Merge branch 'master' into comment-updated-by

CHANGELOG

 Please view this file on the master branch, on stable branches it's out of date.
 
 v 7.14.0 (unreleased)
+  - Fix coloring of diffs on MR Discussion-tab (Gert Goet)
   - Fix "Network" and "Graphs" pages for branches with encoded slashes (Stan Hu)
   - Fix errors deleting and creating branches with encoded slashes (Stan Hu)
+  - Always add current user to autocomplete controller to support filter by "Me" (Stan Hu)
   - Fix multi-line syntax highlighting (Stan Hu)
   - Fix network graph when branch name has single quotes (Stan Hu)
   - Add "Confirm user" button in user admin page (Stan Hu)
@@ -39,6 +41,10 @@ v 7.14.0 (unreleased)
   - Remove satellites 
   - Remove comments and email addresses when publicly exposing ssh keys (Zeger-Jan van de Weg)
 
+v 7.13.3
+  - Fix bug causing Bitbucket importer to crash when OAuth application had been removed.
+  - Allow users to send abuse reports
+
 v 7.13.2
   - Fix randomly failed spec
   - Create project services on Project creation

GITLAB_SHELL_VERSION

-2.6.3
+2.6.4

app/assets/stylesheets/generic/mobile.scss

@@ -48,6 +48,10 @@
       display: block;
     }
 
+    .project-home-desc {
+      font-size: 21px;
+    }
+
     .project-repo-buttons,
     .git-clone-holder {
       display: none;

app/assets/stylesheets/pages/projects.scss

@@ -30,7 +30,13 @@
     }
   }
 
-  .lead {
+  .project-home-desc {
+    h1 {
+      margin: 0;
+      margin-bottom: 10px;
+      font-size: 26px;
+    }
+
     p {
       display: inline;
     }

app/controllers/abuse_reports_controller.rb

+class AbuseReportsController < ApplicationController
+  def new
+    @abuse_report = AbuseReport.new
+    @abuse_report.user_id = params[:user_id]
+  end
+
+  def create
+    @abuse_report = AbuseReport.new(report_params)
+    @abuse_report.reporter = current_user
+
+    if @abuse_report.save
+      message = "Thank you for your report. A GitLab administrator will look into it shortly."
+      redirect_to root_path, notice: message
+    else
+      render :new
+    end
+  end
+
+  private
+
+  def report_params
+    params.require(:abuse_report).permit(:user_id, :message)
+  end
+end

app/controllers/admin/abuse_reports_controller.rb

+class Admin::AbuseReportsController < Admin::ApplicationController
+  def index
+    @abuse_reports = AbuseReport.order(id: :desc).page(params[:page])
+  end
+
+  def destroy
+    AbuseReport.find(params[:id]).destroy
+
+    redirect_to admin_abuse_reports_path, notice: 'Report was removed'
+  end
+end

app/controllers/autocomplete_controller.rb

@@ -33,6 +33,8 @@ class AutocompleteController < ApplicationController
     @users = @users.search(params[:search]) if params[:search].present?
     @users = @users.active
     @users = @users.page(params[:page]).per(PER_PAGE)
+    # Always include current user if available to filter by "Me"
+    @users = User.find(@users.pluck(:id) + [current_user.id]).uniq if current_user
     render json: @users, only: [:name, :username, :id], methods: [:avatar_url]
   end
 

app/models/abuse_report.rb

+class AbuseReport < ActiveRecord::Base
+  belongs_to :reporter, class_name: "User"
+  belongs_to :user
+
+  validates :reporter, presence: true
+  validates :user, presence: true
+  validates :message, presence: true
+  validates :user_id, uniqueness: { scope: :reporter_id }
+end

app/models/namespace.rb

@@ -114,6 +114,9 @@ class Namespace < ActiveRecord::Base
   end
 
   def move_dir
+    # Ensure old directory exists before moving it
+    gitlab_shell.add_namespace(path_was)
+
     if gitlab_shell.mv_namespace(path_was, path)
       # If repositories moved successfully we need to
       # send update instructions to users.

