Let `oauth/applications#index` handle the `profiles#applications` routeapplication-settings

Previously we were doing all of kinds of code gymnastics and flash abuse
in order to work with a Doorkeeper controller but have it _appear_ at
the `/profile/applications` path. Fortunately we can just tell Rails to
use a different controller to handle that route, and we get the best of
both worlds.

6 files changed, 97 insertions, 124 deletions

diff --git a/app/controllers/oauth/applications_controller.rb b/app/controllers/oauth/applications_controller.rb
index e20446b2cce..d1e4ac10f6c 100644
--- a/app/controllers/oauth/applications_controller.rb
+++ b/app/controllers/oauth/applications_controller.rb
@@ -8,11 +8,7 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
   layout 'profile'
 
   def index
-    head :forbidden and return
-  end
-
-  def new
-    redirect_to applications_profile_url
+    set_index_vars
   end
 
   def create
@@ -24,18 +20,11 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
       flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create])
       redirect_to oauth_application_url(@application)
     else
-      redirect_to applications_profile_url, flash: { application: @application }
+      set_index_vars
+      render :index
     end
   end
 
-  def destroy
-    if @application.destroy
-      flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :destroy])
-    end
-
-    redirect_to applications_profile_url
-  end
-
   private
 
   def verify_user_oauth_applications_enabled
@@ -44,6 +33,17 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
     redirect_to applications_profile_url
   end
 
+  def set_index_vars
+    @applications = current_user.oauth_applications
+    @authorized_tokens = current_user.oauth_authorized_tokens
+    @authorized_anonymous_tokens = @authorized_tokens.reject(&:application)
+    @authorized_apps = @authorized_tokens.map(&:application).uniq.reject(&:nil?)
+
+    # Don't overwrite a value possibly set by `create`
+    @application ||= Doorkeeper::Application.new
+  end
+
+  # Override Doorkeeper to scope to the current user
   def set_application
     @application = current_user.oauth_applications.find(params[:id])
   end
diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
index 75eb9bdb96f..50b8f38eecb 100644
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -8,14 +8,6 @@ class ProfilesController < Profiles::ApplicationController
   def show
   end
 
-  def applications
-    @applications = current_user.oauth_applications
-    @authorized_tokens = current_user.oauth_authorized_tokens
-    @authorized_anonymous_tokens = @authorized_tokens.reject(&:application)
-    @authorized_apps = @authorized_tokens.map(&:application).uniq - [nil]
-    @application = flash[:application] || Doorkeeper::Application.new
-  end
-
   def update
     user_params.except!(:email) if @user.ldap_user?
 
diff --git a/app/views/doorkeeper/applications/index.html.haml b/app/views/doorkeeper/applications/index.html.haml
index ba4c5b86efb..ea0b66c932b 100644
--- a/app/views/doorkeeper/applications/index.html.haml
+++ b/app/views/doorkeeper/applications/index.html.haml
@@ -1,19 +1,83 @@
 - page_title "Applications"
-%h3.page-title Your applications
-%p= link_to 'New Application', new_oauth_application_path, class: 'btn btn-success'
+- header_title page_title, applications_profile_path
 
