Merge 4009-external-users into issue_12658

17 files changed, 110 insertions, 81 deletions

diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index 87f4fb455b8..be192964a93 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -150,7 +150,7 @@ class Admin::UsersController < Admin::ApplicationController
       :email, :remember_me, :bio, :name, :username,
       :skype, :linkedin, :twitter, :website_url, :color_scheme_id, :theme_id, :force_random_password,
       :extern_uid, :provider, :password_expires_at, :avatar, :hide_no_ssh_key, :hide_no_password,
-      :projects_limit, :can_create_group, :admin, :key_id
+      :projects_limit, :can_create_group, :admin, :key_id, :external
     )
   end
 
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index fb74919ea23..1f55b18e0b1 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -246,6 +246,8 @@ class ApplicationController < ActionController::Base
 
   def ldap_security_check
     if current_user && current_user.requires_ldap_check?
+      return unless current_user.try_obtain_ldap_lease
+
       unless Gitlab::LDAP::Access.allowed?(current_user)
         sign_out current_user
         flash[:alert] = "Access denied for your LDAP account."
diff --git a/app/controllers/concerns/continue_params.rb b/app/controllers/concerns/continue_params.rb
new file mode 100644
index 00000000000..0a995c45bdf
--- /dev/null
+++ b/app/controllers/concerns/continue_params.rb
@@ -0,0 +1,13 @@
+module ContinueParams
+  extend ActiveSupport::Concern
+
+  def continue_params
+    continue_params = params[:continue]
+    return nil unless continue_params
+
+    continue_params = continue_params.permit(:to, :notice, :notice_now)
+    return unless continue_params[:to] && continue_params[:to].start_with?('/')
+
+    continue_params
+  end
+end
diff --git a/app/controllers/concerns/toggle_subscription_action.rb b/app/controllers/concerns/toggle_subscription_action.rb
new file mode 100644
index 00000000000..8a43c0b93c4
--- /dev/null
+++ b/app/controllers/concerns/toggle_subscription_action.rb
@@ -0,0 +1,17 @@
+module ToggleSubscriptionAction
+  extend ActiveSupport::Concern
+
+  def toggle_subscription
+    return unless current_user
+
+    subscribable_resource.toggle_subscription(current_user)
+
+    render nothing: true
+  end
+
+  private
+
+  def subscribable_resource
+    raise NotImplementedError
+  end
+end
diff --git a/app/controllers/dashboard/projects_controller.rb b/app/controllers/dashboard/projects_controller.rb
index fc51c3241af..0e8b63872ca 100644
--- a/app/controllers/dashboard/projects_controller.rb
+++ b/app/controllers/dashboard/projects_controller.rb
@@ -8,7 +8,7 @@ class Dashboard::ProjectsController < Dashboard::ApplicationController
     @projects = filter_projects(@projects)
     @projects = @projects.includes(:namespace)
     @projects = @projects.sort(@sort = params[:sort])
-    @projects = @projects.page(params[:page]).per(PER_PAGE) if params[:filter_projects].blank?
+    @projects = @projects.page(params[:page]).per(PER_PAGE)
 
     @last_push = current_user.recent_push
 
@@ -32,7 +32,7 @@ class Dashboard::ProjectsController < Dashboard::ApplicationController
     @projects = filter_projects(@projects)
     @projects = @projects.includes(:namespace, :forked_from_project, :tags)
     @projects = @projects.sort(@sort = params[:sort])
-    @projects = @projects.page(params[:page]).per(PER_PAGE) if params[:filter_projects].blank?
+    @projects = @projects.page(params[:page]).per(PER_PAGE)
 
