Put forms from expandable sections into fieldset to ensure proper animation

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

app/views/admin/application_settings/_account_and_limit.html.haml

 = form_for @application_setting, url: admin_application_settings_path, html: { class: 'form-horizontal fieldset-form' } do |f|
   = form_errors(@application_setting)
 
-  .form-group
-    .col-sm-offset-2.col-sm-10
-      .checkbox
-        = f.label :gravatar_enabled do
-          = f.check_box :gravatar_enabled
-          Gravatar enabled
-  .form-group
-    = f.label :default_projects_limit, class: 'control-label col-sm-2'
-    .col-sm-10
-      = f.number_field :default_projects_limit, class: 'form-control'
-  .form-group
-    = f.label :max_attachment_size, 'Maximum attachment size (MB)', class: 'control-label col-sm-2'
-    .col-sm-10
-      = f.number_field :max_attachment_size, class: 'form-control'
-
-    = render 'repository_size_limit_setting', form: f
+  %fieldset
+    .form-group
+      .col-sm-offset-2.col-sm-10
+        .checkbox
+          = f.label :gravatar_enabled do
+            = f.check_box :gravatar_enabled
+            Gravatar enabled
+    .form-group
+      = f.label :default_projects_limit, class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.number_field :default_projects_limit, class: 'form-control'
+    .form-group
+      = f.label :max_attachment_size, 'Maximum attachment size (MB)', class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.number_field :max_attachment_size, class: 'form-control'
 
-  .form-group
-    = f.label :session_expire_delay, 'Session duration (minutes)', class: 'control-label col-sm-2'
-    .col-sm-10
-      = f.number_field :session_expire_delay, class: 'form-control'
-      %span.help-block#session_expire_delay_help_block GitLab restart is required to apply changes
-  .form-group
-    = f.label :user_oauth_applications, 'User OAuth applications', class: 'control-label col-sm-2'
-    .col-sm-10
-      .checkbox
-        = f.label :user_oauth_applications do
-          = f.check_box :user_oauth_applications
-          Allow users to register any application to use GitLab as an OAuth provider
-  .form-group
-    = f.label :user_default_external, 'New users set to external', class: 'control-label col-sm-2'
-    .col-sm-10
-      .checkbox
-        = f.label :user_default_external do
-          = f.check_box :user_default_external
-          Newly registered users will by default be external
+      = render 'repository_size_limit_setting', form: f
 
-  - if ::Gitlab.dev_env_or_com?
     .form-group
-      = f.label :check_namespace_plan, 'Check feature availability on namespace plan', class: 'control-label col-sm-2'
+      = f.label :session_expire_delay, 'Session duration (minutes)', class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.number_field :session_expire_delay, class: 'form-control'
+        %span.help-block#session_expire_delay_help_block GitLab restart is required to apply changes
+    .form-group
+      = f.label :user_oauth_applications, 'User OAuth applications', class: 'control-label col-sm-2'
+      .col-sm-10
+        .checkbox
+          = f.label :user_oauth_applications do
+            = f.check_box :user_oauth_applications
+            Allow users to register any application to use GitLab as an OAuth provider
+    .form-group
+      = f.label :user_default_external, 'New users set to external', class: 'control-label col-sm-2'
       .col-sm-10
         .checkbox
-          = f.label :check_namespace_plan do
-            = f.check_box :check_namespace_plan
-            Enabling this will only make licensed EE features available to projects if the project namespace's plan
-            includes the feature or if the project is public.
+          = f.label :user_default_external do
+            = f.check_box :user_default_external
+            Newly registered users will by default be external
+
+    - if ::Gitlab.dev_env_or_com?
+      .form-group
+        = f.label :check_namespace_plan, 'Check feature availability on namespace plan', class: 'control-label col-sm-2'
+        .col-sm-10
+          .checkbox
+            = f.label :check_namespace_plan do
+              = f.check_box :check_namespace_plan
+              Enabling this will only make licensed EE features available to projects if the project namespace's plan
+              includes the feature or if the project is public.
 
