed.'
+    else
+      flash[:alert] = 'Failed to remove environment.'
+    end
+
+    redirect_to namespace_project_environments_path(project.namespace, project)
+  end
+
+  private
+
+  def create_params
+    params.require(:environment).permit(:name)
+  end
+
+  def environment
+    @environment ||= project.environments.find(params[:id])
+  end
+end

app/controllers/projects/pipelines_controller.rb

@@ -32,7 +32,7 @@ class Projects::PipelinesController < Projects::ApplicationController
   end
 
   def retry
-    pipeline.retry_failed
+    pipeline.retry_failed(current_user)
 
     redirect_back_or_default default: namespace_project_pipelines_path(project.namespace, project)
   end

app/controllers/projects/project_members_controller.rb

 class Projects::ProjectMembersController < Projects::ApplicationController
+  include MembershipActions
+
   # Authorize
-  before_action :authorize_admin_project_member!, except: [:leave, :index]
+  before_action :authorize_admin_project_member!, except: [:index, :leave, :request_access]
 
   def index
     @project_members = @project.project_members
-    @project_members = @project_members.non_invite unless can?(current_user, :admin_project, @project)
+    @project_members = @project_members.non_pending unless can?(current_user, :admin_project, @project)
 
     if params[:search].present?
       users = @project.users.search(params[:search]).to_a
@@ -14,9 +16,10 @@ class Projects::ProjectMembersController < Projects::ApplicationController
     @project_members = @project_members.order('access_level DESC')
 
     @group = @project.group
+
     if @group
       @group_members = @group.group_members
-      @group_members = @group_members.non_invite unless can?(current_user, :admin_group, @group)
+      @group_members = @group_members.non_pending unless can?(current_user, :admin_group, @group)
 
       if params[:search].present?
         users = @group.users.search(params[:search]).to_a
@@ -73,26 +76,6 @@ class Projects::ProjectMembersController < Projects::ApplicationController
     end
   end
 
-  def leave
-    @project_member = @project.project_members.find_by(user_id: current_user)
-
-    if can?(current_user, :destroy_project_member, @project_member)
-      @project_member.destroy
-
-      respond_to do |format|
-        format.html { redirect_to dashboard_projects_path, notice: "You left the project." }
-        format.js { head :ok }
-      end
-    else
-      if current_user == @project.owner
-        message = 'You can not leave your own project. Transfer or delete the project.'
-        redirect_back_or_default(default: { action: 'index' }, options: { alert: message })
-      else
-        render_403
-      end
-    end
-  end
-
   def apply_import
     source_project = Project.find(params[:source_project_id])
 
@@ -112,4 +95,11 @@ class Projects::ProjectMembersController < Projects::ApplicationController
   def member_params
     params.require(:project_member).permit(:user_id, :access_level)
   end
+
+  # MembershipActions concern
+  alias_method :membershipable, :project
+
+  def cannot_leave?
+    current_user == @project.owner
+  end
 end

app/controllers/projects/todos_controller.rb

+class Projects::TodosController < Projects::ApplicationController
+  def create
+    todos = TodoService.new.mark_todo(issuable, current_user)
+
+    render json: {
+      todo: todos,
+      count: current_user.todos.pending.count,
+    }
+  end
+
+  def update
+    current_user.todos.find_by_id(params[:id]).update(state: :done)
+
+    render json: {
+      count: current_user.todos.pending.count,
+    }
+  end
+
+  private
+
+  def issuable
+    @issuable ||= begin
+      case params[:issuable_type]
+      when "issue"
+        @project.issues.find(params[:issuable_id])
+      when "merge_request"
+        @project.merge_requests.find(params[:issuable_id])
+      end
+    end
+  end
+end

app/controllers/projects/wikis_controller.rb

@@ -16,6 +16,9 @@ class Projects::WikisController < Projects::ApplicationController
     if @page
       render 'show'
     elsif file = @project_wiki.find_file(params[:id], params[:version_id])
+      response.headers['Content-Security-Policy'] = "default-src 'none'"
+      response.headers['X-Content-Security-Policy'] = "default-src 'none'"
+
       if file.on_disk?
         send_file file.on_disk_path, disposition: 'inline'
       else

app/controllers/sessions_controller.rb

@@ -40,7 +40,7 @@ class SessionsController < Devise::SessionsController
   # Handle an "initial setup" state, where there's only one user, it's an admin,
   # and they require a password change.
   def check_initial_setup
-    return unless User.count == 1
+    return unless User.limit(2).count == 1 # Count as much 2 to know if we have exactly one
 
     user = User.admins.last
 

app/finders/notes_finder.rb

@@ -12,7 +12,7 @@ class NotesFinder
       when "commit"
         project.notes.for_commit_id(target_id).non_diff_notes
       when "issue"
-        project.issues.find(target_id).notes.inc_author
+        project.issues.visible_to_user(current_user).find(target_id).notes.inc_author
       when "merge_request"
         project.merge_requests.find(target_id).mr_and_commit_notes.inc_author
       when "snippet", "project_snippet"

app/finders/snippets_finder.rb

@@ -51,7 +51,7 @@ class SnippetsFinder
     snippets = project.snippets.fresh
 
     if current_user
-      if project.team.member?(current_user.id) || current_user.admin?
+      if project.team.member?(current_user) || current_user.admin?
         snippets
       else
         snippets.public_and_internal

app/finders/todos_finder.rb

@@ -36,7 +36,7 @@ class TodosFinder
   private
 
   def action_id?
-    action_id.present? && [Todo::ASSIGNED, Todo::MENTIONED, Todo::BUILD_FAILED].include?(action_id.to_i)
+    action_id.present? && [Todo::ASSIGNED, Todo::MENTIONED, Todo::BUILD_FAILED, Todo::MARKED].include?(action_id.to_i)
   end
 
   def action_id

app/helpers/blob_helper.rb

@@ -116,7 +116,7 @@ module BlobHelper
   end
 
   def blob_text_viewable?(blob)
-    blob && blob.text? && !blob.lfs_pointer?
+    blob && blob.text? && !blob.lfs_pointer? && !blob.only_display_raw?
   end
 
   def blob_size(blob)

app/helpers/commits_helper.rb

@@ -129,7 +129,7 @@ module CommitsHelper
     tooltip = "Revert this #{commit.change_type_title} in a new merge request" if has_tooltip
 
     if can_collaborate_with_project?
-      btn_class = "btn btn-grouped btn-close btn-#{btn_class}" unless btn_class.nil?
+      btn_class = "btn btn-warning btn-#{btn_class}" unless btn_class.nil?
       link_to 'Revert', '#modal-revert-commit', 'data-toggle' => 'modal', 'data-container' => 'body', title: (tooltip if has_tooltip), class: "#{btn_class} #{'has-tooltip' if has_tooltip}"
     elsif can?(current_user, :fork_project, @project)
       continue_params = {
@@ -141,7 +141,7 @@ module CommitsHelper
         namespace_key: current_user.namespace.id,
         continue: continue_params)
 
-      btn_class = "btn btn-grouped btn-close" unless btn_class.nil?
+      btn_class = "btn btn-grouped btn-warning" unless btn_class.nil?
 
       link_to 'Revert', fork_path, class: btn_class, method: :post, 'data-toggle' => 'tooltip', 'data-container' => 'body', title: (tooltip if has_tooltip)
     end
@@ -153,7 +153,7 @@ module CommitsHelper
     tooltip = "Cherry-pick this #{commit.change_type_title} in a new merge request"
 
     if can_collaborate_with_project?
-      btn_class = "btn btn-default btn-grouped btn-#{btn_class}" unless btn_class.nil?
+      btn_class = "btn btn-default btn-#{btn_class}" unless btn_class.nil?
       link_to 'Cherry-pick', '#modal-cherry-pick-commit', 'data-toggle' => 'modal', 'data-container' => 'body', title: (tooltip if has_tooltip), class: "#{btn_class} #{'has-tooltip' if has_tooltip}"
     elsif can?(current_user, :fork_project, @project)
       continue_params = {

app/helpers/gitlab_routing_helper.rb

@@ -13,10 +13,23 @@
 #   merge_request_path(merge_request)
 #
 module GitlabRoutingHelper
+  # Project
   def project_path(project, *args)
     namespace_project_path(project.namespace, project, *args)
   end
 
+  def project_url(project, *args)
+    namespace_project_url(project.namespace, project, *args)
+  end
+
+  def edit_project_path(project, *args)
+    edit_namespace_project_path(project.namespace, project, *args)
+  end
+
+  def edit_project_url(project, *args)
+    edit_namespace_project_url(project.namespace, project, *args)
+  end
+
   def project_files_path(project, *args)
     namespace_project_tree_path(project.namespace, project, @ref || project.repository.root_ref)
   end
@@ -29,6 +42,10 @@ module GitlabRoutingHelper
     namespace_project_pipelines_path(project.namespace, project, *args)
   end
 
+  def project_environments_path(project, *args)
+    namespace_project_environments_path(project.namespace, project, *args)
+  end
+
   def project_builds_path(project, *args)
     namespace_project_builds_path(project.namespace, project, *args)
   end
@@ -41,10 +58,6 @@ module GitlabRoutingHelper
     activity_namespace_project_path(project.namespace, project, *args)
   end
 
-  def edit_project_path(project, *args)
-    edit_namespace_project_path(project.namespace, project, *args)
-  end
-
   def runners_path(project, *args)
     namespace_project_runners_path(project.namespace, project, *args)
   end
@@ -65,14 +78,6 @@ module GitlabRoutingHelper
     namespace_project_milestone_path(entity.project.namespace, entity.project, entity, *args)
   end
 
-  def project_url(project, *args)
-    namespace_project_url(project.namespace, project, *args)
-  end
-
-  def edit_project_url(project, *args)
-    edit_namespace_project_url(project.namespace, project, *args)
-  end
-
   def issue_url(entity, *args)
     namespace_project_issue_url(entity.project.namespace, entity.project, entity, *args)
   end
@@ -92,4 +97,56 @@ module GitlabRoutingHelper
       toggle_subscription_namespace_project_merge_request_path(entity.project.namespace, entity.project, entity)
     end
   end
+
+  ## Members
+  def project_members_url(project, *args)
+    namespace_project_project_members_url(project.namespace, project)
+  end
+
+  def project_member_path(project_member, *args)
+    namespace_project_project_member_path(project_member.source.namespace, project_member.source, project_member)
+  end
+
+  def request_access_project_members_path(project, *args)
+    request_access_namespace_project_project_members_path(project.namespace, project)
+  end
+
+  def leave_project_members_path(project, *args)
+    leave_namespace_project_project_members_path(project.namespace, project)
+  end
+
+  def approve_access_request_project_member_path(project_member, *args)
+    approve_access_request_namespace_project_project_member_path(project_member.source.namespace, project_member.source, project_member)
+  end
+
+  def resend_invite_project_member_path(project_member, *args)
+    resend_invite_namespace_project_project_member_path(project_member.source.namespace, project_member.source, project_member)
+  end
+
+  # Groups
+
+  ## Members
+  def group_members_url(group, *args)
+    group_group_members_url(group, *args)
+  end
+
+  def group_member_path(group_member, *args)
+    group_group_member_path(group_member.source, group_member)
+  end
+
+  def request_access_group_members_path(group, *args)
+    request_access_group_group_members_path(group)
+  end
+
+  def leave_group_members_path(group, *args)
+    leave_group_group_members_path(group)
+  end
+
+  def approve_access_request_group_member_path(group_member, *args)
+    approve_access_request_group_group_member_path(group_member.source, group_member)
+  end
+
+  def resend_invite_group_member_path(group_member, *args)
+    resend_invite_group_group_member_path(group_member.source, group_member)
+  end
 end

app/helpers/groups_helper.rb

 module GroupsHelper
-  def remove_user_from_group_message(group, member)
-    if member.user
-      "Are you sure you want to remove \"#{member.user.name}\" from \"#{group.name}\"?"
-    else
-      "Are you sure you want to revoke the invitation for \"#{member.invite_email}\" to join \"#{group.name}\"?"
-    end
-  end
-
-  def leave_group_message(group)
-    "Are you sure you want to leave \"#{group}\" group?"
-  end
-
-  def should_user_see_group_roles?(user, group)
-    if user
-      user.is_admin? || group.members.exists?(user_id: user.id)
-    else
-      false
-    end
-  end
-
   def can_change_group_visibility_level?(group)
     can?(current_user, :change_visibility_level, group)
   end

app/helpers/issuables_helper.rb

@@ -67,6 +67,12 @@ module IssuablesHelper
     end
   end
 
+  def has_todo(issuable)
+    unless current_user.nil?
+      current_user.todos.find_by(target_id: issuable.id, state: :pending)
+    end
+  end
+
   private
 
   def sidebar_gutter_collapsed?