     @last_push = current_user.recent_push
     @groups = []
diff --git a/app/controllers/explore/projects_controller.rb b/app/controllers/explore/projects_controller.rb
index 5b811db3068..8271ca87436 100644
--- a/app/controllers/explore/projects_controller.rb
+++ b/app/controllers/explore/projects_controller.rb
@@ -8,7 +8,7 @@ class Explore::ProjectsController < Explore::ApplicationController
     @projects = @projects.where(visibility_level: params[:visibility_level]) if params[:visibility_level].present?
     @projects = filter_projects(@projects)
     @projects = @projects.sort(@sort = params[:sort])
-    @projects = @projects.includes(:namespace).page(params[:page]).per(PER_PAGE) if params[:filter_projects].blank?
+    @projects = @projects.includes(:namespace).page(params[:page]).per(PER_PAGE)
 
     respond_to do |format|
       format.html
@@ -23,7 +23,7 @@ class Explore::ProjectsController < Explore::ApplicationController
   def trending
     @projects = TrendingProjectsFinder.new.execute(current_user)
     @projects = filter_projects(@projects)
-    @projects = @projects.page(params[:page]).per(PER_PAGE) if params[:filter_projects].blank?
+    @projects = @projects.page(params[:page]).per(PER_PAGE)
 
     respond_to do |format|
       format.html
@@ -39,7 +39,7 @@ class Explore::ProjectsController < Explore::ApplicationController
     @projects = ProjectsFinder.new.execute(current_user)
     @projects = filter_projects(@projects)
     @projects = @projects.reorder('star_count DESC')
-    @projects = @projects.page(params[:page]).per(PER_PAGE) if params[:filter_projects].blank?
+    @projects = @projects.page(params[:page]).per(PER_PAGE)
 
     respond_to do |format|
       format.html
diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb
index 5baeb3def08..8243946c852 100644
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -15,7 +15,7 @@ class GroupsController < Groups::ApplicationController
 
   # Load group projects
   before_action :load_projects, except: [:index, :new, :create, :projects, :edit, :update, :autocomplete]
-  before_action :event_filter, only: [:show, :events]
+  before_action :event_filter, only: [:activity]
 
   layout :determine_layout
 
@@ -44,6 +44,8 @@ class GroupsController < Groups::ApplicationController
     @projects = @projects.sort(@sort = params[:sort])
     @projects = @projects.page(params[:page]).per(PER_PAGE) if params[:filter_projects].blank?
 
+    @shared_projects = @group.shared_projects
+
     respond_to do |format|
       format.html
 
@@ -60,8 +62,10 @@ class GroupsController < Groups::ApplicationController
     end
   end
 
-  def events
+  def activity
     respond_to do |format|
+      format.html
+
       format.json do
         load_events
         pager_json("events/_events", @events.count)
@@ -129,7 +133,7 @@ class GroupsController < Groups::ApplicationController
   end
 
   def group_params
-    params.require(:group).permit(:name, :description, :path, :avatar, :public, :visibility_level)
+    params.require(:group).permit(:name, :description, :path, :avatar, :public, :visibility_level, :share_with_group_lock)
   end
 
   def load_events
diff --git a/app/controllers/oauth/applications_controller.rb b/app/controllers/oauth/applications_controller.rb
index dc22101cd5e..d1e4ac10f6c 100644
--- a/app/controllers/oauth/applications_controller.rb
+++ b/app/controllers/oauth/applications_controller.rb
@@ -8,7 +8,7 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
   layout 'profile'
 
   def index
-    head :forbidden and return
+    set_index_vars
   end
 
   def create
@@ -20,18 +20,11 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
       flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create])
       redirect_to oauth_application_url(@application)
     else
-      render :new
+      set_index_vars
+      render :index
     end
   end
 
-  def destroy
-    if @application.destroy
-      flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :destroy])
-    end
-
-    redirect_to applications_profile_url
-  end
-
   private
 
   def verify_user_oauth_applications_enabled
@@ -40,6 +33,17 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
     redirect_to applications_profile_url
   end
 
+  def set_index_vars
+    @applications = current_user.oauth_applications
+    @authorized_tokens = current_user.oauth_authorized_tokens
+    @authorized_anonymous_tokens = @authorized_tokens.reject(&:application)
+    @authorized_apps = @authorized_tokens.map(&:application).uniq.reject(&:nil?)
+
+    # Don't overwrite a value possibly set by `create`
+    @application ||= Doorkeeper::Application.new
+  end
+
+  # Override Doorkeeper to scope to the current user
   def set_application
     @application = current_user.oauth_applications.find(params[:id])
   end
diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
index fa7a1148961..32fca6b838e 100644
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -8,13 +8,6 @@ class ProfilesController < Profiles::ApplicationController
   def show
   end
 
-  def applications
-    @applications = current_user.oauth_applications
-    @authorized_tokens = current_user.oauth_authorized_tokens
-    @authorized_anonymous_tokens = @authorized_tokens.reject(&:application)
-    @authorized_apps = @authorized_tokens.map(&:application).uniq - [nil]
-  end
-
   def update
     user_params.except!(:email) if @user.ldap_user?
 
