merge master

Gemfile

@@ -132,7 +132,7 @@ gem 'after_commit_queue', '~> 1.3.0'
 gem 'acts-as-taggable-on', '~> 4.0'
 
 # Background jobs
-gem 'sidekiq', '~> 4.2'
+gem 'sidekiq', '~> 4.2.7'
 gem 'sidekiq-cron', '~> 0.4.4'
 gem 'redis-namespace', '~> 1.5.2'
 gem 'sidekiq-limit_fetch', '~> 3.4'

Gemfile.lock

@@ -126,7 +126,7 @@ GEM
     coffee-script-source (1.10.0)
     colorize (0.7.7)
     concurrent-ruby (1.0.2)
-    connection_pool (2.2.0)
+    connection_pool (2.2.1)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
     creole (0.5.0)
@@ -648,10 +648,10 @@ GEM
       rack
     shoulda-matchers (2.8.0)
       activesupport (>= 3.0.0)
-    sidekiq (4.2.1)
+    sidekiq (4.2.7)
       concurrent-ruby (~> 1.0)
       connection_pool (~> 2.2, >= 2.2.0)
-      rack-protection (~> 1.5)
+      rack-protection (>= 1.5.0)
       redis (~> 3.2, >= 3.2.1)
     sidekiq-cron (0.4.4)
       redis-namespace (>= 1.5.2)
@@ -928,7 +928,7 @@ DEPENDENCIES
   settingslogic (~> 2.0.9)
   sham_rack (~> 1.3.6)
   shoulda-matchers (~> 2.8.0)
-  sidekiq (~> 4.2)
+  sidekiq (~> 4.2.7)
   sidekiq-cron (~> 0.4.4)
   sidekiq-limit_fetch (~> 3.4)
   simplecov (= 0.12.0)

app/assets/javascripts/commit/file.js

@@ -3,7 +3,7 @@
   this.CommitFile = (function() {
     function CommitFile(file) {
       if ($('.image', file).length) {
-        new ImageFile(file);
+        new gl.ImageFile(file);
       }
     }
 

app/assets/javascripts/commit/image_file.js

 /* eslint-disable func-names, space-before-function-paren, wrap-iife, no-var, no-use-before-define, prefer-arrow-callback, no-else-return, consistent-return, prefer-template, quotes, one-var, one-var-declaration-per-line, no-unused-vars, no-return-assign, comma-dangle, quote-props, no-unused-expressions, no-sequences, object-shorthand, padded-blocks, max-len */
 (function() {
-  this.ImageFile = (function() {
+  gl.ImageFile = (function() {
     var prepareFrames;
 
     // Width where images must fits in, for 2-up this gets divided by 2

app/assets/javascripts/copy_to_clipboard.js

@@ -6,7 +6,7 @@
   var genericError, genericSuccess, showTooltip;
 
   genericSuccess = function(e) {
-    showTooltip(e.trigger, 'Copied!');
+    showTooltip(e.trigger, 'Copied');
     // Clear the selection and blur the trigger so it loses its border
     e.clearSelection();
     return $(e.trigger).blur();
@@ -31,7 +31,7 @@
     var originalTitle = $target.data('original-title');
 
     $target
-      .attr('title', 'Copied!')
+      .attr('title', 'Copied')
       .tooltip('fixTitle')
       .tooltip('show')
       .attr('title', originalTitle)

app/assets/javascripts/diff.js.es6

@@ -5,8 +5,11 @@
 
   class Diff {
     constructor() {
-      $('.files .diff-file').singleFileDiff();
-      $('.files .diff-file').filesCommentButton();
+      const $diffFile = $('.files .diff-file');
+      $diffFile.singleFileDiff();
+      $diffFile.filesCommentButton();
+
+      $diffFile.each((index, file) => new gl.ImageFile(file));
 
       if (this.diffViewType() === 'parallel') {
         $('.content-wrapper .container-fluid').removeClass('container-limited');

app/assets/javascripts/gfm_auto_complete.js.es6

@@ -52,6 +52,10 @@
         return $.fn.atwho["default"].callbacks.filter(query, data, searchKey);
       },
       beforeInsert: function(value) {
+        if (value && !this.setting.skipSpecialCharacterTest) {
+          var withoutAt = value.substring(1);
+          if (withoutAt && /[^\w\d]/.test(withoutAt)) value = value.charAt() + '"' + withoutAt + '"';
+        }
         if (!GitLab.GfmAutoComplete.dataLoaded) {
           return this.at;
         } else {
@@ -117,6 +121,7 @@
         insertTpl: ':${name}:',
         data: ['loading'],
         startWithSpace: false,
+        skipSpecialCharacterTest: true,
         callbacks: {
           sorter: this.DefaultOptions.sorter,
           filter: this.DefaultOptions.filter,
@@ -141,6 +146,7 @@
         data: ['loading'],
         startWithSpace: false,
         alwaysHighlightFirst: true,
+        skipSpecialCharacterTest: true,
         callbacks: {
           sorter: this.DefaultOptions.sorter,
           filter: this.DefaultOptions.filter,
@@ -219,12 +225,13 @@
             }
           };
         })(this),
-        insertTpl: '${atwho-at}"${title}"',
+        insertTpl: '${atwho-at}${title}',
         data: ['loading'],
         startWithSpace: false,
         callbacks: {
           matcher: this.DefaultOptions.matcher,
           sorter: this.DefaultOptions.sorter,
+          beforeInsert: this.DefaultOptions.beforeInsert,
           beforeSave: function(milestones) {
             return $.map(milestones, function(m) {
               if (m.title == null) {
@@ -284,18 +291,11 @@
         callbacks: {
           matcher: this.DefaultOptions.matcher,
           sorter: this.DefaultOptions.sorter,
+          beforeInsert: this.DefaultOptions.beforeInsert,
           beforeSave: function(merges) {
-            var sanitizeLabelTitle;
-            sanitizeLabelTitle = function(title) {
-              if (/[\w\?&]+\s+[\w\?&]+/g.test(title)) {
-                return "\"" + (sanitize(title)) + "\"";
-              } else {
-                return sanitize(title);
-              }
-            };
             return $.map(merges, function(m) {
               return {
-                title: sanitizeLabelTitle(m.title),
+                title: sanitize(m.title),
                 color: m.color,
                 search: "" + m.title
               };
@@ -308,6 +308,7 @@
         at: '/',
         alias: 'commands',
         searchKey: 'search',
+        skipSpecialCharacterTest: true,
         displayTpl: function(value) {
           var tpl = '<li>/${name}';
           if (value.aliases.length > 0) {

app/assets/javascripts/graphs/stat_graph_contributors_util.js

@@ -2,7 +2,7 @@
 (function() {
   window.ContributorsStatGraphUtil = {
     parse_log: function(log) {
-      var by_author, by_email, data, entry, i, len, total;
+      var by_author, by_email, data, entry, i, len, total, normalized_email;
       total = {};
       by_author = {};
       by_email = {};
@@ -11,7 +11,8 @@
         if (total[entry.date] == null) {
           this.add_date(entry.date, total);
         }
-        data = by_author[entry.author_name] || by_email[entry.author_email];
+        normalized_email = entry.author_email.toLowerCase();
+        data = by_author[entry.author_name] || by_email[normalized_email];
         if (data == null) {
           data = this.add_author(entry, by_author, by_email);
         }
@@ -32,12 +33,14 @@
       return collection[date].date = date;
     },
     add_author: function(author, by_author, by_email) {
-      var data;
+      var data, normalized_email;
       data = {};
       data.author_name = author.author_name;
       data.author_email = author.author_email;
+      normalized_email = author.author_email.toLowerCase();
       by_author[author.author_name] = data;
-      return by_email[author.author_email] = data;
+      by_email[normalized_email] = data;
+      return data;
     },
     store_data: function(entry, total, by_author) {
       this.store_commits(total, by_author);

app/assets/javascripts/merge_request_widget.js.es6

@@ -40,19 +40,26 @@
       $('#modal_merge_info').modal({
         show: false
       });
-      this.firstCICheck = true;
-      this.readyForCICheck = false;
-      this.readyForCIEnvironmentCheck = false;
-      this.cancel = false;
-      clearInterval(this.fetchBuildStatusInterval);
-      clearInterval(this.fetchBuildEnvironmentStatusInterval);
       this.clearEventListeners();
       this.addEventListeners();
       this.getCIStatus(false);
-      this.getCIEnvironmentsStatus();
       this.retrieveSuccessIcon();
-      this.pollCIStatus();
-      this.pollCIEnvironmentsStatus();
+
+      this.ciStatusInterval = new global.SmartInterval({
+        callback: this.getCIStatus.bind(this, true),
+        startingInterval: 10000,
+        maxInterval: 30000,
+        hiddenInterval: 120000,
+        incrementByFactorOf: 5000,
+      });
+      this.ciEnvironmentStatusInterval = new global.SmartInterval({
+        callback: this.getCIEnvironmentsStatus.bind(this),
+        startingInterval: 30000,
+        maxInterval: 120000,
+        hiddenInterval: 240000,
+        incrementByFactorOf: 15000,
+        immediateExecution: true,
+      });
       notifyPermissions();
     }
 
@@ -60,10 +67,6 @@
       return $(document).off('page:change.merge_request');
     };
 
-    MergeRequestWidget.prototype.cancelPolling = function() {
-      return this.cancel = true;
-    };
-
     MergeRequestWidget.prototype.addEventListeners = function() {
       var allowedPages;
       allowedPages = ['show', 'commits', 'builds', 'pipelines', 'changes'];
@@ -72,9 +75,6 @@
           var page;
           page = $('body').data('page').split(':').last();
           if (allowedPages.indexOf(page) < 0) {
-            clearInterval(_this.fetchBuildStatusInterval);
-            clearInterval(_this.fetchBuildEnvironmentStatusInterval);
-            _this.cancelPolling();
             return _this.clearEventListeners();
           }
         };
@@ -101,7 +101,7 @@
               urlSuffix = deleteSourceBranch ? '?deleted_source_branch=true' : '';
               return window.location.href = window.location.pathname + urlSuffix;
             } else if (data.merge_error) {
-              return this.$widgetBody.html("<h4>" + data.merge_error + "</h4>");
+              return _this.$widgetBody.html("<h4>" + data.merge_error + "</h4>");
             } else {
               callback = function() {
                 return merge_request_widget.mergeInProgress(deleteSourceBranch);
@@ -114,6 +114,11 @@
       });
     };
 
+    MergeRequestWidget.prototype.cancelPolling = function () {
+      this.ciStatusInterval.cancel();
+      this.ciEnvironmentStatusInterval.cancel();
+    };
+
     MergeRequestWidget.prototype.getMergeStatus = function() {
       return $.get(this.opts.merge_check_url, function(data) {
         return $('.mr-state-widget').replaceWith(data);
@@ -131,18 +136,6 @@
       }
     };
 
-    MergeRequestWidget.prototype.pollCIStatus = function() {
-      return this.fetchBuildStatusInterval = setInterval(((function(_this) {
-        return function() {
-          if (!_this.readyForCICheck) {
-            return;
-          }
-          _this.getCIStatus(true);
-          return _this.readyForCICheck = false;
-        };
-      })(this)), 10000);
-    };
-
     MergeRequestWidget.prototype.getCIStatus = function(showNotification) {
       var _this;
       _this = this;
@@ -150,23 +143,17 @@
       return $.getJSON(this.opts.ci_status_url, (function(_this) {
         return function(data) {
           var message, status, title;
-          if (_this.cancel) {
-            return;
-          }
-          _this.readyForCICheck = true;
           if (data.status === '') {
             return;
           }
           if (data.environments && data.environments.length) _this.renderEnvironments(data.environments);
-          if (_this.firstCICheck || data.status !== _this.opts.ci_status && (data.status != null)) {
+          if (data.status !== _this.opts.ci_status && (data.status != null)) {
             _this.opts.ci_status = data.status;
             _this.showCIStatus(data.status);
             if (data.coverage) {
               _this.showCICoverage(data.coverage);
             }
-            // The first check should only update the UI, a notification
-            // should only be displayed on status changes
-            if (showNotification && !_this.firstCICheck) {
+            if (showNotification) {
               status = _this.ciLabelForStatus(data.status);
               if (status === "preparing") {
                 title = _this.opts.ci_title.preparing;
@@ -184,24 +171,13 @@
                 return Turbolinks.visit(_this.opts.builds_path);
               });
             }
-            return _this.firstCICheck = false;
           }
         };
       })(this));
     };
 
-    MergeRequestWidget.prototype.pollCIEnvironmentsStatus = function() {
-      this.fetchBuildEnvironmentStatusInterval = setInterval(() => {
-        if (!this.readyForCIEnvironmentCheck) return;
-        this.getCIEnvironmentsStatus();
-        this.readyForCIEnvironmentCheck = false;
-      }, 300000);
-    };
-
     MergeRequestWidget.prototype.getCIEnvironmentsStatus = function() {
       $.getJSON(this.opts.ci_environments_status_url, (environments) => {
-        if (this.cancel) return;
-        this.readyForCIEnvironmentCheck = true;
         if (environments && environments.length) this.renderEnvironments(environments);
       });
     };
@@ -212,11 +188,11 @@
         if ($(`.mr-state-widget #${ environment.id }`).length) return;
         const $template = $(DEPLOYMENT_TEMPLATE);
         if (!environment.external_url || !environment.external_url_formatted) $('.js-environment-link', $template).remove();
-        
+
         if (!environment.stop_url) {
           $('.js-stop-env-link', $template).remove();
         }
-        
+
         if (environment.deployed_at && environment.deployed_at_formatted) {
           environment.deployed_at = gl.utils.getTimeago().format(environment.deployed_at, 'gl_en') + '.';
         } else {

app/assets/javascripts/pipelines.js.es6

@@ -4,7 +4,7 @@
 ((global) => {
 
   class Pipelines {
-    constructor(options) {
+    constructor(options = {}) {
 
       if (options.initTabs && options.tabsOptions) {
         new global.LinkedTabs(options.tabsOptions);
@@ -14,9 +14,11 @@
     }
 
     addMarginToBuildColumns() {
-      this.pipelineGraph = document.querySelector('.pipeline-graph');
-      const secondChildBuildNodes = document.querySelector('.pipeline-graph').querySelectorAll('.build:nth-child(2)');
-      for (buildNodeIndex in secondChildBuildNodes) {
+      this.pipelineGraph = document.querySelector('.js-pipeline-graph');
+
+      const secondChildBuildNodes = this.pipelineGraph.querySelectorAll('.build:nth-child(2)');
+
+      for (const buildNodeIndex in secondChildBuildNodes) {
         const buildNode = secondChildBuildNodes[buildNodeIndex];
         const firstChildBuildNode = buildNode.previousElementSibling;
         if (!firstChildBuildNode || !firstChildBuildNode.matches('.build')) continue;
@@ -28,6 +30,7 @@
         const columnBuilds = previousColumn.querySelectorAll('.build');
         if (columnBuilds.length === 1) previousColumn.classList.add('no-margin');
       }
+
       this.pipelineGraph.classList.remove('hidden');
     }
   }

app/assets/javascripts/smart_interval.js.es6

@@ -7,24 +7,31 @@
 (() => {
   class SmartInterval {
     /**
-      * @param { function } callback Function to be called on each iteration (required)
-      * @param { milliseconds } startingInterval `currentInterval` is set to this initially
-      * @param { milliseconds } maxInterval `currentInterval` will be incremented to this
-      * @param { integer } incrementByFactorOf `currentInterval` is incremented by this factor
-      * @param { boolean } lazyStart Configure if timer is initialized on instantiation or lazily
+      * @param { function } opts.callback Function to be called on each iteration (required)
+      * @param { milliseconds } opts.startingInterval `currentInterval` is set to this initially
+      * @param { milliseconds } opts.maxInterval `currentInterval` will be incremented to this
+      * @param { milliseconds } opts.hiddenInterval `currentInterval` is set to this
+      *                         when the page is hidden
+      * @param { integer } opts.incrementByFactorOf `currentInterval` is incremented by this factor
+      * @param { boolean } opts.lazyStart Configure if timer is initialized on
+      *                    instantiation or lazily
+      * @param { boolean } opts.immediateExecution Configure if callback should
+      *                    be executed before the first interval.
       */
-    constructor({ callback, startingInterval, maxInterval, incrementByFactorOf, lazyStart }) {
+    constructor(opts = {}) {
       this.cfg = {
-        callback,
-        startingInterval,
-        maxInterval,
-        incrementByFactorOf,
-        lazyStart,
+        callback: opts.callback,
+        startingInterval: opts.startingInterval,
+        maxInterval: opts.maxInterval,
+        hiddenInterval: opts.hiddenInterval,
+        incrementByFactorOf: opts.incrementByFactorOf,
+        lazyStart: opts.lazyStart,
+        immediateExecution: opts.immediateExecution,
       };
 
       this.state = {
         intervalId: null,
-        currentInterval: startingInterval,
+        currentInterval: this.cfg.startingInterval,
         pageVisibility: 'visible',
       };
 
@@ -36,6 +43,11 @@
       const cfg = this.cfg;
       const state = this.state;
 
+      if (cfg.immediateExecution) {
+        cfg.immediateExecution = false;
+        cfg.callback();
+      }
+
       state.intervalId = window.setInterval(() => {
         cfg.callback();
 
@@ -54,14 +66,29 @@
       this.stopTimer();
     }
 
+    onVisibilityHidden() {
+      if (this.cfg.hiddenInterval) {
+        this.setCurrentInterval(this.cfg.hiddenInterval);
+        this.resume();
+      } else {
+        this.cancel();
+      }
+    }
+
     // start a timer, using the existing interval
     resume() {
       this.stopTimer(); // stop exsiting timer, in case timer was not previously stopped
       this.start();
     }
 
+    onVisibilityVisible() {
+      this.cancel();
+      this.start();
+    }
+
     destroy() {
       this.cancel();
+      document.removeEventListener('visibilitychange', this.handleVisibilityChange);
       $(document).off('visibilitychange').off('page:before-unload');
     }
 
@@ -80,11 +107,7 @@
 
     initVisibilityChangeHandling() {
       // cancel interval when tab no longer shown (prevents cached pages from polling)
-      $(document)
-        .off('visibilitychange').on('visibilitychange', (e) => {
-          this.state.pageVisibility = e.target.visibilityState;
-          this.handleVisibilityChange();
-        });
+      document.addEventListener('visibilitychange', this.handleVisibilityChange.bind(this));
     }
 
     initPageUnloadHandling() {
@@ -92,10 +115,11 @@
       $(document).on('page:before-unload', () => this.cancel());
     }
 
-    handleVisibilityChange() {
-      const state = this.state;
-
-      const intervalAction = state.pageVisibility === 'hidden' ? this.cancel : this.resume;
+    handleVisibilityChange(e) {
+      this.state.pageVisibility = e.target.visibilityState;
+      const intervalAction = this.isPageVisible() ?
+        this.onVisibilityVisible :
+        this.onVisibilityHidden;
 
       intervalAction.apply(this);
     }
@@ -111,6 +135,7 @@
     incrementInterval() {
       const cfg = this.cfg;
       const currentInterval = this.getCurrentInterval();
+      if (cfg.hiddenInterval && !this.isPageVisible()) return;
       let nextInterval = currentInterval * cfg.incrementByFactorOf;
 
       if (nextInterval > cfg.maxInterval) {
@@ -120,6 +145,8 @@
       this.setCurrentInterval(nextInterval);
     }
 
+    isPageVisible() { return this.state.pageVisibility === 'visible'; }
+
     stopTimer() {
       const state = this.state;
 

app/assets/stylesheets/framework/variables.scss

@@ -486,6 +486,7 @@ $jq-ui-default-color: #777;
 $label-gray-bg: #f8fafc;
 $label-inverse-bg: #333;
 $label-remove-border: rgba(0, 0, 0, .1);
+$label-border-radius: 14px;
 
 /*
 * Lint

app/assets/stylesheets/pages/issuable.scss

@@ -30,6 +30,7 @@
 
     .color-label {
       padding: 6px 10px;
+      border-radius: $label-border-radius;
     }
   }
 

app/assets/stylesheets/pages/labels.scss

@@ -104,7 +104,8 @@
 }
 
 .color-label {
-  padding: 3px 4px;
+  padding: 3px 7px;
+  border-radius: $label-border-radius;
 }
 
 .dropdown-labels-error {

app/assets/stylesheets/pages/notifications.scss

 .notification-list-item {
   line-height: 34px;
+
+  .dropdown-menu {
+    @extend .dropdown-menu-align-right;
+  }
 }
 
 .notification {

app/assets/stylesheets/pages/projects.scss

@@ -188,6 +188,10 @@
     margin-left: 10px;
   }
 
+  .notification-dropdown .dropdown-menu {
+    @extend .dropdown-menu-align-right;
+  }
+
   .download-button {
     @media (max-width: $screen-md-max) {
       margin-left: 0;

app/assets/stylesheets/pages/snippets.scss

+.snippet-row {
+  .title {
+    margin-bottom: 2px;
+  }
+
+  .snippet-filename {
+    padding: 0 2px;
+  }
+}
+
 .snippet-form-holder .file-holder .file-title {
   padding: 2px;
 }
@@ -24,11 +34,17 @@
   padding-bottom: $gl-padding;
 }
 
+.snippet-header {
+  padding: $gl-padding 0;
+}
+
 .snippet-title {
   font-size: 24px;
   font-weight: 600;
-  padding: $gl-padding;
-  padding-left: 0;
+}
+
+.snippet-edited-ago {
+  color: $gray-darkest;
 }
 