app/helpers/members_helper.rb

+module MembersHelper
+  # Returns a `<action>_<source>_member` association, e.g.:
+  # - admin_project_member, update_project_member, destroy_project_member
+  # - admin_group_member, update_group_member, destroy_group_member
+  def action_member_permission(action, member)
+    "#{action}_#{member.type.underscore}".to_sym
+  end
+
+  def can_see_member_roles?(source:, user: nil)
+    return false unless user
+
+    user.is_admin? || source.members.exists?(user_id: user.id)
+  end
+
+  def remove_member_message(member, user: nil)
+    user = current_user if defined?(current_user)
+
+    text = 'Are you sure you want to '
+    action =
+      if member.request?
+        if member.user == user
+          'withdraw your access request for'
+        else
+          "deny #{member.user.name}'s request to join"
+        end
+      elsif member.invite?
+        "revoke the invitation for #{member.invite_email} to join"
+      else
+        "remove #{member.user.name} from"
+      end
+
+    text << action << " the #{member.source.human_name} #{member.real_source_type.humanize(capitalize: false)}?"
+  end
+
+  def remove_member_title(member)
+    text = " from #{member.real_source_type.humanize(capitalize: false)}"
+
+    text.prepend(member.request? ? 'Deny access request' : 'Remove user')
+  end
+
+  def leave_confirmation_message(member_source)
+    "Are you sure you want to leave the " \
+    "\"#{member_source.human_name}\" #{member_source.class.to_s.humanize(capitalize: false)}?"
+  end
+end

app/helpers/projects_helper.rb

 module ProjectsHelper
-  def remove_from_project_team_message(project, member)
-    if member.user
-      "You are going to remove #{member.user.name} from #{project.name} project team. Are you sure?"
-    else
-      "You are going to revoke the invitation for #{member.invite_email} to join #{project.name} project team. Are you sure?"
-    end
-  end
-
   def link_to_project(project)
     link_to [project.namespace.becomes(Namespace), project], title: h(project.name) do
       title = content_tag(:span, project.name, class: 'project-name')
@@ -115,14 +107,6 @@ module ProjectsHelper
     end
   end
 
-  def user_max_access_in_project(user_id, project)
-    level = project.team.max_member_access(user_id)
-
-    if level
-      Gitlab::Access.options_with_owner.key(level)
-    end
-  end
-
   def license_short_name(project)
     return 'LICENSE' if project.repository.license_key.nil?
 
@@ -156,6 +140,10 @@ module ProjectsHelper
       nav_tabs << :container_registry
     end
 
+    if can?(current_user, :read_environment, project)
+      nav_tabs << :environments
+    end
+
     if can?(current_user, :admin_project, project)
       nav_tabs << :settings
     end
@@ -286,10 +274,6 @@ module ProjectsHelper
     end
   end
 
-  def leave_project_message(project)
-    "Are you sure you want to leave \"#{project.name}\" project?"
-  end
-
   def new_readme_path
     ref = @repository.root_ref if @repository
     ref ||= 'master'

app/helpers/time_helper.rb

@@ -20,7 +20,6 @@ module TimeHelper
     end
   end
 
-
   def date_from_to(from, to)
     "#{from.to_s(:short)} - #{to.to_s(:short)}"
   end

app/helpers/todos_helper.rb

@@ -12,6 +12,7 @@ module TodosHelper
     when Todo::ASSIGNED then 'assigned you'
     when Todo::MENTIONED then 'mentioned you on'
     when Todo::BUILD_FAILED then 'The build failed for your'
+    when Todo::MARKED then 'marked this as a Todo for'
     end
   end
 

app/mailers/emails/groups.rb

-module Emails
-  module Groups
-    def group_access_granted_email(group_member_id)
-      @group_member = GroupMember.find(group_member_id)
-      @group = @group_member.group
-
-      @target_url = group_url(@group)
-      @current_user = @group_member.user
-
-      mail(to: @group_member.user.notification_email,
-           subject: subject("Access to group was granted"))
-    end
-
-    def group_member_invited_email(group_member_id, token)
-      @group_member = GroupMember.find group_member_id
-      @group = @group_member.group
-      @token = token
-
-      @target_url = group_url(@group)
-      @current_user = @group_member.user
-
-      mail(to: @group_member.invite_email,
-           subject: "Invitation to join group #{@group.name}")
-    end
-
-    def group_invite_accepted_email(group_member_id)
-      @group_member = GroupMember.find group_member_id
-      return if @group_member.created_by.nil?
-
-      @group = @group_member.group
-
-      @target_url = group_url(@group)
-      @current_user = @group_member.created_by
-
-      mail(to: @group_member.created_by.notification_email,
-           subject: subject("Invitation accepted"))
-    end
-
-    def group_invite_declined_email(group_id, invite_email, access_level, created_by_id)
-      return if created_by_id.nil?
-
-      @group = Group.find(group_id)
-      @current_user = @created_by = User.find(created_by_id)
-      @access_level = access_level
-      @invite_email = invite_email
-      
-      @target_url = group_url(@group)
-      mail(to: @created_by.notification_email,
-           subject: subject("Invitation declined"))
-    end
-  end
-end

app/mailers/emails/members.rb

+module Emails
+  module Members
+    extend ActiveSupport::Concern
+    include MembersHelper
+
+    included do
+      helper_method :member_source, :member
+    end
+
+    def member_access_requested_email(member_source_type, member_id)
+      @member_source_type = member_source_type
+      @member_id = member_id
+
+      admins = member_source.members.owners_and_masters.includes(:user).pluck(:notification_email)
+
+      mail(to: admins,
+           subject: subject("Request to join the #{member_source.human_name} #{member_source.model_name.singular}"))
+    end
+
+    def member_access_granted_email(member_source_type, member_id)
+      @member_source_type = member_source_type
+      @member_id = member_id
+
+      mail(to: member.user.notification_email,
+           subject: subject("Access to the #{member_source.human_name} #{member_source.model_name.singular} was granted"))
+    end
+
+    def member_access_denied_email(member_source_type, source_id, user_id)
+      @member_source_type = member_source_type
+      @member_source = member_source_class.find(source_id)
+      requester = User.find(user_id)
+
+      mail(to: requester.notification_email,
+           subject: subject("Access to the #{member_source.human_name} #{member_source.model_name.singular} was denied"))
+    end
+
+    def member_invited_email(member_source_type, member_id, token)
+      @member_source_type = member_source_type
+      @member_id = member_id
+      @token = token
+
+      mail(to: member.invite_email,
+           subject: "Invitation to join the #{member_source.human_name} #{member_source.model_name.singular}")
+    end
+
+    def member_invite_accepted_email(member_source_type, member_id)
+      @member_source_type = member_source_type
+      @member_id = member_id
+      return unless member.created_by
+
+      mail(to: member.created_by.notification_email,
+           subject: subject('Invitation accepted'))
+    end
+
+    def member_invite_declined_email(member_source_type, source_id, invite_email, created_by_id)
+      return unless created_by_id
+
+      @member_source_type = member_source_type
+      @member_source = member_source_class.find(source_id)
+      @invite_email = invite_email
+      inviter = User.find(created_by_id)
+
+      mail(to: inviter.notification_email,
+           subject: subject('Invitation declined'))
+    end
+
+    def member
+      @member ||= Member.find(@member_id)
+    end
+
+    def member_source
+      @member_source ||= member.source
+    end
+
+    private
+
+    def member_source_class
+      @member_source_type.classify.constantize
+    end
+  end
+end

app/mailers/emails/projects.rb

 module Emails
   module Projects
-    def project_access_granted_email(project_member_id)
-      @project_member = ProjectMember.find project_member_id
-      @project = @project_member.project
-
-      @target_url = namespace_project_url(@project.namespace, @project)
-      @current_user = @project_member.user
-
-      mail(to: @project_member.user.notification_email,
-           subject: subject("Access to project was granted"))
-    end
-
-    def project_member_invited_email(project_member_id, token)
-      @project_member = ProjectMember.find project_member_id
-      @project = @project_member.project
-      @token = token
-
-      @target_url = namespace_project_url(@project.namespace, @project)
-      @current_user = @project_member.user
-
-      mail(to: @project_member.invite_email,
-           subject: "Invitation to join project #{@project.name_with_namespace}")
-    end
-
-    def project_invite_accepted_email(project_member_id)
-      @project_member = ProjectMember.find project_member_id
-      return if @project_member.created_by.nil?
-
-      @project = @project_member.project
-
-      @target_url = namespace_project_url(@project.namespace, @project)
-      @current_user = @project_member.created_by
-
-      mail(to: @project_member.created_by.notification_email,
-           subject: subject("Invitation accepted"))
-    end
-
-    def project_invite_declined_email(project_id, invite_email, access_level, created_by_id)
-      return if created_by_id.nil?
-
-      @project = Project.find(project_id)
-      @current_user = @created_by = User.find(created_by_id)
-      @access_level = access_level
-      @invite_email = invite_email
-
-      @target_url = namespace_project_url(@project.namespace, @project)
-
-      mail(to: @created_by.notification_email,
-           subject: subject("Invitation declined"))
-    end
-
     def project_was_moved_email(project_id, user_id, old_path_with_namespace)
       @current_user = @user = User.find user_id
       @project = Project.find project_id

app/mailers/notify.rb

@@ -6,13 +6,15 @@ class Notify < BaseMailer
   include Emails::Notes
   include Emails::Projects
   include Emails::Profile
-  include Emails::Groups
   include Emails::Builds
+  include Emails::Members
 
   add_template_helper MergeRequestsHelper
   add_template_helper DiffHelper
   add_template_helper BlobHelper
   add_template_helper EmailsHelper
+  add_template_helper MembersHelper
+  add_template_helper GitlabRoutingHelper
 
   def test_email(recipient_email, subject, body)
     mail(to: recipient_email,

app/models/ability.rb

@@ -9,7 +9,6 @@ class Ability
       when CommitStatus then commit_status_abilities(user, subject)
       when Project then project_abilities(user, subject)
       when Issue then issue_abilities(user, subject)
-      when ExternalIssue then external_issue_abilities(user, subject)
       when Note then note_abilities(user, subject)
       when ProjectSnippet then project_snippet_abilities(user, subject)
       when PersonalSnippet then personal_snippet_abilities(user, subject)
@@ -19,6 +18,7 @@ class Ability
       when GroupMember then group_member_abilities(user, subject)
       when ProjectMember then project_member_abilities(user, subject)
       when User then user_abilities
+      when ExternalIssue, Deployment, Environment then project_abilities(user, subject.project)
       else []
       end.concat(global_abilities(user))
     end
@@ -187,6 +187,8 @@ class Ability
         project_report_rules
       elsif team.guest?(user)
         project_guest_rules
+      else
+        []
       end
     end
 
@@ -228,6 +230,8 @@ class Ability
         :read_build,
         :read_container_image,
         :read_pipeline,
+        :read_environment,
+        :read_deployment
       ]
     end
 
@@ -246,6 +250,8 @@ class Ability
         :push_code,
         :create_container_image,
         :update_container_image,
+        :create_environment,
+        :create_deployment
       ]
     end
 
@@ -263,6 +269,8 @@ class Ability
       @project_master_rules ||= project_dev_rules + [
         :push_code_to_protected_branches,
         :update_project_snippet,
+        :update_environment,
+        :update_deployment,
         :admin_milestone,
         :admin_project_snippet,
         :admin_project_member,
@@ -273,7 +281,9 @@ class Ability
         :admin_commit_status,
         :admin_build,
         :admin_container_image,
-        :admin_pipeline
+        :admin_pipeline,
+        :admin_environment,
+        :admin_deployment
       ]
     end
 
@@ -317,6 +327,8 @@ class Ability
       unless project.builds_enabled
         rules += named_abilities('build')
         rules += named_abilities('pipeline')
+        rules += named_abilities('environment')
+        rules += named_abilities('deployment')
       end
 
       unless project.container_registry_enabled
@@ -511,10 +523,6 @@ class Ability
       end
     end
 
-    def external_issue_abilities(user, subject)
-      project_abilities(user, subject.project)
-    end
-
     private
 
     def restricted_public_level?
@@ -533,7 +541,7 @@ class Ability
     def filter_confidential_issues_abilities(user, issue, rules)
       return rules if user.admin? || !issue.confidential?
 