   = f.submit 'Save changes', class: 'btn btn-success'

app/views/admin/application_settings/_help_page.html.haml

 = form_for @application_setting, url: admin_application_settings_path, html: { class: 'form-horizontal fieldset-form' } do |f|
   = form_errors(@application_setting)
-  .form-group
-    = f.label :help_text, class: 'control-label'
-    .col-sm-10
-      = f.text_area :help_text, class: 'form-control', rows: 4
-      .help-block Markdown enabled
-  .form-group
-    = f.label :help_page_text, class: 'control-label col-sm-2'
-    .col-sm-10
-      = f.text_area :help_page_text, class: 'form-control', rows: 4
-      .help-block Markdown enabled
-  .form-group
-    .col-sm-offset-2.col-sm-10
-      .checkbox
-        = f.label :help_page_hide_commercial_content do
-          = f.check_box :help_page_hide_commercial_content
-          Hide marketing-related entries from help
-  .form-group
-    = f.label :help_page_support_url, 'Support page URL', class: 'control-label col-sm-2'
-    .col-sm-10
-      = f.text_field :help_page_support_url, class: 'form-control', placeholder: 'http://company.example.com/getting-help', :'aria-describedby' => 'support_help_block'
-      %span.help-block#support_help_block Alternate support URL for help page
+
+  %fieldset
+    .form-group
+      = f.label :help_text, class: 'control-label'
+      .col-sm-10
+        = f.text_area :help_text, class: 'form-control', rows: 4
+        .help-block Markdown enabled
+    .form-group
+      = f.label :help_page_text, class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.text_area :help_page_text, class: 'form-control', rows: 4
+        .help-block Markdown enabled
+    .form-group
+      .col-sm-offset-2.col-sm-10
+        .checkbox
+          = f.label :help_page_hide_commercial_content do
+            = f.check_box :help_page_hide_commercial_content
+            Hide marketing-related entries from help
+    .form-group
+      = f.label :help_page_support_url, 'Support page URL', class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.text_field :help_page_support_url, class: 'form-control', placeholder: 'http://company.example.com/getting-help', :'aria-describedby' => 'support_help_block'
+        %span.help-block#support_help_block Alternate support URL for help page
+
   = f.submit 'Save changes', class: "btn btn-success"

app/views/admin/application_settings/_pages.html.haml

 = form_for @application_setting, url: admin_application_settings_path, html: { class: 'form-horizontal fieldset-form' } do |f|
   = form_errors(@application_setting)
-  .form-group
-    = f.label :max_pages_size, 'Maximum size of pages (MB)', class: 'control-label col-sm-2'
-    .col-sm-10
-      = f.number_field :max_pages_size, class: 'form-control'
-      .help-block 0 for unlimited
-  .form-group
-    .col-sm-offset-2.col-sm-10
-      .checkbox
-        = f.label :pages_domain_verification_enabled do
-          = f.check_box :pages_domain_verification_enabled
-          Require users to prove ownership of custom domains
-      .help-block
-        Domain verification is an essential security measure for public GitLab
-        sites. Users are required to demonstrate they control a domain before
-        it is enabled
-        = link_to icon('question-circle'), help_page_path('user/project/pages/getting_started_part_three.md', anchor: 'dns-txt-record')
+
+  %fieldset
+    .form-group
+      = f.label :max_pages_size, 'Maximum size of pages (MB)', class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.number_field :max_pages_size, class: 'form-control'
+        .help-block 0 for unlimited
+    .form-group
+      .col-sm-offset-2.col-sm-10
+        .checkbox
+          = f.label :pages_domain_verification_enabled do
+            = f.check_box :pages_domain_verification_enabled
+            Require users to prove ownership of custom domains
+        .help-block
+          Domain verification is an essential security measure for public GitLab
+          sites. Users are required to demonstrate they control a domain before
+          it is enabled
+          = link_to icon('question-circle'), help_page_path('user/project/pages/getting_started_part_three.md', anchor: 'dns-txt-record')
+
   = f.submit 'Save changes', class: "btn btn-success"