 .snippet-actions {

app/controllers/projects/releases_controller.rb

@@ -10,7 +10,14 @@ class Projects::ReleasesController < Projects::ApplicationController
   end
 
   def update
-    release.update_attributes(release_params)
+    # Release belongs to Tag which is not active record object,
+    # it exists only to save a description to each Tag.
+    # If description is empty we should destroy the existing record.
+    if release_params[:description].present?
+      release.update_attributes(release_params)
+    else
+      release.destroy
+    end
 
     redirect_to namespace_project_tag_path(@project.namespace, @project, @tag.name)
   end

app/controllers/projects/snippets_controller.rb

@@ -19,10 +19,12 @@ class Projects::SnippetsController < Projects::ApplicationController
   respond_to :html
 
   def index
-    @snippets = SnippetsFinder.new.execute(current_user, {
+    @snippets = SnippetsFinder.new.execute(
+      current_user,
       filter: :by_project,
-      project: @project
-    })
+      project: @project,
+      scope: params[:scope]
+    )
     @snippets = @snippets.page(params[:page])
   end
 

app/controllers/sessions_controller.rb

@@ -37,6 +37,12 @@ class SessionsController < Devise::SessionsController
     end
   end
 
+  def destroy
+    super
+    # hide the signed_out notice
+    flash[:notice] = nil
+  end
+
   private
 
   # Handle an "initial setup" state, where there's only one user, it's an admin,

app/finders/snippets_finder.rb

 class SnippetsFinder
   def execute(current_user, params = {})
     filter = params[:filter]
+    user = params.fetch(:user, current_user)
 
     case filter
     when :all then
       snippets(current_user).fresh
+    when :public then
+      Snippet.are_public.fresh
     when :by_user then
-      by_user(current_user, params[:user], params[:scope])
+      by_user(current_user, user, params[:scope])
     when :by_project
-      by_project(current_user, params[:project])
+      by_project(current_user, params[:project], params[:scope])
     end
   end
 
@@ -29,35 +32,35 @@ class SnippetsFinder
   def by_user(current_user, user, scope)
     snippets = user.snippets.fresh
 
-    return snippets.are_public unless current_user
-
-    if user == current_user
-      case scope
-      when 'are_internal' then
-        snippets.are_internal
-      when 'are_private' then
-        snippets.are_private
-      when 'are_public' then
-        snippets.are_public
-      else
-        snippets
-      end
+    if current_user
+      include_private = user == current_user
+      by_scope(snippets, scope, include_private)
     else
-      snippets.public_and_internal
+      snippets.are_public
     end
   end
 
-  def by_project(current_user, project)
+  def by_project(current_user, project, scope)
     snippets = project.snippets.fresh
 
     if current_user
-      if project.team.member?(current_user) || current_user.admin?
-        snippets
-      else
-        snippets.public_and_internal
-      end
+      include_private = project.team.member?(current_user) || current_user.admin?
+      by_scope(snippets, scope, include_private)
     else
       snippets.are_public
     end
   end
+
+  def by_scope(snippets, scope = nil, include_private = false)
+    case scope.to_s
+    when 'are_private'
+      include_private ? snippets.are_private : Snippet.none
+    when 'are_internal'
+      snippets.are_internal
+    when 'are_public'
+      snippets.are_public
+    else
+      include_private ? snippets : snippets.public_and_internal
+    end
+  end
 end

app/helpers/button_helper.rb

@@ -16,7 +16,7 @@ module ButtonHelper
   # See http://clipboardjs.com/#usage
   def clipboard_button(data = {})
     css_class = data[:class] || 'btn-clipboard btn-transparent'
-    title = data[:title] || 'Copy to Clipboard'
+    title = data[:title] || 'Copy to clipboard'
     data = { toggle: 'tooltip', placement: 'bottom', container: 'body' }.merge(data)
     content_tag :button,
       icon('clipboard'),

app/helpers/gitlab_routing_helper.rb

@@ -159,6 +159,11 @@ module GitlabRoutingHelper
     resend_invite_namespace_project_project_member_path(project_member.source.namespace, project_member.source, project_member)
   end
 
+  # Snippets
+  def personal_snippet_url(snippet, *args)
+    snippet_url(snippet)
+  end
+
   # Groups
 
   ## Members

app/helpers/snippets_helper.rb

@@ -8,6 +8,17 @@ module SnippetsHelper
     end
   end
 
+  # Return the path of a snippets index for a user or for a project
+  #
+  # @returns String, path to snippet index
+  def subject_snippets_path(subject = nil, opts = nil)
+    if subject.is_a?(Project)
+      namespace_project_snippets_path(subject.namespace, subject, opts)
+    else # assume subject === User
+      dashboard_snippets_path(opts)
+    end
+  end
+
   # Get an array of line numbers surrounding a matching
   # line, bounded by min/max.
   #

app/models/concerns/routable.rb

@@ -7,6 +7,7 @@ module Routable
     has_one :route, as: :source, autosave: true, dependent: :destroy
 
     validates_associated :route
+    validates :route, presence: true
 
     before_validation :update_route_path, if: :full_path_changed?
   end
@@ -28,17 +29,17 @@ module Routable
 
       order_sql = "(CASE WHEN #{binary} routes.path = #{connection.quote(path)} THEN 0 ELSE 1 END)"
 
-      where_paths_in([path]).reorder(order_sql).take
+      where_full_path_in([path]).reorder(order_sql).take
     end
 
     # Builds a relation to find multiple objects by their full paths.
     #
     # Usage:
     #
-    #     Klass.where_paths_in(%w{gitlab-org/gitlab-ce gitlab-org/gitlab-ee})
+    #     Klass.where_full_path_in(%w{gitlab-org/gitlab-ce gitlab-org/gitlab-ee})
     #
     # Returns an ActiveRecord::Relation.
-    def where_paths_in(paths)
+    def where_full_path_in(paths)
       wheres = []
       cast_lower = Gitlab::Database.postgresql?
 

app/models/project_services/buildkite_service.rb

@@ -3,7 +3,8 @@ require "addressable/uri"
 class BuildkiteService < CiService
   ENDPOINT = "https://buildkite.com"
 
-  prop_accessor :project_url, :token, :enable_ssl_verification
+  prop_accessor :project_url, :token
+  boolean_accessor :enable_ssl_verification
 
   validates :project_url, presence: true, url: true, if: :activated?
   validates :token, presence: true, if: :activated?

app/models/project_services/drone_ci_service.rb

 class DroneCiService < CiService
-  prop_accessor :drone_url, :token, :enable_ssl_verification
+  prop_accessor :drone_url, :token
+  boolean_accessor :enable_ssl_verification
 
   validates :drone_url, presence: true, url: true, if: :activated?
   validates :token, presence: true, if: :activated?

app/models/project_services/emails_on_push_service.rb

 class EmailsOnPushService < Service
-  prop_accessor :send_from_committer_email
-  prop_accessor :disable_diffs
+  boolean_accessor :send_from_committer_email
+  boolean_accessor :disable_diffs
   prop_accessor :recipients
   validates :recipients, presence: true, if: :activated?
 
@@ -24,20 +24,20 @@ class EmailsOnPushService < Service
     return unless supported_events.include?(push_data[:object_kind])
 
     EmailsOnPushWorker.perform_async(
-      project_id, 
-      recipients, 
-      push_data, 
-      send_from_committer_email:  send_from_committer_email?, 
-      disable_diffs:              disable_diffs?
+      project_id,
+      recipients,
+      push_data,
+      send_from_committer_email: send_from_committer_email?,
+      disable_diffs:             disable_diffs?
     )
   end
 
   def send_from_committer_email?
-    self.send_from_committer_email == "1"
+    Gitlab::Utils.to_boolean(self.send_from_committer_email)
   end
 
   def disable_diffs?
-    self.disable_diffs == "1"
+    Gitlab::Utils.to_boolean(self.disable_diffs)
   end
 
   def fields

app/models/project_services/hipchat_service.rb

@@ -8,8 +8,8 @@ class HipchatService < Service
     ul ol li dl dt dd
   ]
 
-  prop_accessor :token, :room, :server, :notify, :color, :api_version
-  boolean_accessor :notify_only_broken_builds
+  prop_accessor :token, :room, :server, :color, :api_version
+  boolean_accessor :notify_only_broken_builds, :notify
   validates :token, presence: true, if: :activated?
 
   def initialize_properties
@@ -75,7 +75,7 @@ class HipchatService < Service
   end
 
   def message_options(data = nil)
-    { notify: notify.present? && notify == '1', color: message_color(data) }
+    { notify: notify.present? && Gitlab::Utils.to_boolean(notify), color: message_color(data) }
   end
 
   def create_message(data)

app/models/project_services/irker_service.rb

@@ -2,7 +2,8 @@ require 'uri'
 
 class IrkerService < Service
   prop_accessor :server_host, :server_port, :default_irc_uri
-  prop_accessor :colorize_messages, :recipients, :channels
+  prop_accessor :recipients, :channels
+  boolean_accessor :colorize_messages
   validates :recipients, presence: true, if: :activated?
 
   before_validation :get_channels

app/models/project_services/jira_service.rb

@@ -220,7 +220,7 @@ class JiraService < IssueTrackerService
     entity_title = data[:entity][:title]
     project_name = data[:project][:name]
 
-    message      = "[#{user_name}|#{user_url}] mentioned this issue in [a #{entity_name} of #{project_name}|#{entity_url}]:\n'#{entity_title}'"
+    message      = "[#{user_name}|#{user_url}] mentioned this issue in [a #{entity_name} of #{project_name}|#{entity_url}]:\n'#{entity_title.chomp}'"
     link_title   = "GitLab: Mentioned on #{entity_name} - #{entity_title}"
     link_props   = build_remote_link_props(url: entity_url, title: link_title)
 

app/models/user.rb

@@ -304,10 +304,6 @@ class User < ActiveRecord::Base
       personal_access_token.user if personal_access_token
     end
 
-    def by_username_or_id(name_or_id)
-      find_by('users.username = ? OR users.id = ?', name_or_id.to_s, name_or_id.to_i)
-    end
-
     # Returns a user for the given SSH key.
     def find_by_ssh_key_id(key_id)
       find_by(id: Key.unscoped.select(:user_id).where(id: key_id))

app/policies/personal_snippet_policy.rb

@@ -6,9 +6,14 @@ class PersonalSnippetPolicy < BasePolicy
     if @subject.author == @user
       can! :read_personal_snippet
       can! :update_personal_snippet
+      can! :destroy_personal_snippet
       can! :admin_personal_snippet
     end
 
+    unless @user.external?
+      can! :create_personal_snippet
+    end
+
     if @subject.internal? && !@user.external?
       can! :read_personal_snippet
     end

app/services/commits/change_service.rb

@@ -35,7 +35,7 @@ module Commits
         success
       else
         error_msg = "Sorry, we cannot #{action.to_s.dasherize} this #{@commit.change_type_title(current_user)} automatically.
-                     It may have already been #{action.to_s.dasherize}, or a more recent commit may have updated some of its content."
+                     A #{action.to_s.dasherize} may have already been performed with this #{@commit.change_type_title(current_user)}, or a more recent commit may have updated some of its content."
         raise ChangeError, error_msg
       end
     end

app/views/dashboard/_snippets_head.html.haml

-%ul.nav-links
-  = nav_link(page: dashboard_snippets_path, html_options: {class: 'home'}) do
-    = link_to dashboard_snippets_path, title: 'Your snippets', data: {placement: 'right'} do
-      Your Snippets
-  = nav_link(page: explore_snippets_path) do
-    = link_to explore_snippets_path, title: 'Explore snippets', data: {placement: 'right'} do
-      Explore Snippets
+.top-area
+  %ul.nav-links
+    = nav_link(page: dashboard_snippets_path, html_options: {class: 'home'}) do
+      = link_to dashboard_snippets_path, title: 'Your snippets', data: {placement: 'right'} do
+        Your Snippets
+    = nav_link(page: explore_snippets_path) do
+      = link_to explore_snippets_path, title: 'Explore snippets', data: {placement: 'right'} do
+        Explore Snippets
+
+  - if current_user
+    .nav-controls.hidden-xs
+      = link_to new_snippet_path, class: "btn btn-new", title: "New snippet" do
+        New snippet

app/views/dashboard/snippets/index.html.haml

@@ -2,41 +2,11 @@
 - header_title  "Snippets", dashboard_snippets_path
 
 = render 'dashboard/snippets_head'
+= render partial: 'snippets/snippets_scope_menu', locals: { include_private: true }
 
-.nav-block
-  .controls.hidden-xs
-    = link_to new_snippet_path, class: "btn btn-new", title: "New snippet" do
-      = icon('plus')
-      New snippet
+.visible-xs
+   
+  = link_to new_snippet_path, class: "btn btn-new btn-block", title: "New snippet" do
+    New snippet
 
-  .nav-links.snippet-scope-menu
-    %li{ class: ("active" unless params[:scope]) }
-      = link_to dashboard_snippets_path do
-        All
-        %span.badge
-          = current_user.snippets.count
-
-    %li{ class: ("active" if params[:scope] == "are_private") }
-      = link_to dashboard_snippets_path(scope: 'are_private') do
-        Private
-        %span.badge
-          = current_user.snippets.are_private.count
-
-    %li{ class: ("active" if params[:scope] == "are_internal") }
-      = link_to dashboard_snippets_path(scope: 'are_internal') do
-        Internal
-        %span.badge
-          = current_user.snippets.are_internal.count
-
-    %li{ class: ("active" if params[:scope] == "are_public") }
-      = link_to dashboard_snippets_path(scope: 'are_public') do
-        Public
-        %span.badge
-          = current_user.snippets.are_public.count
-
-    .visible-xs
-      = link_to new_snippet_path, class: "btn btn-new btn-block", title: "New snippet" do
-        = icon('plus')
-        New snippet
-
-= render 'snippets/snippets'
+= render partial: 'snippets/snippets', locals: { link_project: true }

app/views/explore/snippets/index.html.haml

@@ -6,12 +6,4 @@
 - else
   = render 'explore/head'
 
-.row-content-block
-  - if current_user
-    = link_to new_snippet_path, class: "btn btn-new btn-wide-on-sm pull-right", title: "New snippet" do
-      New snippet
-
-  .oneline
-    Public snippets created by you and other users are listed here
-
-= render 'snippets/snippets'
+= render partial: 'snippets/snippets', locals: { link_project: true }

app/views/groups/issues.html.haml

@@ -6,13 +6,13 @@
 - if group_issues(@group).exists?
   .top-area
     = render 'shared/issuable/nav', type: :issues
-    .nav-controls
-      - if current_user
+    - if current_user
+      .nav-controls
         = link_to url_for(params.merge(format: :atom, private_token: current_user.private_token)), class: 'btn' do
           = icon('rss')
           %span.icon-label
             Subscribe
-      = render 'shared/new_project_item_select', path: 'issues/new', label: "New Issue"
+        = render 'shared/new_project_item_select', path: 'issues/new', label: "New Issue"
 
   = render 'shared/issuable/filter', type: :issues
 

app/views/groups/merge_requests.html.haml

@@ -2,8 +2,9 @@
 
 .top-area
   = render 'shared/issuable/nav', type: :merge_requests
-  .nav-controls
-    = render 'shared/new_project_item_select', path: 'merge_requests/new', label: "New Merge Request"
+  - if current_user
+    .nav-controls
+      = render 'shared/new_project_item_select', path: 'merge_requests/new', label: "New Merge Request"
 
 = render 'shared/issuable/filter', type: :merge_requests
 

app/views/help/show.html.haml

 - page_title @path.split("/").reverse.map(&:humanize)
 .documentation.wiki
-  = markdown @markdown.gsub('$your_email', current_user.try(:email) || "email@example.com")
+  = markdown @markdown

app/views/layouts/nav/_group_settings.html.haml

 - if current_user
   - can_admin_group = can?(current_user, :admin_group, @group)
   - can_edit = can?(current_user, :admin_group, @group)
-  - member = @group.members.find_by(user_id: current_user.id)
-  - can_leave = member && can?(current_user, :destroy_group_member, member)
 
-  - if can_admin_group || can_edit || can_leave
+  - if can_admin_group || can_edit
     .controls
       .dropdown.group-settings-dropdown
         %a.dropdown-new.btn.btn-default#group-settings-button{href: '#', 'data-toggle' => 'dropdown'}
@@ -14,13 +12,7 @@
           - if can_admin_group
             = nav_link(path: 'groups#projects') do
               = link_to 'Projects', projects_group_path(@group), title: 'Projects'
-          - if (can_edit || can_leave) && can_admin_group
+          - if can_edit && can_admin_group
             %li.divider
-          - if can_edit
             %li
               = link_to 'Edit Group', edit_group_path(@group)
-          - if can_leave
-            %li
-              = link_to polymorphic_path([:leave, @group, :members]),
-                data: { confirm: leave_confirmation_message(@group) }, method: :delete, title: 'Leave group' do
-                Leave Group

app/views/layouts/nav/_project.html.haml

@@ -6,23 +6,14 @@
         = icon('caret-down')
       %ul.dropdown-menu.dropdown-menu-align-right
         - can_edit = can?(current_user, :admin_project, @project)
-        -# We don't use @project.team.find_member because it searches for group members too...
-        - member = @project.members.find_by(user_id: current_user.id)
-        - can_leave = member && can?(current_user, :destroy_project_member, member)
 
         = render 'layouts/nav/project_settings', can_edit: can_edit
 
-        - if can_edit || can_leave
+        - if can_edit
           %li.divider
-          - if can_edit
-            %li
-              = link_to edit_project_path(@project) do
-                Edit Project
-          - if can_leave
-            %li
-              = link_to polymorphic_path([:leave, @project, :members]),
-                data: { confirm: leave_confirmation_message(@project) }, method: :delete, title: 'Leave project' do
-                Leave Project
+          %li
+            = link_to edit_project_path(@project) do
+              Edit Project
 
 .scrolling-tabs-container{ class: nav_control_class }
   .fade-left

app/views/profiles/notifications/show.html.haml

@@ -30,7 +30,7 @@
       %br
       .clearfix
       .form-group.pull-left.global-notification-setting
-        = render 'shared/notifications/button', notification_setting: @global_notification_setting, left_align: true
+        = render 'shared/notifications/button', notification_setting: @global_notification_setting
 
       .clearfix
 

app/views/projects/ci/builds/_build_pipeline.html.haml

 - is_playable = subject.playable? && can?(current_user, :update_build, @project)
 - if is_playable
-  = link_to play_namespace_project_build_path(subject.project.namespace, subject.project, subject, return_to: request.original_url), method: :post, data: { toggle: 'tooltip', title: "#{subject.name} - play", container: '.pipeline-graph', placement: 'bottom' } do
+  = link_to play_namespace_project_build_path(subject.project.namespace, subject.project, subject, return_to: request.original_url), method: :post, data: { toggle: 'tooltip', title: "#{subject.name} - play", container: '.js-pipeline-graph', placement: 'bottom' } do
     = ci_icon_for_status('play')
     .ci-status-text= subject.name
 - elsif can?(current_user, :read_build, @project)
-  = link_to namespace_project_build_path(subject.project.namespace, subject.project, subject), data: { toggle: 'tooltip', title: "#{subject.name} - #{subject.status}", container: '.pipeline-graph', placement: 'bottom' } do
+  = link_to namespace_project_build_path(subject.project.namespace, subject.project, subject), data: { toggle: 'tooltip', title: "#{subject.name} - #{subject.status}", container: '.js-pipeline-graph', placement: 'bottom' } do
     %span{class: "ci-status-icon ci-status-icon-#{subject.status}"}
       = ci_icon_for_status(subject.status)
     .ci-status-text= subject.name

app/views/projects/commit/_change.html.haml

@@ -13,7 +13,7 @@
         %a.close{href: "#", "data-dismiss" => "modal"} ×
         %h3.page-title== #{label} this #{commit.change_type_title(current_user)}
       .modal-body
-        = form_tag send("#{type.underscore}_namespace_project_commit_path", @project.namespace, @project, commit.id), method: :post, remote: false, class: 'form-horizontal js-#{type}-form js-requires-input' do
+        = form_tag send("#{type.underscore}_namespace_project_commit_path", @project.namespace, @project, commit.id), method: :post, remote: false, class: "form-horizontal js-#{type}-form js-requires-input" do
           .form-group.branch
             = label_tag 'target_branch', target_label, class: 'control-label'
             .col-sm-10
@@ -23,12 +23,11 @@
               - if can?(current_user, :push_code, @project)
                 .js-create-merge-request-container
                   .checkbox
-                    - nonce = SecureRandom.hex
-                    = label_tag "create_merge_request-#{nonce}" do
-                      = check_box_tag 'create_merge_request', 1, true, class: 'js-create-merge-request', id: "create_merge_request-#{nonce}"
+                    = label_tag do
+                      = check_box_tag 'create_merge_request', 1, true, class: 'js-create-merge-request', id: nil
                       Start a <strong>new merge request</strong> with these changes
               - else
-                = hidden_field_tag 'create_merge_request', 1
+                = hidden_field_tag 'create_merge_request', 1, id: nil
           .form-actions
             = submit_tag label, class: 'btn btn-create'
             = link_to "Cancel", '#', class: "btn btn-cancel", "data-dismiss" => "modal"

app/views/projects/commit/_commit_box.html.haml

 .page-content-header
   .header-main-content
-    %strong Commit
-    %strong.monospace.js-details-short= @commit.short_id
-    = link_to("#", class: "js-details-expand hidden-xs hidden-sm") do
-      %span.text-expander
-        \...
-    %span.js-details-content.hide
-      %strong.monospace.commit-hash-full= @commit.id
+    %strong
     = clipboard_button(clipboard_text: @commit.id)
+    = @commit.short_id
     %span.hidden-xs authored
     #{time_ago_with_tooltip(@commit.authored_date)}
     %span by

app/views/projects/commit/_pipeline.html.haml

@@ -24,7 +24,7 @@
           in
           = time_interval_in_words pipeline.duration
 
