Merge remote-tracking branch 'upstream/master' into show-commit-status-from-latest-pipeline

* upstream/master: (754 commits)
  Add documentation about todos and failed builds
  Add Changelog entry for failed builds todos fix
  Do not create TODO when build is allowed to fail
  Fix 404 on some group pages when name contains dot
  Grapify the users API
  Remove duplicate sidekiq throttling parameters
  Fix regression in Merge request form
  Fix wrong link
  Fix test
  Fix broken test
  Changes for stop url to path
  fix typo in gitlab_flow.md ('munch'->'much')
  Fix spec
  Backport some changes done from Time Tracking feature in EE.
  Use build instead create in BroadcastMessage model spec
  Try to fix tests
  Remove unnecessary self from user model
  Expose stop_path for environment to not construct that in frontend
  Bring back the `commit_url` as it's used by CycleAnalytics
  Add api endpoint for creating a pipeline
  ...

20 files changed, 270 insertions, 113 deletions

diff --git a/app/services/after_branch_delete_service.rb b/app/services/after_branch_delete_service.rb
new file mode 100644
index 00000000000..2be4d3e6ab5
--- /dev/null
+++ b/app/services/after_branch_delete_service.rb
@@ -0,0 +1,23 @@
+require_relative 'base_service'
+
+##
+# Branch can be deleted either by DeleteBranchService
+# or by GitPushService.
+#
+class AfterBranchDeleteService < BaseService
+  attr_reader :branch_name
+
+  def execute(branch_name)
+    @branch_name = branch_name
+
+    stop_environments
+  end
+
+  private
+
+  def stop_environments
+    Ci::StopEnvironmentsService
+      .new(project, current_user)
+      .execute(branch_name)
+  end
+end
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb
index 8ea88da8a53..c00c5aebf57 100644
--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -9,8 +9,8 @@ module Auth
 
       return error('UNAVAILABLE', status: 404, message: 'registry not enabled') unless registry.enabled
 
-      unless current_user || project
-        return error('DENIED', status: 403, message: 'access forbidden') unless scope
+      unless scope || current_user || project
+        return error('DENIED', status: 403, message: 'access forbidden')
       end
 
       { token: authorized_token(scope).encoded }
@@ -76,7 +76,7 @@ module Auth
 
       case requested_action
       when 'pull'
-        requested_project.public? || build_can_pull?(requested_project) || user_can_pull?(requested_project)
+        build_can_pull?(requested_project) || user_can_pull?(requested_project)
       when 'push'
         build_can_push?(requested_project) || user_can_push?(requested_project)
       else
@@ -92,23 +92,23 @@ module Auth
       # Build can:
       # 1. pull from its own project (for ex. a build)
       # 2. read images from dependent projects if creator of build is a team member
-      @authentication_abilities.include?(:build_read_container_image) &&
+      has_authentication_ability?(:build_read_container_image) &&
         (requested_project == project || can?(current_user, :build_read_container_image, requested_project))
     end
 
     def user_can_pull?(requested_project)
-      @authentication_abilities.include?(:read_container_image) &&
+      has_authentication_ability?(:read_container_image) &&
         can?(current_user, :read_container_image, requested_project)
     end
 
     def build_can_push?(requested_project)
       # Build can push only to the project from which it originates
-      @authentication_abilities.include?(:build_create_container_image) &&
+      has_authentication_ability?(:build_create_container_image) &&
         requested_project == project
     end
 
     def user_can_push?(requested_project)
-      @authentication_abilities.include?(:create_container_image) &&
+      has_authentication_ability?(:create_container_image) &&
         can?(current_user, :create_container_image, requested_project)
     end
 
