Merge remote-tracking branch 'origin/master' into 22191-delete-dynamic-envs-mr

19 files changed, 228 insertions, 171 deletions

diff --git a/app/controllers/admin/broadcast_messages_controller.rb b/app/controllers/admin/broadcast_messages_controller.rb
index 82055006ac0..762e36ee2e9 100644
--- a/app/controllers/admin/broadcast_messages_controller.rb
+++ b/app/controllers/admin/broadcast_messages_controller.rb
@@ -37,7 +37,7 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController
   end
 
   def preview
-    @message = broadcast_message_params[:message]
+    @broadcast_message = BroadcastMessage.new(broadcast_message_params)
   end
 
   protected
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index bd4ba384b29..705824502eb 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -45,6 +45,10 @@ class ApplicationController < ActionController::Base
     redirect_to request.referer.present? ? :back : default, options
   end
 
+  def not_found
+    render_404
+  end
+
   protected
 
   # This filter handles both private tokens and personal access tokens
@@ -173,7 +177,8 @@ class ApplicationController < ActionController::Base
   end
 
   def event_filter
-    filters = cookies['event_filter'].split(',') if cookies['event_filter'].present?
+    # Split using comma to maintain backward compatibility Ex/ "filter1,filter2"
+    filters = cookies['event_filter'].split(',')[0] if cookies['event_filter'].present?
     @event_filter ||= EventFilter.new(filters)
   end
 
diff --git a/app/controllers/ci/application_controller.rb b/app/controllers/ci/application_controller.rb
deleted file mode 100644
index 5bb7d499cdc..00000000000
--- a/app/controllers/ci/application_controller.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-module Ci
-  class ApplicationController < ::ApplicationController
-    def self.railtie_helpers_paths
-      "app/helpers/ci"
-    end
-  end
-end
diff --git a/app/controllers/ci/lints_controller.rb b/app/controllers/ci/lints_controller.rb
index 78012960252..3eb485de9db 100644
--- a/app/controllers/ci/lints_controller.rb
+++ b/app/controllers/ci/lints_controller.rb
@@ -1,5 +1,5 @@
 module Ci
-  class LintsController < ApplicationController
+  class LintsController < ::ApplicationController
     before_action :authenticate_user!
 
     def show
diff --git a/app/controllers/ci/projects_controller.rb b/app/controllers/ci/projects_controller.rb
index aa894fde36b..ff297d6ff13 100644
--- a/app/controllers/ci/projects_controller.rb
+++ b/app/controllers/ci/projects_controller.rb
@@ -1,5 +1,5 @@
 module Ci
-  class ProjectsController < Ci::ApplicationController
+  class ProjectsController < ::ApplicationController
     before_action :project
     before_action :no_cache, only: [:badge]
     before_action :authorize_read_project!, except: [:badge, :index]
diff --git a/app/controllers/explore/projects_controller.rb b/app/controllers/explore/projects_controller.rb
index 38e5943eb76..a62c6211372 100644
--- a/app/controllers/explore/projects_controller.rb
+++ b/app/controllers/explore/projects_controller.rb
@@ -21,8 +21,7 @@ class Explore::ProjectsController < Explore::ApplicationController
   end
 
   def trending
-    @projects = TrendingProjectsFinder.new.execute
-    @projects = filter_projects(@projects)
+    @projects = filter_projects(Project.trending)
     @projects = @projects.page(params[:page])
 