-  .row-content-block.build-content.middle-block.hidden
+  .row-content-block.build-content.middle-block.js-pipeline-graph.hidden
     = render "projects/pipelines/graph", pipeline: pipeline
 
 - if pipeline.yaml_errors.present?

app/views/projects/edit.html.haml

@@ -146,7 +146,7 @@
           such as compressing file revisions and removing unreachable objects.
     .col-lg-9
       = link_to 'Housekeeping', housekeeping_namespace_project_path(@project.namespace, @project),
-          method: :post, class: "btn btn-save"
+          method: :post, class: "btn btn-default"
   %hr
   .row.prepend-top-default
     .col-lg-3

app/views/projects/generic_commit_statuses/_generic_commit_status_pipeline.html.haml

-%a{ data: { toggle: 'tooltip', title: "#{subject.name} - #{subject.status}", container: '.pipeline-graph', placement: 'bottom' } }
+%a{ data: { toggle: 'tooltip', title: "#{subject.name} - #{subject.status}", container: '.js-pipeline-graph', placement: 'bottom' } }
   - if subject.target_url
     = link_to subject.target_url do
       %span{class: "ci-status-icon ci-status-icon-#{subject.status}"}

app/views/projects/notes/_note.html.haml

@@ -65,7 +65,7 @@
         .note-text.md
           = preserve do
             = note.redacted_note_html
-          = edited_time_ago_with_tooltip(note, placement: 'bottom', html_class: 'note_edited_ago', include_author: true)
+        = edited_time_ago_with_tooltip(note, placement: 'bottom', html_class: 'note_edited_ago', include_author: true)
         - if note_editable
           = render 'projects/notes/edit_form', note: note
         .note-awards

app/views/projects/pipelines/_with_tabs.html.haml

@@ -12,7 +12,7 @@
 
 .tab-content
   #js-tab-pipeline.tab-pane
-    .build-content.middle-block
+    .build-content.middle-block.js-pipeline-graph
       = render "projects/pipelines/graph", pipeline: pipeline
 
   #js-tab-builds.tab-pane

app/views/projects/snippets/_actions.html.haml

 .hidden-xs
-  - if can?(current_user, :create_project_snippet, @project)
-    = link_to new_namespace_project_snippet_path(@project.namespace, @project), class: 'btn btn-grouped btn-create new-snippet-link', title: "New snippet" do
-      New snippet
-  - if can?(current_user, :update_project_snippet, @snippet)
-    = link_to namespace_project_snippet_path(@project.namespace, @project, @snippet), method: :delete, data: { confirm: "Are you sure?" }, class: "btn btn-grouped btn-danger", title: 'Delete Snippet' do
-      Delete
   - if can?(current_user, :update_project_snippet, @snippet)
-    = link_to edit_namespace_project_snippet_path(@project.namespace, @project, @snippet), class: "btn btn-grouped snippable-edit" do
+    = link_to edit_namespace_project_snippet_path(@project.namespace, @project, @snippet), class: "btn btn-grouped" do
       Edit
+  - if can?(current_user, :update_project_snippet, @snippet)
+    = link_to namespace_project_snippet_path(@project.namespace, @project, @snippet), method: :delete, data: { confirm: "Are you sure?" }, class: "btn btn-grouped btn-inverted btn-remove", title: 'Delete Snippet' do
+      Delete
+  - if can?(current_user, :create_project_snippet, @project)
+    = link_to new_namespace_project_snippet_path(@project.namespace, @project), class: 'btn btn-grouped btn-inverted btn-create', title: "New snippet" do
+      New snippet
 - if can?(current_user, :create_project_snippet, @project) || can?(current_user, :update_project_snippet, @snippet)
   .visible-xs-block.dropdown
     %button.btn.btn-default.btn-block.append-bottom-0.prepend-top-5{ data: { toggle: "dropdown" } }

app/views/projects/snippets/index.html.haml

 - page_title "Snippets"
 
-.sub-header-block
-  - if can?(current_user, :create_project_snippet, @project)
-    = link_to new_namespace_project_snippet_path(@project.namespace, @project), class: "btn btn-new btn-wide-on-sm pull-right", title: "New snippet" do
-      New snippet
+- if current_user
+  .top-area
+    - include_private = @project.team.member?(current_user) || current_user.admin?
+    = render partial: 'snippets/snippets_scope_menu', locals: { subject: @project, include_private: include_private }
+
+    .nav-controls.hidden-xs
+      - if can?(current_user, :create_project_snippet, @project)
+        = link_to new_namespace_project_snippet_path(@project.namespace, @project), class: "btn btn-new", title: "New snippet" do
+          New snippet
 
-  .oneline
-    Share code pastes with others out of git repository
+- if can?(current_user, :create_project_snippet, @project)
+  .visible-xs
+     
+    = link_to new_namespace_project_snippet_path(@project.namespace, @project), class: "btn btn-new btn-block", title: "New snippet" do
+      New snippet
 
 = render 'snippets/snippets'

app/views/projects/tree/_tree_content.html.haml

@@ -5,14 +5,11 @@
         %tr
           %th Name
           %th.hidden-xs
-            .pull-left Last Commit
+            .pull-left Last commit
             .last-commit.hidden-sm.pull-left
-               
-              %i.fa.fa-angle-right
-               
-              %small.light
+              %small.light              
+                = clipboard_button(clipboard_text: @commit.id)
                 = link_to @commit.short_id, namespace_project_commit_path(@project.namespace, @project, @commit), class: "monospace"
-                –
                 = time_ago_with_tooltip(@commit.committed_date)
                 = @commit.full_title
             %small.commit-history-link-spacer |

app/views/search/results/_snippet_title.html.haml

@@ -14,7 +14,7 @@
       = link_to snippet_title.project.name_with_namespace, namespace_project_path(snippet_title.project.namespace, snippet_title.project)
 
   .snippet-info
-    = "##{snippet_title.id}"
+    = snippet_title.to_reference
     %span
       by
       = link_to user_snippets_path(snippet_title.author) do

app/views/shared/members/_access_request_buttons.html.haml

-- if can?(current_user, :request_access, source)
-  - if requester = source.requesters.find_by(user_id: current_user.id)
-    = link_to 'Withdraw Access Request', polymorphic_path([:leave, source, :members]),
-              method: :delete,
-              data: { confirm: remove_member_message(requester) },
-              class: 'btn'
-  - else
-    = link_to 'Request Access', polymorphic_path([:request_access, source, :members]),
-              method: :post,
-              class: 'btn'
+- model_name = source.model_name.to_s.downcase
+
+- if can?(current_user, :"destroy_#{model_name}_member", source.members.find_by(user_id: current_user.id))
+  = link_to "Leave #{model_name}", polymorphic_path([:leave, source, :members]),
+            method: :delete,
+            data: { confirm: leave_confirmation_message(source) },
+            class: 'btn'
+- elsif requester = source.requesters.find_by(user_id: current_user.id)
+  = link_to 'Withdraw Access Request', polymorphic_path([:leave, source, :members]),
+            method: :delete,
+            data: { confirm: remove_member_message(requester) },
+            class: 'btn'
+- elsif source.request_access_enabled && can?(current_user, :request_access, source)
+  = link_to 'Request Access', polymorphic_path([:request_access, source, :members]),
+            method: :post,
+            class: 'btn'

app/views/shared/notifications/_button.html.haml

-- left_align = local_assigns[:left_align]
 - if notification_setting
   .dropdown.notification-dropdown
     = form_for notification_setting, remote: true, html: { class: "inline notification-form" } do |f|
@@ -19,7 +18,7 @@
               = notification_title(notification_setting.level)
               = icon("caret-down")
 
-          = render "shared/notifications/notification_dropdown", notification_setting: notification_setting, left_align: left_align
+          = render "shared/notifications/notification_dropdown", notification_setting: notification_setting
 
           = content_for :scripts_body do
             = render "shared/notifications/custom_notifications", notification_setting: notification_setting

app/views/shared/notifications/_notification_dropdown.html.haml

-- left_align = local_assigns[:left_align]
-%ul.dropdown-menu.dropdown-menu-no-wrap.dropdown-menu-selectable.dropdown-menu-large{ role: "menu", class: [notifications_menu_identifier("dropdown", notification_setting), ("dropdown-menu-align-right" unless left_align)] }
+%ul.dropdown-menu.dropdown-menu-no-wrap.dropdown-menu-selectable.dropdown-menu-large{ role: "menu", class: [notifications_menu_identifier("dropdown", notification_setting)] }
   - NotificationSetting.levels.each_key do |level|
     - next if level == "custom"
     - next if level == "global" && notification_setting.source.nil?

app/views/shared/snippets/_header.html.haml

@@ -8,10 +8,6 @@
   %span.creator
     authored
     = time_ago_with_tooltip(@snippet.created_at, placement: 'bottom', html_class: 'snippet_updated_ago')
-    - if @snippet.updated_at != @snippet.created_at
-      %span
-        = icon('edit', title: 'edited')
-        = time_ago_with_tooltip(@snippet.updated_at, placement: 'bottom', html_class: 'snippet_edited_ago')
     by #{link_to_member(@project, @snippet.author, size: 24, author_class: "author item-title", avatar_class: "hidden-xs")}
 
   .snippet-actions
@@ -20,5 +16,9 @@
     - else
       = render "snippets/actions"
 
-%h2.snippet-title.prepend-top-0.append-bottom-0
-  = markdown_field(@snippet, :title)
+.snippet-header
+  %h2.snippet-title.prepend-top-0.append-bottom-0
+    = markdown_field(@snippet, :title)
+
+  - if @snippet.updated_at != @snippet.created_at
+    = edited_time_ago_with_tooltip(@snippet, placement: 'bottom', html_class: 'snippet-edited-ago')

app/views/shared/snippets/_snippet.html.haml

+- link_project = local_assigns.fetch(:link_project, false)
+
 %li.snippet-row
   = image_tag avatar_icon(snippet.author_email), class: "avatar s40 hidden-xs", alt: ''
 
   .title
     = link_to reliable_snippet_path(snippet) do
       = snippet.title
-      - if snippet.private?
-        %span.label.label-gray.hidden-xs
-          = icon('lock')
-          private
-    %span.monospace.pull-right.hidden-xs
-      = snippet.file_name
+    - if snippet.file_name
+      %span.snippet-filename.monospace.hidden-xs
+        = snippet.file_name
 
-    %ul.controls.visible-xs
+    %ul.controls
       %li
         - note_count = snippet.notes.user.count
         = link_to reliable_snippet_path(snippet, anchor: 'notes'), class: ('no-comments' if note_count.zero?) do
@@ -22,11 +21,17 @@
           = visibility_level_label(snippet.visibility_level)
         = visibility_level_icon(snippet.visibility_level, fw: false)
 
-  %small.pull-right.cgray.hidden-xs
-    - if snippet.project_id?
-      = link_to snippet.project.name_with_namespace, namespace_project_path(snippet.project.namespace, snippet.project)
-
-  .snippet-info.hidden-xs
+  .snippet-info
+    #{snippet.to_reference} ·
+    authored #{time_ago_with_tooltip(snippet.created_at, placement: 'bottom', html_class: 'snippet-created-ago')}
+    by
     = link_to user_snippets_path(snippet.author) do
       = snippet.author_name
-    authored #{time_ago_with_tooltip(snippet.created_at)}
+    - if link_project && snippet.project_id?
+      %span.hidden-xs
+        in
+        = link_to namespace_project_path(snippet.project.namespace, snippet.project) do
+          = snippet.project.name_with_namespace
+
+    .pull-right.snippet-updated-at
+      %span updated #{time_ago_with_tooltip(snippet.updated_at, placement: 'bottom')}

app/views/snippets/_actions.html.haml

 .hidden-xs
-  - if current_user
-    = link_to new_snippet_path, class: "btn btn-grouped btn-create new-snippet-link", title: "New snippet" do
-      New snippet
-  - if can?(current_user, :admin_personal_snippet, @snippet)
-    = link_to snippet_path(@snippet), method: :delete, data: { confirm: "Are you sure?" }, class: "btn btn-grouped btn-danger", title: 'Delete Snippet' do
-      Delete
   - if can?(current_user, :update_personal_snippet, @snippet)
-    = link_to edit_snippet_path(@snippet), class: "btn btn-grouped snippable-edit" do
+    = link_to edit_snippet_path(@snippet), class: "btn btn-grouped" do
       Edit
+  - if can?(current_user, :admin_personal_snippet, @snippet)
+    = link_to snippet_path(@snippet), method: :delete, data: { confirm: "Are you sure?" }, class: "btn btn-grouped btn-inverted btn-remove", title: 'Delete Snippet' do
+      Delete
+  - if current_user
+    = link_to new_snippet_path, class: "btn btn-grouped btn-inverted btn-create", title: "New snippet" do
+      New snippet
 - if current_user
   .visible-xs-block.dropdown
     %button.btn.btn-default.btn-block.append-bottom-0.prepend-top-5{ data: { toggle: "dropdown" } }

app/views/snippets/_snippets.html.haml

 - remote = local_assigns.fetch(:remote, false)
+- link_project = local_assigns.fetch(:link_project, false)
 
 .snippets-list-holder
   %ul.content-list
-    = render partial: 'shared/snippets/snippet', collection: @snippets
+    = render partial: 'shared/snippets/snippet', collection: @snippets, locals: { link_project: link_project }
     - if @snippets.empty?
       %li
         .nothing-here-block Nothing here.

app/views/snippets/_snippets_scope_menu.html.haml

+- subject = local_assigns.fetch(:subject, current_user)
+- include_private = local_assigns.fetch(:include_private, false)
+
+.nav-links.snippet-scope-menu
+  %li{ class: ("active" unless params[:scope]) }
+    = link_to subject_snippets_path(subject) do
+      All
+      %span.badge
+        - if include_private
+          = subject.snippets.count
+        - else
+          = subject.snippets.public_and_internal.count
+
+  - if include_private
+    %li{ class: ("active" if params[:scope] == "are_private") }
+      = link_to subject_snippets_path(subject, scope: 'are_private') do
+        Private
+        %span.badge
+          = subject.snippets.are_private.count
+
+  %li{ class: ("active" if params[:scope] == "are_internal") }
+    = link_to subject_snippets_path(subject, scope: 'are_internal') do
+      Internal
+      %span.badge
+        = subject.snippets.are_internal.count
+
+  %li{ class: ("active" if params[:scope] == "are_public") }
+    = link_to subject_snippets_path(subject, scope: 'are_public') do
+      Public
+      %span.badge
+        = subject.snippets.are_public.count

changelogs/unreleased/19550-fix-contributer-graph-duplicates.yml

+---
+title: group authors in contribution graph with case insensitive email handle comparison
+merge_request: 8021
+author:

changelogs/unreleased/23305-leave-project-and-leave-group-should-be-buttons.yml

+---
+title: Moved Leave Project and Leave Group buttons to access_request_buttons from
+  the settings dropdown
+merge_request: 7600
+author: 

changelogs/unreleased/24807-stop-ddosing-ourselves.yml

+---
+title: Use SmartInterval for MR widget and improve visibilitychange functionality
+merge_request: 7762
+author: 

changelogs/unreleased/24949-view-2-up-swipe-onion-skin-controls-for-merge-request-diff-containing-an-image.yml

+---
+title: Add image controls to MR diffs
+merge_request: 7919
+author: 

changelogs/unreleased/25106-hide-issue-mr-button-for-not-loggedin.yml

+---
+title: Prevent user creating issue or MR without signing in for a group
+merge_request: 7902
+author:

changelogs/unreleased/25294-remove-signed-out-msg.yml

+---
+title: 'fix: removed signed_out notification'
+merge_request: 7958
+author: jnoortheen

changelogs/unreleased/25324-change-housekeeping-btn-to-default.yml

+---
+title: Changed Housekeeping button on project settings page to default styling
+merge_request: 
+author: Ryan Harris

changelogs/unreleased/25482-fix-api-sudo.yml

+---
+title: 'API: Memoize the current_user so that sudo can work properly'
+merge_request: 8017
+author:

changelogs/unreleased/25483-broken-tabs.yml

+---
+title: Fix TypeError: Cannot read property 'initTabs' on commit builds tab
+merge_request: 8009
+author:

changelogs/unreleased/allow-more-filenames.yml

+---
+title: Allow all alphanumeric characters in file names
+merge_request: 8002
+author: winniehell

changelogs/unreleased/api-cherry-pick.yml

+---
+title: 'API: Ability to cherry pick a commit'
+merge_request: 8047
+author: Robert Schilling

changelogs/unreleased/api-simple-group-project.yml

+---
+title: 'API: Simple representation of group''s projects'
+merge_request: 8060
+author: Robert Schilling

changelogs/unreleased/awards_handler.yml

+---
+title: Replace static fixture for awards_handler_spec
+merge_request: 7661
+author: winniehell

changelogs/unreleased/chomp-git-status-message.yml

+---
+title: For single line git commit messages, the close quote should be on the same
+  line as the open quote
+merge_request:
+author:

changelogs/unreleased/features-api-snippets.yml

+---
+title: 'API: Endpoint to expose personal snippets as /snippets'
+merge_request: 6373
+author: Bernard Guyzmo Pratz

changelogs/unreleased/issue_13270.yml

+---
+title: Allow to delete tag release note
+merge_request: 
+author: 

changelogs/unreleased/issue_24020.yml

+---
+title: "fix display hook error message"
+merge_request: 7775
+author: basyura

changelogs/unreleased/issue_25030.yml

+---
+title: Allow branch names with dots on API endpoint
+merge_request: 
+author: 

changelogs/unreleased/unescape-relative-path.yml

+---
+title: Avoid escaping relative links in Markdown twice
+merge_request: 7940
+author: winniehell

config/initializers/1_settings.rb

@@ -302,7 +302,7 @@ Settings.cron_jobs['remove_expired_group_links_worker'] ||= Settingslogic.new({}
 Settings.cron_jobs['remove_expired_group_links_worker']['cron'] ||= '10 0 * * *'
 Settings.cron_jobs['remove_expired_group_links_worker']['job_class'] = 'RemoveExpiredGroupLinksWorker'
 Settings.cron_jobs['prune_old_events_worker'] ||= Settingslogic.new({})
-Settings.cron_jobs['prune_old_events_worker']['cron'] ||= '* */6 * * *'
+Settings.cron_jobs['prune_old_events_worker']['cron'] ||= '0 */6 * * *'
 Settings.cron_jobs['prune_old_events_worker']['job_class'] = 'PruneOldEventsWorker'
 
 Settings.cron_jobs['trending_projects_worker'] ||= Settingslogic.new({})

config/routes.rb

 require 'sidekiq/web'
 require 'sidekiq/cron/web'
-require 'api/api'
 require 'constraints/group_url_constrainer'
 
 Rails.application.routes.draw do

db/migrate/20161212142807_add_lower_path_index_to_routes.rb

+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class AddLowerPathIndexToRoutes < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    return unless Gitlab::Database.postgresql?
+
+    execute 'CREATE INDEX CONCURRENTLY index_on_routes_lower_path ON routes (LOWER(path));'
+  end
+
+  def down
+    return unless Gitlab::Database.postgresql?
+
+    remove_index :routes, name: :index_on_routes_lower_path
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20161202152035) do
+ActiveRecord::Schema.define(version: 20161212142807) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"

doc/README.md

-# Documentation
+# GitLab Community Edition documentation
 
 ## User documentation
 

doc/api/commits.md

@@ -183,6 +183,44 @@ Example response:
 }
 ```
 
+## Cherry pick a commit
+
+> [Introduced][ce-8047] in GitLab 8.15.
+
+Cherry picks a commit to a given branch.
+
+```
+POST /projects/:id/repository/commits/:sha/cherry_pick
+```
+
+Parameters:
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id`      | integer/string | yes | The ID of a project or NAMESPACE/PROJECT_NAME owned by the authenticated user
+| `sha` | string | yes | The commit hash  |
+| `branch` | string | yes | The name of the branch  |
+
+```bash
+curl --request POST --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" --form "branch=master" "https://gitlab.example.com/api/v3/projects/5/repository/commits/master/cherry_pick"
+```
+
+Example response:
+
+```json
+{
+  "id": "8b090c1b79a14f2bd9e8a738f717824ff53aebad",
+  "short_id": "8b090c1b",
+  "title": "Feature added",
+  "author_name": "Dmitriy Zaporozhets",
+  "author_email": "dmitriy.zaporozhets@gmail.com",
+  "created_at": "2016-12-12T20:10:39.000+01:00",
+  "committer_name": "Administrator",
+  "committer_email": "admin@example.com",
+  "message": "Feature added\n\nSigned-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>\n"
+}
+```
+
 ## Get the diff of a commit
 
 Get the diff of a commit in a project.
@@ -438,3 +476,4 @@ Example response:
 ```
 