-      unless issue.author == user || issue.assignee == user || issue.project.team.member?(user.id)
+      unless issue.author == user || issue.assignee == user || issue.project.team.member?(user, Gitlab::Access::REPORTER)
         rules.delete(:admin_issue)
         rules.delete(:read_issue)
         rules.delete(:update_issue)

app/models/blob.rb

@@ -24,7 +24,7 @@ class Blob < SimpleDelegator
   end
 
   def only_display_raw?
-    size && size > 5.megabytes
+    size && truncated?
   end
 
   def svg?

app/models/ci/build.rb

@@ -11,6 +11,8 @@ module Ci
 
     scope :unstarted, ->() { where(runner_id: nil) }
     scope :ignore_failures, ->() { where(allow_failure: false) }
+    scope :with_artifacts, ->() { where.not(artifacts_file: nil) }
+    scope :with_expired_artifacts, ->() { with_artifacts.where('artifacts_expire_at < ?', Time.now) }
 
     mount_uploader :artifacts_file, ArtifactUploader
     mount_uploader :artifacts_metadata, ArtifactUploader
@@ -38,7 +40,7 @@ module Ci
         new_build.save
       end
 
-      def retry(build)
+      def retry(build, user = nil)
         new_build = Ci::Build.new(status: 'pending')
         new_build.ref = build.ref
         new_build.tag = build.tag
@@ -52,6 +54,7 @@ module Ci
         new_build.stage = build.stage
         new_build.stage_idx = build.stage_idx
         new_build.trigger_request = build.trigger_request
+        new_build.user = user
         new_build.save
         MergeRequests::AddTodoWhenBuildFailsService.new(build.project, nil).close(new_build)
         new_build
@@ -73,6 +76,17 @@ module Ci
         build.update_coverage
         build.execute_hooks
       end
+
+      after_transition any => [:success] do |build|
+        if build.environment.present?
+          service = CreateDeploymentService.new(build.project, build.user,
+                                                environment: build.environment,
+                                                sha: build.sha,
+                                                ref: build.ref,
+                                                tag: build.tag)
+          service.execute(build)
+        end
+      end
     end
 
     def retryable?
@@ -83,10 +97,6 @@ module Ci
       !self.pipeline.statuses.latest.include?(self)
     end
 
-    def retry
-      Ci::Build.retry(self)
-    end
-
     def depends_on_builds
       # Get builds of the same type
       latest_builds = self.pipeline.builds.latest
@@ -317,7 +327,7 @@ module Ci
     end
 
     def artifacts?
-      artifacts_file.exists?
+      !artifacts_expired? && artifacts_file.exists?
     end
 
     def artifacts_metadata?
@@ -328,11 +338,15 @@ module Ci
       Gitlab::Ci::Build::Artifacts::Metadata.new(artifacts_metadata.path, path, **options).to_entry
     end
 
+    def erase_artifacts!
+      remove_artifacts_file!
+      remove_artifacts_metadata!
+    end
+
     def erase(opts = {})
       return false unless erasable?
 
-      remove_artifacts_file!
-      remove_artifacts_metadata!
+      erase_artifacts!
       erase_trace!
       update_erased!(opts[:erased_by])
     end
@@ -345,6 +359,25 @@ module Ci
       !self.erased_at.nil?
     end
 
+    def artifacts_expired?
+      artifacts_expire_at && artifacts_expire_at < Time.now
+    end
+
+    def artifacts_expire_in
+      artifacts_expire_at - Time.now if artifacts_expire_at
+    end
+
+    def artifacts_expire_in=(value)
+      self.artifacts_expire_at =
+        if value
+          Time.now + ChronicDuration.parse(value)
+        end
+    end
+
+    def keep_artifacts!
+      self.update(artifacts_expire_at: nil)
+    end
+
     private
 
     def erase_trace!
@@ -352,7 +385,7 @@ module Ci
     end
 
     def update_erased!(user = nil)
-      self.update(erased_by: user, erased_at: Time.now)
+      self.update(erased_by: user, erased_at: Time.now, artifacts_expire_at: nil)
     end
 
     def yaml_variables

app/models/ci/pipeline.rb

@@ -76,8 +76,10 @@ module Ci
       builds.running_or_pending.each(&:cancel)
     end
 
-    def retry_failed
-      builds.latest.failed.select(&:retryable?).each(&:retry)
+    def retry_failed(user)
+      builds.latest.failed.select(&:retryable?).each do |build|
+        Ci::Build.retry(build, user)
+      end
     end
 
     def latest?
@@ -161,6 +163,10 @@ module Ci
       git_commit_message =~ /(\[ci skip\])/ if git_commit_message
     end
 
+    def environments
+      builds.where.not(environment: nil).success.pluck(:environment).uniq
+    end
+
     private
 
     def update_state

app/models/concerns/access_requestable.rb

+# == AccessRequestable concern
+#
+# Contains functionality related to objects that can receive request for access.
+#
+# Used by Project, and Group.
+#
+module AccessRequestable
+  extend ActiveSupport::Concern
+
+  def request_access(user)
+    members.create(
+      access_level: Gitlab::Access::DEVELOPER,
+      user: user,
+      requested_at: Time.now.utc)
+  end
+end

app/models/concerns/awardable.rb

@@ -5,7 +5,7 @@ module Awardable
     has_many :award_emoji, as: :awardable, dependent: :destroy
 
     if self < Participable
-      participant :award_emoji
+      participant :award_emoji_with_associations
     end
   end
 
@@ -34,8 +34,12 @@ module Awardable
     end
   end
 
+  def award_emoji_with_associations
+    award_emoji.includes(:user)
+  end
+
   def grouped_awards(with_thumbs: true)
-    awards = award_emoji.group_by(&:name)
+    awards = award_emoji_with_associations.group_by(&:name)
 
     if with_thumbs
       awards[AwardEmoji::UPVOTE_NAME]   ||= []

app/models/deployment.rb

+class Deployment < ActiveRecord::Base
+  include InternalId
+
+  belongs_to :project, required: true, validate: true
+  belongs_to :environment, required: true, validate: true
+  belongs_to :user
+  belongs_to :deployable, polymorphic: true
+
+  validates :sha, presence: true
+  validates :ref, presence: true
+
+  delegate :name, to: :environment, prefix: true
+
+  def commit
+    project.commit(sha)
+  end
+
+  def commit_title
+    commit.try(:title)
+  end
+
+  def short_sha
+    Commit.truncate_sha(sha)
+  end
+
+  def last?
+    self == environment.last_deployment
+  end
+end

app/models/environment.rb

+class Environment < ActiveRecord::Base
+  belongs_to :project, required: true, validate: true
+
+  has_many :deployments
+
+  validates :name,
+            presence: true,
+            uniqueness: { scope: :project_id },
+            length: { within: 0..255 },
+            format: { with: Gitlab::Regex.environment_name_regex,
+                      message: Gitlab::Regex.environment_name_regex_message }
+
+  def last_deployment
+    deployments.last
+  end
+end

app/models/group.rb

@@ -3,11 +3,12 @@ require 'carrierwave/orm/activerecord'
 class Group < Namespace
   include Gitlab::ConfigHelper
   include Gitlab::VisibilityLevel
+  include AccessRequestable
   include Referable
 
   has_many :group_members, dependent: :destroy, as: :source, class_name: 'GroupMember'
   alias_method :members, :group_members
-  has_many :users, through: :group_members
+  has_many :users, -> { where(members: { requested_at: nil }) }, through: :group_members
   has_many :project_group_links, dependent: :destroy
   has_many :shared_projects, through: :project_group_links, source: :project
   has_many :notification_settings, dependent: :destroy, as: :source
@@ -58,6 +59,10 @@ class Group < Namespace
     "#{self.class.reference_prefix}#{name}"
   end
 
+  def web_url
+    Gitlab::Routing.url_helpers.group_url(self)
+  end
+
   def human_name
     name
   end

app/models/issue.rb

@@ -51,10 +51,18 @@ class Issue < ActiveRecord::Base
   end
 
   def self.visible_to_user(user)
-    return where(confidential: false) if user.blank?
+    return where('issues.confidential IS NULL OR issues.confidential IS FALSE') if user.blank?
     return all if user.admin?
 
-    where('issues.confidential = false OR (issues.confidential = true AND (issues.author_id = :user_id OR issues.assignee_id = :user_id OR issues.project_id IN(:project_ids)))', user_id: user.id, project_ids: user.authorized_projects.select(:id))
+    where('
+      issues.confidential IS NULL
+      OR issues.confidential IS FALSE
+      OR (issues.confidential = TRUE
+        AND (issues.author_id = :user_id
+          OR issues.assignee_id = :user_id
+          OR issues.project_id IN(:project_ids)))',
+      user_id: user.id,
+      project_ids: user.authorized_projects(Gitlab::Access::REPORTER).select(:id))
   end
 
   def self.reference_prefix

app/models/member.rb

@@ -26,20 +26,28 @@ class Member < ActiveRecord::Base
       allow_nil: true
     }
 
-  scope :invite, -> { where(user_id: nil) }
-  scope :non_invite, -> { where("user_id IS NOT NULL") }
+  scope :invite, -> { where.not(invite_token: nil) }
+  scope :non_invite, -> { where(invite_token: nil) }
+  scope :request, -> { where.not(requested_at: nil) }
+  scope :non_request, -> { where(requested_at: nil) }
+  scope :non_pending, -> { non_request.non_invite }
+
   scope :guests, -> { where(access_level: GUEST) }
   scope :reporters, -> { where(access_level: REPORTER) }
   scope :developers, -> { where(access_level: DEVELOPER) }
   scope :masters,  -> { where(access_level: MASTER) }
   scope :owners,  -> { where(access_level: OWNER) }
+  scope :owners_and_masters,  -> { where(access_level: [OWNER, MASTER]) }
 
   before_validation :generate_invite_token, on: :create, if: -> (member) { member.invite_email.present? }
+
   after_create :send_invite, if: :invite?
-  after_create :create_notification_setting, unless: :invite?
-  after_create :post_create_hook, unless: :invite?
-  after_update :post_update_hook, unless: :invite?
-  after_destroy :post_destroy_hook, unless: :invite?
+  after_create :send_request, if: :request?
+  after_create :create_notification_setting, unless: :pending?
+  after_create :post_create_hook, unless: :pending?
+  after_update :post_update_hook, unless: :pending?
+  after_destroy :post_destroy_hook, unless: :pending?
+  after_destroy :post_decline_request, if: :request?
 
   delegate :name, :username, :email, to: :user, prefix: true
 
@@ -96,10 +104,31 @@ class Member < ActiveRecord::Base
     end
   end
 
+  def real_source_type
+    source_type
+  end
+
   def invite?
     self.invite_token.present?
   end
 
+  def request?
+    requested_at.present?
+  end
+
+  def pending?
+    invite? || request?
+  end
+
+  def accept_request
+    return false unless request?
+
+    updated = self.update(requested_at: nil)
+    after_accept_request if updated
+
+    updated
+  end
+
   def accept_invite!(new_user)
     return false unless invite?
 