@@ -65,9 +58,6 @@ class ProfilesController < Profiles::ApplicationController
 
   def user_params
     params.require(:user).permit(
-      :avatar_crop_x,
-      :avatar_crop_y,
-      :avatar_crop_size,
       :avatar,
       :bio,
       :email,
diff --git a/app/controllers/projects/forks_controller.rb b/app/controllers/projects/forks_controller.rb
index 7b202f3862f..a1b8632df98 100644
--- a/app/controllers/projects/forks_controller.rb
+++ b/app/controllers/projects/forks_controller.rb
@@ -1,4 +1,6 @@
 class Projects::ForksController < Projects::ApplicationController
+  include ContinueParams
+
   # Authorize
   before_action :require_non_empty_project
   before_action :authorize_download_code!
@@ -53,15 +55,4 @@ class Projects::ForksController < Projects::ApplicationController
       render :error
     end
   end
-
-  private
-
-  def continue_params
-    continue_params = params[:continue]
-    if continue_params
-      continue_params.permit(:to, :notice, :notice_now)
-    else
-      nil
-    end
-  end
 end
diff --git a/app/controllers/projects/group_links_controller.rb b/app/controllers/projects/group_links_controller.rb
new file mode 100644
index 00000000000..4159e53bfa9
--- /dev/null
+++ b/app/controllers/projects/group_links_controller.rb
@@ -0,0 +1,23 @@
+class Projects::GroupLinksController < Projects::ApplicationController
+  layout 'project_settings'
+  before_action :authorize_admin_project!
+
+  def index
+    @group_links = project.project_group_links.all
+  end
+
+  def create
+    link = project.project_group_links.new
+    link.group_id = params[:link_group_id]
+    link.group_access = params[:link_group_access]
+    link.save
+
+    redirect_to namespace_project_group_links_path(project.namespace, project)
+  end
+
+  def destroy
+    project.project_group_links.find(params[:id]).destroy
+
+    redirect_to namespace_project_group_links_path(project.namespace, project)
+  end
+end
diff --git a/app/controllers/projects/imports_controller.rb b/app/controllers/projects/imports_controller.rb
index 196996f1752..7756f0f0ed3 100644
--- a/app/controllers/projects/imports_controller.rb
+++ b/app/controllers/projects/imports_controller.rb
@@ -1,4 +1,6 @@
 class Projects::ImportsController < Projects::ApplicationController
+  include ContinueParams
+
   # Authorize
   before_action :authorize_admin_project!
   before_action :require_no_repo, only: [:new, :create]
@@ -44,16 +46,6 @@ class Projects::ImportsController < Projects::ApplicationController
 
   private
 
-  def continue_params
-    continue_params = params[:continue]
-
-    if continue_params
-      continue_params.permit(:to, :notice, :notice_now)
-    else
-      nil
-    end
-  end
-
   def finished_notice
     if @project.forked?
       'The project was successfully forked.'
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index 67faa1e4437..b0a03ee45cc 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -1,6 +1,8 @@
 class Projects::IssuesController < Projects::ApplicationController
+  include ToggleSubscriptionAction
+
   before_action :module_enabled
-  before_action :issue, only: [:edit, :update, :show, :toggle_subscription]
+  before_action :issue, only: [:edit, :update, :show]
 
   # Allow read any issue
   before_action :authorize_read_issue!
@@ -110,12 +112,6 @@ class Projects::IssuesController < Projects::ApplicationController
     redirect_back_or_default(default: { action: 'index' }, options: { notice: "#{result[:count]} issues updated" })
   end
 