 [ce-6096]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6096 "Multi-file commit"
+[ce-8047]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8047

doc/api/groups.md

@@ -50,12 +50,17 @@ GET /groups/:id/projects
 
 Parameters:
 
-- `archived` (optional) - if passed, limit by archived status
-- `visibility` (optional) - if passed, limit by visibility `public`, `internal`, `private`
-- `order_by` (optional) - Return requests ordered by `id`, `name`, `path`, `created_at`, `updated_at` or `last_activity_at` fields. Default is `created_at`
-- `sort` (optional) - Return requests sorted in `asc` or `desc` order. Default is `desc`
-- `search` (optional) - Return list of authorized projects according to a search criteria
-- `ci_enabled_first` - Return projects ordered by ci_enabled flag. Projects with enabled GitLab CI go first
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer/string | yes | The ID or path of a group |
+| `archived` | boolean | no | Limit by archived status |
+| `visibility` | string | no | Limit by visibility `public`, `internal`, or `private` |
+| `order_by` | string | no | Return projects ordered by `id`, `name`, `path`, `created_at`, `updated_at`, or `last_activity_at` fields. Default is `created_at` |
+| `sort` | string | no | Return projects sorted in `asc` or `desc` order. Default is `desc` |
+| `search` | string | no | Return list of authorized projects matching the search criteria |
+| `simple` | boolean | no | Return only the ID, URL, name, and path of each project |
+
+Example response:
 
 ```json
 [

doc/api/merge_requests.md

@@ -429,7 +429,7 @@ DELETE /projects/:id/merge_requests/:merge_request_id
 | `merge_request_id` | integer | yes | The ID of a project's merge request |
 
 ```bash
-curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/4/merge_request/85
+curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/4/merge_requests/85
 ```
 
 ## Accept MR

doc/api/services.md

@@ -139,6 +139,43 @@ Get Buildkite service settings for a project.
 GET /projects/:id/services/buildkite
 ```
 
+## Build-Emails
+
+Get emails for GitLab CI builds.
+
+### Create/Edit Build-Emails service
+
+Set Build-Emails service for a project.
+
+```
+PUT /projects/:id/services/builds-email
+```
+
+Parameters:
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `recipients` | string | yes | Comma-separated list of recipient email addresses |
+| `add_pusher` | boolean | no | Add pusher to recipients list |
+| `notify_only_broken_builds` | boolean | no | Notify only broken builds |
+
+
+### Delete Build-Emails service
+
+Delete Build-Emails service for a project.
+
+```
+DELETE /projects/:id/services/builds-email
+```
+
+### Get Build-Emails service settings
+
+Get Build-Emails service settings for a project.
+
+```
+GET /projects/:id/services/builds-email
+```
+
 ## Campfire
 
 Simple web-based real-time group chat
@@ -476,12 +513,11 @@ PUT /projects/:id/services/jira
 
 | Attribute | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
-| `active`        | boolean| no  | Enable/disable the JIRA service. |
 | `url`           | string | yes | The URL to the JIRA project which is being linked to this GitLab project, e.g., `https://jira.example.com`. |
 | `project_key`   | string | yes | The short identifier for your JIRA project, all uppercase, e.g., `PROJ`. |
 | `username`      | string | no  | The username of the user created to be used with GitLab/JIRA. |
 | `password`      | string | no  | The password of the user created to be used with GitLab/JIRA. |
-| `jira_issue_transition_id` | string | no | The ID of a transition that moves issues to a closed state. You can find this number under the JIRA workflow administration (**Administration > Issues > Workflows**) by selecting **View** under **Operations** of the desired workflow of your project. The ID of each state can be found inside the parenthesis of each transition name under the **Transitions (id)** column ([see screenshot][trans]). By default, this ID is set to `2`. |
+| `jira_issue_transition_id` | integer | no | The ID of a transition that moves issues to a closed state. You can find this number under the JIRA workflow administration (**Administration > Issues > Workflows**) by selecting **View** under **Operations** of the desired workflow of your project. The ID of each state can be found inside the parenthesis of each transition name under the **Transitions (id)** column ([see screenshot][trans]). By default, this ID is set to `2`. |
 