     respond_to do |format|
diff --git a/app/controllers/namespaces_controller.rb b/app/controllers/namespaces_controller.rb
deleted file mode 100644
index 83eec1bf4a2..00000000000
--- a/app/controllers/namespaces_controller.rb
+++ /dev/null
@@ -1,25 +0,0 @@
-class NamespacesController < ApplicationController
-  skip_before_action :authenticate_user!
-
-  def show
-    namespace = Namespace.find_by(path: params[:id])
-
-    if namespace
-      if namespace.is_a?(Group)
-        group = namespace
-      else
-        user = namespace.owner
-      end
-    end
-
-    if user
-      redirect_to user_path(user)
-    elsif group && can?(current_user, :read_group, group)
-      redirect_to group_path(group)
-    elsif current_user.nil?
-      authenticate_user!
-    else
-      render_404
-    end
-  end
-end
diff --git a/app/controllers/projects/board_lists_controller.rb b/app/controllers/projects/board_lists_controller.rb
deleted file mode 100644
index 3cfb08d5822..00000000000
--- a/app/controllers/projects/board_lists_controller.rb
+++ /dev/null
@@ -1,65 +0,0 @@
-class Projects::BoardListsController < Projects::ApplicationController
-  respond_to :json
-
-  before_action :authorize_admin_list!
-
-  rescue_from ActiveRecord::RecordNotFound, with: :record_not_found
-
-  def create
-    list = Boards::Lists::CreateService.new(project, current_user, list_params).execute
-
-    if list.valid?
-      render json: list.as_json(only: [:id, :list_type, :position], methods: [:title], include: { label: { only: [:id, :title, :description, :color, :priority] } })
-    else
-      render json: list.errors, status: :unprocessable_entity
-    end
-  end
-
-  def update
-    service = Boards::Lists::MoveService.new(project, current_user, move_params)
-
-    if service.execute
-      head :ok
-    else
-      head :unprocessable_entity
-    end
-  end
-
-  def destroy
-    service = Boards::Lists::DestroyService.new(project, current_user, params)
-
-    if service.execute
-      head :ok
-    else
-      head :unprocessable_entity
-    end
-  end
-
-  def generate
-    service = Boards::Lists::GenerateService.new(project, current_user)
-
-    if service.execute
-      render json: project.board.lists.label.as_json(only: [:id, :list_type, :position], methods: [:title], include: { label: { only: [:id, :title, :description, :color, :priority] } })
-    else
-      head :unprocessable_entity
-    end
-  end
-
-  private
-
-  def authorize_admin_list!
-    return render_403 unless can?(current_user, :admin_list, project)
-  end
-
-  def list_params
-    params.require(:list).permit(:label_id)
-  end
-
-  def move_params
-    params.require(:list).permit(:position).merge(id: params[:id])
-  end
-
-  def record_not_found(exception)
-    render json: { error: exception.message }, status: :not_found
-  end
-end
diff --git a/app/controllers/projects/boards/issues_controller.rb b/app/controllers/projects/boards/issues_controller.rb
index 4aa7982eab4..71eb56aed0b 100644
--- a/app/controllers/projects/boards/issues_controller.rb
+++ b/app/controllers/projects/boards/issues_controller.rb
@@ -2,6 +2,7 @@ module Projects
   module Boards
     class IssuesController < Boards::ApplicationController
       before_action :authorize_read_issue!, only: [:index]
+      before_action :authorize_create_issue!, only: [:create]
       before_action :authorize_update_issue!, only: [:update]
 
       def index
@@ -9,16 +10,22 @@ module Projects
         issues = issues.page(params[:page])
 
         render json: {
-          issues: issues.as_json(
-            only: [:iid, :title, :confidential],
-            include: {
-              assignee: { only: [:id, :name, :username], methods: [:avatar_url] },
-              labels:   { only: [:id, :title, :description, :color, :priority], methods: [:text_color] }
-            }),
+          issues: serialize_as_json(issues),
           size: issues.total_count
         }
       end
 
+      def create
+        service = ::Boards::Issues::CreateService.new(project, current_user, issue_params)
+        issue = service.execute
+
+        if issue.valid?
+          render json: serialize_as_json(issue)
+        else
+          render json: issue.errors, status: :unprocessable_entity
+        end
+      end
+
       def update
         service = ::Boards::Issues::MoveService.new(project, current_user, move_params)
 
@@ -43,16 +50,33 @@ module Projects
         return render_403 unless can?(current_user, :read_issue, project)
       end
 
+      def authorize_create_issue!
+        return render_403 unless can?(current_user, :admin_issue, project)
+      end
+
       def authorize_update_issue!
         return render_403 unless can?(current_user, :update_issue, issue)
       end
 
       def filter_params
-        params.merge(id: params[:list_id])
+        params.merge(board_id: params[:board_id], id: params[:list_id])
       end
 