app/views/admin/application_settings/_signin.html.haml

 = form_for @application_setting, url: admin_application_settings_path, html: { class: 'form-horizontal fieldset-form' } do |f|
   = form_errors(@application_setting)
-  .form-group
-    .col-sm-offset-2.col-sm-10
-      .checkbox
-        = f.label :password_authentication_enabled_for_web do
-          = f.check_box :password_authentication_enabled_for_web
-          Password authentication enabled for web interface
-          .help-block
-            When disabled, an external authentication provider must be used.
-  .form-group
-    .col-sm-offset-2.col-sm-10
-      .checkbox
-        = f.label :password_authentication_enabled_for_git do
-          = f.check_box :password_authentication_enabled_for_git
-          Password authentication enabled for Git over HTTP(S)
-          .help-block
-            When disabled, a Personal Access Token
-            - if Gitlab::Auth::LDAP::Config.enabled?
-              or LDAP password
-            must be used to authenticate.
-  - if omniauth_enabled? && button_based_providers.any?
+
+  %fieldset
     .form-group
-      = f.label :enabled_oauth_sign_in_sources, 'Enabled OAuth sign-in sources', class: 'control-label col-sm-2'
+      .col-sm-offset-2.col-sm-10
+        .checkbox
+          = f.label :password_authentication_enabled_for_web do
+            = f.check_box :password_authentication_enabled_for_web
+            Password authentication enabled for web interface
+            .help-block
+              When disabled, an external authentication provider must be used.
+    .form-group
+      .col-sm-offset-2.col-sm-10
+        .checkbox
+          = f.label :password_authentication_enabled_for_git do
+            = f.check_box :password_authentication_enabled_for_git
+            Password authentication enabled for Git over HTTP(S)
+            .help-block
+              When disabled, a Personal Access Token
+              - if Gitlab::Auth::LDAP::Config.enabled?
+                or LDAP password
+              must be used to authenticate.
+    - if omniauth_enabled? && button_based_providers.any?
+      .form-group
+        = f.label :enabled_oauth_sign_in_sources, 'Enabled OAuth sign-in sources', class: 'control-label col-sm-2'
+        .col-sm-10
+          .btn-group{ data: { toggle: 'buttons' } }
+            - oauth_providers_checkboxes.each do |source|
+              = source
+    .form-group
+      = f.label :two_factor_authentication, 'Two-factor authentication', class: 'control-label col-sm-2'
+      .col-sm-10
+        .checkbox
+          = f.label :require_two_factor_authentication do
+            = f.check_box :require_two_factor_authentication
+            Require all users to setup Two-factor authentication
+    .form-group
+      = f.label :two_factor_authentication, 'Two-factor grace period (hours)', class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.number_field :two_factor_grace_period, min: 0, class: 'form-control', placeholder: '0'
+        .help-block Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication
+    .form-group
+      = f.label :home_page_url, 'Home page URL', class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.text_field :home_page_url, class: 'form-control', placeholder: 'http://company.example.com', :'aria-describedby' => 'home_help_block'
+        %span.help-block#home_help_block We will redirect non-logged in users to this page
+    .form-group
+      = f.label :after_sign_out_path, class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.text_field :after_sign_out_path, class: 'form-control', placeholder: 'http://company.example.com', :'aria-describedby' => 'after_sign_out_path_help_block'
+        %span.help-block#after_sign_out_path_help_block We will redirect users to this page after they sign out
+    .form-group
+      = f.label :sign_in_text, class: 'control-label col-sm-2'
       .col-sm-10
-        .btn-group{ data: { toggle: 'buttons' } }
-          - oauth_providers_checkboxes.each do |source|
-            = source
-  .form-group
-    = f.label :two_factor_authentication, 'Two-factor authentication', class: 'control-label col-sm-2'
-    .col-sm-10
-      .checkbox
-        = f.label :require_two_factor_authentication do
-          = f.check_box :require_two_factor_authentication
-          Require all users to setup Two-factor authentication
-  .form-group
-    = f.label :two_factor_authentication, 'Two-factor grace period (hours)', class: 'control-label col-sm-2'
-    .col-sm-10
-      = f.number_field :two_factor_grace_period, min: 0, class: 'form-control', placeholder: '0'
-      .help-block Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication
-  .form-group
-    = f.label :home_page_url, 'Home page URL', class: 'control-label col-sm-2'
-    .col-sm-10
-      = f.text_field :home_page_url, class: 'form-control', placeholder: 'http://company.example.com', :'aria-describedby' => 'home_help_block'
-      %span.help-block#home_help_block We will redirect non-logged in users to this page
-  .form-group
-    = f.label :after_sign_out_path, class: 'control-label col-sm-2'
-    .col-sm-10
-      = f.text_field :after_sign_out_path, class: 'form-control', placeholder: 'http://company.example.com', :'aria-describedby' => 'after_sign_out_path_help_block'
-      %span.help-block#after_sign_out_path_help_block We will redirect users to this page after they sign out
-  .form-group
-    = f.label :sign_in_text, class: 'control-label col-sm-2'
-    .col-sm-10
-      = f.text_area :sign_in_text, class: 'form-control', rows: 4
-      .help-block Markdown enabled
+        = f.text_area :sign_in_text, class: 'form-control', rows: 4
+        .help-block Markdown enabled
+
   = f.submit 'Save changes', class: "btn btn-success"