 ### Delete JIRA service
 
@@ -491,6 +527,78 @@ Remove all previously JIRA settings from a project.
 DELETE /projects/:id/services/jira
 ```
 
+## Mattermost Slash Commands
+
+Ability to receive slash commands from a Mattermost chat instance.
+
+### Create/Edit Mattermost Slash Command service
+
+Set Mattermost Slash Command for a project.
+
+```
+PUT /projects/:id/services/mattermost-slash-commands
+```
+
+Parameters:
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `token` | string | yes | The Mattermost token |
+
+
+### Delete Mattermost Slash Command service
+
+Delete Mattermost Slash Command service for a project.
+
+```
+DELETE /projects/:id/services/mattermost-slash-commands
+```
+
+### Get Mattermost Slash Command service settings
+
+Get Mattermost Slash Command service settings for a project.
+
+```
+GET /projects/:id/services/mattermost-slash-commands
+```
+
+## Pipeline-Emails
+
+Get emails for GitLab CI pipelines.
+
+### Create/Edit Pipeline-Emails service
+
+Set Pipeline-Emails service for a project.
+
+```
+PUT /projects/:id/services/pipelines-email
+```
+
+Parameters:
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `recipients` | string | yes | Comma-separated list of recipient email addresses |
+| `add_pusher` | boolean | no | Add pusher to recipients list |
+| `notify_only_broken_builds` | boolean | no | Notify only broken pipelines |
+
+
+### Delete Pipeline-Emails service
+
+Delete Pipeline-Emails service for a project.
+
+```
+DELETE /projects/:id/services/pipelines-email
+```
+
+### Get Pipeline-Emails service settings
+
+Get Pipeline-Emails service settings for a project.
+
+```
+GET /projects/:id/services/pipelines-email
+```
+
 ## PivotalTracker
 
 Project Management Software (Source Commits Endpoint)

doc/api/snippets.md

+# Snippets
+
+> [Introduced][ce-6373] in GitLab 8.15.
+
+### Snippet visibility level
+
+Snippets in GitLab can be either private, internal, or public.
+You can set it with the `visibility_level` field in the snippet.
+
+Constants for snippet visibility levels are:
+
+| Visibility | Visibility level | Description |
+| ---------- | ---------------- | ----------- |
+| Private    | `0`  | The snippet is visible only to the snippet creator |
+| Internal   | `10` | The snippet is visible for any logged in user |
+| Public     | `20` | The snippet can be accessed without any authentication |
+
+## List snippets
+
+Get a list of current user's snippets.
+
+```
+GET /snippets
+```
+
+## Single snippet
+
+Get a single snippet.
+
+```
+GET /snippets/:id
+```
+
+Parameters:
+
+| Attribute          | Type    | Required | Description                   |
+| ---------          | ----    | -------- | -----------                   |
+| `id`               | Integer | yes      | The ID of a snippet           |
+
+``` bash
+curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/snippets/1
+```
+
+Example response:
+
+``` json
+{
+  "id": 1,
+  "title": "test",
+  "file_name": "add.rb",
+  "author": {
+    "id": 1,
+    "username": "john_smith",
+    "email": "john@example.com",
+    "name": "John Smith",
+    "state": "active",
+    "created_at": "2012-05-23T08:00:58Z"
+  },
+  "expires_at": null,
+  "updated_at": "2012-06-28T10:52:04Z",
+  "created_at": "2012-06-28T10:52:04Z",
+  "web_url": "http://example.com/snippets/1",
+}
+```
+
+## Create new snippet
+
+Creates a new snippet. The user must have permission to create new snippets.
+
+```
+POST /snippets
+```
+
+Parameters:
+
+| Attribute          | Type    | Required | Description                |
+| ---------          | ----    | -------- | -----------                |
+| `title`            | String  | yes      | The title of a snippet     |
+| `file_name`        | String  | yes      | The name of a snippet file |
+| `content`          | String  | yes      | The content of a snippet   |
+| `visibility_level` | Integer | yes      | The snippet's visibility   |
+
+
+``` bash
+curl --request POST --data '{"title": "This is a snippet", "content": "Hello world", "file_name": "test.txt", "visibility_level": 10 }' --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/snippets
+```
+
+Example response:
+
+``` json
+{
+  "id": 1,
+  "title": "This is a snippet",
+  "file_name": "test.txt",
+  "author": {
+    "id": 1,
+    "username": "john_smith",
+    "email": "john@example.com",
+    "name": "John Smith",
+    "state": "active",
+    "created_at": "2012-05-23T08:00:58Z"
+  },
+  "expires_at": null,
+  "updated_at": "2012-06-28T10:52:04Z",
+  "created_at": "2012-06-28T10:52:04Z",
+  "web_url": "http://example.com/snippets/1",
+}
+```
+
+## Update snippet
+
+Updates an existing snippet. The user must have permission to change an existing snippet.
+
+```
+PUT /snippets/:id
+```
+
+Parameters:
+
+| Attribute          | Type    | Required | Description                |
+| ---------          | ----    | -------- | -----------                |
+| `id`               | Integer | yes      | The ID of a snippet        |
+| `title`            | String  | no       | The title of a snippet     |
+| `file_name`        | String  | no       | The name of a snippet file |
+| `content`          | String  | no       | The content of a snippet   |
+| `visibility_level` | Integer | no       | The snippet's visibility   |
+
+
+``` bash
+curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" --data '{"title": "foo", "content": "bar"}' https://gitlab.example.com/api/v3/snippets/1
+```
+
+Example response:
+
+``` json
+{
+  "id": 1,
+  "title": "test",
+  "file_name": "add.rb",
+  "author": {
+    "id": 1,
+    "username": "john_smith",
+    "email": "john@example.com",
+    "name": "John Smith",
+    "state": "active",
+    "created_at": "2012-05-23T08:00:58Z"
+  },
+  "expires_at": null,
+  "updated_at": "2012-06-28T10:52:04Z",
+  "created_at": "2012-06-28T10:52:04Z",
+  "web_url": "http://example.com/snippets/1",
+}
+```
+
+## Delete snippet
+
+Deletes an existing snippet. 
+
+```
+DELETE /snippets/:id
+```
+
+Parameters:
+
+| Attribute          | Type    | Required | Description                   |
+| ---------          | ----    | -------- | -----------                   |
+| `id`               | Integer | yes      | The ID of a snippet           |
+
+
+```
+curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/snippets/1"
+```
+
+upon successful delete a `204 No content` HTTP code shall be expected, with no data,
+but if the snippet is non-existent, a `404 Not Found` will be returned.
+
+## Explore all public snippets
+
+```
+GET /snippets/public
+```
+
+| Attribute  | Type    | Required | Description                           |
+| ---------  | ----    | -------- | -----------                           |
+| `per_page` | Integer | no       | number of snippets to return per page |
+| `page`     | Integer | no       | the page to retrieve                  |
+
+``` bash
+curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/snippets/public?per_page=2&page=1
+```
+
+Example response:
+
+``` json
+[
+    {
+        "author": {
+            "avatar_url": "http://www.gravatar.com/avatar/edaf55a9e363ea263e3b981d09e0f7f7?s=80&d=identicon",
+            "id": 12,
+            "name": "Libby Rolfson",
+            "state": "active",
+            "username": "elton_wehner",
+            "web_url": "http://localhost:3000/elton_wehner"
+        },
+        "created_at": "2016-11-25T16:53:34.504Z",
+        "file_name": "oconnerrice.rb",
+        "id": 49,
+        "raw_url": "http://localhost:3000/snippets/49/raw",
+        "title": "Ratione cupiditate et laborum temporibus.",
+        "updated_at": "2016-11-25T16:53:34.504Z",
+        "web_url": "http://localhost:3000/snippets/49"
+    },
+    {
+        "author": {
+            "avatar_url": "http://www.gravatar.com/avatar/36583b28626de71061e6e5a77972c3bd?s=80&d=identicon",
+            "id": 16,
+            "name": "Llewellyn Flatley",
+            "state": "active",
+            "username": "adaline",
+            "web_url": "http://localhost:3000/adaline"
+        },
+        "created_at": "2016-11-25T16:53:34.479Z",
+        "file_name": "muellershields.rb",
+        "id": 48,
+        "raw_url": "http://localhost:3000/snippets/48/raw",
+        "title": "Minus similique nesciunt vel fugiat qui ullam sunt.",
+        "updated_at": "2016-11-25T16:53:34.479Z",
+        "web_url": "http://localhost:3000/snippets/48"
+    }
+]
+```
+

doc/ci/review_apps/index.md

@@ -33,7 +33,7 @@ built and deployed under a dynamic environment and can be previewed with an
 also dynamically URL.
 
 The details of the Review Apps implementation depend widely on your real
-technology stack and on your deployment process. The simplest case it to
+technology stack and on your deployment process. The simplest case is to
 deploy a simple static HTML website, but it will not be that straightforward
 when your app is using a database for example. To make a branch be deployed
 on a temporary instance and booting up this instance with all required software

features/admin/settings.feature

-@admin
-Feature: Admin Settings
-  Background:
-    Given I sign in as an admin
-    And I visit admin settings page
-
-  Scenario: Change application settings
-    When I modify settings and save form
-    Then I should see application settings saved
-
-  Scenario: Change Slack Service Template settings
-    When I click on "Service Templates"
-    And I click on "Slack" service
-    And I fill out Slack settings
-    Then I check all events and submit form
-    And I should see service template settings saved
-    Then I click on "Slack" service
-    And I should see all checkboxes checked
-    And I should see Slack settings saved

features/steps/project/snippets.rb

@@ -22,7 +22,7 @@ class Spinach::Features::ProjectSnippets < Spinach::FeatureSteps
   end
 
   step 'I click link "New snippet"' do
-    click_link "New snippet"
+    first(:link, "New snippet").click
   end
 
   step 'I click link "Snippet one"' do

features/steps/shared/paths.rb

@@ -203,10 +203,6 @@ module SharedPaths
     visit admin_teams_path
   end
 
-  step 'I visit admin settings page' do
-    visit admin_application_settings_path
-  end
-
   step 'I visit spam logs page' do
     visit admin_spam_logs_path
   end

lib/api/api.rb

@@ -64,6 +64,7 @@ module API
     mount ::API::Session
     mount ::API::Settings
     mount ::API::SidekiqMetrics
+    mount ::API::Snippets
     mount ::API::Subscriptions
     mount ::API::SystemHooks
     mount ::API::Tags

lib/api/branches.rb

@@ -23,9 +23,9 @@ module API
         success Entities::RepoBranch
       end
       params do
-        requires :branch, type: String, regexp: /.+/, desc: 'The name of the branch'
+        requires :branch, type: String, desc: 'The name of the branch'
       end
-      get ':id/repository/branches/:branch' do
+      get ':id/repository/branches/:branch', requirements: { branch: /.+/ } do
         branch = user_project.repository.find_branch(params[:branch])
         not_found!("Branch") unless branch
 
@@ -39,11 +39,11 @@ module API
         success Entities::RepoBranch
       end
       params do
-        requires :branch, type: String, regexp: /.+/, desc: 'The name of the branch'
+        requires :branch, type: String, desc: 'The name of the branch'
         optional :developers_can_push, type: Boolean, desc: 'Flag if developers can push to that branch'
         optional :developers_can_merge, type: Boolean, desc: 'Flag if developers can merge to that branch'
       end
-      put ':id/repository/branches/:branch/protect' do
+      put ':id/repository/branches/:branch/protect', requirements: { branch: /.+/ } do
         authorize_admin_project
 
         branch = user_project.repository.find_branch(params[:branch])
@@ -76,9 +76,9 @@ module API
         success Entities::RepoBranch
       end
       params do
-        requires :branch, type: String, regexp: /.+/, desc: 'The name of the branch'
+        requires :branch, type: String, desc: 'The name of the branch'
       end
-      put ':id/repository/branches/:branch/unprotect' do
+      put ':id/repository/branches/:branch/unprotect', requirements: { branch: /.+/ } do
         authorize_admin_project
 
         branch = user_project.repository.find_branch(params[:branch])
@@ -112,9 +112,9 @@ module API
 
       desc 'Delete a branch'
       params do
-        requires :branch, type: String, regexp: /.+/, desc: 'The name of the branch'
+        requires :branch, type: String, desc: 'The name of the branch'
       end
-      delete ":id/repository/branches/:branch" do
+      delete ":id/repository/branches/:branch", requirements: { branch: /.+/ } do
         authorize_push_project
 
         result = DeleteBranchService.new(user_project, current_user).

lib/api/commits.rb

 require 'mime/types'
 
 module API
-  # Projects commits API
   class Commits < Grape::API
     include PaginationParams
 
@@ -121,6 +120,41 @@ module API
         present paginate(notes), with: Entities::CommitNote
       end
 
+      desc 'Cherry pick commit into a branch' do
+        detail 'This feature was introduced in GitLab 8.15'
+        success Entities::RepoCommit
+      end
+      params do
+        requires :sha, type: String, desc: 'A commit sha to be cherry picked'
+        requires :branch, type: String, desc: 'The name of the branch'
+      end
+      post ':id/repository/commits/:sha/cherry_pick' do
+        authorize! :push_code, user_project
+
+        commit = user_project.commit(params[:sha])
+        not_found!('Commit') unless commit
+
+        branch = user_project.repository.find_branch(params[:branch])
+        not_found!('Branch') unless branch
+
+        commit_params = {
+          commit: commit,
+          create_merge_request: false,
+          source_project: user_project,
+          source_branch: commit.cherry_pick_branch_name,
+          target_branch: params[:branch]
+        }
+
+        result = ::Commits::CherryPickService.new(user_project, current_user, commit_params).execute
+
+        if result[:status] == :success
+          branch = user_project.repository.find_branch(params[:branch])
+          present user_project.repository.commit(branch.dereferenced_target), with: Entities::RepoCommit
+        else
+          render_api_error!(result[:message], 400)
+        end
+      end
+
       desc 'Post comment to commit' do
         success Entities::CommitNote
       end

lib/api/entities.rb

@@ -201,6 +201,19 @@ module API
       end
     end
 
+    class PersonalSnippet < Grape::Entity
+      expose :id, :title, :file_name
+      expose :author, using: Entities::UserBasic
+      expose :updated_at, :created_at
+
+      expose :web_url do |snippet|
+        Gitlab::UrlBuilder.build(snippet)
+      end
+      expose :raw_url do |snippet|
+        Gitlab::UrlBuilder.build(snippet) + "/raw"
+      end
+    end
+
     class ProjectEntity < Grape::Entity
       expose :id, :iid
       expose(:project_id) { |entity| entity.project.id }

lib/api/groups.rb

 module API
   class Groups < Grape::API
     include PaginationParams
-    
+
     before { authenticate! }
 
     helpers do
@@ -117,12 +117,24 @@ module API
         success Entities::Project
       end
       params do
+        optional :archived, type: Boolean, default: false, desc: 'Limit by archived status'
+        optional :visibility, type: String, values: %w[public internal private],
+                              desc: 'Limit by visibility'
+        optional :search, type: String, desc: 'Return list of authorized projects matching the search criteria'
+        optional :order_by, type: String, values: %w[id name path created_at updated_at last_activity_at],
+                            default: 'created_at', desc: 'Return projects ordered by field'
+        optional :sort, type: String, values: %w[asc desc], default: 'desc',
+                        desc: 'Return projects sorted in ascending and descending order'
+        optional :simple, type: Boolean, default: false,
+                          desc: 'Return only the ID, URL, name, and path of each project'
         use :pagination
       end
       get ":id/projects" do
         group = find_group!(params[:id])
         projects = GroupProjectsFinder.new(group).execute(current_user)
-        present paginate(projects), with: Entities::Project, user: current_user
+        projects = filter_projects(projects)
+        entity = params[:simple] ? Entities::BasicProjectDetails : Entities::Project
+        present paginate(projects), with: entity, user: current_user
       end
 
       desc 'Transfer a project to the group namespace. Available only for admin.' do

lib/api/helpers.rb

@@ -8,67 +8,23 @@ module API
     SUDO_HEADER = "HTTP_SUDO"
     SUDO_PARAM = :sudo
 
-    def private_token
-      params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]
-    end
-
-    def warden
-      env['warden']
-    end
-
-    # Check the Rails session for valid authentication details
-    #
-    # Until CSRF protection is added to the API, disallow this method for
-    # state-changing endpoints
-    def find_user_from_warden
-      warden.try(:authenticate) if %w[GET HEAD].include?(env['REQUEST_METHOD'])
-    end
-
     def declared_params(options = {})
       options = { include_parent_namespaces: false }.merge(options)
       declared(params, options).to_h.symbolize_keys
     end
 
-    def find_user_by_private_token
-      token = private_token
-      return nil unless token.present?
-
-      User.find_by_authentication_token(token) || User.find_by_personal_access_token(token)
-    end
-
     def current_user
-      @current_user ||= find_user_by_private_token
-      @current_user ||= doorkeeper_guard
-      @current_user ||= find_user_from_warden
+      return @current_user if defined?(@current_user)
 
-      unless @current_user && Gitlab::UserAccess.new(@current_user).allowed?
-        return nil
-      end
-
-      identifier = sudo_identifier
-
-      if identifier
-        # We check for private_token because we cannot allow PAT to be used
-        forbidden!('Must be admin to use sudo') unless @current_user.is_admin?
-        forbidden!('Private token must be specified in order to use sudo') unless private_token_used?
+      @current_user = initial_current_user
 
-        @impersonator = @current_user
-        @current_user = User.by_username_or_id(identifier)
-        not_found!("No user id or username for: #{identifier}") if @current_user.nil?
-      end
+      sudo!
 
       @current_user
     end
 
-    def sudo_identifier
-      identifier ||= params[SUDO_PARAM] || env[SUDO_HEADER]
-
-      # Regex for integers
-      if !!(identifier =~ /\A[0-9]+\z/)
-        identifier.to_i
-      else
-        identifier
-      end
+    def sudo?
+      initial_current_user != current_user
     end
 
     def user_project
@@ -79,6 +35,14 @@ module API
       @available_labels ||= LabelsFinder.new(current_user, project_id: user_project.id).execute
     end
 
+    def find_user(id)
+      if id =~ /^\d+$/
+        User.find_by(id: id)
+      else
+        User.find_by(username: id)
+      end
+    end
+
     def find_project(id)
       if id =~ /^\d+$/
         Project.find_by(id: id)
@@ -97,17 +61,6 @@ module API
       end
     end
 
-    def project_service(project = user_project)
-      @project_service ||= project.find_or_initialize_service(params[:service_slug].underscore)
-      @project_service || not_found!("Service")
-    end
-
-    def service_attributes
-      @service_attributes ||= project_service.fields.inject([]) do |arr, hash|
-        arr << hash[:name].to_sym
-      end
-    end
-
     def find_group(id)
       if id =~ /^\d+$/
         Group.find_by(id: id)
@@ -349,8 +302,99 @@ module API
 
     private
 
-    def private_token_used?
-      private_token == @current_user.private_token
+    def private_token
+      params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]
+    end
+
+    def warden
+      env['warden']
+    end
+
+    # Check the Rails session for valid authentication details
+    #
+    # Until CSRF protection is added to the API, disallow this method for
+    # state-changing endpoints
+    def find_user_from_warden
+      warden.try(:authenticate) if %w[GET HEAD].include?(env['REQUEST_METHOD'])
+    end
+
+    def find_user_by_private_token
+      token = private_token
+      return nil unless token.present?
+
+      User.find_by_authentication_token(token) || User.find_by_personal_access_token(token)
+    end
+
+    def initial_current_user
+      return @initial_current_user if defined?(@initial_current_user)
+
+      @initial_current_user ||= find_user_by_private_token
+      @initial_current_user ||= doorkeeper_guard
+      @initial_current_user ||= find_user_from_warden
+
+      unless @initial_current_user && Gitlab::UserAccess.new(@initial_current_user).allowed?
+        @initial_current_user = nil
+      end
+
+      @initial_current_user
+    end
+
+    def sudo!
+      return unless sudo_identifier
+      return unless initial_current_user
+
+      unless initial_current_user.is_admin?
+        forbidden!('Must be admin to use sudo')
+      end
+
+      # Only private tokens should be used for the SUDO feature
+      unless private_token == initial_current_user.private_token
+        forbidden!('Private token must be specified in order to use sudo')
+      end
+
+      sudoed_user = find_user(sudo_identifier)
+
+      if sudoed_user
+        @current_user = sudoed_user
+      else
+        not_found!("No user id or username for: #{sudo_identifier}")
+      end
+    end
+
+    def sudo_identifier
+      @sudo_identifier ||= params[SUDO_PARAM] || env[SUDO_HEADER]
+    end
+
+    def add_pagination_headers(paginated_data)
+      header 'X-Total',       paginated_data.total_count.to_s
+      header 'X-Total-Pages', paginated_data.total_pages.to_s
+      header 'X-Per-Page',    paginated_data.limit_value.to_s
+      header 'X-Page',        paginated_data.current_page.to_s
+      header 'X-Next-Page',   paginated_data.next_page.to_s
+      header 'X-Prev-Page',   paginated_data.prev_page.to_s
+      header 'Link',          pagination_links(paginated_data)
+    end
+
+    def pagination_links(paginated_data)
+      request_url = request.url.split('?').first
+      request_params = params.clone
+      request_params[:per_page] = paginated_data.limit_value
+
+      links = []
+
+      request_params[:page] = paginated_data.current_page - 1
+      links << %(<#{request_url}?#{request_params.to_query}>; rel="prev") unless paginated_data.first_page?
+
+      request_params[:page] = paginated_data.current_page + 1
+      links << %(<#{request_url}?#{request_params.to_query}>; rel="next") unless paginated_data.last_page?
+
+      request_params[:page] = 1
+      links << %(<#{request_url}?#{request_params.to_query}>; rel="first")
+
+      request_params[:page] = paginated_data.total_pages
+      links << %(<#{request_url}?#{request_params.to_query}>; rel="last")
+
+      links.join(', ')
     end
 
     def secret_token

lib/api/merge_requests.rb

@@ -143,8 +143,8 @@ module API
           success Entities::MergeRequest
         end
         params do
-          optional :title, type: String, desc: 'The title of the merge request'
-          optional :target_branch, type: String, desc: 'The target branch'
+          optional :title, type: String, allow_blank: false, desc: 'The title of the merge request'
+          optional :target_branch, type: String, allow_blank: false, desc: 'The target branch'
           optional :state_event, type: String, values: %w[close reopen merge],
                                  desc: 'Status of the merge request'
           use :optional_params

lib/api/services.rb

 module API
-  # Projects API
   class Services < Grape::API
+    services = {
+      'asana' => [
+        {
+          required: true,
+          name: :api_key,
+          type: String,
+          desc: 'User API token'
+        },
+        {
+          required: false,
+          name: :restrict_to_branch,
+          type: String,
+          desc: 'Comma-separated list of branches which will be automatically inspected. Leave blank to include all branches'
+        }
+      ],
+      'assembla' => [
+        {
+          required: true,
+          name: :token,
+          type: String,
+          desc: 'The authentication token'
+        },
+        {
+          required: false,
+          name: :subdomain,
+          type: String,
+          desc: 'Subdomain setting'
+        }
+      ],
+      'bamboo' => [
+        {
+          required: true,
+          name: :bamboo_url,
+          type: String,
+          desc: 'Bamboo root URL like https://bamboo.example.com'
+        },
+        {
+          required: true,
+          name: :build_key,
+          type: String,
+          desc: 'Bamboo build plan key like'
+        },
+        {
+          required: true,
+          name: :username,
+          type: String,
+          desc: 'A user with API access, if applicable'
+        },
+        {
+          required: true,
+          name: :password,
+          type: String,
+          desc: 'Passord of the user'
+        }
+      ],
+      'bugzilla' => [
+        {
+          required: true,
+          name: :new_issue_url,
+          type: String,
+          desc: 'New issue URL'
+        },
+        {
+          required: true,
+          name: :issues_url,
+          type: String,
+          desc: 'Issues URL'
+        },
+        {
+          required: true,
+          name: :project_url,
+          type: String,
+          desc: 'Project URL'
+        },
+        {
+          required: false,
+          name: :description,
+          type: String,
+          desc: 'Description'
+        },
+        {
+          required: false,
+          name: :title,
+          type: String,
+          desc: 'Title'
+        }
+      ],
+      'buildkite' => [
+        {
+          required: true,
+          name: :token,
+          type: String,
+          desc: 'Buildkite project GitLab token'
+        },
+        {
+          required: true,
+          name: :project_url,
+          type: String,
+          desc: 'The buildkite project URL'
+        },
+        {
+          required: false,
+          name: :enable_ssl_verification,
+          type: Boolean,
+          desc: 'Enable SSL verification for communication'
+        }
+      ],
+      'builds-email' => [
+        {
+          required: true,
+          name: :recipients,
+          type: String,
+          desc: 'Comma-separated list of recipient email addresses'
+        },
+        {
+          required: false,
+          name: :add_pusher,
+          type: Boolean,
+          desc: 'Add pusher to recipients list'
+        },
+        {
+          required: false,
+          name: :notify_only_broken_builds,
+          type: Boolean,
+          desc: 'Notify only broken builds'
+        }
+      ],
+      'campfire' => [
+        {
+          required: true,
+          name: :token,
+          type: String,
+          desc: 'Campfire token'
+        },
+        {