-.table-holder
-  %table.table.table-striped
-    %thead
-      %tr
-        %th Name
-        %th Callback URL
-        %th
-        %th
-    %tbody
-      - @applications.each do |application|
-        %tr{:id => "application_#{application.id}"}
-          %td= link_to application.name, oauth_application_path(application)
-          %td= application.redirect_uri
-          %td= link_to 'Edit', edit_oauth_application_path(application), class: 'btn btn-link'
-          %td= render 'delete_form', application: application
+.row.prepend-top-default
+  .col-lg-3.profile-settings-sidebar
+    %h4.prepend-top-0
+      = page_title
+    %p
+      - if user_oauth_applications?
+        Manage applications that can use GitLab as an OAuth provider,
+        and applications that you've authorized to use your account.
+      - else
+        Manage applications that you've authorized to use your account.
+  .col-lg-9
+    - if user_oauth_applications?
+      %h5.prepend-top-0
+        Add new application
+      = render 'form', application: @application
+      %hr
+    - if user_oauth_applications?
+      .oauth-applications
+        %h5
+          Your applications (#{@applications.size})
+        - if @applications.any?
+          .table-responsive
+            %table.table
+              %thead
+                %tr
+                  %th Name
+                  %th Callback URL
+                  %th Clients
+                  %th.last-heading
+              %tbody
+                - @applications.each do |application|
+                  %tr{id: "application_#{application.id}"}
+                    %td= link_to application.name, oauth_application_path(application)
+                    %td
+                      - application.redirect_uri.split.each do |uri|
+                        %div= uri
+                    %td= application.access_tokens.count
+                    %td
+                      = link_to edit_oauth_application_path(application), class: "btn btn-transparent append-right-5" do
+                        %span.sr-only
+                          Edit
+                        = icon('pencil')
+                      = render 'delete_form', application: application, small: true
+        - else
+          .profile-settings-message.text-center
+            You don't have any applications
+    .oauth-authorized-applications.prepend-top-20.append-bottom-default
+      - if user_oauth_applications?
+        %h5
+          Authorized applications (#{@authorized_tokens.size})
+
+      - if @authorized_tokens.any?
+        .table-responsive
+          %table.table.table-striped
+            %thead
+              %tr
+                %th Name
+                %th Authorized At
+                %th Scope
+                %th
+            %tbody
+              - @authorized_apps.each do |app|
+                - token = app.authorized_tokens.order('created_at desc').first
+                %tr{id: "application_#{app.id}"}
+                  %td= app.name
+                  %td= token.created_at
+                  %td= token.scopes
+                  %td= render 'delete_form', application: app
+              - @authorized_anonymous_tokens.each do |token|
+                %tr
+                  %td
+                    Anonymous
+                    %div.help-block
+                      %em Authorization was granted by entering your username and password in the application.
+                  %td= token.created_at
+                  %td= token.scopes
+                  %td= render 'delete_form', token: token
+      - else
+        .profile-settings-message.text-center
+          You don't have any authorized applications
diff --git a/app/views/layouts/nav/_profile.html.haml b/app/views/layouts/nav/_profile.html.haml
index f3ded04419b..3b9d31a6fc5 100644
--- a/app/views/layouts/nav/_profile.html.haml
+++ b/app/views/layouts/nav/_profile.html.haml
@@ -17,7 +17,7 @@
       = icon('gear fw')
       %span
         Account
-  = nav_link(path: ['profiles#applications', 'applications#edit', 'applications#show', 'applications#new', 'applications#create']) do
+  = nav_link(controller: 'oauth/applications') do
     = link_to applications_profile_path, title: 'Applications' do
       = icon('cloud fw')
       %span
diff --git a/app/views/profiles/applications.html.haml b/app/views/profiles/applications.html.haml
deleted file mode 100644
index 7c0f700d68d..00000000000
--- a/app/views/profiles/applications.html.haml
+++ /dev/null
@@ -1,83 +0,0 @@
-- page_title "Applications"
-- header_title page_title, applications_profile_path
-
-.row.prepend-top-default
-  .col-lg-3.profile-settings-sidebar
-    %h4.prepend-top-0
-      = page_title
-    %p
-      - if user_oauth_applications?
-        Manage applications that can use GitLab as an OAuth provider,
-        and applications that you've authorized to use your account.
-      - else
-        Manage applications that you've authorized to use your account.
-  .col-lg-9
-    - if user_oauth_applications?
-      %h5.prepend-top-0
-        Add new application
-      = render 'doorkeeper/applications/form', application: @application
-      %hr
-    - if user_oauth_applications?
-      .oauth-applications
-        %h5
-          Your applications (#{@applications.size})
-        - if @applications.any?
-          .table-responsive
-            %table.table
-              %thead
-                %tr
-                  %th Name
-                  %th Callback URL
-                  %th Clients
-                  %th.last-heading
-              %tbody
-                - @applications.each do |application|
-                  %tr{:id => "application_#{application.id}"}
-                    %td= link_to application.name, oauth_application_path(application)
-                    %td
-                      - application.redirect_uri.split.each do |uri|
-                        %div= uri
-                    %td= application.access_tokens.count
-                    %td
-                      = link_to edit_oauth_application_path(application), class: "btn btn-transparent append-right-5" do
-                        %span.sr-only
-                          Edit
-                        = icon('pencil')
-                      = render 'doorkeeper/applications/delete_form', application: application, small: true
-        - else
-          .profile-settings-message.text-center
-            You don't have any applications
-    .oauth-authorized-applications.prepend-top-20.append-bottom-default
-      - if user_oauth_applications?
-        %h5
-          Authorized applications (#{@authorized_tokens.size})
-
-      - if @authorized_tokens.any?
-        .table-responsive
-          %table.table.table-striped
-            %thead
-              %tr
-                %th Name
-                %th Authorized At
-                %th Scope
-                %th
-            %tbody
-              - @authorized_apps.each do |app|
-                - token = app.authorized_tokens.order('created_at desc').first
-                %tr{:id => "application_#{app.id}"}
-                  %td= app.name
-                  %td= token.created_at
-                  %td= token.scopes
-                  %td= render 'doorkeeper/authorized_applications/delete_form', application: app
-              - @authorized_anonymous_tokens.each do |token|
-                %tr
-                  %td
-                    Anonymous
-                    %div.help-block
-                      %em Authorization was granted by entering your username and password in the application.
-                  %td= token.created_at
-                  %td= token.scopes
-                  %td= render 'doorkeeper/authorized_applications/delete_form', token: token
-      - else
-        .profile-settings-message.text-center
-          You don't have any authorized applications
diff --git a/config/routes.rb b/config/routes.rb
index a918b5bd3f0..92aaedf7b6e 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -295,7 +295,7 @@ Rails.application.routes.draw do
   resource :profile, only: [:show, :update] do
     member do
       get :audit_log
-      get :applications
+      get :applications, to: 'oauth/applications#index'
 
       put :reset_private_token
       put :update_username