app/views/admin/application_settings/_signup.html.haml

 = form_for @application_setting, url: admin_application_settings_path, html: { class: 'form-horizontal fieldset-form' } do |f|
   = form_errors(@application_setting)
-  .form-group
-    .col-sm-offset-2.col-sm-10
-      .checkbox
-        = f.label :signup_enabled do
-          = f.check_box :signup_enabled
-          Sign-up enabled
-  .form-group
-    .col-sm-offset-2.col-sm-10
-      .checkbox
-        = f.label :send_user_confirmation_email do
-          = f.check_box :send_user_confirmation_email
-          Send confirmation email on sign-up
-  .form-group
-    = f.label :domain_whitelist, 'Whitelisted domains for sign-ups', class: 'control-label col-sm-2'
-    .col-sm-10
-      = f.text_area :domain_whitelist_raw, placeholder: 'domain.com', class: 'form-control', rows: 8
-      .help-block ONLY users with e-mail addresses that match these domain(s) will be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com
-  .form-group
-    = f.label :domain_blacklist_enabled, 'Domain Blacklist', class: 'control-label col-sm-2'
-    .col-sm-10
-      .checkbox
-        = f.label :domain_blacklist_enabled do
-          = f.check_box :domain_blacklist_enabled
-          Enable domain blacklist for sign ups
-  .form-group
-    .col-sm-offset-2.col-sm-10
-      .radio
-        = label_tag :blacklist_type_file do
-          = radio_button_tag :blacklist_type, :file
-          .option-title
-            Upload blacklist file
-      .radio
-        = label_tag :blacklist_type_raw do
-          = radio_button_tag :blacklist_type, :raw, @application_setting.domain_blacklist.present? || @application_setting.domain_blacklist.blank?
-          .option-title
-            Enter blacklist manually
-  .form-group.blacklist-file
-    = f.label :domain_blacklist_file, 'Blacklist file', class: 'control-label col-sm-2'
-    .col-sm-10
-      = f.file_field :domain_blacklist_file, class: 'form-control', accept: '.txt,.conf'
-      .help-block Users with e-mail addresses that match these domain(s) will NOT be able to sign-up. Wildcards allowed. Use separate lines or commas for multiple entries.
-  .form-group.blacklist-raw
-    = f.label :domain_blacklist, 'Blacklisted domains for sign-ups', class: 'control-label col-sm-2'
-    .col-sm-10
-      = f.text_area :domain_blacklist_raw, placeholder: 'domain.com', class: 'form-control', rows: 8
-      .help-block Users with e-mail addresses that match these domain(s) will NOT be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com
 