@@ -118,5 +118,9 @@ module Auth
         http_status: status
       }
     end
+
+    def has_authentication_ability?(capability)
+      (@authentication_abilities || []).include?(capability)
+    end
   end
 end
diff --git a/app/services/chat_names/authorize_user_service.rb b/app/services/chat_names/authorize_user_service.rb
new file mode 100644
index 00000000000..321bf3a9205
--- /dev/null
+++ b/app/services/chat_names/authorize_user_service.rb
@@ -0,0 +1,38 @@
+module ChatNames
+  class AuthorizeUserService
+    include Gitlab::Routing.url_helpers
+
+    def initialize(service, params)
+      @service = service
+      @params = params
+    end
+
+    def execute
+      return unless chat_name_params.values.all?(&:present?)
+
+      token = request_token
+
+      new_profile_chat_name_url(token: token) if token
+    end
+
+    private
+
+    def request_token
+      chat_name_token.store!(chat_name_params)
+    end
+
+    def chat_name_token
+      Gitlab::ChatNameToken.new
+    end
+
+    def chat_name_params
+      {
+        service_id: @service.id,
+        team_id: @params[:team_id],
+        team_domain: @params[:team_domain],
+        chat_id: @params[:user_id],
+        chat_name: @params[:user_name]
+      }
+    end
+  end
+end
diff --git a/app/services/chat_names/find_user_service.rb b/app/services/chat_names/find_user_service.rb
new file mode 100644
index 00000000000..4f5c5567b42
--- /dev/null
+++ b/app/services/chat_names/find_user_service.rb
@@ -0,0 +1,26 @@
+module ChatNames
+  class FindUserService
+    def initialize(service, params)
+      @service = service
+      @params = params
+    end
+
+    def execute
+      chat_name = find_chat_name
+      return unless chat_name
+
+      chat_name.touch(:last_used_at)
+      chat_name.user
+    end
+
+    private
+
+    def find_chat_name
+      ChatName.find_by(
+        service: @service,
+        team_id: @params[:team_id],
+        chat_id: @params[:user_id]
+      )
+    end
+  end
+end
diff --git a/app/services/ci/send_pipeline_notification_service.rb b/app/services/ci/send_pipeline_notification_service.rb
deleted file mode 100644
index ceb182801f7..00000000000
--- a/app/services/ci/send_pipeline_notification_service.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-module Ci
-  class SendPipelineNotificationService
-    attr_reader :pipeline
-
-    def initialize(new_pipeline)
-      @pipeline = new_pipeline
-    end
-
-    def execute(recipients)
-      email_template = "pipeline_#{pipeline.status}_email"
-
-      return unless Notify.respond_to?(email_template)
-
-      recipients.each do |to|
-        Notify.public_send(email_template, pipeline, to).deliver_later
-      end
-    end
-  end
-end
diff --git a/app/services/ci/stop_environments_service.rb b/app/services/ci/stop_environments_service.rb
new file mode 100644
index 00000000000..cf590459cb2
--- /dev/null
+++ b/app/services/ci/stop_environments_service.rb
@@ -0,0 +1,29 @@
+module Ci
+  class StopEnvironmentsService < BaseService
+    attr_reader :ref
+
+    def execute(branch_name)
+      @ref = branch_name
+
+      return unless has_ref?
+
+      environments.each do |environment|
+        next unless environment.stoppable?
+        next unless can?(current_user, :create_deployment, project)
+
+        environment.stop!(current_user)
+      end
+    end
+
+    private
+
+    def has_ref?
+      @ref.present?
+    end
+
+    def environments
+      @environments ||= project
+        .environments_recently_updated_on_branch(@ref)
+    end
+  end
+end
diff --git a/app/services/delete_merged_branches_service.rb b/app/services/delete_merged_branches_service.rb
new file mode 100644
index 00000000000..8b8deafedb7
--- /dev/null
+++ b/app/services/delete_merged_branches_service.rb
@@ -0,0 +1,18 @@
+require_relative 'base_service'
+
+class DeleteMergedBranchesService < BaseService
+  def async_execute
+    DeleteMergedBranchesWorker.perform_async(project.id, current_user.id)
+  end
+
+  def execute
+    raise Gitlab::Access::AccessDeniedError unless can?(current_user, :push_code, project)
+
+    branches = project.repository.branch_names
+    branches = branches.select { |branch| project.repository.merged_to_root_ref?(branch) }
+
+    branches.each do |branch|
+      DeleteBranchService.new(project, current_user).execute(branch)
+    end
+  end
+end
diff --git a/app/services/destroy_group_service.rb b/app/services/destroy_group_service.rb
index 0081364b8aa..a880952e274 100644
--- a/app/services/destroy_group_service.rb
+++ b/app/services/destroy_group_service.rb
@@ -6,12 +6,10 @@ class DestroyGroupService
   end
 