@@ -157,6 +186,10 @@ class Member < ActiveRecord::Base
     # override in subclass
   end
 
+  def send_request
+    # override in subclass
+  end
+
   def post_create_hook
     system_hook_service.execute_hooks_for(self, :create)
   end
@@ -177,6 +210,14 @@ class Member < ActiveRecord::Base
     # override in subclass
   end
 
+  def after_accept_request
+    post_create_hook
+  end
+
+  def post_decline_request
+    # override in subclass
+  end
+
   def system_hook_service
     SystemHooksService.new
   end

app/models/members/group_member.rb

@@ -8,9 +8,6 @@ class GroupMember < Member
   validates_format_of :source_type, with: /\ANamespace\z/
   default_scope { where(source_type: SOURCE_TYPE) }
 
-  scope :with_group, ->(group) { where(source_id: group.id) }
-  scope :with_user, ->(user) { where(user_id: user.id) }
-
   def self.access_level_roles
     Gitlab::Access.options_with_owner
   end
@@ -23,6 +20,11 @@ class GroupMember < Member
     access_level
   end
 
+  # Because source_type is `Namespace`...
+  def real_source_type
+    'Group'
+  end
+
   private
 
   def send_invite
@@ -31,6 +33,12 @@ class GroupMember < Member
     super
   end
 
+  def send_request
+    notification_service.new_group_access_request(self)
+
+    super
+  end
+
   def post_create_hook
     notification_service.new_group_member(self)
 
@@ -56,4 +64,10 @@ class GroupMember < Member
 
     super
   end
+
+  def post_decline_request
+    notification_service.decline_group_access_request(self)
+
+    super
+  end
 end

app/models/members/project_member.rb

@@ -11,8 +11,6 @@ class ProjectMember < Member
   default_scope { where(source_type: SOURCE_TYPE) }
 
   scope :in_project, ->(project) { where(source_id: project.id) }
-  scope :in_projects, ->(projects) { where(source_id: projects.pluck(:id)) }
-  scope :with_user, ->(user) { where(user_id: user.id) }
 
   before_destroy :delete_member_todos
 
@@ -84,7 +82,7 @@ class ProjectMember < Member
       Gitlab::Access.sym_options
     end
 
-    def access_roles
+    def access_level_roles
       Gitlab::Access.options
     end
   end
@@ -113,6 +111,12 @@ class ProjectMember < Member
     super
   end
 
+  def send_request
+    notification_service.new_project_access_request(self)
+
+    super
+  end
+
   def post_create_hook
     unless owner?
       event_service.join_project(self.project, self.user)
@@ -148,6 +152,12 @@ class ProjectMember < Member
     super
   end
 
+  def post_decline_request
+    notification_service.decline_project_access_request(self)
+
+    super
+  end
+
   def event_service
     EventCreateService.new
   end

app/models/note.rb

@@ -88,22 +88,9 @@ class Note < ActiveRecord::Base
       table   = arel_table
       pattern = "%#{query}%"
 
-      found_notes = joins('LEFT JOIN issues ON issues.id = noteable_id').
-        where(table[:note].matches(pattern))
-
-      if as_user
-        found_notes.where('
-          issues.confidential IS NULL
-          OR issues.confidential IS FALSE
-          OR (issues.confidential IS TRUE
-            AND (issues.author_id = :user_id
-            OR issues.assignee_id = :user_id
-            OR issues.project_id IN(:project_ids)))',
-          user_id: as_user.id,
-          project_ids: as_user.authorized_projects.select(:id))
-      else
-        found_notes.where('issues.confidential IS NULL OR issues.confidential IS FALSE')
-      end
+      Note.joins('LEFT JOIN issues ON issues.id = noteable_id').
+        where(table[:note].matches(pattern)).
+        merge(Issue.visible_to_user(as_user))
     end
   end
 
@@ -200,6 +187,10 @@ class Note < ActiveRecord::Base
     award_emoji_supported? && contains_emoji_only?
   end
 
+  def emoji_awardable?
+    !system?
+  end
+
   def clear_blank_line_code!
     self.line_code = nil if self.line_code.blank?
   end

app/models/project.rb

@@ -5,6 +5,7 @@ class Project < ActiveRecord::Base
   include Gitlab::ShellAdapter
   include Gitlab::VisibilityLevel
   include Gitlab::CurrentSettings
+  include AccessRequestable
   include Referable
   include Sortable
   include AfterCommitQueue
@@ -102,8 +103,9 @@ class Project < ActiveRecord::Base
   has_many :snippets,           dependent: :destroy, class_name: 'ProjectSnippet'
   has_many :hooks,              dependent: :destroy, class_name: 'ProjectHook'
   has_many :protected_branches, dependent: :destroy
-  has_many :project_members, dependent: :destroy, as: :source, class_name: 'ProjectMember'
-  has_many :users, through: :project_members
+  has_many :project_members,    dependent: :destroy, as: :source, class_name: 'ProjectMember'
+  alias_method :members, :project_members
+  has_many :users, -> { where(members: { requested_at: nil }) }, through: :project_members
   has_many :deploy_keys_projects, dependent: :destroy
   has_many :deploy_keys, through: :deploy_keys_projects
   has_many :users_star_projects, dependent: :destroy
@@ -125,6 +127,8 @@ class Project < ActiveRecord::Base
   has_many :runners, through: :runner_projects, source: :runner, class_name: 'Ci::Runner'
   has_many :variables, dependent: :destroy, class_name: 'Ci::Variable', foreign_key: :gl_project_id
   has_many :triggers, dependent: :destroy, class_name: 'Ci::Trigger', foreign_key: :gl_project_id
+  has_many :environments, dependent: :destroy
+  has_many :deployments, dependent: :destroy
 
   accepts_nested_attributes_for :variables, allow_destroy: true
 
@@ -680,16 +684,6 @@ class Project < ActiveRecord::Base
     end
   end
 
-  def project_member_by_name_or_email(name = nil, email = nil)
-    user = users.find_by('name like ? or email like ?', name, email)
-    project_members.where(user: user) if user
-  end
-
-  # Get Team Member record by user id
-  def project_member_by_id(user_id)
-    project_members.find_by(user_id: user_id)
-  end
-
   def name_with_namespace
     @name_with_namespace ||= begin
                                if namespace
@@ -699,6 +693,7 @@ class Project < ActiveRecord::Base
                                end
                              end
   end
+  alias_method :human_name, :name_with_namespace
 
   def path_with_namespace
     if namespace

app/models/project_services/bamboo_service.rb

 class BambooService < CiService
-  include HTTParty
-
   prop_accessor :bamboo_url, :build_key, :username, :password
 
   validates :bamboo_url, presence: true, url: true, if: :activated?
@@ -61,18 +59,7 @@ class BambooService < CiService
   end
 
   def build_info(sha)
-    url = URI.join(bamboo_url, "/rest/api/latest/result?label=#{sha}").to_s
-
-    if username.blank? && password.blank?
-      @response = HTTParty.get(url, verify: false)
-    else
-      url << '&os_authType=basic'
-      auth = {
-        username: username,
-        password: password
-      }
-      @response = HTTParty.get(url, verify: false, basic_auth: auth)
-    end
+    @response = get_path("rest/api/latest/result?label=#{sha}")
   end
 
   def build_page(sha, ref)
@@ -80,11 +67,11 @@ class BambooService < CiService
 
     if @response.code != 200 || @response['results']['results']['size'] == '0'
       # If actual build link can't be determined, send user to build summary page.
-      URI.join(bamboo_url, "/browse/#{build_key}").to_s
+      URI.join("#{bamboo_url}/", "browse/#{build_key}").to_s
     else
       # If actual build link is available, go to build result page.
       result_key = @response['results']['results']['result']['planResultKey']['key']
-      URI.join(bamboo_url, "/browse/#{result_key}").to_s
+      URI.join("#{bamboo_url}/", "browse/#{result_key}").to_s
     end
   end
 
@@ -112,8 +99,27 @@ class BambooService < CiService
   def execute(data)
     return unless supported_events.include?(data[:object_kind])
 
-    # Bamboo requires a GET and does not take any data.
-    url = URI.join(bamboo_url, "/updateAndBuild.action?buildKey=#{build_key}").to_s
-    self.class.get(url, verify: false)
+    get_path("updateAndBuild.action?buildKey=#{build_key}")
+  end
+
+  private
+
+  def build_url(path)
+    URI.join("#{bamboo_url}/", path).to_s
+  end
+
+  def get_path(path)
+    url = build_url(path)
+
+    if username.blank? && password.blank?
+      HTTParty.get(url, verify: false)
+    else
+      url << '&os_authType=basic'
+      HTTParty.get(url, verify: false,
+                        basic_auth: {
+                          username: username,
+                          password: password
+                        })
+    end
   end
 end

app/models/project_services/teamcity_service.rb

 class TeamcityService < CiService
-  include HTTParty
-
   prop_accessor :teamcity_url, :build_type, :username, :password
 
   validates :teamcity_url, presence: true, url: true, if: :activated?
@@ -64,15 +62,7 @@ class TeamcityService < CiService
   end
 
   def build_info(sha)
-    url = URI.join(
-      teamcity_url,
-      "/httpAuth/app/rest/builds/branch:unspecified:any,number:#{sha}"
-    ).to_s
-    auth = {
-      username: username,
-      password: password
-    }
-    @response = HTTParty.get(url, verify: false, basic_auth: auth)
+    @response = get_path("httpAuth/app/rest/builds/branch:unspecified:any,number:#{sha}")
   end
 
   def build_page(sha, ref)
@@ -81,14 +71,11 @@ class TeamcityService < CiService
     if @response.code != 200
       # If actual build link can't be determined,
       # send user to build summary page.
-      URI.join(teamcity_url, "/viewLog.html?buildTypeId=#{build_type}").to_s
+      build_url("viewLog.html?buildTypeId=#{build_type}")
     else
       # If actual build link is available, go to build result page.
       built_id = @response['build']['id']
-      URI.join(
-        teamcity_url,
-        "/viewLog.html?buildId=#{built_id}&buildTypeId=#{build_type}"
-      ).to_s
+      build_url("viewLog.html?buildId=#{built_id}&buildTypeId=#{build_type}")
     end
   end
 
@@ -123,8 +110,8 @@ class TeamcityService < CiService
 
     branch = Gitlab::Git.ref_name(data[:ref])
 
-    self.class.post(
-      URI.join(teamcity_url, '/httpAuth/app/rest/buildQueue').to_s,
+    HTTParty.post(
+      build_url('httpAuth/app/rest/buildQueue'),
       body: "<build branchName=\"#{branch}\">"\
             "<buildType id=\"#{build_type}\"/>"\
             '</build>',
@@ -132,4 +119,18 @@ class TeamcityService < CiService
       basic_auth: auth
     )
   end
+
+  private
+
+  def build_url(path)
+    URI.join("#{teamcity_url}/", path).to_s
+  end
+
+  def get_path(path)
+    HTTParty.get(build_url(path), verify: false,
+                                  basic_auth: {
+                                    username: username,
+                                    password: password
+                                  })
+  end
 end

app/models/project_team.rb

@@ -21,23 +21,13 @@ class ProjectTeam
     end
   end
 
-  def find(user_id)
-    user = project.users.find_by(id: user_id)
-
-    if group
-      user ||= group.users.find_by(id: user_id)
-    end
-
-    user
-  end
-
   def find_member(user_id)
-    member = project.project_members.find_by(user_id: user_id)
+    member = project.members.non_request.find_by(user_id: user_id)
 
     # If user is not in project members
     # we should check for group membership
     if group && !member
-      member = group.group_members.find_by(user_id: user_id)
+      member = group.members.non_request.find_by(user_id: user_id)
     end
 
     member
@@ -61,13 +51,10 @@ class ProjectTeam
     ProjectMember.truncate_team(project)
   end
 
-  def users
-    members
-  end
-
   def members
     @members ||= fetch_members
   end
+  alias_method :users, :members
 
   def guests
     @guests ||= fetch_members(:guests)
@@ -131,8 +118,14 @@ class ProjectTeam
     max_member_access(user.id) == Gitlab::Access::MASTER
   end
 
-  def member?(user_id)
-    !!find_member(user_id)
+  def member?(user, min_member_access = nil)
+    member = !!find_member(user.id)
+
+    if min_member_access
+      member && max_member_access(user.id) >= min_member_access
+    else
+      member
+    end
   end
 
   def human_max_access(user_id)
@@ -144,7 +137,7 @@ class ProjectTeam
   def max_member_access(user_id)
     access = []
 