+          required: false,
+          name: :subdomain,
+          type: String,
+          desc: 'Campfire subdomain'
+        },
+        {
+          required: false,
+          name: :room,
+          type: String,
+          desc: 'Campfire room'
+        },
+      ],
+      'custom-issue-tracker' => [
+        {
+          required: true,
+          name: :new_issue_url,
+          type: String,
+          desc: 'New issue URL'
+        },
+        {
+          required: true,
+          name: :issues_url,
+          type: String,
+          desc: 'Issues URL'
+        },
+        {
+          required: true,
+          name: :project_url,
+          type: String,
+          desc: 'Project URL'
+        },
+        {
+          required: false,
+          name: :description,
+          type: String,
+          desc: 'Description'
+        },
+        {
+          required: false,
+          name: :title,
+          type: String,
+          desc: 'Title'
+        }
+      ],
+      'drone-ci' => [
+        {
+          required: true,
+          name: :token,
+          type: String,
+          desc: 'Drone CI token'
+        },
+        {
+          required: true,
+          name: :drone_url,
+          type: String,
+          desc: 'Drone CI URL'
+        },
+        {
+          required: false,
+          name: :enable_ssl_verification,
+          type: Boolean,
+          desc: 'Enable SSL verification for communication'
+        }
+      ],
+      'emails-on-push' => [
+        {
+          required: true,
+          name: :recipients,
+          type: String,
+          desc: 'Comma-separated list of recipient email addresses'
+        },
+        {
+          required: false,
+          name: :disable_diffs,
+          type: Boolean,
+          desc: 'Disable code diffs'
+        },
+        {
+          required: false,
+          name: :send_from_committer_email,
+          type: Boolean,
+          desc: 'Send from committer'
+        }
+      ],
+      'external-wiki' => [
+        {
+          required: true,
+          name: :external_wiki_url,
+          type: String,
+          desc: 'The URL of the external Wiki'
+        }
+      ],
+      'flowdock' => [
+        {
+          required: true,
+          name: :token,
+          type: String,
+          desc: 'Flowdock token'
+        }
+      ],
+      'gemnasium' => [
+        {
+          required: true,
+          name: :api_key,
+          type: String,
+          desc: 'Your personal API key on gemnasium.com'
+        },
+        {
+          required: true,
+          name: :token,
+          type: String,
+          desc: "The project's slug on gemnasium.com"
+        }
+      ],
+      'hipchat' => [
+        {
+          required: true,
+          name: :token,
+          type: String,
+          desc: 'The room token'
+        },
+        {
+          required: false,
+          name: :room,
+          type: String,
+          desc: 'The room name or ID'
+        },
+        {
+          required: false,
+          name: :color,
+          type: String,
+          desc: 'The room color'
+        },
+        {
+          required: false,
+          name: :notify,
+          type: Boolean,
+          desc: 'Enable notifications'
+        },
+        {
+          required: false,
+          name: :api_version,
+          type: String,
+          desc: 'Leave blank for default (v2)'
+        },
+        {
+          required: false,
+          name: :server,
+          type: String,
+          desc: 'Leave blank for default. https://hipchat.example.com'
+        }
+      ],
+      'irker' => [
+        {
+          required: true,
+          name: :recipients,
+          type: String,
+          desc: 'Recipients/channels separated by whitespaces'
+        },
+        {
+          required: false,
+          name: :default_irc_uri,
+          type: String,
+          desc: 'Default: irc://irc.network.net:6697'
+        },
+        {
+          required: false,
+          name: :server_host,
+          type: String,
+          desc: 'Server host. Default localhost'
+        },
+        {
+          required: false,
+          name: :server_port,
+          type: Integer,
+          desc: 'Server port. Default 6659'
+        },
+        {
+          required: false,
+          name: :colorize_messages,
+          type: Boolean,
+          desc: 'Colorize messages'
+        }
+      ],
+      'jira' => [
+        {
+          required: true,
+          name: :url,
+          type: String,
+          desc: 'The URL to the JIRA project which is being linked to this GitLab project, e.g., https://jira.example.com'
+        },
+        {
+          required: true,
+          name: :project_key,
+          type: String,
+          desc: 'The short identifier for your JIRA project, all uppercase, e.g., PROJ'
+        },
+        {
+          required: false,
+          name: :username,
+          type: String,
+          desc: 'The username of the user created to be used with GitLab/JIRA'
+        },
+        {
+          required: false,
+          name: :password,
+          type: String,
+          desc: 'The password of the user created to be used with GitLab/JIRA'
+        },
+        {
+          required: false,
+          name: :jira_issue_transition_id,
+          type: Integer,
+          desc: 'The ID of a transition that moves issues to a closed state. You can find this number under the JIRA workflow administration (**Administration > Issues > Workflows**) by selecting **View** under **Operations** of the desired workflow of your project. The ID of each state can be found inside the parenthesis of each transition name under the **Transitions (id)** column ([see screenshot][trans]). By default, this ID is set to `2`'
+        }
+      ],
+      'mattermost-slash-commands' => [
+        {
+          required: true,
+          name: :token,
+          type: String,
+          desc: 'The Mattermost token'
+        }
+      ],
+      'pipelines-email' => [
+        {
+          required: true,
+          name: :recipients,
+          type: String,
+          desc: 'Comma-separated list of recipient email addresses'
+        },
+        {
+          required: false,
+          name: :notify_only_broken_builds,
+          type: Boolean,
+          desc: 'Notify only broken builds'
+        }
+      ],
+      'pivotaltracker' => [
+        {
+          required: true,
+          name: :token,
+          type: String,
+          desc: 'The Pivotaltracker token'
+        },
+        {
+          required: false,
+          name: :restrict_to_branch,
+          type: String,
+          desc: 'Comma-separated list of branches which will be automatically inspected. Leave blank to include all branches.'
+        }
+      ],
+      'pushover' => [
+        {
+          required: true,
+          name: :api_key,
+          type: String,
+          desc: 'The application key'
+        },
+        {
+          required: true,
+          name: :user_key,
+          type: String,
+          desc: 'The user key'
+        },
+        {
+          required: true,
+          name: :priority,
+          type: String,
+          desc: 'The priority'
+        },
+        {
+          required: true,
+          name: :device,
+          type: String,
+          desc: 'Leave blank for all active devices'
+        },
+        {
+          required: true,
+          name: :sound,
+          type: String,
+          desc: 'The sound of the notification'
+        }
+      ],
+      'redmine' => [
+        {
+          required: true,
+          name: :new_issue_url,
+          type: String,
+          desc: 'The new issue URL'
+        },
+        {
+          required: true,
+          name: :project_url,
+          type: String,
+          desc: 'The project URL'
+        },
+        {
+          required: true,
+          name: :issues_url,
+          type: String,
+          desc: 'The issues URL'
+        },
+        {
+          required: false,
+          name: :description,
+          type: String,
+          desc: 'The description of the tracker'
+        }
+      ],
+      'slack' => [
+        {
+          required: true,
+          name: :webhook,
+          type: String,
+          desc: 'The Slack webhook. e.g. https://hooks.slack.com/services/...'
+        },
+        {
+          required: false,
+          name: :new_issue_url,
+          type: String,
+          desc: 'The user name'
+        },
+        {
+          required: false,
+          name: :channel,
+          type: String,
+          desc: 'The channel name'
+        }
+      ],
+      'teamcity' => [
+        {
+          required: true,
+          name: :teamcity_url,
+          type: String,
+          desc: 'TeamCity root URL like https://teamcity.example.com'
+        },
+        {
+          required: true,
+          name: :build_type,
+          type: String,
+          desc: 'Build configuration ID'
+        },
+        {
+          required: true,
+          name: :username,
+          type: String,
+          desc: 'A user with permissions to trigger a manual build'
+        },
+        {
+          required: true,
+          name: :password,
+          type: String,
+          desc: 'The password of the user'
+        }
+      ]
+    }.freeze
+
+    trigger_services = {
+      'mattermost-slash-commands' => [
+        {
+          name: :token,
+          type: String,
+          desc: 'The Mattermost token'
+        }
+      ]
+    }.freeze
+
     resource :projects do
       before { authenticate! }
       before { authorize_admin_project }
 
-      # Set <service_slug> service for project
-      #
-      # Example Request:
-      #
-      #   PUT /projects/:id/services/gitlab-ci
-      #
-      put ':id/services/:service_slug' do
-        if project_service
-          validators = project_service.class.validators.select do |s|
-            s.class == ActiveRecord::Validations::PresenceValidator &&
-              s.attributes != [:project_id]
+      helpers do
+        def service_attributes(service)
+          service.fields.inject([]) do |arr, hash|
+            arr << hash[:name].to_sym
           end
+        end
+      end
 
-          required_attributes! validators.map(&:attributes).flatten.uniq
-          attrs = attributes_for_keys service_attributes
+      services.each do |service_slug, settings|
+        desc "Set #{service_slug} service for project"
+        params do
+          settings.each do |setting|
+            if setting[:required]
+              requires setting[:name], type: setting[:type], desc: setting[:desc]
+            else
+              optional setting[:name], type: setting[:type], desc: setting[:desc]
+            end
+          end
+        end
+        put ":id/services/#{service_slug}" do
+          service = user_project.find_or_initialize_service(service_slug.underscore)
+          service_params = declared_params(include_missing: false).merge(active: true)
 
-          if project_service.update_attributes(attrs.merge(active: true))
+          if service.update_attributes(service_params)
             true
           else
-            not_found!
+            render_api_error!('400 Bad Request', 400)
           end
         end
       end
 
-      # Delete <service_slug> service for project
-      #
-      # Example Request:
-      #
-      #   DELETE /project/:id/services/gitlab-ci
-      #
-      delete ':id/services/:service_slug' do
-        if project_service
-          attrs = service_attributes.inject({}) do |hash, key|
-            hash.merge!(key => nil)
-          end
+      desc "Delete a service for project"
+      params do
+        requires :service_slug, type: String, values: services.keys, desc: 'The name of the service'
+      end
+      delete ":id/services/:service_slug" do
+        service = user_project.find_or_initialize_service(params[:service_slug].underscore)
 
-          if project_service.update_attributes(attrs.merge(active: false))
-            true
-          else
-            not_found!
-          end
+        attrs = service_attributes(service).inject({}) do |hash, key|
+          hash.merge!(key => nil)
+        end
+
+        if service.update_attributes(attrs.merge(active: false))
+          true
+        else
+          render_api_error!('400 Bad Request', 400)
         end
       end
 
-      # Get <service_slug> service settings for project
-      #
-      # Example Request:
-      #
-      #   GET /project/:id/services/gitlab-ci
-      #
-      get ':id/services/:service_slug' do
-        present project_service, with: Entities::ProjectService, include_passwords: current_user.is_admin?
+      desc 'Get the service settings for project' do
+        success Entities::ProjectService
+      end
+      params do
+        requires :service_slug, type: String, values: services.keys, desc: 'The name of the service'
+      end
+      get ":id/services/:service_slug" do
+        service = user_project.find_or_initialize_service(params[:service_slug].underscore)
+        present service, with: Entities::ProjectService, include_passwords: current_user.is_admin?
       end
     end
 
-    resource :projects do
-      desc 'Trigger a slash command' do
-        detail 'Added in GitLab 8.13'
+    trigger_services.each do |service_slug, settings|
+      params do
+        requires :id, type: String, desc: 'The ID of a project'
       end
-      post ':id/services/:service_slug/trigger' do
-        project = find_project(params[:id])
+      resource :projects do
+        desc "Trigger a slash command for #{service_slug}" do
+          detail 'Added in GitLab 8.13'
+        end
+        params do
+          settings.each do |setting|
+            requires setting[:name], type: setting[:type], desc: setting[:desc]
+          end
+        end
+        post ":id/services/#{service_slug.underscore}/trigger" do
+          project = find_project(params[:id])
 
-        # This is not accurate, but done to prevent leakage of the project names
-        not_found!('Service') unless project
+          # This is not accurate, but done to prevent leakage of the project names
+          not_found!('Service') unless project
 
-        service = project_service(project)
+          service = project.find_or_initialize_service(service_slug.underscore)
 
-        result = service.try(:active?) && service.try(:trigger, params)
+          result = service.try(:active?) && service.try(:trigger, params)
 
-        if result
-          status result[:status] || 200
-          present result
-        else
-          not_found!('Service')
+          if result
+            status result[:status] || 200
+            present result
+          else
+            not_found!('Service')
+          end
         end
       end
     end

lib/api/snippets.rb

+module API
+  # Snippets API
+  class Snippets < Grape::API
+    include PaginationParams
+
+    before { authenticate! }
+
+    resource :snippets do
+      helpers do
+        def snippets_for_current_user
+          SnippetsFinder.new.execute(current_user, filter: :by_user, user: current_user)
+        end
+
+        def public_snippets
+          SnippetsFinder.new.execute(current_user, filter: :public)
+        end
+      end
+
+      desc 'Get a snippets list for authenticated user' do
+        detail 'This feature was introduced in GitLab 8.15.'
+        success Entities::PersonalSnippet
+      end
+      params do
+        use :pagination
+      end
+      get do
+        present paginate(snippets_for_current_user), with: Entities::PersonalSnippet
+      end
+
+      desc 'List all public snippets current_user has access to' do
+        detail 'This feature was introduced in GitLab 8.15.'
+        success Entities::PersonalSnippet
+      end
+      params do
+        use :pagination
+      end
+      get 'public' do
+        present paginate(public_snippets), with: Entities::PersonalSnippet
+      end
+
+      desc 'Get a single snippet' do
+        detail 'This feature was introduced in GitLab 8.15.'
+        success Entities::PersonalSnippet
+      end
+      params do
+        requires :id, type: Integer, desc: 'The ID of a snippet'
+      end
+      get ':id' do
+        snippet = snippets_for_current_user.find(params[:id])
+        present snippet, with: Entities::PersonalSnippet
+      end
+
+      desc 'Create new snippet' do
+        detail 'This feature was introduced in GitLab 8.15.'
+        success Entities::PersonalSnippet
+      end
+      params do
+        requires :title, type: String, desc: 'The title of a snippet'
+        requires :file_name, type: String, desc: 'The name of a snippet file'
+        requires :content, type: String, desc: 'The content of a snippet'
+        optional :visibility_level, type: Integer,
+                                    values: Gitlab::VisibilityLevel.values,
+                                    default: Gitlab::VisibilityLevel::INTERNAL,
+                                    desc: 'The visibility level of the snippet'
+      end
+      post do
+        attrs = declared_params(include_missing: false)
+        snippet = CreateSnippetService.new(nil, current_user, attrs).execute
+
+        if snippet.persisted?
+          present snippet, with: Entities::PersonalSnippet
+        else
+          render_validation_error!(snippet)
+        end
+      end
+
+      desc 'Update an existing snippet' do
+        detail 'This feature was introduced in GitLab 8.15.'
+        success Entities::PersonalSnippet
+      end
+      params do
+        requires :id, type: Integer, desc: 'The ID of a snippet'
+        optional :title, type: String, desc: 'The title of a snippet'
+        optional :file_name, type: String, desc: 'The name of a snippet file'
+        optional :content, type: String, desc: 'The content of a snippet'
+        optional :visibility_level, type: Integer,
+                                    values: Gitlab::VisibilityLevel.values,
+                                    desc: 'The visibility level of the snippet'
+        at_least_one_of :title, :file_name, :content, :visibility_level
+      end
+      put ':id' do
+        snippet = snippets_for_current_user.find_by(id: params.delete(:id))
+        return not_found!('Snippet') unless snippet
+        authorize! :update_personal_snippet, snippet
+
+        attrs = declared_params(include_missing: false)
+
+        UpdateSnippetService.new(nil, current_user, snippet, attrs).execute
+        if snippet.persisted?
+          present snippet, with: Entities::PersonalSnippet
+        else
+          render_validation_error!(snippet)
+        end
+      end
+
+      desc 'Remove snippet' do
+        detail 'This feature was introduced in GitLab 8.15.'
+        success Entities::PersonalSnippet
+      end
+      params do
+        requires :id, type: Integer, desc: 'The ID of a snippet'
+      end
+      delete ':id' do
+        snippet = snippets_for_current_user.find_by(id: params.delete(:id))
+        return not_found!('Snippet') unless snippet
+        authorize! :destroy_personal_snippet, snippet
+        snippet.destroy
+        no_content!
+      end
+
+      desc 'Get a raw snippet' do
+        detail 'This feature was introduced in GitLab 8.15.'
+      end
+      params do
+        requires :id, type: Integer, desc: 'The ID of a snippet'
+      end
+      get ":id/raw" do
+        snippet = snippets_for_current_user.find_by(id: params.delete(:id))
+        return not_found!('Snippet') unless snippet
+
+        env['api.format'] = :txt
+        content_type 'text/plain'
+        present snippet.content
+      end
+    end
+  end
+end

lib/api/users.rb

@@ -353,7 +353,7 @@ module API
         success Entities::UserPublic
       end
       get do
-        present current_user, with: @impersonator ? Entities::UserWithPrivateToken : Entities::UserPublic
+        present current_user, with: sudo? ? Entities::UserWithPrivateToken : Entities::UserPublic
       end
 
       desc "Get the currently authenticated user's SSH keys" do

lib/banzai/filter/abstract_reference_filter.rb

@@ -248,7 +248,7 @@ module Banzai
       end
 
       def projects_relation_for_paths(paths)
-        Project.where_paths_in(paths).includes(:namespace)
+        Project.where_full_path_in(paths).includes(:namespace)
       end
 
       # Returns projects for the given paths.

lib/banzai/filter/relative_link_filter.rb

@@ -46,7 +46,7 @@ module Banzai
       end
 
       def rebuild_relative_uri(uri)
-        file_path = relative_file_path(uri.path)
+        file_path = relative_file_path(uri)
 
         uri.path = [
           relative_url_root,
@@ -59,8 +59,10 @@ module Banzai
         uri
       end
 
-      def relative_file_path(path)
-        nested_path = build_relative_path(path, context[:requested_path])
+      def relative_file_path(uri)
+        path = Addressable::URI.unescape(uri.path)
+        request_path = Addressable::URI.unescape(context[:requested_path])
+        nested_path = build_relative_path(path, request_path)
         file_exists?(nested_path) ? nested_path : path
       end
 
@@ -108,11 +110,7 @@ module Banzai
       end
 
       def uri_type(path)
-        @uri_types[path] ||= begin
-          unescaped_path = Addressable::URI.unescape(path)
-
-          current_commit.uri_type(unescaped_path)
-        end
+        @uri_types[path] ||= current_commit.uri_type(path)
       end
 
       def current_commit

lib/gitlab/regex.rb

@@ -61,7 +61,7 @@ module Gitlab
     end
 
     def file_name_regex
-      @file_name_regex ||= /\A[a-zA-Z0-9_\-\.\@]*\z/.freeze
+      @file_name_regex ||= /\A[[[:alnum:]]_\-\.\@]*\z/.freeze
     end
 
     def file_name_regex_message
@@ -69,7 +69,7 @@ module Gitlab
     end
 
     def file_path_regex
-      @file_path_regex ||= /\A[a-zA-Z0-9_\-\.\/\@]*\z/.freeze
+      @file_path_regex ||= /\A[[[:alnum:]]_\-\.\/\@]*\z/.freeze
     end
 
     def file_path_regex_message

lib/gitlab/url_builder.rb

@@ -24,6 +24,8 @@ module Gitlab
         wiki_page_url
       when ProjectSnippet
         project_snippet_url(object)
+      when Snippet
+        personal_snippet_url(object)
       else
         raise NotImplementedError.new("No URL builder defined for #{object.class}")
       end

lib/tasks/migrate/setup_postgresql.rake

+require Rails.root.join('lib/gitlab/database')
+require Rails.root.join('lib/gitlab/database/migration_helpers')
 require Rails.root.join('db/migrate/20151007120511_namespaces_projects_path_lower_indexes')
 require Rails.root.join('db/migrate/20151008110232_add_users_lower_username_email_indexes')
+require Rails.root.join('db/migrate/20161212142807_add_lower_path_index_to_routes')
 
 desc 'GitLab | Sets up PostgreSQL'
 task setup_postgresql: :environment do
   NamespacesProjectsPathLowerIndexes.new.up
   AddUsersLowerUsernameEmailIndexes.new.up
+  AddLowerPathIndexToRoutes.new.up
 end

package.json

 {
   "private": true,
   "scripts": {
-    "eslint": "eslint --ext .js,.js.es6 .",
+    "eslint": "eslint --max-warnings 0 --ext .js,.js.es6 .",
     "eslint-fix": "npm run eslint -- --fix",
     "eslint-report": "npm run eslint -- --format html --output-file ./eslint-report.html"
   },

spec/controllers/projects/releases_controller_spec.rb

+require 'spec_helper'
+
+describe Projects::ReleasesController do
+  let!(:project) { create(:project) }
+  let!(:user)    { create(:user) }
+  let!(:release) { create(:release, project: project) }
+  let!(:tag)     { release.tag }
+
+  before do
+    project.team << [user, :developer]
+    sign_in(user)
+  end
+
+  describe 'GET #edit' do
+    it 'initializes a new release' do
+      tag_id = release.tag
+      project.releases.destroy_all
+
+      get :edit, namespace_id: project.namespace.path, project_id: project.path, tag_id: tag_id
+
+      release = assigns(:release)
+      expect(release).not_to be_nil
+      expect(release).not_to be_persisted
+    end
+
+    it 'retrieves an existing release' do
+      get :edit, namespace_id: project.namespace.path, project_id: project.path, tag_id: release.tag
+
+      release = assigns(:release)
+      expect(release).not_to be_nil
+      expect(release).to be_persisted
+    end
+  end
+
+  describe 'PUT #update' do
+    it 'updates release note description' do
+      update_release('description updated')
+
+      release = project.releases.find_by_tag(tag)
+      expect(release.description).to eq("description updated")
+    end
+
+    it 'deletes release note when description is null' do
+      expect { update_release('') }.to change(project.releases, :count).by(-1)
+    end
+  end
+
+  def update_release(description)
+    put :update,
+      namespace_id: project.namespace.to_param,
+      project_id: project.to_param,
+      tag_id: release.tag,
+      release: { description: description }
+  end
+end

spec/factories/groups.rb

@@ -19,5 +19,9 @@ FactoryGirl.define do
     trait :access_requestable do
       request_access_enabled true
     end
+
+    trait :nested do
+      parent factory: :group
+    end
   end
 end

features/steps/admin/settings.rb → spec/features/admin/admin_settings_spec.rb

-class Spinach::Features::AdminSettings < Spinach::FeatureSteps
-  include SharedAuthentication
-  include SharedPaths
-  include SharedAdmin
-  include Gitlab::CurrentSettings
+require 'spec_helper'
 
-  step 'I modify settings and save form' do
+feature 'Admin updates settings', feature: true do
+  before(:each) do
+    login_as :admin
+    visit admin_application_settings_path
+  end
+
+  scenario 'Change application settings' do
     uncheck 'Gravatar enabled'
     fill_in 'Home page URL', with: 'https://about.gitlab.com/'
     fill_in 'Help page text', with: 'Example text'
     click_button 'Save'
-  end
 
-  step 'I should see application settings saved' do
     expect(current_application_settings.gravatar_enabled).to be_falsey
     expect(current_application_settings.home_page_url).to eq "https://about.gitlab.com/"
     expect(page).to have_content "Application settings saved successfully"
   end
 
-  step 'I click on "Service Templates"' do
+  scenario 'Change Slack Service template settings' do
     click_link 'Service Templates'
-  end
-
-  step 'I click on "Slack" service' do
     click_link 'Slack'
-  end
-
-  step 'I check all events and submit form' do
-    page.check('Active')
-    page.check('Push')
-    page.check('Tag push')
-    page.check('Note')
-    page.check('Issue')
-    page.check('Merge request')
-    page.check('Build')
-    page.check('Pipeline')
-    click_on 'Save'
-  end
-
-  step 'I fill out Slack settings' do
     fill_in 'Webhook', with: 'http://localhost'
     fill_in 'Username', with: 'test_user'
     fill_in 'service_push_channel', with: '#test_channel'
     page.check('Notify only broken builds')
-  end
 
-  step 'I should see service template settings saved' do
+    check_all_events
+    click_on 'Save'
+
     expect(page).to have_content 'Application settings saved successfully'
-  end
 
-  step 'I should see all checkboxes checked' do
+    click_link 'Slack'
+