       def move_params
-        params.permit(:id, :from_list_id, :to_list_id)
+        params.permit(:board_id, :id, :from_list_id, :to_list_id)
+      end
+
+      def issue_params
+        params.require(:issue).permit(:title).merge(board_id: params[:board_id], list_id: params[:list_id], request: request)
+      end
+
+      def serialize_as_json(resource)
+        resource.as_json(
+          only: [:iid, :title, :confidential],
+          include: {
+            assignee: { only: [:id, :name, :username], methods: [:avatar_url] },
+            labels:   { only: [:id, :title, :description, :color, :priority], methods: [:text_color] }
+          })
       end
     end
   end
diff --git a/app/controllers/projects/boards/lists_controller.rb b/app/controllers/projects/boards/lists_controller.rb
index b995f586737..76ae41319c4 100644
--- a/app/controllers/projects/boards/lists_controller.rb
+++ b/app/controllers/projects/boards/lists_controller.rb
@@ -5,11 +5,11 @@ module Projects
       before_action :authorize_read_list!, only: [:index]
 
       def index
-        render json: serialize_as_json(project.board.lists)
+        render json: serialize_as_json(board.lists)
       end
 
       def create
-        list = ::Boards::Lists::CreateService.new(project, current_user, list_params).execute
+        list = ::Boards::Lists::CreateService.new(project, current_user, list_params).execute(board)
 
         if list.valid?
           render json: serialize_as_json(list)
@@ -19,7 +19,7 @@ module Projects
       end
 
       def update
-        list = project.board.lists.movable.find(params[:id])
+        list = board.lists.movable.find(params[:id])
         service = ::Boards::Lists::MoveService.new(project, current_user, move_params)
 
         if service.execute(list)
@@ -30,8 +30,8 @@ module Projects
       end
 
       def destroy
-        list = project.board.lists.destroyable.find(params[:id])
-        service = ::Boards::Lists::DestroyService.new(project, current_user, params)
+        list = board.lists.destroyable.find(params[:id])
+        service = ::Boards::Lists::DestroyService.new(project, current_user)
 
         if service.execute(list)
           head :ok
@@ -43,8 +43,8 @@ module Projects
       def generate
         service = ::Boards::Lists::GenerateService.new(project, current_user)
 
-        if service.execute
-          render json: serialize_as_json(project.board.lists.movable)
+        if service.execute(board)
+          render json: serialize_as_json(board.lists.movable)
         else
           head :unprocessable_entity
         end
@@ -60,6 +60,10 @@ module Projects
         return render_403 unless can?(current_user, :read_list, project)
       end
 
+      def board
+        @board ||= project.boards.find(params[:board_id])
+      end
+
       def list_params
         params.require(:list).permit(:label_id)
       end
diff --git a/app/controllers/projects/boards_controller.rb b/app/controllers/projects/boards_controller.rb
index 0035633b774..808affa4f98 100644
--- a/app/controllers/projects/boards_controller.rb
+++ b/app/controllers/projects/boards_controller.rb
@@ -1,12 +1,28 @@
 class Projects::BoardsController < Projects::ApplicationController
   include IssuableCollections
-  
-  respond_to :html
 
-  before_action :authorize_read_board!, only: [:show]
+  before_action :authorize_read_board!, only: [:index, :show]
+
+  def index
+    @boards = ::Boards::ListService.new(project, current_user).execute
+
+    respond_to do |format|
+      format.html
+      format.json do
+        render json: serialize_as_json(@boards)
+      end
+    end
+  end
 
   def show
-    ::Boards::CreateService.new(project, current_user).execute
+    @board = project.boards.find(params[:id])
+
+    respond_to do |format|
+      format.html
+      format.json do
+        render json: serialize_as_json(@board)
+      end
+    end
   end
 
   private
@@ -14,4 +30,8 @@ class Projects::BoardsController < Projects::ApplicationController
   def authorize_read_board!
     return access_denied! unless can?(current_user, :read_board, project)
   end
+
+  def serialize_as_json(resource)
+    resource.as_json(only: [:id])
+  end
 end
diff --git a/app/controllers/projects/graphs_controller.rb b/app/controllers/projects/graphs_controller.rb
index 092ef32e6e3..923e7340e69 100644
--- a/app/controllers/projects/graphs_controller.rb
+++ b/app/controllers/projects/graphs_controller.rb
@@ -38,12 +38,12 @@ class Projects::GraphsController < Projects::ApplicationController
 