-    project.project_members.each do |member|
+    project.members.non_request.each do |member|
       if member.user_id == user_id
         access << member.access_field if member.access_field
         break
@@ -152,7 +145,7 @@ class ProjectTeam
     end
 
     if group
-      group.group_members.each do |member|
+      group.members.non_request.each do |member|
         if member.user_id == user_id
           access << member.access_field if member.access_field
           break
@@ -167,6 +160,7 @@ class ProjectTeam
     access.compact.max
   end
 
+  private
 
   def max_invited_level(user_id)
     project.project_group_links.map do |group_link|
@@ -183,17 +177,15 @@ class ProjectTeam
     end.compact.max
   end
 
-  private
-
   def fetch_members(level = nil)
-    project_members = project.project_members
-    group_members = group ? group.group_members : []
+    project_members = project.members.non_request
+    group_members = group ? group.members.non_request : []
     invited_members = []
 
     if project.invited_groups.any? && project.allowed_to_share_with_group?
       project.project_group_links.each do |group_link|
         invited_group = group_link.group
-        im = invited_group.group_members
+        im = invited_group.members.non_request
 
         if level
           int_level = GroupMember.access_level_roles[level.to_s.singularize.titleize]

app/models/repository.rb

@@ -446,7 +446,7 @@ class Repository
 
   def blob_at(sha, path)
     unless Gitlab::Git.blank_ref?(sha)
-      Gitlab::Git::Blob.find(self, sha, path)
+      Blob.decorate(Gitlab::Git::Blob.find(self, sha, path))
     end
   end
 

app/models/todo.rb

@@ -2,6 +2,7 @@ class Todo < ActiveRecord::Base
   ASSIGNED     = 1
   MENTIONED    = 2
   BUILD_FAILED = 3
+  MARKED       = 4
 
   belongs_to :author, class_name: "User"
   belongs_to :note

app/models/user.rb

@@ -56,8 +56,7 @@ class User < ActiveRecord::Base
 
   # Groups
   has_many :members, dependent: :destroy
-  has_many :project_members, source: 'ProjectMember'
-  has_many :group_members, source: 'GroupMember'
+  has_many :group_members, dependent: :destroy, source: 'GroupMember'
   has_many :groups, through: :group_members
   has_many :owned_groups, -> { where members: { access_level: Gitlab::Access::OWNER } }, through: :group_members, source: :group
   has_many :masters_groups, -> { where members: { access_level: Gitlab::Access::MASTER } }, through: :group_members, source: :group
@@ -65,13 +64,13 @@ class User < ActiveRecord::Base
   # Projects
   has_many :groups_projects,          through: :groups, source: :projects
   has_many :personal_projects,        through: :namespace, source: :projects
+  has_many :project_members,          dependent: :destroy, class_name: 'ProjectMember'
   has_many :projects,                 through: :project_members
   has_many :created_projects,         foreign_key: :creator_id, class_name: 'Project'
   has_many :users_star_projects, dependent: :destroy
   has_many :starred_projects, through: :users_star_projects, source: :project
 
   has_many :snippets,                 dependent: :destroy, foreign_key: :author_id, class_name: "Snippet"
-  has_many :project_members,          dependent: :destroy, class_name: 'ProjectMember'
   has_many :issues,                   dependent: :destroy, foreign_key: :author_id
   has_many :notes,                    dependent: :destroy, foreign_key: :author_id
   has_many :merge_requests,           dependent: :destroy, foreign_key: :author_id
@@ -405,8 +404,8 @@ class User < ActiveRecord::Base
   end
 
   # Returns projects user is authorized to access.
-  def authorized_projects
-    Project.where("projects.id IN (#{projects_union.to_sql})")
+  def authorized_projects(min_access_level = nil)
+    Project.where("projects.id IN (#{projects_union(min_access_level).to_sql})")
   end
 
   def viewable_starred_projects
@@ -824,11 +823,19 @@ class User < ActiveRecord::Base
 
   private
 
-  def projects_union
-    Gitlab::SQL::Union.new([personal_projects.select(:id),
-                            groups_projects.select(:id),
-                            projects.select(:id),
-                            groups.joins(:shared_projects).select(:project_id)])
+  def projects_union(min_access_level = nil)
+    relations = [personal_projects.select(:id),
+                 groups_projects.select(:id),
+                 projects.select(:id),
+                 groups.joins(:shared_projects).select(:project_id)]
+
+
+    if min_access_level
+      scope = { access_level: Gitlab::Access.values.select { |access| access >= min_access_level } }
+      relations = [relations.shift] + relations.map { |relation| relation.where(members: scope) }
+    end
+
+    Gitlab::SQL::Union.new(relations)
   end
 
   def ci_projects_union

app/services/ci/create_builds_service.rb

@@ -29,7 +29,8 @@ module Ci
                              :options,
                              :allow_failure,
                              :stage,
-                             :stage_idx)
+                             :stage_idx,
+                             :environment)
 
           build_attrs.merge!(ref: @pipeline.ref,
                              tag: @pipeline.tag,

app/services/create_deployment_service.rb

+require_relative 'base_service'
+
+class CreateDeploymentService < BaseService
+  def execute(deployable = nil)
+    environment = project.environments.find_or_create_by(
+      name: params[:environment]
+    )
+
+    project.deployments.create(
+      environment: environment,
+      ref: params[:ref],
+      tag: params[:tag],
+      sha: params[:sha],
+      user: current_user,
+      deployable: deployable
+    )
+  end
+end

app/services/git_hooks_service.rb

@@ -3,7 +3,7 @@ class GitHooksService
 
   def execute(user, repo_path, oldrev, newrev, ref)
     @repo_path  = repo_path
-    @user       = Gitlab::ShellEnv.gl_id(user)
+    @user       = Gitlab::GlId.gl_id(user)
     @oldrev     = oldrev
     @newrev     = newrev
     @ref        = ref

app/services/notification_service.rb

@@ -173,16 +173,26 @@ class NotificationService
     end
   end
 
+  # Project access request
+  def new_project_access_request(project_member)
+    mailer.member_access_requested_email(project_member.real_source_type, project_member.id).deliver_later
+  end
+
+  def decline_project_access_request(project_member)
+    mailer.member_access_denied_email(project_member.real_source_type, project_member.project.id, project_member.user.id).deliver_later
+  end
+
   def invite_project_member(project_member, token)
-    mailer.project_member_invited_email(project_member.id, token).deliver_later
+    mailer.member_invited_email(project_member.real_source_type, project_member.id, token).deliver_later
   end
 
   def accept_project_invite(project_member)
-    mailer.project_invite_accepted_email(project_member.id).deliver_later
+    mailer.member_invite_accepted_email(project_member.real_source_type, project_member.id).deliver_later
   end
 
   def decline_project_invite(project_member)
-    mailer.project_invite_declined_email(
+    mailer.member_invite_declined_email(
+      project_member.real_source_type,
       project_member.project.id,
       project_member.invite_email,
       project_member.access_level,
@@ -191,23 +201,33 @@ class NotificationService
   end
 
   def new_project_member(project_member)
-    mailer.project_access_granted_email(project_member.id).deliver_later
+    mailer.member_access_granted_email(project_member.real_source_type, project_member.id).deliver_later
   end
 
   def update_project_member(project_member)
-    mailer.project_access_granted_email(project_member.id).deliver_later
+    mailer.member_access_granted_email(project_member.real_source_type, project_member.id).deliver_later
+  end
+
+  # Group access request
+  def new_group_access_request(group_member)
+    mailer.member_access_requested_email(group_member.real_source_type, group_member.id).deliver_later
+  end
+
+  def decline_group_access_request(group_member)
+    mailer.member_access_denied_email(group_member.real_source_type, group_member.group.id, group_member.user.id).deliver_later
   end
 
   def invite_group_member(group_member, token)
-    mailer.group_member_invited_email(group_member.id, token).deliver_later
+    mailer.member_invited_email(group_member.real_source_type, group_member.id, token).deliver_later
   end
 
   def accept_group_invite(group_member)
-    mailer.group_invite_accepted_email(group_member.id).deliver_later
+    mailer.member_invite_accepted_email(group_member.id).deliver_later
   end
 
   def decline_group_invite(group_member)
-    mailer.group_invite_declined_email(
+    mailer.member_invite_declined_email(
+      group_member.real_source_type,
       group_member.group.id,
       group_member.invite_email,
       group_member.access_level,
@@ -216,11 +236,11 @@ class NotificationService
   end
 
   def new_group_member(group_member)
-    mailer.group_access_granted_email(group_member.id).deliver_later
+    mailer.member_access_granted_email(group_member.real_source_type, group_member.id).deliver_later
   end
 
   def update_group_member(group_member)
-    mailer.group_access_granted_email(group_member.id).deliver_later
+    mailer.member_access_granted_email(group_member.real_source_type, group_member.id).deliver_later
   end
 
   def project_was_moved(project, old_path_with_namespace)

app/services/todo_service.rb

@@ -139,10 +139,16 @@ class TodoService
     pending_todos(user, attributes).update_all(state: :done)
   end
 
+  # When user marks an issue as todo
+  def mark_todo(issuable, current_user)
+    attributes = attributes_for_todo(issuable.project, issuable, current_user, Todo::MARKED)
+    create_todos(current_user, attributes)
+  end
+
   private
 
   def create_todos(users, attributes)
-    Array(users).each do |user|
+    Array(users).map do |user|
       next if pending_todos(user, attributes).exists?
       Todo.create(attributes.merge(user_id: user.id))
     end

app/views/admin/background_jobs/_head.html.haml

+.nav-links.sub-nav
+  %ul{ class: (container_class) }
+    = nav_link(controller: :background_jobs) do
+      = link_to admin_background_jobs_path, title: 'Background Jobs' do
+        %span
+          Background Jobs
+    = nav_link(controller: :logs) do
+      = link_to admin_logs_path, title: 'Logs' do
+        %span
+          Logs
+    = nav_link(controller: :health_check) do
+      = link_to admin_health_check_path, title: 'Health Check' do
+        %span
+          Health Check

app/views/admin/background_jobs/show.html.haml

+- @no_container = true
 - page_title "Background Jobs"
-%h3.page-title Background Jobs
-%p.light GitLab uses #{link_to "sidekiq", "http://sidekiq.org/"} library for async job processing
+= render 'admin/background_jobs/head'
 
-%hr
+%div{ class: (container_class) }
+  %h3.page-title Background Jobs
+  %p.light GitLab uses #{link_to "sidekiq", "http://sidekiq.org/"} library for async job processing
 
-.panel.panel-default
-  .panel-heading Sidekiq running processes
-  .panel-body
-    - if @sidekiq_processes.empty?
-      %h4.cred
-        %i.fa.fa-exclamation-triangle
-        There are no running sidekiq processes. Please restart GitLab
-    - else
-      .table-holder
-        %table.table
-          %thead
-            %th USER
-            %th PID
-            %th CPU
-            %th MEM
-            %th STATE
-            %th START
-            %th COMMAND
-          %tbody
-            - @sidekiq_processes.each do |process|
-              - next unless process.match(/(sidekiq \d+\.\d+\.\d+.+$)/)
-              - data = process.strip.split(' ')
-              %tr
-                %td= gitlab_config.user
-                - 5.times do
-                  %td= data.shift
-                %td= data.join(' ')
+  %hr
 
-      .clearfix
-        %p
-          %i.fa.fa-exclamation-circle
-          If '[25 of 25 busy]' is shown, restart GitLab with 'sudo service gitlab reload'.
-        %p
-          %i.fa.fa-exclamation-circle
-          If more than one sidekiq process is listed, stop GitLab, kill the remaining sidekiq processes (sudo pkill -u #{gitlab_config.user} -f sidekiq) and restart GitLab.
+  .panel.panel-default
+    .panel-heading Sidekiq running processes
+    .panel-body
+      - if @sidekiq_processes.empty?
+        %h4.cred
+          %i.fa.fa-exclamation-triangle
+          There are no running sidekiq processes. Please restart GitLab
+      - else
+        .table-holder
+          %table.table
+            %thead
+              %th USER
+              %th PID
+              %th CPU
+              %th MEM
+              %th STATE
+              %th START
+              %th COMMAND
+            %tbody
+              - @sidekiq_processes.each do |process|
+                - next unless process.match(/(sidekiq \d+\.\d+\.\d+.+$)/)
+                - data = process.strip.split(' ')
+                %tr
+                  %td= gitlab_config.user
+                  - 5.times do
+                    %td= data.shift
+                  %td= data.join(' ')
 
+        .clearfix
+          %p
+            %i.fa.fa-exclamation-circle
+            If '[25 of 25 busy]' is shown, restart GitLab with 'sudo service gitlab reload'.
+          %p
+            %i.fa.fa-exclamation-circle
+            If more than one sidekiq process is listed, stop GitLab, kill the remaining sidekiq processes (sudo pkill -u #{gitlab_config.user} -f sidekiq) and restart GitLab.
 