app/views/abuse_reports/new.html.haml

+- page_title "Report abuse"
+%h3.page-title Report abuse
+%p Please use this form to report users who create spam issues or comments or who otherwise behave inappropriately.
+%hr
+= form_for @abuse_report, html: { class: 'form-horizontal'} do |f|
+  = f.hidden_field :user_id
+  - if @abuse_report.errors.any?
+    .alert.alert-danger
+      - @abuse_report.errors.full_messages.each do |msg|
+        %p= msg
+  .form-group
+    = f.label :user_id, class: 'control-label'
+    .col-sm-10
+      - name = "#{@abuse_report.user.name} (@#{@abuse_report.user.username})"
+      = text_field_tag :user_name, name, class: "form-control", readonly: true
+  .form-group
+    = f.label :message, class: 'control-label'
+    .col-sm-10
+      = f.text_area :message, class: "form-control", rows: 2, required: true
+      .help-block
+        Explain the problem with this user. If appropriate, provide a link to the relevant issue or comment.
+
+  .form-actions
+    = f.submit "Send report", class: "btn btn-create"

app/views/admin/abuse_reports/_abuse_report.html.haml

+- reporter = abuse_report.reporter
+- user = abuse_report.user
+%tr
+  %td
+    - if reporter
+      = link_to reporter.name, [:admin, reporter]
+    - else
+      (removed)
+  %td
+    = abuse_report.created_at.to_s(:short)
+  %td
+    = abuse_report.message
+  %td
+    - if user
+      = link_to user.name, [:admin, user]
+    - else
+      (removed)
+  %td
+    - if user
+      = link_to 'Block', block_admin_user_path(user), data: {confirm: 'USER WILL BE BLOCKED! Are you sure?'}, method: :put, class: "btn btn-xs btn-warning"
+      = link_to 'Remove user', [:admin, user], data: { confirm: "USER #{user.name} WILL BE REMOVED! Are you sure?" }, method: :delete, class: "btn btn-xs btn-remove"
+  %td
+    = link_to 'Remove report', [:admin, abuse_report], method: :delete, class: "btn btn-xs btn-close"

app/views/admin/abuse_reports/index.html.haml

+- page_title "Abuse Reports"
+%h3.page-title Abuse Reports
+%hr
+- if @abuse_reports.present?
+  %table.table
+    %thead
+      %tr
+        %th Reported by
+        %th Reported at
+        %th Message
+        %th User
+        %th
+        %th
+    = render @abuse_reports
+  = paginate @abuse_reports
+- else
+  %h4 There are no abuse reports

app/views/explore/projects/_project.html.haml

@@ -9,8 +9,8 @@
 
   .project-info
     - if project.description.present?
-      %p.project-description.str-truncated
-        = project.description
+      .project-description.str-truncated
+        = markdown(project.description, pipeline: :description)
 
     .repo-info
       - unless project.empty_repo?

app/views/layouts/nav/_admin.html.haml

@@ -57,6 +57,13 @@
       %span
         Service Templates
 
+  = nav_link(controller: :abuse_reports) do
+    = link_to admin_abuse_reports_path, title: "Abuse reports" do
+      = icon('exclamation-circle fw')
+      %span
+        Abuse Reports
+        %span.count= AbuseReport.count(:all)
+
   = nav_link(controller: :application_settings, html_options: { class: 'separate-item'}) do
     = link_to admin_application_settings_path, title: 'Settings', data: {placement: 'right'} do
       = icon('cogs fw')

app/views/projects/_home_panel.html.haml

@@ -3,6 +3,7 @@
   .project-identicon-holder
     = project_icon(@project, alt: '', class: 'project-avatar avatar s90')
   .project-home-desc.lead
+    %h1= @project.name
     - if @project.description.present?
       = markdown(@project.description, pipeline: :description)
 

app/views/projects/merge_requests/widget/open/_conflicts.html.haml

 - if @merge_request.can_be_merged_by?(current_user)
   %h4
     This merge request contains merge conflicts that must be resolved.
-    You can try it manually on the
+  %p
+    You can merge it manually using the
     %strong
       = link_to "command line", "#modal_merge_info", class: "how_to_merge_link vlink", title: "How To Merge", "data-toggle" => "modal"
 - else