-  .form-group
-    = f.label :after_sign_up_text, class: 'control-label col-sm-2'
-    .col-sm-10
-      = f.text_area :after_sign_up_text, class: 'form-control', rows: 4
-      .help-block Markdown enabled
+  %fieldset
+    .form-group
+      .col-sm-offset-2.col-sm-10
+        .checkbox
+          = f.label :signup_enabled do
+            = f.check_box :signup_enabled
+            Sign-up enabled
+    .form-group
+      .col-sm-offset-2.col-sm-10
+        .checkbox
+          = f.label :send_user_confirmation_email do
+            = f.check_box :send_user_confirmation_email
+            Send confirmation email on sign-up
+    .form-group
+      = f.label :domain_whitelist, 'Whitelisted domains for sign-ups', class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.text_area :domain_whitelist_raw, placeholder: 'domain.com', class: 'form-control', rows: 8
+        .help-block ONLY users with e-mail addresses that match these domain(s) will be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com
+    .form-group
+      = f.label :domain_blacklist_enabled, 'Domain Blacklist', class: 'control-label col-sm-2'
+      .col-sm-10
+        .checkbox
+          = f.label :domain_blacklist_enabled do
+            = f.check_box :domain_blacklist_enabled
+            Enable domain blacklist for sign ups
+    .form-group
+      .col-sm-offset-2.col-sm-10
+        .radio
+          = label_tag :blacklist_type_file do
+            = radio_button_tag :blacklist_type, :file
+            .option-title
+              Upload blacklist file
+        .radio
+          = label_tag :blacklist_type_raw do
+            = radio_button_tag :blacklist_type, :raw, @application_setting.domain_blacklist.present? || @application_setting.domain_blacklist.blank?
+            .option-title
+              Enter blacklist manually
+    .form-group.blacklist-file
+      = f.label :domain_blacklist_file, 'Blacklist file', class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.file_field :domain_blacklist_file, class: 'form-control', accept: '.txt,.conf'
+        .help-block Users with e-mail addresses that match these domain(s) will NOT be able to sign-up. Wildcards allowed. Use separate lines or commas for multiple entries.
+    .form-group.blacklist-raw
+      = f.label :domain_blacklist, 'Blacklisted domains for sign-ups', class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.text_area :domain_blacklist_raw, placeholder: 'domain.com', class: 'form-control', rows: 8
+        .help-block Users with e-mail addresses that match these domain(s) will NOT be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com
+
+    .form-group
+      = f.label :after_sign_up_text, class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.text_area :after_sign_up_text, class: 'form-control', rows: 4
+        .help-block Markdown enabled
 
   = f.submit 'Save changes', class: "btn btn-success"