 
-.panel.panel-default
-  %iframe{src: sidekiq_path, width: '100%', height: 970, style: "border: none"}
+
+  .panel.panel-default
+    %iframe{src: sidekiq_path, width: '100%', height: 970, style: "border: none"}

app/views/admin/builds/index.html.haml

-.top-area
-  %ul.nav-links
-    %li{class: ('active' if @scope.nil?)}
-      = link_to admin_builds_path do
-        All
-        %span.badge.js-totalbuilds-count= @all_builds.count(:id)
-
-    %li{class: ('active' if @scope == 'running')}
-      = link_to admin_builds_path(scope: :running) do
-        Running
-        %span.badge.js-running-count= number_with_delimiter(@all_builds.running_or_pending.count(:id))
-
-    %li{class: ('active' if @scope == 'finished')}
-      = link_to admin_builds_path(scope: :finished) do
-        Finished
-        %span.badge.js-running-count= number_with_delimiter(@all_builds.finished.count(:id))
-
-  .nav-controls
-    - if @all_builds.running_or_pending.any?
-      = link_to 'Cancel all', cancel_all_admin_builds_path, data: { confirm: 'Are you sure?' }, class: 'btn btn-danger', method: :post
-
-.row-content-block.second-block
-  #{(@scope || 'all').capitalize} builds
-
-%ul.content-list
-  - if @builds.blank?
-    %li
-      .nothing-here-block No builds to show
-  - else
-    .table-holder
-      %table.table.builds
-        %thead
-          %tr
-            %th Status
-            %th Build ID
-            %th Project
-            %th Commit
-            %th Ref
-            %th Runner
-            %th Name
-            %th Tags
-            %th Duration
-            %th Finished at
-            %th
-
-        - @builds.each do |build|
-          = render "admin/builds/build", build: build
-
-    = paginate @builds, theme: 'gitlab'
+- @no_container = true
+= render "admin/dashboard/head"
+
+%div{ class: (container_class) }
+
+  .top-area
+    %ul.nav-links
+      %li{class: ('active' if @scope.nil?)}
+        = link_to admin_builds_path do
+          All
+          %span.badge.js-totalbuilds-count= @all_builds.count(:id)
+
+      %li{class: ('active' if @scope == 'running')}
+        = link_to admin_builds_path(scope: :running) do
+          Running
+          %span.badge.js-running-count= number_with_delimiter(@all_builds.running_or_pending.count(:id))
+
+      %li{class: ('active' if @scope == 'finished')}
+        = link_to admin_builds_path(scope: :finished) do
+          Finished
+          %span.badge.js-running-count= number_with_delimiter(@all_builds.finished.count(:id))
+
+    .nav-controls
+      - if @all_builds.running_or_pending.any?
+        = link_to 'Cancel all', cancel_all_admin_builds_path, data: { confirm: 'Are you sure?' }, class: 'btn btn-danger', method: :post
+
+  .row-content-block.second-block
+    #{(@scope || 'all').capitalize} builds
+
+  %ul.content-list
+    - if @builds.blank?
+      %li
+        .nothing-here-block No builds to show
+    - else
+      .table-holder
+        %table.table.builds
+          %thead
+            %tr
+              %th Status
+              %th Build ID
+              %th Project
+              %th Commit
+              %th Ref
+              %th Runner
+              %th Name
+              %th Tags
+              %th Duration
+              %th Finished at
+              %th
+
+          - @builds.each do |build|
+            = render "admin/builds/build", build: build
+
+      = paginate @builds, theme: 'gitlab'

app/views/admin/dashboard/_head.html.haml

+.nav-links.sub-nav
+  %ul{ class: (container_class) }
+    = nav_link(controller: :dashboard, html_options: {class: 'home'}) do
+      = link_to admin_root_path, title: 'Overview' do
+        %span
+          Overview
+    = nav_link(controller: [:admin, :projects]) do
+      = link_to admin_namespaces_projects_path, title: 'Projects' do
+        %span
+          Projects
+    = nav_link(controller: :users) do
+      = link_to admin_users_path, title: 'Users' do
+        %span
+          Users
+    = nav_link(controller: :groups) do
+      = link_to admin_groups_path, title: 'Groups' do
+        %span
+          Groups
+    = nav_link path: 'builds#index' do
+      = link_to admin_builds_path, title: 'Builds' do
+        %span
+          Builds

app/views/admin/dashboard/index.html.haml

-.admin-dashboard.prepend-top-default
-  .row
-    .col-md-4
-      %h4 Statistics
-      %hr
-      %p
-        Forks
-        %span.light.pull-right
-          = number_with_delimiter(ForkedProjectLink.count)
-      %p
-        Issues
-        %span.light.pull-right
-          = number_with_delimiter(Issue.count)
-      %p
-        Merge Requests
-        %span.light.pull-right
-          = number_with_delimiter(MergeRequest.count)
-      %p
-        Notes
-        %span.light.pull-right
-          = number_with_delimiter(Note.count)
-      %p
-        Snippets
-        %span.light.pull-right
-          = number_with_delimiter(Snippet.count)
-      %p
-        SSH Keys
-        %span.light.pull-right
-          = number_with_delimiter(Key.count)
-      %p
-        Milestones
-        %span.light.pull-right
-          = number_with_delimiter(Milestone.count)
-      %p
-        Active Users
-        %span.light.pull-right
-          = number_with_delimiter(User.active.count)
-    .col-md-4
-      %h4
-        Features
-      %hr
-      %p
-        Sign up
-        %span.light.pull-right
-          = boolean_to_icon signup_enabled?
-      %p
-        LDAP
-        %span.light.pull-right
-          = boolean_to_icon Gitlab.config.ldap.enabled
-      %p
-        Gravatar
-        %span.light.pull-right
-          = boolean_to_icon gravatar_enabled?
-      %p
-        OmniAuth
-        %span.light.pull-right
-          = boolean_to_icon Gitlab.config.omniauth.enabled
-      %p
-        Reply by email
-        %span.light.pull-right
-          = boolean_to_icon Gitlab::IncomingEmail.enabled?
-    .col-md-4
-      %h4
-        Components
-        - if current_application_settings.version_check_enabled
-          .pull-right
-            = version_status_badge
+- @no_container = true
+= render "admin/dashboard/head"
 
-      %hr
-      %p
-        GitLab
-        %span.pull-right
-          = Gitlab::VERSION
-      %p
-        GitLab Shell
-        %span.pull-right
-          = Gitlab::Shell.new.version
-      %p
-        GitLab API
-        %span.pull-right
-          = API::API::version
-      %p
-        Git
-        %span.pull-right
-          = Gitlab::Git.version
-      %p
-        Ruby
-        %span.pull-right
-          #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}
-
-      %p
-        Rails
-        %span.pull-right
-          #{Rails::VERSION::STRING}
-
-      %p
-        = Gitlab::Database.adapter_name
-        %span.pull-right
-          = Gitlab::Database.version
-  %hr
-  .row
-    .col-sm-4
-      .light-well
-        %h4 Projects
-        .data
-          = link_to admin_namespaces_projects_path do
-            %h1= number_with_delimiter(Project.count)
-          %hr
-          = link_to('New Project', new_project_path, class: "btn btn-new")
-    .col-sm-4
-      .light-well
-        %h4 Users
-        .data
-          = link_to admin_users_path do
-            %h1= number_with_delimiter(User.count)
-          %hr
-          = link_to 'New User', new_admin_user_path, class: "btn btn-new"
-    .col-sm-4
-      .light-well
-        %h4 Groups
-        .data
-          = link_to admin_groups_path do
-            %h1= number_with_delimiter(Group.count)
-          %hr
-          = link_to 'New Group', new_admin_group_path, class: "btn btn-new"
-
-  .row.prepend-top-10
-    .col-md-4
-      %h4 Latest projects
-      %hr
-      - @projects.each do |project|
+%div{ class: (container_class) }
+  .admin-dashboard.prepend-top-default
+    .row
+      .col-md-4
+        %h4 Statistics
+        %hr
         %p
-          = link_to project.name_with_namespace, [:admin, project.namespace.becomes(Namespace), project], class: 'str-truncated'
+          Forks
           %span.light.pull-right
-            #{time_ago_with_tooltip(project.created_at)}
-
-    .col-md-4
-      %h4 Latest users
-      %hr
-      - @users.each do |user|
+            = number_with_delimiter(ForkedProjectLink.count)
         %p
-          = link_to [:admin, user], class: 'str-truncated' do
-            = user.name
+          Issues
           %span.light.pull-right
-            #{time_ago_with_tooltip(user.created_at)}
-
-    .col-md-4
-      %h4 Latest groups
-      %hr
-      - @groups.each do |group|
+            = number_with_delimiter(Issue.count)
+        %p
+          Merge Requests
+          %span.light.pull-right
+            = number_with_delimiter(MergeRequest.count)
+        %p
+          Notes
+          %span.light.pull-right
+            = number_with_delimiter(Note.count)
+        %p
+          Snippets
+          %span.light.pull-right
+            = number_with_delimiter(Snippet.count)
+        %p
+          SSH Keys
+          %span.light.pull-right
+            = number_with_delimiter(Key.count)
+        %p
+          Milestones
+          %span.light.pull-right
+            = number_with_delimiter(Milestone.count)
+        %p
+          Active Users
+          %span.light.pull-right
+            = number_with_delimiter(User.active.count)
+      .col-md-4
+        %h4
+          Features
+        %hr
+        %p
+          Sign up
+          %span.light.pull-right
+            = boolean_to_icon signup_enabled?
         %p
-          = link_to [:admin, group], class: 'str-truncated' do
-            = group.name
+          LDAP
           %span.light.pull-right
-            #{time_ago_with_tooltip(group.created_at)}
+            = boolean_to_icon Gitlab.config.ldap.enabled
+        %p
+          Gravatar
+          %span.light.pull-right
+            = boolean_to_icon gravatar_enabled?
+        %p
+          OmniAuth
+          %span.light.pull-right
+            = boolean_to_icon Gitlab.config.omniauth.enabled
+        %p
+          Reply by email
+          %span.light.pull-right
+            = boolean_to_icon Gitlab::IncomingEmail.enabled?
+      .col-md-4
+        %h4
+          Components
+          - if current_application_settings.version_check_enabled
+            .pull-right
+              = version_status_badge
+
+        %hr
+        %p
+          GitLab
+          %span.pull-right
+            = Gitlab::VERSION
+        %p
+          GitLab Shell
+          %span.pull-right
+            = Gitlab::Shell.new.version
+        %p
+          GitLab API
+          %span.pull-right
+            = API::API::version
+        %p
+          Git
+          %span.pull-right
+            = Gitlab::Git.version
+        %p
+          Ruby
+          %span.pull-right
+            #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}
+
+        %p
+          Rails
+          %span.pull-right
+            #{Rails::VERSION::STRING}
+
+        %p
+          = Gitlab::Database.adapter_name
+          %span.pull-right
+            = Gitlab::Database.version
+    %hr
+    .row
+      .col-sm-4
+        .light-well
+          %h4 Projects
+          .data
+            = link_to admin_namespaces_projects_path do
+              %h1= number_with_delimiter(Project.count)
+            %hr
+            = link_to('New Project', new_project_path, class: "btn btn-new")
+      .col-sm-4
+        .light-well
+          %h4 Users
+          .data
+            = link_to admin_users_path do
+              %h1= number_with_delimiter(User.count)
+            %hr
+            = link_to 'New User', new_admin_user_path, class: "btn btn-new"
+      .col-sm-4
+        .light-well
+          %h4 Groups
+          .data
+            = link_to admin_groups_path do
+              %h1= number_with_delimiter(Group.count)
+            %hr
+            = link_to 'New Group', new_admin_group_path, class: "btn btn-new"
+
+    .row.prepend-top-10
+      .col-md-4
+        %h4 Latest projects
+        %hr
+        - @projects.each do |project|
+          %p
+            = link_to project.name_with_namespace, [:admin, project.namespace.becomes(Namespace), project], class: 'str-truncated'
+            %span.light.pull-right
+              #{time_ago_with_tooltip(project.created_at)}
+
+      .col-md-4
+        %h4 Latest users
+        %hr
+        - @users.each do |user|
+          %p
+            = link_to [:admin, user], class: 'str-truncated' do
+              = user.name
+            %span.light.pull-right
+              #{time_ago_with_tooltip(user.created_at)}
+
+      .col-md-4
+        %h4 Latest groups
+        %hr
+        - @groups.each do |group|
+          %p
+            = link_to [:admin, group], class: 'str-truncated' do
+              = group.name
+            %span.light.pull-right
+              #{time_ago_with_tooltip(group.created_at)}

app/views/admin/groups/index.html.haml

+- @no_container = true
 - page_title "Groups"
-%h3.page-title
-  Groups (#{number_with_delimiter(@groups.total_count)})
+= render "admin/dashboard/head"
 