     page.all('input[type=checkbox]').each do |checkbox|
       expect(checkbox).to be_checked
     end
-  end
-
-  step 'I should see Slack settings saved' do
     expect(find_field('Webhook').value).to eq 'http://localhost'
     expect(find_field('Username').value).to eq 'test_user'
     expect(find('#service_push_channel').value).to eq '#test_channel'
   end
+
+  def check_all_events
+    page.check('Active')
+    page.check('Push')
+    page.check('Tag push')
+    page.check('Note')
+    page.check('Issue')
+    page.check('Merge request')
+    page.check('Build')
+    page.check('Pipeline')
+  end
 end

spec/features/dashboard/datetime_on_tooltips_spec.rb

@@ -36,7 +36,7 @@ feature 'Tooltips on .timeago dates', feature: true, js: true do
       visit user_snippets_path(user)
       wait_for_ajax()
 
-      page.find('.js-timeago').hover
+      page.find('.js-timeago.snippet-created-ago').hover
     end
 
     it 'has the datetime formated correctly' do

spec/features/groups/members/last_owner_cannot_leave_group_spec.rb

@@ -10,7 +10,7 @@ feature 'Groups > Members > Last owner cannot leave group', feature: true do
     visit group_path(group)
   end
 
-  scenario 'user does not see a "Leave Group" link' do
-    expect(page).not_to have_content 'Leave Group'
+  scenario 'user does not see a "Leave group" link' do
+    expect(page).not_to have_content 'Leave group'
   end
 end

spec/features/groups/members/member_leaves_group_spec.rb

@@ -13,7 +13,7 @@ feature 'Groups > Members > Member leaves group', feature: true do
   end
 
   scenario 'user leaves group' do
-    click_link 'Leave Group'
+    click_link 'Leave group'
 
     expect(current_path).to eq(dashboard_groups_path)
     expect(group.users.exists?(user.id)).to be_falsey

spec/features/groups/members/user_requests_access_spec.rb

@@ -29,7 +29,7 @@ feature 'Groups > Members > User requests access', feature: true do
     expect(page).to have_content 'Your request for access has been queued for review.'
 
     expect(page).to have_content 'Withdraw Access Request'
-    expect(page).not_to have_content 'Leave Group'
+    expect(page).not_to have_content 'Leave group'
   end
 
   scenario 'user does not see private projects' do

spec/features/help_pages_spec.rb

 require 'spec_helper'
 
 describe 'Help Pages', feature: true do
-  describe 'Show SSH page' do
-    before do
-      login_as :user
-    end
-    it 'replaces the variable $your_email with the email of the user' do
-      visit help_page_path('ssh/README')
-      expect(page).to have_content("ssh-keygen -t rsa -C \"#{@user.email}\"")
-    end
-  end
-
   describe 'Get the main help page' do
     shared_examples_for 'help page' do |prefix: ''|
       it 'prefixes links correctly' do

spec/features/issues/gfm_autocomplete_spec.rb

@@ -2,8 +2,9 @@ require 'rails_helper'
 
 feature 'GFM autocomplete', feature: true, js: true do
   include WaitForAjax
-  let(:user)    { create(:user) }
+  let(:user)    { create(:user, username: 'someone.special') }
   let(:project) { create(:project) }
+  let(:label) { create(:label, project: project, title: 'special+') }
   let(:issue)   { create(:issue, project: project) }
 
   before do
@@ -23,21 +24,69 @@ feature 'GFM autocomplete', feature: true, js: true do
     expect(page).to have_selector('.atwho-container')
   end
 
-  it 'opens autocomplete menu when field is prefixed with non-text character' do
+  it 'doesnt open autocomplete menu character is prefixed with text' do
     page.within '.timeline-content-form' do
-      find('#note_note').native.send_keys('')
+      find('#note_note').native.send_keys('testing')
       find('#note_note').native.send_keys('@')
     end
 
-    expect(page).to have_selector('.atwho-container')
+    expect(page).not_to have_selector('.atwho-view')
   end
 
-  it 'doesnt open autocomplete menu character is prefixed with text' do
-    page.within '.timeline-content-form' do
-      find('#note_note').native.send_keys('testing')
-      find('#note_note').native.send_keys('@')
+  context 'if a selected value has special characters' do
+    it 'wraps the result in double quotes' do
+      note = find('#note_note')
+      page.within '.timeline-content-form' do
+        note.native.send_keys('')
+        note.native.send_keys("~#{label.title[0]}")
+        sleep 1
+        note.click
+      end
+
+      label_item = find('.atwho-view li', text: label.title)
+
+      expect_to_wrap(true, label_item, note, label.title)
     end
 
-    expect(page).not_to have_selector('.atwho-view')
+    it 'doesn\'t wrap for assignee values' do
+      note = find('#note_note')
+      page.within '.timeline-content-form' do
+        note.native.send_keys('')
+        note.native.send_keys("@#{user.username[0]}")
+        sleep 1
+        note.click
+      end
+
+      user_item = find('.atwho-view li', text: user.username)
+
+      expect_to_wrap(false, user_item, note, user.username)
+    end
+
+    it 'doesn\'t wrap for emoji values' do
+      note = find('#note_note')
+      page.within '.timeline-content-form' do
+        note.native.send_keys('')
+        note.native.send_keys(":cartwheel")
+        sleep 1
+        note.click
+      end
+
+      emoji_item = find('.atwho-view li', text: 'cartwheel_tone1')
+
+      expect_to_wrap(false, emoji_item, note, 'cartwheel_tone1')
+    end
+
+    def expect_to_wrap(should_wrap, item, note, value)
+      expect(item).to have_content(value)
+      expect(item).not_to have_content("\"#{value}\"")
+
+      item.click
+
+      if should_wrap
+        expect(note.value).to include("\"#{value}\"")
+      else
+        expect(note.value).not_to include("\"#{value}\"")
+      end
+    end
   end
 end

spec/features/projects/files/creating_a_file_spec.rb

+require 'spec_helper'
+
+feature 'User wants to create a file', feature: true do
+  include WaitForAjax
+
+  let(:project) { create(:project) }
+  let(:user) { create(:user) }
+
+  background do
+    project.team << [user, :master]
+    login_as user
+    visit namespace_project_new_blob_path(project.namespace, project, project.default_branch)
+  end
+
+  def submit_new_file(options)
+    file_name = find('#file_name')
+    file_name.set options[:file_name] || 'README.md'
+
+    file_content = find('#file-content')
+    file_content.set options[:file_content] || 'Some content'
+
+    click_button 'Commit Changes'
+  end
+
+  scenario 'file name contains Chinese characters' do
+    submit_new_file(file_name: '测试.md')
+    expect(page).to have_content 'The file has been successfully created.'
+  end
+
+  scenario 'directory name contains Chinese characters' do
+    submit_new_file(file_name: '中文/测试.md')
+    expect(page).to have_content 'The file has been successfully created.'
+  end
+
+  scenario 'file name contains invalid characters' do
+    submit_new_file(file_name: '\\')
+    expect(page).to have_content 'Your changes could not be committed, because the file name can contain only'
+  end
+
+  scenario 'file name contains directory traversal' do
+    submit_new_file(file_name: '../README.md')
+    expect(page).to have_content 'Your changes could not be committed, because the file name cannot include directory traversal.'
+  end
+end

spec/features/projects/members/group_member_cannot_leave_group_project_spec.rb

@@ -12,6 +12,6 @@ feature 'Projects > Members > Group member cannot leave group project', feature:
   end
 
   scenario 'user does not see a "Leave project" link' do
-    expect(page).not_to have_content 'Leave Project'
+    expect(page).not_to have_content 'Leave project'
   end
 end

spec/features/projects/members/group_requester_cannot_request_access_to_project_spec.rb

 require 'spec_helper'
 
-feature 'Projects > Members > Group requester cannot request access to project', feature: true do
+feature 'Projects > Members > Group requester cannot request access to project', feature: true, js: true do
   let(:user) { create(:user) }
   let(:owner) { create(:user) }
   let(:group) { create(:group, :public, :access_requestable) }

spec/features/projects/members/member_leaves_project_spec.rb

@@ -11,7 +11,7 @@ feature 'Projects > Members > Member leaves project', feature: true do
   end
 
   scenario 'user leaves project' do
-    click_link 'Leave Project'
+    click_link 'Leave project'
 
     expect(current_path).to eq(dashboard_projects_path)
     expect(project.users.exists?(user.id)).to be_falsey

spec/features/projects/members/owner_cannot_leave_project_spec.rb

@@ -8,7 +8,7 @@ feature 'Projects > Members > Owner cannot leave project', feature: true do
     visit namespace_project_path(project.namespace, project)
   end
 
-  scenario 'user does not see a "Leave Project" link' do
-    expect(page).not_to have_content 'Leave Project'
+  scenario 'user does not see a "Leave project" link' do
+    expect(page).not_to have_content 'Leave project'
   end
 end

spec/finders/snippets_finder_spec.rb

@@ -9,65 +9,74 @@ describe SnippetsFinder do
   let(:project2) { create(:empty_project, :private, group: group) }
 
   context ':all filter' do
-    before do
-      @snippet1 = create(:personal_snippet, :private)
-      @snippet2 = create(:personal_snippet, :internal)
-      @snippet3 = create(:personal_snippet, :public)
-    end
+    let!(:snippet1) { create(:personal_snippet, :private) }
+    let!(:snippet2) { create(:personal_snippet, :internal) }
+    let!(:snippet3) { create(:personal_snippet, :public) }
 
     it "returns all private and internal snippets" do
       snippets = SnippetsFinder.new.execute(user, filter: :all)
-      expect(snippets).to include(@snippet2, @snippet3)
-      expect(snippets).not_to include(@snippet1)
+      expect(snippets).to include(snippet2, snippet3)
+      expect(snippets).not_to include(snippet1)
     end
 
     it "returns all public snippets" do
       snippets = SnippetsFinder.new.execute(nil, filter: :all)
-      expect(snippets).to include(@snippet3)
-      expect(snippets).not_to include(@snippet1, @snippet2)
+      expect(snippets).to include(snippet3)
+      expect(snippets).not_to include(snippet1, snippet2)
     end
   end
 
-  context ':by_user filter' do
-    before do
-      @snippet1 = create(:personal_snippet, :private,  author: user)
-      @snippet2 = create(:personal_snippet, :internal, author: user)
-      @snippet3 = create(:personal_snippet, :public,   author: user)
+  context ':public filter' do
+    let!(:snippet1) { create(:personal_snippet, :private) }
+    let!(:snippet2) { create(:personal_snippet, :internal) }
+    let!(:snippet3) { create(:personal_snippet, :public) }
+
+    it "returns public public snippets" do
+      snippets = SnippetsFinder.new.execute(nil, filter: :public)
+
+      expect(snippets).to include(snippet3)
+      expect(snippets).not_to include(snippet1, snippet2)
     end
+  end
+
+  context ':by_user filter' do
+    let!(:snippet1) { create(:personal_snippet, :private, author: user) }
+    let!(:snippet2) { create(:personal_snippet, :internal, author: user) }
+    let!(:snippet3) { create(:personal_snippet, :public, author: user) }
 
     it "returns all public and internal snippets" do
       snippets = SnippetsFinder.new.execute(user1, filter: :by_user, user: user)
-      expect(snippets).to include(@snippet2, @snippet3)
-      expect(snippets).not_to include(@snippet1)
+      expect(snippets).to include(snippet2, snippet3)
+      expect(snippets).not_to include(snippet1)
     end
 
     it "returns internal snippets" do
       snippets = SnippetsFinder.new.execute(user, filter: :by_user, user: user, scope: "are_internal")
-      expect(snippets).to include(@snippet2)
-      expect(snippets).not_to include(@snippet1, @snippet3)
+      expect(snippets).to include(snippet2)
+      expect(snippets).not_to include(snippet1, snippet3)
     end
 
     it "returns private snippets" do
       snippets = SnippetsFinder.new.execute(user, filter: :by_user, user: user, scope: "are_private")
-      expect(snippets).to include(@snippet1)
-      expect(snippets).not_to include(@snippet2, @snippet3)
+      expect(snippets).to include(snippet1)
+      expect(snippets).not_to include(snippet2, snippet3)
     end
 
     it "returns public snippets" do
       snippets = SnippetsFinder.new.execute(user, filter: :by_user, user: user, scope: "are_public")
-      expect(snippets).to include(@snippet3)
-      expect(snippets).not_to include(@snippet1, @snippet2)
+      expect(snippets).to include(snippet3)
+      expect(snippets).not_to include(snippet1, snippet2)
     end
 
     it "returns all snippets" do
       snippets = SnippetsFinder.new.execute(user, filter: :by_user, user: user)
-      expect(snippets).to include(@snippet1, @snippet2, @snippet3)
+      expect(snippets).to include(snippet1, snippet2, snippet3)
     end
 
     it "returns only public snippets if unauthenticated user" do
       snippets = SnippetsFinder.new.execute(nil, filter: :by_user, user: user)
-      expect(snippets).to include(@snippet3)
-      expect(snippets).not_to include(@snippet2, @snippet1)
+      expect(snippets).to include(snippet3)
+      expect(snippets).not_to include(snippet2, snippet1)
     end
   end
 
@@ -84,16 +93,39 @@ describe SnippetsFinder do
       expect(snippets).not_to include(@snippet1, @snippet2)
     end
 
-    it "returns public and internal snippets for none project members" do
+    it "returns public and internal snippets for non project members" do
       snippets = SnippetsFinder.new.execute(user, filter: :by_project, project: project1)
       expect(snippets).to include(@snippet2, @snippet3)
       expect(snippets).not_to include(@snippet1)
     end
 
+    it "returns public snippets for non project members" do
+      snippets = SnippetsFinder.new.execute(user, filter: :by_project, project: project1, scope: "are_public")
+      expect(snippets).to include(@snippet3)
+      expect(snippets).not_to include(@snippet1, @snippet2)
+    end
+
+    it "returns internal snippets for non project members" do
+      snippets = SnippetsFinder.new.execute(user, filter: :by_project, project: project1, scope: "are_internal")
+      expect(snippets).to include(@snippet2)
+      expect(snippets).not_to include(@snippet1, @snippet3)
+    end
+
+    it "does not return private snippets for non project members" do
+      snippets = SnippetsFinder.new.execute(user, filter: :by_project, project: project1, scope: "are_private")
+      expect(snippets).not_to include(@snippet1, @snippet2, @snippet3)
+    end
+
     it "returns all snippets for project members" do
       project1.team << [user, :developer]
       snippets = SnippetsFinder.new.execute(user, filter: :by_project, project: project1)
       expect(snippets).to include(@snippet1, @snippet2, @snippet3)
     end
+
+    it "returns private snippets for project members" do
+      project1.team << [user, :developer]
+      snippets = SnippetsFinder.new.execute(user, filter: :by_project, project: project1, scope: "are_private")
+      expect(snippets).to include(@snippet1)
+    end
   end
 end

spec/javascripts/awards_handler_spec.js

@@ -33,9 +33,9 @@
   };
 
   describe('AwardsHandler', function() {
-    fixture.preload('awards_handler.html');
+    fixture.preload('issues/open-issue.html.raw');
     beforeEach(function() {
-      fixture.load('awards_handler.html');
+      fixture.load('issues/open-issue.html.raw');
       awardsHandler = new AwardsHandler;
       spyOn(awardsHandler, 'postEmoji').and.callFake((function(_this) {
         return function(url, emoji, cb) {
@@ -113,7 +113,7 @@
     });
     describe('::getAwardUrl', function() {
       return it('should return the url for request', function() {
-        return expect(awardsHandler.getAwardUrl()).toBe('/gitlab-org/gitlab-test/issues/8/toggle_award_emoji');
+        return expect(awardsHandler.getAwardUrl()).toBe('http://test.host/frontend-fixtures/issues-project/issues/1/toggle_award_emoji');
       });
     });
     describe('::addAward and ::checkMutuality', function() {
@@ -209,7 +209,7 @@
         $('.js-add-award').eq(0).click();
         $menu = $('.emoji-menu');
         $block = $('.js-awards-block');
-        $emoji = $menu.find(".emoji-menu-list-item " + selector);
+        $emoji = $menu.find('.emoji-menu-list:not(.frequent-emojis) ' + selector);
         expect($emoji.length).toBe(1);
         expect($block.find(selector).length).toBe(0);
         $emoji.click();
@@ -224,7 +224,7 @@
         openEmojiMenuAndAddEmoji();
         $('.js-add-award').eq(0).click();
         $block = $('.js-awards-block');
-        $emoji = $('.emoji-menu').find(".emoji-menu-list-item " + selector);
+        $emoji = $('.emoji-menu').find(".emoji-menu-list:not(.frequent-emojis) " + selector);
         $emoji.click();
         return expect($block.find(selector).length).toBe(0);
       });

spec/javascripts/fixtures/awards_handler.html.haml

-.issue-details.issuable-details
-  .detail-page-description.content-block
-    %h2.title Quibusdam sint officiis earum molestiae ipsa autem voluptatem nisi rem.
-    .description.js-task-list-container.is-task-list-enabled
-      .wiki
-        %p Qui exercitationem magnam optio quae fuga earum odio.
-        %textarea.hidden.js-task-list-field Qui exercitationem magnam optio quae fuga earum odio.
-      %small.edited-text
-    .content-block.content-block-small
-      .awards.js-awards-block{"data-award-url" => "/gitlab-org/gitlab-test/issues/8/toggle_award_emoji"}
-        %button.award-control.btn.js-emoji-btn{"data-placement" => "bottom", "data-title" => "", :type => "button"}
-          .icon.emoji-icon.emoji-1F44D{"data-aliases" => "", "data-emoji" => "thumbsup", "data-unicode-name" => "1F44D", :title => "thumbsup"}
-          %span.award-control-text.js-counter 0
-        %button.award-control.btn.js-emoji-btn{"data-placement" => "bottom", "data-title" => "", :type => "button"}
-          .icon.emoji-icon.emoji-1F44E{"data-aliases" => "", "data-emoji" => "thumbsdown", "data-unicode-name" => "1F44E", :title => "thumbsdown"}
-          %span.award-control-text.js-counter 0
-        .award-menu-holder.js-award-holder
-          %button.btn.award-control.js-add-award{:type => "button"}
-            %i.fa.fa-smile-o.award-control-icon.award-control-icon-normal
-            %i.fa.fa-spinner.fa-spin.award-control-icon.award-control-icon-loading
-            %span.award-control-text Add
-    %section.issuable-discussion
-      #notes
-        %ul#notes-list.notes.main-notes-list.timeline
-          %li#note_348.note.note-row-348.timeline-entry{"data-author-id" => "18", "data-editable" => ""}
-            .timeline-entry-inner
-              .timeline-icon
-                %a{:href => "/u/agustin"}
-                  %img.avatar.s40{:alt => "", :src => "#"}/
-              .timeline-content
-                .note-header
-                  %a.author_link{:href => "/u/agustin"}
-                    %span.author Brenna Stokes
-                  .inline.note-headline-light
-                    @agustin commented
-                    %a{:href => "#note_348"}
-                      %time 11 days ago
-                  .note-actions
-                    %span.note-role Reporter
-                    %a.note-action-button.note-emoji-button.js-add-award.js-note-emoji{"data-position" => "right", :href => "#", :title => "Award Emoji"}
-                      %i.fa.fa-spinner.fa-spin
-                      %i.fa.fa-smile-o.link-highlight
-                .js-task-list-container.note-body.is-task-list-enabled
-                  .note-text
-                    %p Suscipit sunt quia quisquam sed eveniet ipsam.
-                  .note-awards
-                    .awards.hidden.js-awards-block{"data-award-url" => "/gitlab-org/gitlab-test/notes/348/toggle_award_emoji"}
-                      .award-menu-holder.js-award-holder
-                        %button.btn.award-control.js-add-award{:type => "button"}
-                          %i.fa.fa-smile-o.award-control-icon.award-control-icon-normal
-                          %i.fa.fa-spinner.fa-spin.award-control-icon.award-control-icon-loading
-                          %span.award-control-text Add

spec/javascripts/fixtures/pipeline_graph.html.haml

+%div.pipeline-visualization.js-pipeline-graph
+  %ul.stage-column-list
+    %li.stage-column
+      .stage-name
+        %a{:href => "/"}
+          Test
+          .builds-container
+            %ul
+              %li.build
+                .curve
+                .build-content
+                  %a
+                    %svg
+                    .ci-status-text
+                      stop_review

spec/javascripts/merge_request_widget_spec.js

@@ -106,6 +106,18 @@
       });
     });
 
+    describe('mergeInProgress', function() {
+       it('should display error with h4 tag', function() {
+          spyOn(this.class.$widgetBody, 'html').and.callFake(function(html) {
+            expect(html).toBe('<h4>Sorry, something went wrong.</h4>');
+          });
+          spyOn($, 'ajax').and.callFake(function(e) {
+            e.success({ merge_error: 'Sorry, something went wrong.' });
+          });
+          this.class.mergeInProgress(null);
+        });
+      });
+
     return describe('getCIStatus', function() {
       beforeEach(function() {
         this.ciStatusData = {

spec/javascripts/pipelines_spec.js.es6

+//= require pipelines
+
+(() => {
+  describe('Pipelines', () => {
+    fixture.preload('pipeline_graph');
+
+    beforeEach(() => {
+      fixture.load('pipeline_graph');
+    });
+
+    it('should be defined', () => {
+      expect(window.gl.Pipelines).toBeDefined();
+    });
+
+    it('should create a `Pipelines` instance without options', () => {
+      expect(() => { new window.gl.Pipelines(); }).not.toThrow(); //eslint-disable-line
+    });
+
+    it('should create a `Pipelines` instance with options', () => {
+      const pipelines = new window.gl.Pipelines({ foo: 'bar' });
+
+      expect(pipelines.pipelineGraph).toBeDefined();
+    });
+  });
+})();

spec/javascripts/project_title_spec.js

@@ -21,16 +21,18 @@
       return this.project = new Project();
     });
     return describe('project list', function() {
+      var fakeAjaxResponse = function fakeAjaxResponse(req) {
+        var d;
+        expect(req.url).toBe('/api/v3/projects.json?simple=true');
+        d = $.Deferred();
+        d.resolve(this.projects_data);
+        return d.promise();
+      };
+
       beforeEach((function(_this) {
         return function() {
           _this.projects_data = fixture.load('projects.json')[0];
-          return spyOn(jQuery, 'ajax').and.callFake(function(req) {
-            var d;
-            expect(req.url).toBe('/api/v3/projects.json?simple=true');
-            d = $.Deferred();
-            d.resolve(_this.projects_data);
-            return d.promise();
-          });
+          return spyOn(jQuery, 'ajax').and.callFake(fakeAjaxResponse.bind(_this));
         };
       })(this));
       it('to show on toggle click', (function(_this) {

spec/javascripts/smart_interval_spec.js.es6

@@ -14,8 +14,9 @@
       startingInterval: DEFAULT_STARTING_INTERVAL,
       maxInterval: DEFAULT_MAX_INTERVAL,
       incrementByFactorOf: DEFAULT_INCREMENT_FACTOR,
-      delayStartBy: 0,
       lazyStart: false,
+      immediateExecution: false,
+      hiddenInterval: null,
     };
 
     if (config) {
@@ -114,14 +115,31 @@
           expect(interval.state.intervalId).toBeTruthy();
 
           // simulates triggering of visibilitychange event
-          interval.state.pageVisibility = 'hidden';
-          interval.handleVisibilityChange();
+          interval.handleVisibilityChange({ target: { visibilityState: 'hidden' } });
 
           expect(interval.state.intervalId).toBeUndefined();
           done();
         }, DEFAULT_SHORT_TIMEOUT);
       });
 
+      it('should change to the hidden interval when page is not visible', function (done) {
+        const HIDDEN_INTERVAL = 1500;
+        const interval = createDefaultSmartInterval({ hiddenInterval: HIDDEN_INTERVAL });
+
+        setTimeout(() => {
+          expect(interval.state.intervalId).toBeTruthy();
+          expect(interval.getCurrentInterval() >= DEFAULT_STARTING_INTERVAL &&
+            interval.getCurrentInterval() <= DEFAULT_MAX_INTERVAL).toBeTruthy();
+
+          // simulates triggering of visibilitychange event
+          interval.handleVisibilityChange({ target: { visibilityState: 'hidden' } });
+
+          expect(interval.state.intervalId).toBeTruthy();
+          expect(interval.getCurrentInterval()).toBe(HIDDEN_INTERVAL);
+          done();
+        }, DEFAULT_SHORT_TIMEOUT);
+      });
+
       it('should resume when page is becomes visible at the previous interval', function (done) {
         const interval = this.smartInterval;
 
@@ -129,14 +147,12 @@
           expect(interval.state.intervalId).toBeTruthy();
 
           // simulates triggering of visibilitychange event
-          interval.state.pageVisibility = 'hidden';
-          interval.handleVisibilityChange();
+          interval.handleVisibilityChange({ target: { visibilityState: 'hidden' } });
 
           expect(interval.state.intervalId).toBeUndefined();
 
           // simulates triggering of visibilitychange event
-          interval.state.pageVisibility = 'visible';
-          interval.handleVisibilityChange();
+          interval.handleVisibilityChange({ target: { visibilityState: 'visible' } });
 
           expect(interval.state.intervalId).toBeTruthy();
 
@@ -154,6 +170,11 @@
           done();
         }, DEFAULT_SHORT_TIMEOUT);
       });
+
+      it('should execute callback before first interval', function () {
+        const interval = createDefaultSmartInterval({ immediateExecution: true });
+        expect(interval.cfg.immediateExecution).toBeFalsy();
+      });
     });
   });
 })(window.gl || (window.gl = {}));

spec/lib/banzai/filter/relative_link_filter_spec.rb

@@ -175,7 +175,7 @@ describe Banzai::Filter::RelativeLinkFilter, lib: true do
       allow_any_instance_of(described_class).to receive(:uri_type).and_return(:raw)
 
       doc = filter(image(escaped))
-      expect(doc.at_css('img')['src']).to match '/raw/'
+      expect(doc.at_css('img')['src']).to eq "/#{project_path}/raw/#{Addressable::URI.escape(ref)}/#{escaped}"
     end
 
     context 'when requested path is a file in the repo' do

spec/models/concerns/routable_spec.rb

@@ -3,6 +3,10 @@ require 'spec_helper'
 describe Group, 'Routable' do
   let!(:group) { create(:group) }
 
+  describe 'Validations' do
+    it { is_expected.to validate_presence_of(:route) }
+  end
+
   describe 'Associations' do
     it { is_expected.to have_one(:route).dependent(:destroy) }
   end
@@ -35,16 +39,16 @@ describe Group, 'Routable' do
     it { expect(described_class.find_by_full_path('unknown')).to eq(nil) }
   end
 
-  describe '.where_paths_in' do
+  describe '.where_full_path_in' do
     context 'without any paths' do
       it 'returns an empty relation' do
-        expect(described_class.where_paths_in([])).to eq([])
+        expect(described_class.where_full_path_in([])).to eq([])
       end
     end
 