-  def toggle_subscription
-    @issue.toggle_subscription(current_user)
-
-    render nothing: true
-  end
-
   def closed_by_merge_requests
     @closed_by_merge_requests ||= @issue.closed_by_merge_requests(current_user)
   end
@@ -129,6 +125,7 @@ class Projects::IssuesController < Projects::ApplicationController
                  redirect_old
                end
   end
+  alias_method :subscribable_resource, :issue
 
   def authorize_update_issue!
     return render_404 unless can?(current_user, :update_issue, @issue)
diff --git a/app/controllers/projects/labels_controller.rb b/app/controllers/projects/labels_controller.rb
index ecac3c395ec..40d8098690a 100644
--- a/app/controllers/projects/labels_controller.rb
+++ b/app/controllers/projects/labels_controller.rb
@@ -1,8 +1,12 @@
 class Projects::LabelsController < Projects::ApplicationController
+  include ToggleSubscriptionAction
+
   before_action :module_enabled
   before_action :label, only: [:edit, :update, :destroy]
   before_action :authorize_read_label!
-  before_action :authorize_admin_labels!, except: [:index]
+  before_action :authorize_admin_labels!, only: [
+    :new, :create, :edit, :update, :generate, :destroy
+  ]
 
   respond_to :js, :html
 
@@ -73,8 +77,9 @@ class Projects::LabelsController < Projects::ApplicationController
   end
 
   def label
-    @label = @project.labels.find(params[:id])
+    @label ||= @project.labels.find(params[:id])
   end
+  alias_method :subscribable_resource, :label
 
   def authorize_admin_labels!
     return render_404 unless can?(current_user, :admin_label, @project)
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 03ba289eb94..61b82c9db46 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -1,10 +1,11 @@
 class Projects::MergeRequestsController < Projects::ApplicationController
+  include ToggleSubscriptionAction
   include DiffHelper
 
   before_action :module_enabled
   before_action :merge_request, only: [
     :edit, :update, :show, :diffs, :commits, :builds, :merge, :merge_check,
-    :ci_status, :toggle_subscription, :cancel_merge_when_build_succeeds
+    :ci_status, :cancel_merge_when_build_succeeds
   ]
   before_action :closes_issues, only: [:edit, :update, :show, :diffs, :commits, :builds]
   before_action :validates_merge_request, only: [:show, :diffs, :commits, :builds]
@@ -233,12 +234,6 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     render json: response
   end
 
-  def toggle_subscription
-    @merge_request.toggle_subscription(current_user)
-
-    render nothing: true
-  end
-
   protected
 
   def selected_target_project
@@ -252,6 +247,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
   def merge_request
     @merge_request ||= @project.merge_requests.find_by!(iid: params[:id])
   end
+  alias_method :subscribable_resource, :merge_request
 
   def closes_issues
     @closes_issues ||= @merge_request.closes_issues
diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb
index 8364fc293b7..e7bddc4a6f1 100644
--- a/app/controllers/projects/project_members_controller.rb
+++ b/app/controllers/projects/project_members_controller.rb
@@ -27,6 +27,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController
     end
 
     @project_member = @project.project_members.new
+    @project_group_links = @project.project_group_links
   end
 
   def create
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index aea08ecce3e..36f37221c58 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -1,7 +1,6 @@
 class ProjectsController < ApplicationController
   include ExtractsPath
 
-  prepend_before_action :render_go_import, only: [:show]
   skip_before_action :authenticate_user!, only: [:show, :activity]
   before_action :project, except: [:new, :create]
   before_action :repository, except: [:new, :create]
@@ -173,10 +172,15 @@ class ProjectsController < ApplicationController
   def housekeeping
     ::Projects::HousekeepingService.new(@project).execute
 
-    respond_to do |format|
-      flash[:notice] = "Housekeeping successfully started."
-      format.html { redirect_to project_path(@project) }
-    end
+    redirect_to(
+      project_path(@project),
+      notice: "Housekeeping successfully started"
+    )
+  rescue ::Projects::HousekeepingService::LeaseTaken => ex
+    redirect_to(
+      edit_project_path(@project),
+      alert: ex.to_s
+    )
   end
 
   def toggle_star
@@ -242,16 +246,6 @@ class ProjectsController < ApplicationController
     end
   end
 
-  def render_go_import
-    return unless params["go-get"] == "1"
-
-    @namespace = params[:namespace_id]
-    @id = params[:project_id] || params[:id]
-    @id = @id.gsub(/\.git\Z/, "")
-
-    render "go_import", layout: false
-  end
-
   def repo_exists?
     project.repository_exists? && !project.empty_repo?
   end