   def async_execute
-    group.transaction do
-      # Soft delete via paranoia gem
-      group.destroy
-      job_id = GroupDestroyWorker.perform_async(group.id, current_user.id)
-      Rails.logger.info("User #{current_user.id} scheduled a deletion of group ID #{group.id} with job ID #{job_id}")
-    end
+    # Soft delete via paranoia gem
+    group.destroy
+    job_id = GroupDestroyWorker.perform_async(group.id, current_user.id)
+    Rails.logger.info("User #{current_user.id} scheduled a deletion of group ID #{group.id} with job ID #{job_id}")
   end
 
   def execute
diff --git a/app/services/git_push_service.rb b/app/services/git_push_service.rb
index e8415862de5..77c6c81cc1b 100644
--- a/app/services/git_push_service.rb
+++ b/app/services/git_push_service.rb
@@ -49,10 +49,7 @@ class GitPushService < BaseService
       update_gitattributes if is_default_branch?
     end
 
-    # Update merge requests that may be affected by this push. A new branch
-    # could cause the last commit of a merge request to change.
-    update_merge_requests
-
+    execute_related_hooks
     perform_housekeeping
   end
 
@@ -62,14 +59,24 @@ class GitPushService < BaseService
 
   protected
 
-  def update_merge_requests
-    UpdateMergeRequestsWorker.perform_async(@project.id, current_user.id, params[:oldrev], params[:newrev], params[:ref])
+  def execute_related_hooks
+    # Update merge requests that may be affected by this push. A new branch
+    # could cause the last commit of a merge request to change.
+    #
+    UpdateMergeRequestsWorker
+      .perform_async(@project.id, current_user.id, params[:oldrev], params[:newrev], params[:ref])
 
     EventCreateService.new.push(@project, current_user, build_push_data)
     @project.execute_hooks(build_push_data.dup, :push_hooks)
     @project.execute_services(build_push_data.dup, :push_hooks)
     Ci::CreatePipelineService.new(@project, current_user, build_push_data).execute
     ProjectCacheWorker.perform_async(@project.id)
+
+    if push_remove_branch?
+      AfterBranchDeleteService
+        .new(project, current_user)
+        .execute(branch_name)
+    end
   end
 
   def perform_housekeeping
@@ -105,35 +112,11 @@ class GitPushService < BaseService
   # Extract any GFM references from the pushed commit messages. If the configured issue-closing regex is matched,
   # close the referenced Issue. Create cross-reference Notes corresponding to any other referenced Mentionables.
   def process_commit_messages
-    is_default_branch = is_default_branch?
-
-    authors = Hash.new do |hash, commit|
-      email = commit.author_email
-      next hash[email] if hash.has_key?(email)
-
-      hash[email] = commit_user(commit)
-    end
+    default = is_default_branch?
 
     @push_commits.each do |commit|
-      # Keep track of the issues that will be actually closed because they are on a default branch.
-      # Hence, when creating cross-reference notes, the not-closed issues (on non-default branches)
-      # will also have cross-reference.
-      closed_issues = []
-
-      if is_default_branch
-        # Close issues if these commits were pushed to the project's default branch and the commit message matches the
-        # closing regex. Exclude any mentioned Issues from cross-referencing even if the commits are being pushed to
-        # a different branch.
-        closed_issues = commit.closes_issues(current_user)
-        closed_issues.each do |issue|
-          if can?(current_user, :update_issue, issue)
-            Issues::CloseService.new(project, authors[commit], {}).execute(issue, commit: commit)
-          end
-        end
-      end
-
-      commit.create_cross_references!(authors[commit], closed_issues)
-      update_issue_metrics(commit, authors)
+      ProcessCommitWorker.
+        perform_async(project.id, current_user.id, commit.id, default)
     end
   end
 