app/views/projects/notes/discussions/_diff.html.haml

@@ -12,18 +12,19 @@
     .diff-content
       %table
         - note.truncated_diff_lines.each do |line|
+          - type = line.type
           - line_code = generate_line_code(note.file_path, line)
-          %tr.line_holder{ id: line_code }
-            - if line.type == "match"
+          %tr.line_holder{ id: line_code, class: "#{type}" }
+            - if type == "match"
               %td.old_line= "..."
               %td.new_line= "..."
               %td.line_content.matched= line.text
             - else
-              %td.old_line{class: line.type == "new" ? "new" : "old"}
-                = raw(line.type == "new" ? " " : line.old_pos)
-              %td.new_line{class: line.type == "new" ? "new" : "old"}
-                = raw(line.type == "old" ? " " : line.new_pos)
-              %td.line_content{class: "noteable_line #{line.type} #{line_code}", "line_code" => line_code}= raw diff_line_content(line.text)
+              %td.old_line
+                = raw(type == "new" ? " " : line.old_pos)
+              %td.new_line
+                = raw(type == "old" ? " " : line.new_pos)
+              %td.line_content{class: "noteable_line #{type} #{line_code}", "line_code" => line_code}= raw diff_line_content(line.text)
 
               - if line_code == note.line_code
                 = render "projects/notes/diff_notes_with_reply", notes: discussion_notes

app/views/users/show.html.haml

@@ -18,6 +18,16 @@
             = link_to profile_path, class: 'btn btn-sm' do
               %i.fa.fa-pencil-square-o
               Edit Profile settings
+        - elsif current_user
+          .pull-right
+            %span.dropdown
+              %a.light.dropdown-toggle.btn.btn-sm{href: '#', "data-toggle" => "dropdown"}
+                = icon('exclamation-circle')
+              %ul.dropdown-menu.dropdown-menu-right
+                %li
+                  = link_to new_abuse_report_path(user_id: @user.id) do
+                    Report abuse
+
       .username
         @#{@user.username}
       .description

config/routes.rb

@@ -65,6 +65,9 @@ Gitlab::Application.routes.draw do
     end
   end
 
+  # Spam reports
+  resources :abuse_reports, only: [:new, :create]
+
   #
   # Import
   #
@@ -165,6 +168,7 @@ Gitlab::Application.routes.draw do
       end
     end
 
+    resources :abuse_reports, only: [:index, :destroy]
     resources :applications
 
     resources :groups, constraints: { id: /[^\/]+/ } do

db/migrate/20150806104937_create_abuse_reports.rb

+class CreateAbuseReports < ActiveRecord::Migration
+  def change
+    create_table :abuse_reports do |t|
+      t.integer :reporter_id
+      t.integer :user_id
+      t.text :message
+
+      t.timestamps
+    end
+  end
+end

db/schema.rb

@@ -11,11 +11,19 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20150730122406) do
+ActiveRecord::Schema.define(version: 20150806104937) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
+  create_table "abuse_reports", force: true do |t|
+    t.integer  "reporter_id"
+    t.integer  "user_id"
+    t.text     "message"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
   create_table "application_settings", force: true do |t|
     t.integer  "default_projects_limit"
     t.boolean  "signup_enabled"

features/abuse_report.feature

+Feature: Abuse reports
+  Background:
+    Given I sign in as a user
+    And user "Mike" exists
+
+  Scenario: Report abuse
+    Given I visit "Mike" user page
+    And I click "Report abuse" button
+    When I fill and submit abuse form
+    Then I should see success message

features/admin/abuse_report.feature

+Feature: Admin Abuse reports
+  Background:
+    Given I sign in as an admin
+    And abuse reports exist
+
+  Scenario: Browse abuse reports
+    When I visit abuse reports page
+    Then I should see list of abuse reports