     @languages = @languages.map do |language|
       name, share = language
-      color = Digest::SHA256.hexdigest(name)[0...6]
+      color = Linguist::Language[name].color || "##{Digest::SHA256.hexdigest(name)[0...6]}"
       {
         value: (share.to_f * 100 / total).round(2),
         label: name,
-        color: "##{color}",
-        highlight: "##{color}"
+        color: color,
+        highlight: color
       }
     end
 
diff --git a/app/controllers/projects/group_links_controller.rb b/app/controllers/projects/group_links_controller.rb
index 7a7475a7345..ae060abee5c 100644
--- a/app/controllers/projects/group_links_controller.rb
+++ b/app/controllers/projects/group_links_controller.rb
@@ -1,6 +1,7 @@
 class Projects::GroupLinksController < Projects::ApplicationController
   layout 'project_settings'
   before_action :authorize_admin_project!
+  before_action :authorize_admin_project_member!, only: [:update]
 
   def index
     @group_links = project.project_group_links.all
@@ -27,9 +28,26 @@ class Projects::GroupLinksController < Projects::ApplicationController
     redirect_to namespace_project_group_links_path(project.namespace, project)
   end
 
+  def update
+    @group_link = @project.project_group_links.find(params[:id])
+
+    @group_link.update_attributes(group_link_params)
+  end
+
   def destroy
     project.project_group_links.find(params[:id]).destroy
 
-    redirect_to namespace_project_group_links_path(project.namespace, project)
+    respond_to do |format|
+      format.html do
+        redirect_to namespace_project_group_links_path(project.namespace, project)
+      end
+      format.js { head :ok }
+    end
+  end
+
+  protected
+
+  def group_link_params
+    params.require(:group_link).permit(:group_access, :expires_at)
   end
 end
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index ef13e0677d2..96041b07647 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -159,7 +159,8 @@ class Projects::IssuesController < Projects::ApplicationController
   protected
 
   def issue
-    @noteable = @issue ||= @project.issues.find_by(iid: params[:id]) || redirect_old
+    # The Sortable default scope causes performance issues when used with find_by
+    @noteable = @issue ||= @project.issues.where(iid: params[:id]).reorder(nil).take || redirect_old
   end
   alias_method :subscribable_resource, :issue
   alias_method :issuable, :issue
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 8c8c56228ad..9207c954335 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -10,7 +10,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
   before_action :module_enabled
   before_action :merge_request, only: [
     :edit, :update, :show, :diffs, :commits, :conflicts, :builds, :pipelines, :merge, :merge_check,
-    :ci_status, :toggle_subscription, :cancel_merge_when_build_succeeds, :remove_wip, :resolve_conflicts
+    :ci_status, :ci_environments_status, :toggle_subscription, :cancel_merge_when_build_succeeds, :remove_wip, :resolve_conflicts, :assign_related_issues
   ]
   before_action :validates_merge_request, only: [:show, :diffs, :commits, :builds, :pipelines]
   before_action :define_show_vars, only: [:show, :diffs, :commits, :conflicts, :builds, :pipelines]
@@ -19,6 +19,8 @@ class Projects::MergeRequestsController < Projects::ApplicationController
   before_action :define_diff_comment_vars, only: [:diffs]
   before_action :ensure_ref_fetched, only: [:show, :diffs, :commits, :builds, :conflicts, :pipelines]
   before_action :close_merge_request_without_source_project, only: [:show, :diffs, :commits, :builds, :pipelines]
+  before_action :apply_diff_view_cookie!, only: [:new_diffs]
+  before_action :build_merge_request, only: [:new, :new_diffs]
 
   # Allow read any merge_request
   before_action :authorize_read_merge_request!
@@ -29,6 +31,8 @@ class Projects::MergeRequestsController < Projects::ApplicationController
   # Allow modify merge_request
   before_action :authorize_update_merge_request!, only: [:close, :edit, :update, :remove_wip, :sort]
 