@@ -176,11 +159,4 @@ class GitPushService < BaseService
   def branch_name
     @branch_name ||= Gitlab::Git.ref_name(params[:ref])
   end
-
-  def update_issue_metrics(commit, authors)
-    mentioned_issues = commit.all_references(authors[commit]).issues
-
-    Issue::Metrics.where(issue_id: mentioned_issues.map(&:id), first_mentioned_in_commit_at: nil).
-      update_all(first_mentioned_in_commit_at: commit.committed_date)
-  end
 end
diff --git a/app/services/issuable_base_service.rb b/app/services/issuable_base_service.rb
index bb92cd80cc9..575795788de 100644
--- a/app/services/issuable_base_service.rb
+++ b/app/services/issuable_base_service.rb
@@ -212,9 +212,9 @@ class IssuableBaseService < BaseService
   def change_subscription(issuable)
     case params.delete(:subscription_event)
     when 'subscribe'
-      issuable.subscribe(current_user)
+      issuable.subscribe(current_user, project)
     when 'unsubscribe'
-      issuable.unsubscribe(current_user)
+      issuable.unsubscribe(current_user, project)
     end
   end
 
diff --git a/app/services/issues/close_service.rb b/app/services/issues/close_service.rb
index 45cca216ccc..ab4c51386a4 100644
--- a/app/services/issues/close_service.rb
+++ b/app/services/issues/close_service.rb
@@ -1,8 +1,21 @@
 module Issues
   class CloseService < Issues::BaseService
+    # Closes the supplied issue if the current user is able to do so.
     def execute(issue, commit: nil, notifications: true, system_note: true)
       return issue unless can?(current_user, :update_issue, issue)
 
+      close_issue(issue,
+                  commit: commit,
+                  notifications: notifications,
+                  system_note: system_note)
+    end
+
+    # Closes the supplied issue without checking if the user is authorized to
+    # do so.
+    #
+    # The code calling this method is responsible for ensuring that a user is
+    # allowed to close the given issue.
+    def close_issue(issue, commit: nil, notifications: true, system_note: true)
       if project.jira_tracker? && project.jira_service.active
         project.jira_service.execute(commit, issue)
         todo_service.close_issue(issue, current_user)
diff --git a/app/services/merge_requests/add_todo_when_build_fails_service.rb b/app/services/merge_requests/add_todo_when_build_fails_service.rb
index d572a928a42..12a8415d9a5 100644
--- a/app/services/merge_requests/add_todo_when_build_fails_service.rb
+++ b/app/services/merge_requests/add_todo_when_build_fails_service.rb
@@ -1,13 +1,18 @@
 module MergeRequests
   class AddTodoWhenBuildFailsService < MergeRequests::BaseService
     # Adds a todo to the parent merge_request when a CI build fails
+    #
     def execute(commit_status)
+      return if commit_status.allow_failure?
+
       commit_status_merge_requests(commit_status) do |merge_request|
         todo_service.merge_request_build_failed(merge_request)
       end
     end
 
-    # Closes any pending build failed todos for the parent MRs when a build is retried
+    # Closes any pending build failed todos for the parent MRs when a
+    # build is retried
+    #
     def close(commit_status)
       commit_status_merge_requests(commit_status) do |merge_request|
         todo_service.merge_request_build_retried(merge_request)
diff --git a/app/services/merge_requests/build_service.rb b/app/services/merge_requests/build_service.rb
index f415244068b..dd0d738674e 100644
--- a/app/services/merge_requests/build_service.rb
+++ b/app/services/merge_requests/build_service.rb
@@ -48,11 +48,11 @@ module MergeRequests
       end
 
       # See if source and target branches exist
-      unless merge_request.source_project.commit(merge_request.source_branch)
+      if merge_request.source_branch.present? && !merge_request.source_project.commit(merge_request.source_branch)
         messages << "Source branch \"#{merge_request.source_branch}\" does not exist"
       end
 