-%p.light
-  Group allows you to keep projects organized.
-  Use groups for uniting related projects.
+%div{ class: (container_class) }
+  %h3.page-title
+    Groups (#{number_with_delimiter(@groups.total_count)})
 
-.top-area
-  .nav-search
-    = form_tag admin_groups_path, method: :get, class: 'form-inline' do
-      = hidden_field_tag :sort, @sort
-      = text_field_tag :name, params[:name], class: "form-control"
-      = button_tag "Search", class: "btn submit btn-primary"
+  %p.light
+    Group allows you to keep projects organized.
+    Use groups for uniting related projects.
 
-  .nav-controls
-    .dropdown.inline
-      %a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
-        %span.light
-        - if @sort.present?
-          = sort_options_hash[@sort]
-        - else
-          = sort_title_recently_created
-        %b.caret
-      %ul.dropdown-menu
-        %li
-          = link_to admin_groups_path(sort: sort_value_recently_created) do
+  .top-area
+    .nav-search
+      = form_tag admin_groups_path, method: :get, class: 'form-inline' do
+        = hidden_field_tag :sort, @sort
+        = text_field_tag :name, params[:name], class: "form-control"
+        = button_tag "Search", class: "btn submit btn-primary"
+
+    .nav-controls
+      .dropdown.inline
+        %a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
+          %span.light
+          - if @sort.present?
+            = sort_options_hash[@sort]
+          - else
             = sort_title_recently_created
-          = link_to admin_groups_path(sort: sort_value_oldest_created) do
-            = sort_title_oldest_created
-          = link_to admin_groups_path(sort: sort_value_recently_updated) do
-            = sort_title_recently_updated
-          = link_to admin_groups_path(sort: sort_value_oldest_updated) do
-            = sort_title_oldest_updated
-    = link_to 'New Group', new_admin_group_path, class: "btn btn-new"
+          %b.caret
+        %ul.dropdown-menu
+          %li
+            = link_to admin_groups_path(sort: sort_value_recently_created) do
+              = sort_title_recently_created
+            = link_to admin_groups_path(sort: sort_value_oldest_created) do
+              = sort_title_oldest_created
+            = link_to admin_groups_path(sort: sort_value_recently_updated) do
+              = sort_title_recently_updated
+            = link_to admin_groups_path(sort: sort_value_oldest_updated) do
+              = sort_title_oldest_updated
+      = link_to 'New Group', new_admin_group_path, class: "btn btn-new"
 
-%ul.content-list
-  - @groups.each do |group|
-    = render 'group', group: group
+  %ul.content-list
+    - @groups.each do |group|
+      = render 'group', group: group
 
-= paginate @groups, theme: "gitlab"
+  = paginate @groups, theme: "gitlab"

app/views/admin/groups/show.html.haml

@@ -109,7 +109,7 @@
             %span.pull-right.light
               = member.human_access
               - if can?(current_user, :destroy_group_member, member)
-                = link_to group_group_member_path(@group, member), data: { confirm: remove_user_from_group_message(@group, member) }, method: :delete, remote: true, class: "btn-xs btn btn-remove", title: 'Remove user from group' do
+                = link_to group_group_member_path(@group, member), data: { confirm: remove_member_message(member) }, method: :delete, remote: true, class: "btn-xs btn btn-remove", title: 'Remove user from group' do
                   %i.fa.fa-minus.fa-inverse
       .panel-footer
         = paginate @members, param_name: 'members_page', theme: 'gitlab'

app/views/admin/health_check/show.html.haml

+- @no_container = true
 - page_title "Health Check"
+= render 'admin/background_jobs/head'
 
-%h3.page-title
-  Health Check
-.bs-callout.clearfix
-  .pull-left
-    %p
-  Access token is
-  %code#health-check-token= current_application_settings.health_check_access_token
-  = button_to reset_health_check_token_admin_application_settings_path,
-    method: :put, class: 'btn btn-default',
-    data: { confirm: 'Are you sure you want to reset the health check token?' } do
-    = icon('refresh')
-    Reset health check access token
-%p.light
-  Health information can be retrieved as plain text, JSON, or XML using:
-  %ul
-    %li
-      %code= health_check_url(token: current_application_settings.health_check_access_token)
-    %li
-      %code= health_check_url(token: current_application_settings.health_check_access_token, format: :json)
-    %li
-      %code= health_check_url(token: current_application_settings.health_check_access_token, format: :xml)
+%div{ class: (container_class) }
+  %h3.page-title
+    Health Check
+  .bs-callout.clearfix
+    .pull-left
+      %p
+    Access token is
+    %code#health-check-token= current_application_settings.health_check_access_token
+    = button_to reset_health_check_token_admin_application_settings_path,
+      method: :put, class: 'btn btn-default',
+      data: { confirm: 'Are you sure you want to reset the health check token?' } do
+      = icon('refresh')
+      Reset health check access token
+  %p.light
+    Health information can be retrieved as plain text, JSON, or XML using:
+    %ul
+      %li
+        %code= health_check_url(token: current_application_settings.health_check_access_token)
+      %li
+        %code= health_check_url(token: current_application_settings.health_check_access_token, format: :json)
+      %li
+        %code= health_check_url(token: current_application_settings.health_check_access_token, format: :xml)
 
-%p.light
-  You can also ask for the status of specific services:
-  %ul
-    %li
-      %code= health_check_url(token: current_application_settings.health_check_access_token, checks: :cache)
-    %li
-      %code= health_check_url(token: current_application_settings.health_check_access_token, checks: :database)
-    %li
-      %code= health_check_url(token: current_application_settings.health_check_access_token, checks: :migrations)
+  %p.light
+    You can also ask for the status of specific services:
+    %ul
+      %li
+        %code= health_check_url(token: current_application_settings.health_check_access_token, checks: :cache)
+      %li
+        %code= health_check_url(token: current_application_settings.health_check_access_token, checks: :database)
+      %li
+        %code= health_check_url(token: current_application_settings.health_check_access_token, checks: :migrations)
 
-%hr
-.panel.panel-default
-  .panel-heading
-    Current Status:
-    - if @errors.blank?
-      = icon('circle', class: 'cgreen')
-      Healthy
-    - else
-      = icon('warning', class: 'cred')
-      Unhealthy
-  .panel-body
-    - if @errors.blank?
-      No Health Problems Detected
-    - else
-      = @errors
+  %hr
+  .panel.panel-default
+    .panel-heading
+      Current Status:
+      - if @errors.blank?
+        = icon('circle', class: 'cgreen')
+        Healthy
+      - else
+        = icon('warning', class: 'cred')
+        Unhealthy
+    .panel-body
+      - if @errors.blank?
+        No Health Problems Detected
+      - else
+        = @errors

app/views/admin/logs/show.html.haml

+- @no_container = true
 - page_title "Logs"
 - loggers = [Gitlab::GitLogger, Gitlab::AppLogger,
              Gitlab::ProductionLogger, Gitlab::SidekiqLogger,
              Gitlab::RepositoryCheckLogger]
-%ul.nav-links.log-tabs
-  - loggers.each do |klass|
-    %li{ class: (klass == Gitlab::GitLogger ? 'active' : '') }
-      = link_to klass::file_name, "##{klass::file_name_noext}",
-          'data-toggle' => 'tab'
-.row-content-block
-  To prevent performance issues admin logs output the last 2000 lines
-.tab-content
-  - loggers.each do |klass|
-    .tab-pane{ class: (klass == Gitlab::GitLogger ? 'active' : ''),
-        id: klass::file_name_noext }
-      .file-holder#README
-        .file-title
-          %i.fa.fa-file
-          = klass::file_name
-          .pull-right
-            = link_to '#', class: 'log-bottom' do
-              %i.fa.fa-arrow-down
-              Scroll down
-        .file-content.logs
-          %ol
-            - klass.read_latest.each do |line|
-              %li
-                %p= line
+= render 'admin/background_jobs/head'
+
+%div{ class: (container_class) }
+  %ul.nav-links.log-tabs
+    - loggers.each do |klass|
+      %li{ class: (klass == Gitlab::GitLogger ? 'active' : '') }
+        = link_to klass::file_name, "##{klass::file_name_noext}",
+            'data-toggle' => 'tab'
+  .row-content-block
+    To prevent performance issues admin logs output the last 2000 lines
+  .tab-content
+    - loggers.each do |klass|
+      .tab-pane{ class: (klass == Gitlab::GitLogger ? 'active' : ''),
+          id: klass::file_name_noext }
+        .file-holder#README
+          .file-title
+            %i.fa.fa-file
+            = klass::file_name
+            .pull-right
+              = link_to '#', class: 'log-bottom' do
+                %i.fa.fa-arrow-down
+                Scroll down
+          .file-content.logs
+            %ol
+              - klass.read_latest.each do |line|
+                %li
+                  %p= line

app/views/admin/projects/index.html.haml

+- @no_container = true
 - page_title "Projects"
 = render 'shared/show_aside'
+= render "admin/dashboard/head"
 
-.row.prepend-top-default
-  %aside.col-md-3
-    .panel.admin-filter
-      = form_tag admin_namespaces_projects_path, method: :get, class: '' do
-        .form-group
-          = label_tag :name, 'Name:'
-          = text_field_tag :name, params[:name], class: "form-control"
+%div{ class: (container_class) }
+  .row.prepend-top-default
+    %aside.col-md-3
+      .panel.admin-filter
+        = form_tag admin_namespaces_projects_path, method: :get, class: '' do
+          .form-group
+            = label_tag :name, 'Name:'
+            = text_field_tag :name, params[:name], class: "form-control"
 
-        .form-group
-          = label_tag :namespace_id, "Namespace"
-          = namespace_select_tag :namespace_id, selected: params[:namespace_id], class: 'input-large'
+          .form-group
+            = label_tag :namespace_id, "Namespace"
+            = namespace_select_tag :namespace_id, selected: params[:namespace_id], class: 'input-large'
 
-        .form-group
-          %strong Activity
-          .checkbox
-            = label_tag :with_push do
-              = check_box_tag :with_push, 1, params[:with_push]
-              %span Projects with push events
-          .checkbox
-            = label_tag :abandoned do
-              = check_box_tag :abandoned, 1, params[:abandoned]
-              %span No activity over 6 month
-          .checkbox
-            = label_tag :with_archived do
-              = check_box_tag :with_archived, 1, params[:with_archived]
-              %span Show archived projects
+          .form-group
+            %strong Activity
+            .checkbox
+              = label_tag :with_push do
+                = check_box_tag :with_push, 1, params[:with_push]
+                %span Projects with push events
+            .checkbox
+              = label_tag :abandoned do
+                = check_box_tag :abandoned, 1, params[:abandoned]
+                %span No activity over 6 month
+            .checkbox
+              = label_tag :with_archived do
+                = check_box_tag :with_archived, 1, params[:with_archived]
+                %span Show archived projects
 