+  before_action :authenticate_user!, only: [:assign_related_issues]
+
   before_action :authorize_can_resolve_conflicts!, only: [:conflicts, :resolve_conflicts]
 
   def index
@@ -210,29 +214,26 @@ class Projects::MergeRequestsController < Projects::ApplicationController
   end
 
   def new
-    apply_diff_view_cookie!
-
-    build_merge_request
-    @noteable = @merge_request
-
-    @target_branches = if @merge_request.target_project
-                         @merge_request.target_project.repository.branch_names
-                       else
-                         []
-                       end
-
-    @target_project = merge_request.target_project
-    @source_project = merge_request.source_project
-    @commits = @merge_request.compare_commits.reverse
-    @commit = @merge_request.diff_head_commit
-    @base_commit = @merge_request.diff_base_commit
-    @diffs = @merge_request.diffs(diff_options) if @merge_request.compare
-    @diff_notes_disabled = true
-    @pipeline = @merge_request.pipeline
-    @statuses = @pipeline.statuses.relevant if @pipeline
+    define_new_vars
+  end
 
-    @note_counts = Note.where(commit_id: @commits.map(&:id)).
-      group(:commit_id).count
+  def new_diffs
+    respond_to do |format|
+      format.html do
+        define_new_vars
+        render "new"
+      end
+      format.json do
+        @diffs = if @merge_request.can_be_created
+                   @merge_request.diffs(diff_options)
+                 else
+                   []
+                 end
+        @diff_notes_disabled = true
+
+        render json: { html: view_to_html_string('projects/merge_requests/_new_diffs', diffs: @diffs) }
+      end
+    end
   end
 
   def create
@@ -355,6 +356,25 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     render layout: false
   end
 
+  def assign_related_issues
+    result = MergeRequests::AssignIssuesService.new(project, current_user, merge_request: @merge_request).execute
+
+    respond_to do |format|
+      format.html do
+        case result[:count]
+        when 0
+          flash[:error] = "Failed to assign you issues related to the merge request"
+        when 1
+          flash[:notice] = "1 issue has been assigned to you"
+        else
+          flash[:notice] = "#{result[:count]} issues have been assigned to you"
+        end
+
+        redirect_to(merge_request_path(@merge_request))
+      end
+    end
+  end
+
   def ci_status
     pipeline = @merge_request.pipeline
     if pipeline
@@ -383,6 +403,30 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     render json: response
   end
 
+  def ci_environments_status
+    environments =
+      begin
+        @merge_request.environments.map do |environment|
+          next unless can?(current_user, :read_environment, environment)
+
+          project = environment.project
+          deployment = environment.first_deployment_for(@merge_request.diff_head_commit)
+
+          {
+            id: environment.id,
+            name: environment.name,
+            url: namespace_project_environment_path(project.namespace, project, environment),
+            external_url: environment.external_url,
+            external_url_formatted: environment.formatted_external_url,
+            deployed_at: deployment.try(:created_at),
+            deployed_at_formatted: deployment.try(:formatted_deployment_time)
+          }
+        end.compact
+      end
+
+    render json: environments
+  end
+
   protected
 
   def selected_target_project
@@ -490,6 +534,27 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     )
   end
 
+  def define_new_vars
+    @noteable = @merge_request
+
+    @target_branches = if @merge_request.target_project
+                         @merge_request.target_project.repository.branch_names
+                       else
+                         []
+                       end
+
+    @target_project = merge_request.target_project
+    @source_project = merge_request.source_project
+    @commits = @merge_request.compare_commits.reverse
+    @commit = @merge_request.diff_head_commit
+    @base_commit = @merge_request.diff_base_commit
+
+    @pipeline = @merge_request.pipeline
+    @statuses = @pipeline.statuses.relevant if @pipeline
+    @note_counts = Note.where(commit_id: @commits.map(&:id)).
+      group(:commit_id).count
+  end
+
   def invalid_mr
     # Render special view for MR with removed target branch
     render 'invalid'
@@ -521,7 +586,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
 
   def build_merge_request
     params[:merge_request] ||= ActionController::Parameters.new(source_project: @project)
-    @merge_request = MergeRequests::BuildService.new(project, current_user, merge_request_params).execute
+    @merge_request = MergeRequests::BuildService.new(project, current_user, merge_request_params.merge(diff_options: diff_options)).execute
   end
 
   def compared_diff_version
diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb
index f56b256984b..37a86ed0523 100644
--- a/app/controllers/projects/project_members_controller.rb
+++ b/app/controllers/projects/project_members_controller.rb
@@ -5,34 +5,23 @@ class Projects::ProjectMembersController < Projects::ApplicationController
   before_action :authorize_admin_project_member!, except: [:index, :leave, :request_access]
 