-      unless merge_request.target_project.commit(merge_request.target_branch)
+      if merge_request.target_branch.present? && !merge_request.target_project.commit(merge_request.target_branch)
         messages << "Target branch \"#{merge_request.target_branch}\" does not exist"
       end
 
diff --git a/app/services/merge_requests/refresh_service.rb b/app/services/merge_requests/refresh_service.rb
index 22596b4014a..4a7e6930842 100644
--- a/app/services/merge_requests/refresh_service.rb
+++ b/app/services/merge_requests/refresh_service.rb
@@ -60,15 +60,7 @@ module MergeRequests
       merge_requests = filter_merge_requests(merge_requests)
 
       merge_requests.each do |merge_request|
-        if merge_request.source_branch == @branch_name || force_push?
-          merge_request.reload_diff
-        else
-          mr_commit_ids = merge_request.commits.map(&:id)
-          push_commit_ids = @commits.map(&:id)
-          matches = mr_commit_ids & push_commit_ids
-          merge_request.reload_diff if matches.any?
-        end
-
+        reload_diff(merge_request) unless branch_removed?
         merge_request.mark_as_unchecked
       end
     end
@@ -173,5 +165,16 @@ module MergeRequests
     def branch_removed?
       Gitlab::Git.blank_ref?(@newrev)
     end
+
+    def reload_diff(merge_request)
+      if merge_request.source_branch == @branch_name || force_push?
+        merge_request.reload_diff
+      else
+        mr_commit_ids = merge_request.commits.map(&:id)
+        push_commit_ids = @commits.map(&:id)
+        matches = mr_commit_ids & push_commit_ids
+        merge_request.reload_diff if matches.any?
+      end
+    end
   end
 end
diff --git a/app/services/notes/create_service.rb b/app/services/notes/create_service.rb
index 723cc0e6834..7935fabe2da 100644
--- a/app/services/notes/create_service.rb
+++ b/app/services/notes/create_service.rb
@@ -26,13 +26,16 @@ module Notes
         note.note = content
       end
 
-      if !only_commands && note.save
+      note.run_after_commit do
         # Finish the harder work in the background
-        NewNoteWorker.perform_in(2.seconds, note.id, params)
+        NewNoteWorker.perform_async(note.id)
+      end
+
+      if !only_commands && note.save
         todo_service.new_note(note, current_user)
       end
 
-      if command_params && command_params.any?
+      if command_params.present?
         slash_commands_service.execute(command_params, note)
 
         # We must add the error after we call #save because errors are reset
diff --git a/app/services/notification_service.rb b/app/services/notification_service.rb
index 72712afc07e..ecdcbf08ee1 100644
--- a/app/services/notification_service.rb
+++ b/app/services/notification_service.rb
@@ -75,7 +75,7 @@ class NotificationService
   #  * watchers of the issue's labels
   #
   def relabeled_issue(issue, added_labels, current_user)
-    relabeled_resource_email(issue, added_labels, current_user, :relabeled_issue_email)
+    relabeled_resource_email(issue, issue.project, added_labels, current_user, :relabeled_issue_email)
   end
 
   # When create a merge request we should send an email to:
@@ -118,7 +118,7 @@ class NotificationService
   #  * watchers of the mr's labels
   #
   def relabeled_merge_request(merge_request, added_labels, current_user)
-    relabeled_resource_email(merge_request, added_labels, current_user, :relabeled_merge_request_email)
+    relabeled_resource_email(merge_request, merge_request.target_project, added_labels, current_user, :relabeled_merge_request_email)
   end
 
   def close_mr(merge_request, current_user)
@@ -205,7 +205,7 @@ class NotificationService
 
     recipients = reject_muted_users(recipients, note.project)
 
-    recipients = add_subscribed_users(recipients, note.noteable)
+    recipients = add_subscribed_users(recipients, note.project, note.noteable)
     recipients = reject_unsubscribed_users(recipients, note.noteable)
     recipients = reject_users_without_access(recipients, note.noteable)
 
@@ -312,6 +312,22 @@ class NotificationService
     mailer.project_was_not_exported_email(current_user, project, errors).deliver_later
   end
 