-        %fieldset
-          %strong Visibility level:
-          .visibility-levels
-            - Project.visibility_levels.each do |label, level|
-              .checkbox
-                %label
-                  = check_box_tag 'visibility_levels[]', level, params[:visibility_levels].present? && params[:visibility_levels].include?(level.to_s)
-                  %span.descr
-                    = visibility_level_icon(level)
-                    = label
-        %fieldset
-          %strong Problems
-          .checkbox
-            = label_tag :last_repository_check_failed do
-              = check_box_tag :last_repository_check_failed, 1, params[:last_repository_check_failed]
-              %span Last repository check failed
+          %fieldset
+            %strong Visibility level:
+            .visibility-levels
+              - Project.visibility_levels.each do |label, level|
+                .checkbox
+                  %label
+                    = check_box_tag 'visibility_levels[]', level, params[:visibility_levels].present? && params[:visibility_levels].include?(level.to_s)
+                    %span.descr
+                      = visibility_level_icon(level)
+                      = label
+          %fieldset
+            %strong Problems
+            .checkbox
+              = label_tag :last_repository_check_failed do
+                = check_box_tag :last_repository_check_failed, 1, params[:last_repository_check_failed]
+                %span Last repository check failed
 
-        = hidden_field_tag :sort, params[:sort]
-        = button_tag "Search", class: "btn submit btn-primary"
-        = link_to "Reset", admin_namespaces_projects_path, class: "btn btn-cancel"
+          = hidden_field_tag :sort, params[:sort]
+          = button_tag "Search", class: "btn submit btn-primary"
+          = link_to "Reset", admin_namespaces_projects_path, class: "btn btn-cancel"
 
-  %section.col-md-9
-    .panel.panel-default
-      .panel-heading
-        Projects (#{@projects.total_count})
-        .controls
-          .dropdown.inline
-            %button.dropdown-toggle.btn.btn-sm{type: 'button', 'data-toggle' => 'dropdown'}
-              %span.light
-              - if @sort.present?
-                = sort_options_hash[@sort]
-              - else
-                = sort_title_recently_created
-              %b.caret
-            %ul.dropdown-menu
-              %li
-                = link_to admin_namespaces_projects_path(sort: sort_value_recently_created) do
+    %section.col-md-9
+      .panel.panel-default
+        .panel-heading
+          Projects (#{@projects.total_count})
+          .controls
+            .dropdown.inline
+              %button.dropdown-toggle.btn.btn-sm{type: 'button', 'data-toggle' => 'dropdown'}
+                %span.light
+                - if @sort.present?
+                  = sort_options_hash[@sort]
+                - else
                   = sort_title_recently_created
-                = link_to admin_namespaces_projects_path(sort: sort_value_oldest_created) do
-                  = sort_title_oldest_created
-                = link_to admin_namespaces_projects_path(sort: sort_value_recently_updated) do
-                  = sort_title_recently_updated
-                = link_to admin_namespaces_projects_path(sort: sort_value_oldest_updated) do
-                  = sort_title_oldest_updated
-                = link_to admin_namespaces_projects_path(sort: sort_value_largest_repo) do
-                  = sort_title_largest_repo
-          = link_to 'New Project', new_project_path, class: "btn btn-sm btn-success"
-      %ul.well-list
-        - @projects.each do |project|
-          %li
-            .list-item-name
-              %span{ class: visibility_level_color(project.visibility_level) }
-                = visibility_level_icon(project.visibility_level)
-              = link_to project.name_with_namespace, [:admin, project.namespace.becomes(Namespace), project]
-            .pull-right
-              - if project.archived
-                %span.label.label-warning archived
-              %span.label.label-gray
-                = repository_size(project)
-              = link_to 'Edit', edit_namespace_project_path(project.namespace, project), id: "edit_#{dom_id(project)}", class: "btn btn-sm"
-              = link_to 'Destroy', [project.namespace.becomes(Namespace), project], data: { confirm: remove_project_message(project) }, method: :delete, class: "btn btn-sm btn-remove"
-        - if @projects.blank?
-          .nothing-here-block 0 projects matches
-    = paginate @projects, theme: "gitlab"
+                %b.caret
+              %ul.dropdown-menu
+                %li
+                  = link_to admin_namespaces_projects_path(sort: sort_value_recently_created) do
+                    = sort_title_recently_created
+                  = link_to admin_namespaces_projects_path(sort: sort_value_oldest_created) do
+                    = sort_title_oldest_created
+                  = link_to admin_namespaces_projects_path(sort: sort_value_recently_updated) do
+                    = sort_title_recently_updated
+                  = link_to admin_namespaces_projects_path(sort: sort_value_oldest_updated) do
+                    = sort_title_oldest_updated
+                  = link_to admin_namespaces_projects_path(sort: sort_value_largest_repo) do
+                    = sort_title_largest_repo
+            = link_to 'New Project', new_project_path, class: "btn btn-sm btn-success"
+        %ul.well-list
+          - @projects.each do |project|
+            %li
+              .list-item-name
+                %span{ class: visibility_level_color(project.visibility_level) }
+                  = visibility_level_icon(project.visibility_level)
+                = link_to project.name_with_namespace, [:admin, project.namespace.becomes(Namespace), project]
+              .pull-right
+                - if project.archived
+                  %span.label.label-warning archived
+                %span.label.label-gray
+                  = repository_size(project)
+                = link_to 'Edit', edit_namespace_project_path(project.namespace, project), id: "edit_#{dom_id(project)}", class: "btn btn-sm"
+                = link_to 'Destroy', [project.namespace.becomes(Namespace), project], data: { confirm: remove_project_message(project) }, method: :delete, class: "btn btn-sm btn-remove"
+          - if @projects.blank?
+            .nothing-here-block 0 projects matches
+      = paginate @projects, theme: "gitlab"

app/views/admin/projects/show.html.haml

@@ -142,7 +142,7 @@
               %i.fa.fa-pencil-square-o
         %ul.well-list
           - @group_members.each do |member|
-            = render 'groups/group_members/group_member', member: member, show_controls: false
+            = render 'shared/members/member', member: member, show_controls: false
         .panel-footer
           = paginate @group_members, param_name: 'group_members_page', theme: 'gitlab'
 
@@ -172,7 +172,7 @@
                 %span.light Owner
               - else
                 %span.light= project_member.human_access
-                = link_to namespace_project_project_member_path(@project.namespace, @project, project_member), data: { confirm: remove_from_project_team_message(@project, project_member)}, method: :delete, remote: true, class: "btn btn-sm btn-remove" do
+                = link_to namespace_project_project_member_path(@project.namespace, @project, project_member), data: { confirm: remove_member_message(project_member)}, method: :delete, remote: true, class: "btn btn-sm btn-remove" do
                   %i.fa.fa-times
       .panel-footer
         = paginate @project_members, param_name: 'project_members_page', theme: 'gitlab'

app/views/admin/users/groups.html.haml

@@ -13,7 +13,7 @@
           .pull-right
             %span.light= group_member.human_access
             - unless group_member.owner?
-              = link_to group_group_member_path(group, group_member), data: { confirm: remove_user_from_group_message(group, group_member) }, method: :delete, remote: true, class: "btn-xs btn btn-remove", title: 'Remove user from group' do
+              = link_to group_group_member_path(group, group_member), data: { confirm: remove_member_message(group_member) }, method: :delete, remote: true, class: "btn-xs btn btn-remove", title: 'Remove user from group' do
                 %i.fa.fa-times.fa-inverse
 - else
   .nothing-here-block This user has no groups.

app/views/admin/users/projects.html.haml

@@ -38,6 +38,5 @@
                   %span.light= member.human_access
 
                   - if member.respond_to? :project
-                    = link_to namespace_project_project_member_path(project.namespace, project, member), data: { confirm: remove_from_project_team_message(project, member) }, remote: true, method: :delete, class: "btn-xs btn btn-remove", title: 'Remove user from project' do
+                    = link_to namespace_project_project_member_path(project.namespace, project, member), data: { confirm: remove_member_message(member) }, remote: true, method: :delete, class: "btn-xs btn btn-remove", title: 'Remove user from project' do
                       %i.fa.fa-times
-

app/views/groups/group_members/index.html.haml

@@ -6,12 +6,13 @@
       .panel-heading
         Add new user to group
       .panel-body
-        - if should_user_see_group_roles?(current_user, @group)
-          %p.light
-            Members of group have access to all group projects.
+        %p.light
+          Members of group have access to all group projects.
         .new-group-member-holder
           = render "new_group_member"
 
+    = render 'shared/members/requests', membership_source: @group, members: @members.request
+
   .panel.panel-default
     .panel-heading
       %strong #{@group.name}
@@ -25,9 +26,8 @@
           = button_tag class: 'btn', title: 'Search' do
             = icon("search")
     %ul.content-list
-      - @members.each do |member|
-        = render 'groups/group_members/group_member', member: member, show_controls: true
-    = paginate @members, theme: 'gitlab'
+      = render partial: 'shared/members/member', collection: @members.non_request, as: :member
+    = paginate @members.non_request, theme: 'gitlab'
 
 :javascript
   $('form.member-search-form').on('submit', function(event) {

app/views/groups/group_members/update.js.haml

 :plain
-  $("##{dom_id(@group_member)}").replaceWith('#{escape_javascript(render(@group_member, member: @group_member, show_controls: true))}');
+  $("##{dom_id(@group_member)}").replaceWith('#{escape_javascript(render(@group_member, member: @group_member))}');

app/views/groups/show.html.haml

@@ -19,6 +19,9 @@
         .cover-desc.description
           = markdown(@group.description, pipeline: :description)
 
+    - if current_user
+      = render 'shared/members/access_request_buttons', source: @group
+
 %div{ class: container_class }
   .top-area
     %ul.nav-links

app/views/issues/_issue.atom.builder

@@ -5,10 +5,28 @@ xml.entry do
   xml.updated issue.created_at.xmlschema
   xml.media   :thumbnail, width: "40", height: "40", url: image_url(avatar_icon(issue.author_email))
 
-  xml.author do |author|
+  xml.author do
     xml.name issue.author_name
     xml.email issue.author_email
   end
 
   xml.summary issue.title
+  xml.description issue.description if issue.description
+  xml.milestone issue.milestone.title if issue.milestone
+  xml.due_date issue.due_date if issue.due_date
+
+  unless issue.labels.empty?
+    xml.labels do
+      issue.labels.each do |label|
+        xml.label label.name
+      end
+    end
+  end
+
+  if issue.assignee
+    xml.assignee do
+      xml.name issue.assignee.name
+      xml.email issue.assignee.email
+    end
+  end
 end

app/views/layouts/admin.html.haml

 - page_title    "Admin Area"
 - header_title  "Admin Area", admin_root_path
-- sidebar       "admin"
+- nav           "admin"
 
 = render template: "layouts/application"

app/views/layouts/header/_default.html.haml

@@ -27,9 +27,8 @@
             %li
               = link_to dashboard_todos_path, title: 'Todos', data: {toggle: 'tooltip', placement: 'bottom', container: 'body'} do
                 = icon('bell fw')
-                - unless todos_pending_count == 0
-                  %span.badge.todos-pending-count
-                    = todos_pending_count
+                %span.badge.todos-pending-count{ class: ("hidden" if todos_pending_count == 0) }
+                  = todos_pending_count
             - if current_user.can_create_project?
               %li
                 = link_to new_project_path, title: 'New project', data: {toggle: 'tooltip', placement: 'bottom', container: 'body'} do
@@ -51,7 +50,7 @@
       %h1.title= title
 
       .header-logo
-        #logo
+        = link_to root_path, class: 'home', title: 'Dashboard', id: 'logo' do
           = brand_header_logo
 
       = yield :header_content