app/views/admin/application_settings/_visibility_and_access.html.haml

 = form_for @application_setting, url: admin_application_settings_path, html: { class: 'form-horizontal fieldset-form' } do |f|
   = form_errors(@application_setting)
-  .form-group
-    = f.label :default_branch_protection, class: 'control-label col-sm-2'
-    .col-sm-10
-      = f.select :default_branch_protection, options_for_select(Gitlab::Access.protection_options, @application_setting.default_branch_protection), {}, class: 'form-control'
-  = render partial: 'admin/application_settings/ee/project_creation_level', locals: { form: f, application_setting: @application_setting }
-  .form-group.visibility-level-setting
-    = f.label :default_project_visibility, class: 'control-label col-sm-2'
-    .col-sm-10
-      = render('shared/visibility_radios', model_method: :default_project_visibility, form: f, selected_level: @application_setting.default_project_visibility, form_model: Project.new)
-  .form-group.visibility-level-setting
-    = f.label :default_snippet_visibility, class: 'control-label col-sm-2'
-    .col-sm-10
-      = render('shared/visibility_radios', model_method: :default_snippet_visibility, form: f, selected_level: @application_setting.default_snippet_visibility, form_model: ProjectSnippet.new)
-  .form-group.visibility-level-setting
-    = f.label :default_group_visibility, class: 'control-label col-sm-2'
-    .col-sm-10
-      = render('shared/visibility_radios', model_method: :default_group_visibility, form: f, selected_level: @application_setting.default_group_visibility, form_model: Group.new)
-  .form-group
-    = f.label :restricted_visibility_levels, class: 'control-label col-sm-2'
-    .col-sm-10
-      - checkbox_name = 'application_setting[restricted_visibility_levels][]'
-      = hidden_field_tag(checkbox_name)
-      - restricted_level_checkboxes('restricted-visibility-help', checkbox_name).each do |level|
-        .checkbox
-          = level
-      %span.help-block#restricted-visibility-help
-        Selected levels cannot be used by non-admin users for projects or snippets.
-        If the public level is restricted, user profiles are only visible to logged in users.
-  .form-group
-    = f.label :import_sources, class: 'control-label col-sm-2'
-    .col-sm-10
-      - import_sources_checkboxes('import-sources-help').each do |source|
-        .checkbox= source
-      %span.help-block#import-sources-help
-        Enabled sources for code import during project creation. OmniAuth must be configured for GitHub
-        = link_to "(?)", help_page_path("integration/github")
-        , Bitbucket
-        = link_to "(?)", help_page_path("integration/bitbucket")
-        and GitLab.com
-        = link_to "(?)", help_page_path("integration/gitlab")
-
-  .form-group
-    .col-sm-offset-2.col-sm-10
-      .checkbox
-        = f.label :project_export_enabled do
-          = f.check_box :project_export_enabled
-          Project export enabled
 