   def index
+    @group_links = @project.project_group_links
+
     @project_members = @project.project_members
     @project_members = @project_members.non_invite unless can?(current_user, :admin_project, @project)
 
     if params[:search].present?
       users = @project.users.search(params[:search]).to_a
       @project_members = @project_members.where(user_id: users)
-    end
-
-    @project_members = @project_members.order('access_level DESC')
-
-    @group = @project.group
-
-    if @group
-      @group_members = @group.group_members
-      @group_members = @group_members.non_invite unless can?(current_user, :admin_group, @group)
-
-      if params[:search].present?
-        users = @group.users.search(params[:search]).to_a
-        @group_members = @group_members.where(user_id: users)
-      end
 
-      @group_members = @group_members.order('access_level DESC')
+      @group_links = @project.project_group_links.where(group_id: @project.invited_groups.search(params[:search]).select(:id))
     end
 
+    @project_members = @project_members.order(access_level: :desc).page(params[:page])
+
     @requesters = AccessRequestsFinder.new(@project).execute(current_user)
 
     @project_member = @project.project_members.new
-    @project_group_links = @project.project_group_links
   end
 
   def create
@@ -43,6 +32,21 @@ class Projects::ProjectMembersController < Projects::ApplicationController
       current_user: current_user
     )
 
+    if params[:group_ids].present?
+      group_ids = params[:group_ids].split(',')
+      groups = Group.where(id: group_ids)
+
+      groups.each do |group|
+        next unless can?(current_user, :read_group, group)
+
+        project.project_group_links.create(
+          group: group,
+          group_access: params[:access_level],
+          expires_at: params[:expires_at]
+        )
+      end
+    end
+
     redirect_to namespace_project_project_members_path(@project.namespace, @project)
   end
 
diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb
index 6ea8ee62bc5..8fea20cefef 100644
--- a/app/controllers/projects/tags_controller.rb
+++ b/app/controllers/projects/tags_controller.rb
@@ -20,6 +20,8 @@ class Projects::TagsController < Projects::ApplicationController
   def show
     @tag = @repository.find_tag(params[:id])
 
+    return render_404 unless @tag
+
     @release = @project.releases.find_or_initialize_by(tag: @tag.name)
     @commit = @repository.commit(@tag.target)
   end
diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb
index d198782138a..dee57e4a388 100644
--- a/app/controllers/snippets_controller.rb
+++ b/app/controllers/snippets_controller.rb
@@ -1,10 +1,10 @@
 class SnippetsController < ApplicationController
   include ToggleAwardEmoji
 
-  before_action :snippet, only: [:show, :edit, :destroy, :update, :raw]
+  before_action :snippet, only: [:show, :edit, :destroy, :update, :raw, :download]
 
   # Allow read snippet
-  before_action :authorize_read_snippet!, only: [:show, :raw]
+  before_action :authorize_read_snippet!, only: [:show, :raw, :download]
 
   # Allow modify snippet
   before_action :authorize_update_snippet!, only: [:edit, :update]
@@ -12,7 +12,7 @@ class SnippetsController < ApplicationController
   # Allow destroy snippet
   before_action :authorize_admin_snippet!, only: [:destroy]
 
-  skip_before_action :authenticate_user!, only: [:index, :show, :raw]
+  skip_before_action :authenticate_user!, only: [:index, :show, :raw, :download]
 
   layout 'snippets'
   respond_to :html
@@ -75,6 +75,14 @@ class SnippetsController < ApplicationController
     )
   end
 
+  def download
+    send_data(
+      @snippet.content,
+      type: 'text/plain; charset=utf-8',
+      filename: @snippet.sanitized_file_name
+    )
+  end
+
   protected
 
   def snippet
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 838ecc837e4..6a881b271d7 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,6 +1,6 @@
 class UsersController < ApplicationController
   skip_before_action :authenticate_user!
-  before_action :user
+  before_action :user, except: [:exists]
   before_action :authorize_read_user!, only: [:show]
 
   def show
@@ -85,6 +85,10 @@ class UsersController < ApplicationController
     render 'calendar_activities', layout: false
   end
 
+  def exists
+    render json: { exists: Namespace.where(path: params[:username].downcase).any? }
+  end
+
   private
 
   def authorize_read_user!