features/steps/abuse_reports.rb

+class Spinach::Features::AbuseReports < Spinach::FeatureSteps
+  include SharedAuthentication
+
+  step 'I visit "Mike" user page' do
+    visit user_path(user_mike)
+  end
+
+  step 'I click "Report abuse" button' do
+    click_link 'Report abuse'
+  end
+
+  step 'I fill and submit abuse form' do
+    fill_in 'abuse_report_message', with: 'This user send spam'
+    click_button 'Send report'
+  end
+
+  step 'I should see success message' do
+    page.should have_content 'Thank you for your report'
+  end
+
+  step 'user "Mike" exists' do
+    user_mike
+  end
+
+  def user_mike
+    @user_mike ||= create(:user, name: 'Mike')
+  end
+end

features/steps/admin/abuse_reports.rb

+class Spinach::Features::AdminAbuseReports < Spinach::FeatureSteps
+  include SharedAuthentication
+  include SharedPaths
+  include SharedAdmin
+
+  step 'I should see list of abuse reports' do
+    page.should have_content("Abuse Reports")
+    page.should have_content AbuseReport.first.message
+    page.should have_link("Remove user")
+  end
+
+  step 'abuse reports exist' do
+    create(:abuse_report)
+  end
+end

features/steps/project/forked_merge_requests.rb

@@ -137,10 +137,11 @@ class Spinach::Features::ProjectForkedMergeRequests < Spinach::FeatureSteps
   end
 
   step 'I should see the users from the target project ID' do
-    expect(page).to have_selector('.user-result', visible: true, count: 2)
+    expect(page).to have_selector('.user-result', visible: true, count: 3)
     users = page.all('.user-name')
     expect(users[0].text).to eq 'Unassigned'
-    expect(users[1].text).to eq @project.users.first.name
+    expect(users[1].text).to eq current_user.name
+    expect(users[2].text).to eq @project.users.first.name
   end
 
   # Verify a link is generated against the correct project

features/steps/shared/paths.rb

@@ -139,6 +139,10 @@ module SharedPaths
     visit admin_root_path
   end
 
+  step 'I visit abuse reports page' do
+    visit admin_abuse_reports_path
+  end
+
   step 'I visit admin projects page' do
     visit admin_namespaces_projects_path
   end

spec/controllers/autocomplete_controller_spec.rb

@@ -4,6 +4,7 @@ describe AutocompleteController do
   let!(:project) { create(:project) }
   let!(:user)    { create(:user) }
   let!(:user2)   { create(:user) }
+  let!(:non_member)   { create(:user) }
 
   context 'project members' do
     before do
@@ -61,6 +62,27 @@ describe AutocompleteController do
     end
   end
 
+  context 'non-member login for public project' do
+    let!(:project) { create(:project, :public) }
+
+    before do
+      sign_in(non_member)
+      project.team << [user, :master]
+    end
+
+    let(:body) { JSON.parse(response.body) }
+
+    describe 'GET #users with project ID' do
+      before do
+        get(:users, project_id: project.id)
+      end
+
+      it { expect(body).to be_kind_of(Array) }
+      it { expect(body.size).to eq 2 }
+      it { expect(body.map { |u| u['username'] }).to match_array([user.username, non_member.username]) }
+    end
+  end
+
   context 'all users' do
     before do
       sign_in(user)

spec/factories/abuse_reports.rb

+# Read about factories at https://github.com/thoughtbot/factory_girl
+
+FactoryGirl.define do
+  factory :abuse_report do
+    reporter factory: :user
+    user
+    message 'User sends spam'
+  end
+end

spec/features/projects_spec.rb

@@ -22,9 +22,9 @@ feature 'Project', feature: true do
     end
 
     it 'sanitizes unwanted tags' do
-      project.update_attribute(:description, '# Project Description')
+      project.update_attribute(:description, "```\ncode\n```")
       visit path
-      expect(page).not_to have_css('.project-home-desc h1')
+      expect(page).not_to have_css('.project-home-desc code')
     end
 
     it 'permits `rel` attribute on links' do

spec/models/abuse_report_spec.rb

+require 'rails_helper'
+
+RSpec.describe AbuseReport, type: :model do
+  subject { create(:abuse_report) }
+
+  it { expect(subject).to be_valid }
+end