     context 'without any valid paths' do
       it 'returns an empty relation' do
-        expect(described_class.where_paths_in(%w[unknown])).to eq([])
+        expect(described_class.where_full_path_in(%w[unknown])).to eq([])
       end
     end
 
@@ -52,13 +56,13 @@ describe Group, 'Routable' do
       let!(:nested_group) { create(:group, parent: group) }
 
       it 'returns the projects matching the paths' do
-        result = described_class.where_paths_in([group.to_param, nested_group.to_param])
+        result = described_class.where_full_path_in([group.to_param, nested_group.to_param])
 
         expect(result).to contain_exactly(group, nested_group)
       end
 
       it 'returns projects regardless of the casing of paths' do
-        result = described_class.where_paths_in([group.to_param.upcase, nested_group.to_param.upcase])
+        result = described_class.where_full_path_in([group.to_param.upcase, nested_group.to_param.upcase])
 
         expect(result).to contain_exactly(group, nested_group)
       end

spec/models/group_spec.rb

@@ -271,4 +271,11 @@ describe Group, models: true do
       expect(group.web_url).to include("groups/#{group.name}")
     end
   end
+
+  describe 'nested group' do
+    subject { create(:group, :nested) }
+
+    it { is_expected.to be_valid }
+    it { expect(subject.parent).to be_kind_of(Group) }
+  end
 end

spec/models/user_spec.rb

@@ -727,17 +727,6 @@ describe User, models: true do
     end
   end
 
-  describe 'by_username_or_id' do
-    let(:user1) { create(:user, username: 'foo') }
-
-    it "gets the correct user" do
-      expect(User.by_username_or_id(user1.id)).to eq(user1)
-      expect(User.by_username_or_id('foo')).to eq(user1)
-      expect(User.by_username_or_id(-1)).to be_nil
-      expect(User.by_username_or_id('bar')).to be_nil
-    end
-  end
-
   describe '.find_by_ssh_key_id' do
     context 'using an existing SSH key ID' do
       let(:user) { create(:user) }

spec/requests/api/branches_spec.rb

@@ -11,6 +11,7 @@ describe API::Branches, api: true  do
   let!(:guest) { create(:project_member, :guest, user: user2, project: project) }
   let!(:branch_name) { 'feature' }
   let!(:branch_sha) { '0b4bc9a49b562e85de7cc9e834518ea6828729b9' }
+  let!(:branch_with_dot) { CreateBranchService.new(project, user).execute("with.1.2.3", "master") }
 
   describe "GET /projects/:id/repository/branches" do
     it "returns an array of project branches" do
@@ -37,6 +38,13 @@ describe API::Branches, api: true  do
       expect(json_response['developers_can_merge']).to eq(false)
     end
 
+    it "returns the branch information for a single branch with dots in the name" do
+      get api("/projects/#{project.id}/repository/branches/with.1.2.3", user)
+
+      expect(response).to have_http_status(200)
+      expect(json_response['name']).to eq("with.1.2.3")
+    end
+
     context 'on a merged branch' do
       it "returns the branch information for a single branch" do
         get api("/projects/#{project.id}/repository/branches/merge-test", user)
@@ -71,6 +79,14 @@ describe API::Branches, api: true  do
         expect(json_response['developers_can_merge']).to eq(false)
       end
 
+      it "protects a single branch with dots in the name" do
+        put api("/projects/#{project.id}/repository/branches/with.1.2.3/protect", user)
+
+        expect(response).to have_http_status(200)
+        expect(json_response['name']).to eq("with.1.2.3")
+        expect(json_response['protected']).to eq(true)
+      end
+
       it 'protects a single branch and developers can push' do
         put api("/projects/#{project.id}/repository/branches/#{branch_name}/protect", user),
             developers_can_push: true
@@ -220,6 +236,14 @@ describe API::Branches, api: true  do
       expect(json_response['protected']).to eq(false)
     end
 
+    it "update branches with dots in branch name" do
+      put api("/projects/#{project.id}/repository/branches/with.1.2.3/unprotect", user)
+
+      expect(response).to have_http_status(200)
+      expect(json_response['name']).to eq("with.1.2.3")
+      expect(json_response['protected']).to eq(false)
+    end
+
     it "returns success when unprotect branch" do
       put api("/projects/#{project.id}/repository/branches/unknown/unprotect", user)
       expect(response).to have_http_status(404)
@@ -292,6 +316,13 @@ describe API::Branches, api: true  do
       expect(json_response['branch_name']).to eq(branch_name)
     end
 
+    it "removes a branch with dots in the branch name" do
+      delete api("/projects/#{project.id}/repository/branches/with.1.2.3", user)
+
+      expect(response).to have_http_status(200)
+      expect(json_response['branch_name']).to eq("with.1.2.3")
+    end
+
     it 'returns 404 if branch not exists' do
       delete api("/projects/#{project.id}/repository/branches/foobar", user)
       expect(response).to have_http_status(404)

spec/requests/api/commits_spec.rb

@@ -456,6 +456,76 @@ describe API::Commits, api: true  do
     end
   end
 
+  describe 'POST :id/repository/commits/:sha/cherry_pick' do
+    let(:master_pickable_commit)  { project.commit('7d3b0f7cff5f37573aea97cebfd5692ea1689924') }
+
+    context 'authorized user' do
+      it 'cherry picks a commit' do
+        post api("/projects/#{project.id}/repository/commits/#{master_pickable_commit.id}/cherry_pick", user), branch: 'master'
+
+        expect(response).to have_http_status(201)
+        expect(json_response['title']).to eq(master_pickable_commit.title)
+        expect(json_response['message']).to eq(master_pickable_commit.message)
+        expect(json_response['author_name']).to eq(master_pickable_commit.author_name)
+        expect(json_response['committer_name']).to eq(user.name)
+      end
+
+      it 'returns 400 if commit is already included in the target branch' do
+        post api("/projects/#{project.id}/repository/commits/#{master_pickable_commit.id}/cherry_pick", user), branch: 'markdown'
+
+        expect(response).to have_http_status(400)
+        expect(json_response['message']).to eq('Sorry, we cannot cherry-pick this commit automatically.
+                     It may have already been cherry-pick, or a more recent commit may have updated some of its content.')
+      end
+
+      it 'returns 400 if you are not allowed to push to the target branch' do
+        project.team << [user2, :developer]
+        protected_branch = create(:protected_branch, project: project, name: 'feature')
+
+        post api("/projects/#{project.id}/repository/commits/#{master_pickable_commit.id}/cherry_pick", user2), branch: protected_branch.name
+
+        expect(response).to have_http_status(400)
+        expect(json_response['message']).to eq('You are not allowed to push into this branch')
+      end
+
+      it 'returns 400 for missing parameters' do
+        post api("/projects/#{project.id}/repository/commits/#{master_pickable_commit.id}/cherry_pick", user)
+
+        expect(response).to have_http_status(400)
+        expect(json_response['error']).to eq('branch is missing')
+      end
+
+      it 'returns 404 if commit is not found' do
+        post api("/projects/#{project.id}/repository/commits/abcd0123/cherry_pick", user), branch: 'master'
+
+        expect(response).to have_http_status(404)
+        expect(json_response['message']).to eq('404 Commit Not Found')
+      end
+
+      it 'returns 404 if branch is not found' do
+        post api("/projects/#{project.id}/repository/commits/#{master_pickable_commit.id}/cherry_pick", user), branch: 'foo'
+
+        expect(response).to have_http_status(404)
+        expect(json_response['message']).to eq('404 Branch Not Found')
+      end
+
+      it 'returns 400 for missing parameters' do
+        post api("/projects/#{project.id}/repository/commits/#{master_pickable_commit.id}/cherry_pick", user)
+
+        expect(response).to have_http_status(400)
+        expect(json_response['error']).to eq('branch is missing')
+      end
+    end
+
+    context 'unauthorized user' do
+      it 'does not cherry pick the commit' do
+        post api("/projects/#{project.id}/repository/commits/#{master_pickable_commit.id}/cherry_pick"), branch: 'master'
+
+        expect(response).to have_http_status(401)
+      end
+    end
+  end
+
   describe 'Post comment to commit' do
     context 'authorized user' do
       it 'returns comment' do

spec/requests/api/groups_spec.rb

@@ -243,6 +243,28 @@ describe API::Groups, api: true  do
         expect(json_response.length).to eq(2)
         project_names = json_response.map { |proj| proj['name' ] }
         expect(project_names).to match_array([project1.name, project3.name])
+        expect(json_response.first['default_branch']).to be_present
+      end
+
+      it "returns the group's projects with simple representation" do
+        get api("/groups/#{group1.id}/projects", user1), simple: true
+
+        expect(response).to have_http_status(200)
+        expect(json_response.length).to eq(2)
+        project_names = json_response.map { |proj| proj['name' ] }
+        expect(project_names).to match_array([project1.name, project3.name])
+        expect(json_response.first['default_branch']).not_to be_present
+      end
+
+      it 'filters the groups projects' do
+        public_project = create(:project, :public, path: 'test1', group: group1)
+
+        get api("/groups/#{group1.id}/projects", user1), visibility: 'public'
+
+        expect(response).to have_http_status(200)
+        expect(json_response).to be_an(Array)
+        expect(json_response.length).to eq(1)
+        expect(json_response.first['name']).to eq(public_project.name)
       end
 
       it "does not return a non existing group" do

spec/requests/api/api_helpers_spec.rb → spec/requests/api/helpers_spec.rb

@@ -2,7 +2,6 @@ require 'spec_helper'
 
 describe API::Helpers, api: true do
   include API::Helpers
-  include ApiHelpers
   include SentryHelper
 
   let(:user) { create(:user) }
@@ -13,18 +12,18 @@ describe API::Helpers, api: true do
   let(:env) { { 'REQUEST_METHOD' => 'GET' } }
   let(:request) { Rack::Request.new(env) }
 
-  def set_env(token_usr, identifier)
+  def set_env(user_or_token, identifier)
     clear_env
     clear_param
-    env[API::Helpers::PRIVATE_TOKEN_HEADER] = token_usr.private_token
-    env[API::Helpers::SUDO_HEADER] = identifier
+    env[API::Helpers::PRIVATE_TOKEN_HEADER] = user_or_token.respond_to?(:private_token) ? user_or_token.private_token : user_or_token
+    env[API::Helpers::SUDO_HEADER] = identifier.to_s
   end
 
-  def set_param(token_usr, identifier)
+  def set_param(user_or_token, identifier)
     clear_env
     clear_param
-    params[API::Helpers::PRIVATE_TOKEN_PARAM] = token_usr.private_token
-    params[API::Helpers::SUDO_PARAM] = identifier
+    params[API::Helpers::PRIVATE_TOKEN_PARAM] = user_or_token.respond_to?(:private_token) ? user_or_token.private_token : user_or_token
+    params[API::Helpers::SUDO_PARAM] = identifier.to_s
   end
 
   def clear_env
@@ -163,6 +162,13 @@ describe API::Helpers, api: true do
               expect(current_user).to eq(user)
             end
 
+            it 'memoize the current_user: sudo permissions are not run against the sudoed user' do
+              set_env(admin, user.id)
+
+              expect(current_user).to eq(user)
+              expect(current_user).to eq(user)
+            end
+
             it 'handles sudo to oneself' do
               set_env(admin, admin.id)
 
@@ -294,33 +300,48 @@ describe API::Helpers, api: true do
     end
   end
 
-  describe '.sudo_identifier' do
-    it "returns integers when input is an int" do
-      set_env(admin, '123')
-      expect(sudo_identifier).to eq(123)
-      set_env(admin, '0001234567890')
-      expect(sudo_identifier).to eq(1234567890)
-
-      set_param(admin, '123')
-      expect(sudo_identifier).to eq(123)
-      set_param(admin, '0001234567890')
-      expect(sudo_identifier).to eq(1234567890)
+  describe '.sudo?' do
+    context 'when no sudo env or param is passed' do
+      before do
+        doorkeeper_guard_returns(nil)
+      end
+
+      it 'returns false' do
+        expect(sudo?).to be_falsy
+      end
     end
 
-    it "returns string when input is an is not an int" do
-      set_env(admin, '12.30')
-      expect(sudo_identifier).to eq("12.30")
-      set_env(admin, 'hello')
-      expect(sudo_identifier).to eq('hello')
-      set_env(admin, ' 123')
-      expect(sudo_identifier).to eq(' 123')
-
-      set_param(admin, '12.30')
-      expect(sudo_identifier).to eq("12.30")
-      set_param(admin, 'hello')
-      expect(sudo_identifier).to eq('hello')
-      set_param(admin, ' 123')
-      expect(sudo_identifier).to eq(' 123')
+    context 'when sudo env or param is passed', 'user is not an admin' do
+      before do
+        set_env(user, '123')
+      end
+
+      it 'returns an 403 Forbidden' do
+        expect { sudo? }.to raise_error '403 - {"message"=>"403 Forbidden  - Must be admin to use sudo"}'
+      end
+    end
+
+    context 'when sudo env or param is passed', 'user is admin' do
+      context 'personal access token is used' do
+        before do
+          personal_access_token = create(:personal_access_token, user: admin)
+          set_env(personal_access_token.token, user.id)
+        end
+
+        it 'returns an 403 Forbidden' do
+          expect { sudo? }.to raise_error '403 - {"message"=>"403 Forbidden  - Private token must be specified in order to use sudo"}'
+        end
+      end
+
+      context 'private access token is used' do
+        before do
+          set_env(admin.private_token, user.id)
+        end
+
+        it 'returns true' do
+          expect(sudo?).to be_truthy
+        end
+      end
     end
   end
 

spec/requests/api/merge_requests_spec.rb

@@ -533,6 +533,22 @@ describe API::MergeRequests, api: true  do
       expect(json_response['labels']).to include '?'
       expect(json_response['labels']).to include '&'
     end
+
+    it 'does not update state when title is empty' do
+      put api("/projects/#{project.id}/merge_requests/#{merge_request.id}", user), state_event: 'close', title: nil
+
+      merge_request.reload
+      expect(response).to have_http_status(400)
+      expect(merge_request.state).to eq('opened')
+    end
+
+    it 'does not update state when target_branch is empty' do
+      put api("/projects/#{project.id}/merge_requests/#{merge_request.id}", user), state_event: 'close', target_branch: nil
+
+      merge_request.reload
+      expect(response).to have_http_status(400)
+      expect(merge_request.state).to eq('opened')
+    end
   end
 
   describe "POST /projects/:id/merge_requests/:merge_request_id/comments" do

spec/requests/api/services_spec.rb

@@ -2,6 +2,7 @@ require "spec_helper"
 
 describe API::Services, api: true  do
   include ApiHelpers
+
   let(:user) { create(:user) }
   let(:admin) { create(:admin) }
   let(:user2) { create(:user) }
@@ -98,7 +99,7 @@ describe API::Services, api: true  do
         post api("/projects/#{project.id}/services/idonotexist/trigger")
 
         expect(response).to have_http_status(404)
-        expect(json_response["message"]).to eq("404 Service Not Found")
+        expect(json_response["error"]).to eq("404 Not Found")
       end
     end
 
@@ -114,7 +115,7 @@ describe API::Services, api: true  do
         end
 
         it 'when the service is inactive' do
-          post api("/projects/#{project.id}/services/mattermost_slash_commands/trigger")
+          post api("/projects/#{project.id}/services/mattermost_slash_commands/trigger"), params
 
           expect(response).to have_http_status(404)
         end

spec/requests/api/snippets_spec.rb

+require 'rails_helper'
+
+describe API::Snippets, api: true do
+  include ApiHelpers
+  let!(:user) { create(:user) }
+
+  describe 'GET /snippets/' do
+    it 'returns snippets available' do
+      public_snippet = create(:personal_snippet, :public, author: user)
+      private_snippet = create(:personal_snippet, :private, author: user)
+      internal_snippet = create(:personal_snippet, :internal, author: user)
+
+      get api("/snippets/", user)
+
+      expect(response).to have_http_status(200)
+      expect(json_response.map { |snippet| snippet['id']} ).to contain_exactly(
+        public_snippet.id,
+        internal_snippet.id,
+        private_snippet.id)
+      expect(json_response.last).to have_key('web_url')
+      expect(json_response.last).to have_key('raw_url')
+    end
+
+    it 'hides private snippets from regular user' do
+      create(:personal_snippet, :private)
+
+      get api("/snippets/", user)
+      expect(response).to have_http_status(200)
+      expect(json_response.size).to eq(0)
+    end
+  end
+
+  describe 'GET /snippets/public' do
+    let!(:other_user) { create(:user) }
+    let!(:public_snippet) { create(:personal_snippet, :public, author: user) }
+    let!(:private_snippet) { create(:personal_snippet, :private, author: user) }
+    let!(:internal_snippet) { create(:personal_snippet, :internal, author: user) }
+    let!(:public_snippet_other) { create(:personal_snippet, :public, author: other_user) }
+    let!(:private_snippet_other) { create(:personal_snippet, :private, author: other_user) }
+    let!(:internal_snippet_other) { create(:personal_snippet, :internal, author: other_user) }
+
+    it 'returns all snippets with public visibility from all users' do
+      get api("/snippets/public", user)
+
+      expect(response).to have_http_status(200)
+      expect(json_response.map { |snippet| snippet['id']} ).to contain_exactly(
+        public_snippet.id,
+        public_snippet_other.id)
+      expect(json_response.map{ |snippet| snippet['web_url']} ).to include(
+        "http://localhost/snippets/#{public_snippet.id}",
+        "http://localhost/snippets/#{public_snippet_other.id}")
+      expect(json_response.map{ |snippet| snippet['raw_url']} ).to include(
+        "http://localhost/snippets/#{public_snippet.id}/raw",
+        "http://localhost/snippets/#{public_snippet_other.id}/raw")
+    end
+  end
+
+  describe 'GET /snippets/:id/raw' do
+    let(:snippet) { create(:personal_snippet, author: user) }
+
+    it 'returns raw text' do
+      get api("/snippets/#{snippet.id}/raw", user)
+
+      expect(response).to have_http_status(200)
+      expect(response.content_type).to eq 'text/plain'
+      expect(response.body).to eq(snippet.content)
+    end
+
+    it 'returns 404 for invalid snippet id' do
+      delete api("/snippets/1234", user)
+
+      expect(response).to have_http_status(404)
+      expect(json_response['message']).to eq('404 Snippet Not Found')
+    end
+  end
+
+  describe 'POST /snippets/' do
+    let(:params) do
+      {
+        title: 'Test Title',
+        file_name: 'test.rb',
+        content: 'puts "hello world"',
+        visibility_level: Gitlab::VisibilityLevel::PUBLIC
+      }
+    end
+
+    it 'creates a new snippet' do
+      expect do
+        post api("/snippets/", user), params
+      end.to change { PersonalSnippet.count }.by(1)
+
+      expect(response).to have_http_status(201)
+      expect(json_response['title']).to eq(params[:title])
+      expect(json_response['file_name']).to eq(params[:file_name])
+    end
+
+    it 'returns 400 for missing parameters' do
+      params.delete(:title)
+
+      post api("/snippets/", user), params
+
+      expect(response).to have_http_status(400)
+    end
+  end
+
+  describe 'PUT /snippets/:id' do
+    let(:other_user) { create(:user) }
+    let(:public_snippet) { create(:personal_snippet, :public, author: user) }
+    it 'updates snippet' do
+      new_content = 'New content'
+
+      put api("/snippets/#{public_snippet.id}", user), content: new_content
+
+      expect(response).to have_http_status(200)
+      public_snippet.reload
+      expect(public_snippet.content).to eq(new_content)
+    end
+
+    it 'returns 404 for invalid snippet id' do
+      put api("/snippets/1234", user), title: 'foo'
+
+      expect(response).to have_http_status(404)
+      expect(json_response['message']).to eq('404 Snippet Not Found')
+    end
+
+    it "returns 404 for another user's snippet" do
+      put api("/snippets/#{public_snippet.id}", other_user), title: 'fubar'
+
+      expect(response).to have_http_status(404)
+      expect(json_response['message']).to eq('404 Snippet Not Found')
+    end
+
+    it 'returns 400 for missing parameters' do
+      put api("/snippets/1234", user)
+
+      expect(response).to have_http_status(400)
+    end
+  end
+
+  describe 'DELETE /snippets/:id' do
+    let!(:public_snippet) { create(:personal_snippet, :public, author: user) }
+    it 'deletes snippet' do
+      expect do
+        delete api("/snippets/#{public_snippet.id}", user)
+
+        expect(response).to have_http_status(204)
+      end.to change { PersonalSnippet.count }.by(-1)
+    end
+
+    it 'returns 404 for invalid snippet id' do
+      delete api("/snippets/1234", user)
+
+      expect(response).to have_http_status(404)
+      expect(json_response['message']).to eq('404 Snippet Not Found')
+    end
+  end
+end

spec/requests/api/users_spec.rb

@@ -651,13 +651,12 @@ describe API::Users, api: true  do
   end
 
   describe "GET /user" do
-    let(:personal_access_token) { create(:personal_access_token, user: user) }
-    let(:private_token) { user.private_token }
+    let(:personal_access_token) { create(:personal_access_token, user: user).token }
 
     context 'with regular user' do
       context 'with personal access token' do
         it 'returns 403 without private token when sudo is defined' do
-          get api("/user?private_token=#{personal_access_token.token}&sudo=#{user.id}")
+          get api("/user?private_token=#{personal_access_token}&sudo=123")
 
           expect(response).to have_http_status(403)
         end
@@ -665,7 +664,7 @@ describe API::Users, api: true  do
 
       context 'with private token' do
         it 'returns 403 without private token when sudo defined' do
-          get api("/user?private_token=#{private_token}&sudo=#{user.id}")
+          get api("/user?private_token=#{user.private_token}&sudo=123")
 
           expect(response).to have_http_status(403)
         end
@@ -676,40 +675,44 @@ describe API::Users, api: true  do
 
         expect(response).to have_http_status(200)
         expect(response).to match_response_schema('user/public')
+        expect(json_response['id']).to eq(user.id)
       end
     end
 
     context 'with admin' do
-      let(:user) { create(:admin) }
+      let(:admin_personal_access_token) { create(:personal_access_token, user: admin).token }
 
       context 'with personal access token' do
         it 'returns 403 without private token when sudo defined' do
-          get api("/user?private_token=#{personal_access_token.token}&sudo=#{user.id}")
+          get api("/user?private_token=#{admin_personal_access_token}&sudo=#{user.id}")
 
           expect(response).to have_http_status(403)
         end
 
-        it 'returns current user without private token when sudo not defined' do
-          get api("/user?private_token=#{personal_access_token.token}")
+        it 'returns initial current user without private token when sudo not defined' do
+          get api("/user?private_token=#{admin_personal_access_token}")
 
           expect(response).to have_http_status(200)
           expect(response).to match_response_schema('user/public')
+          expect(json_response['id']).to eq(admin.id)
         end
       end
 
       context 'with private token' do
-        it 'returns current user with private token when sudo defined' do
-          get api("/user?private_token=#{private_token}&sudo=#{user.id}")
+        it 'returns sudoed user with private token when sudo defined' do
+          get api("/user?private_token=#{admin.private_token}&sudo=#{user.id}")
 
           expect(response).to have_http_status(200)
           expect(response).to match_response_schema('user/login')
+          expect(json_response['id']).to eq(user.id)
         end
 
-        it 'returns current user without private token when sudo not defined' do
-          get api("/user?private_token=#{private_token}")
+        it 'returns initial current user without private token when sudo not defined' do
+          get api("/user?private_token=#{admin.private_token}")
 
           expect(response).to have_http_status(200)
           expect(response).to match_response_schema('user/public')
+          expect(json_response['id']).to eq(admin.id)
         end
       end
     end

spec/services/system_note_service_spec.rb

@@ -694,7 +694,7 @@ describe SystemNoteService, services: true do
 
     describe "existing reference" do
       before do
-        message = "[#{author.name}|http://localhost/#{author.username}] mentioned this issue in [a commit of #{project.path_with_namespace}|http://localhost/#{project.path_with_namespace}/commit/#{commit.id}]:\n'#{commit.title}'"
+        message = "[#{author.name}|http://localhost/#{author.username}] mentioned this issue in [a commit of #{project.path_with_namespace}|http://localhost/#{project.path_with_namespace}/commit/#{commit.id}]:\n'#{commit.title.chomp}'"
         allow_any_instance_of(JIRA::Resource::Issue).to receive(:comments).and_return([OpenStruct.new(body: message)])
       end
 

spec/support/login_helpers.rb

@@ -75,7 +75,8 @@ module LoginHelpers
   def logout
     find(".header-user-dropdown-toggle").click
     click_link "Sign out"
-    expect(page).to have_content('Signed out successfully')
+    # check the sign_in button
+    expect(page).to have_button('Sign in')
   end
 
   # Logout without JavaScript driver

spec/support/services_shared_context.rb

@@ -16,8 +16,14 @@ Service.available_services_names.each do |service|
           hash.merge!(k => 'secrettoken')
         elsif k =~ /^(.*_url|url|webhook)/
           hash.merge!(k => "http://example.com")
+        elsif service_klass.method_defined?("#{k}?")
+          hash.merge!(k => true)
         elsif service == 'irker' && k == :recipients
           hash.merge!(k => 'irc://irc.network.net:666/#channel')
+        elsif service == 'irker' && k == :server_port
+          hash.merge!(k => 1234)
+        elsif service == 'jira' && k == :jira_issue_transition_id
+          hash.merge!(k => 1234)
         else
           hash.merge!(k => "someword")
         end

spec/views/projects/commit/_commit_box.html.haml_spec.rb

@@ -13,7 +13,7 @@ describe 'projects/commit/_commit_box.html.haml' do
   it 'shows the commit SHA' do
     render
 
-    expect(rendered).to have_text("Commit #{Commit.truncate_sha(project.commit.sha)}")
+    expect(rendered).to have_text("#{Commit.truncate_sha(project.commit.sha)}")
   end
 
   it 'shows the last pipeline that ran for the commit' do

spec/views/projects/pipelines/show.html.haml_spec.rb

@@ -28,7 +28,7 @@ describe 'projects/pipelines/show' do
   it 'shows a graph with grouped stages' do
     render
 
-    expect(rendered).to have_css('.pipeline-graph')
+    expect(rendered).to have_css('.js-pipeline-graph')
     expect(rendered).to have_css('.grouped-pipeline-dropdown')
 
     # stages