-  -# EE-only
-  - if ldap_enabled?
+  %fieldset
     .form-group
-      = f.label :allow_group_owners_to_manage_ldap, 'LDAP settings', class: 'control-label col-sm-2'
+      = f.label :default_branch_protection, class: 'control-label col-sm-2'
       .col-sm-10
-        .checkbox
-          = f.label :allow_group_owners_to_manage_ldap do
-            = f.check_box :allow_group_owners_to_manage_ldap
-            Allow group owners to manage LDAP-related settings
-        %span.help-block
-          If checked, group owners can manage LDAP group links and LDAP member overrides
-          = link_to icon('question-circle'), help_page_path('administration/auth/ldap-ee')
+        = f.select :default_branch_protection, options_for_select(Gitlab::Access.protection_options, @application_setting.default_branch_protection), {}, class: 'form-control'
+    = render partial: 'admin/application_settings/ee/project_creation_level', locals: { form: f, application_setting: @application_setting }
+    .form-group.visibility-level-setting
+      = f.label :default_project_visibility, class: 'control-label col-sm-2'
+      .col-sm-10
+        = render('shared/visibility_radios', model_method: :default_project_visibility, form: f, selected_level: @application_setting.default_project_visibility, form_model: Project.new)
+    .form-group.visibility-level-setting
+      = f.label :default_snippet_visibility, class: 'control-label col-sm-2'
+      .col-sm-10
+        = render('shared/visibility_radios', model_method: :default_snippet_visibility, form: f, selected_level: @application_setting.default_snippet_visibility, form_model: ProjectSnippet.new)
+    .form-group.visibility-level-setting
+      = f.label :default_group_visibility, class: 'control-label col-sm-2'
+      .col-sm-10
+        = render('shared/visibility_radios', model_method: :default_group_visibility, form: f, selected_level: @application_setting.default_group_visibility, form_model: Group.new)
+    .form-group
+      = f.label :restricted_visibility_levels, class: 'control-label col-sm-2'
+      .col-sm-10
+        - checkbox_name = 'application_setting[restricted_visibility_levels][]'
+        = hidden_field_tag(checkbox_name)
+        - restricted_level_checkboxes('restricted-visibility-help', checkbox_name).each do |level|
+          .checkbox
+            = level
+        %span.help-block#restricted-visibility-help
+          Selected levels cannot be used by non-admin users for projects or snippets.
+          If the public level is restricted, user profiles are only visible to logged in users.
+    .form-group
+      = f.label :import_sources, class: 'control-label col-sm-2'
+      .col-sm-10
+        - import_sources_checkboxes('import-sources-help').each do |source|
+          .checkbox= source
+        %span.help-block#import-sources-help
+          Enabled sources for code import during project creation. OmniAuth must be configured for GitHub
+          = link_to "(?)", help_page_path("integration/github")
+          , Bitbucket
+          = link_to "(?)", help_page_path("integration/bitbucket")
+          and GitLab.com
+          = link_to "(?)", help_page_path("integration/gitlab")
+    .form-group
+      = f.label :default_branch_protection, class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.select :default_branch_protection, options_for_select(Gitlab::Access.protection_options, @application_setting.default_branch_protection), {}, class: 'form-control'
+
+    -# EE-only
+    - if ldap_enabled?
+      .form-group
+        = f.label :allow_group_owners_to_manage_ldap, 'LDAP settings', class: 'control-label col-sm-2'
+        .col-sm-10
+          .checkbox
+            = f.label :allow_group_owners_to_manage_ldap do
+              = f.check_box :allow_group_owners_to_manage_ldap
+              Allow group owners to manage LDAP-related settings
+          %span.help-block
+            If checked, group owners can manage LDAP group links and LDAP member overrides
+            = link_to icon('question-circle'), help_page_path('administration/auth/ldap-ee')
 
-  .form-group
-    %label.control-label.col-sm-2 Enabled Git access protocols
-    .col-sm-10
-      = select(:application_setting, :enabled_git_access_protocol, [['Both SSH and HTTP(S)', nil], ['Only SSH', 'ssh'], ['Only HTTP(S)', 'http']], {}, class: 'form-control')
-      %span.help-block#clone-protocol-help
-        Allow only the selected protocols to be used for Git access.
+    .form-group
+      .col-sm-offset-2.col-sm-10
+        .checkbox
+          = f.label :project_export_enabled do
+            = f.check_box :project_export_enabled
+            Project export enabled
 
-  - ApplicationSetting::SUPPORTED_KEY_TYPES.each do |type|
-    - field_name = :"#{type}_key_restriction"
     .form-group
-      = f.label field_name, "#{type.upcase} SSH keys", class: 'control-label col-sm-2'
+      %label.control-label.col-sm-2 Enabled Git access protocols
       .col-sm-10
-        = f.select field_name, key_restriction_options_for_select(type), {}, class: 'form-control'
+        = select(:application_setting, :enabled_git_access_protocol, [['Both SSH and HTTP(S)', nil], ['Only SSH', 'ssh'], ['Only HTTP(S)', 'http']], {}, class: 'form-control')
+        %span.help-block#clone-protocol-help
+          Allow only the selected protocols to be used for Git access.
+
+    - ApplicationSetting::SUPPORTED_KEY_TYPES.each do |type|
+      - field_name = :"#{type}_key_restriction"
+      .form-group
+        = f.label field_name, "#{type.upcase} SSH keys", class: 'control-label col-sm-2'
+        .col-sm-10
+          = f.select field_name, key_restriction_options_for_select(type), {}, class: 'form-control'
+
   = f.submit 'Save changes', class: "btn btn-success"