+  def pipeline_finished(pipeline, recipients = nil)
+    email_template = "pipeline_#{pipeline.status}_email"
+
+    return unless mailer.respond_to?(email_template)
+
+    recipients ||= build_recipients(
+      pipeline,
+      pipeline.project,
+      nil, # The acting user, who won't be added to recipients
+      action: pipeline.status).map(&:notification_email)
+
+    if recipients.any?
+      mailer.public_send(email_template, pipeline, recipients).deliver_later
+    end
+  end
+
   protected
 
   # Get project/group users with CUSTOM notification level
@@ -377,7 +393,7 @@ class NotificationService
     )
   end
 
-  # Build a list of users based on project notifcation settings
+  # Build a list of users based on project notification settings
   def select_project_member_setting(project, global_setting, users_global_level_watch)
     users = notification_settings_for(project, :watch)
 
@@ -475,26 +491,31 @@ class NotificationService
   end
 
   def reject_users_without_access(recipients, target)
-    return recipients unless target.is_a?(Issuable)
+    ability = case target
+              when Issuable
+                :"read_#{target.to_ability_name}"
+              when Ci::Pipeline
+                :read_build # We have build trace in pipeline emails
+              end
 
-    ability = :"read_#{target.to_ability_name}"
+    return recipients unless ability
 
     recipients.select do |user|
       user.can?(ability, target)
     end
   end
 
-  def add_subscribed_users(recipients, target)
+  def add_subscribed_users(recipients, project, target)
     return recipients unless target.respond_to? :subscribers
 
-    recipients + target.subscribers
+    recipients + target.subscribers(project)
   end
 
-  def add_labels_subscribers(recipients, target, labels: nil)
+  def add_labels_subscribers(recipients, project, target, labels: nil)
     return recipients unless target.respond_to? :labels
 
     (labels || target.labels).each do |label|
-      recipients += label.subscribers
+      recipients += label.subscribers(project)
     end
 
     recipients
@@ -550,8 +571,8 @@ class NotificationService
     end
   end
 
-  def relabeled_resource_email(target, labels, current_user, method)
-    recipients = build_relabeled_recipients(target, current_user, labels: labels)
+  def relabeled_resource_email(target, project, labels, current_user, method)
+    recipients = build_relabeled_recipients(target, project, current_user, labels: labels)
     label_names = labels.map(&:name)
 
     recipients.each do |recipient|
@@ -587,10 +608,10 @@ class NotificationService
     end
 
     recipients = reject_muted_users(recipients, project)
-    recipients = add_subscribed_users(recipients, target)
+    recipients = add_subscribed_users(recipients, project, target)
 
     if [:new_issue, :new_merge_request].include?(custom_action)
-      recipients = add_labels_subscribers(recipients, target)
+      recipients = add_labels_subscribers(recipients, project, target)
     end
 
     recipients = reject_unsubscribed_users(recipients, target)
@@ -601,8 +622,8 @@ class NotificationService
     recipients.uniq
   end
 
-  def build_relabeled_recipients(target, current_user, labels:)
-    recipients = add_labels_subscribers([], target, labels: labels)
+  def build_relabeled_recipients(target, project, current_user, labels:)
+    recipients = add_labels_subscribers([], project, target, labels: labels)
     recipients = reject_unsubscribed_users(recipients, target)
     recipients = reject_users_without_access(recipients, target)
     recipients.delete(current_user)
@@ -624,6 +645,6 @@ class NotificationService
   # Build event key to search on custom notification level
   # Check NotificationSetting::EMAIL_EVENTS
   def build_custom_key(action, object)
-    "#{action}_#{object.class.name.underscore}".to_sym
+    "#{action}_#{object.class.model_name.name.underscore}".to_sym
   end
 end
diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb
index 15d7918e7fd..159f46cd465 100644
--- a/app/services/projects/create_service.rb
+++ b/app/services/projects/create_service.rb
@@ -95,7 +95,7 @@ module Projects
 
       unless @project.gitlab_project_import?
         @project.create_wiki unless skip_wiki?
-        @project.build_missing_services
+        create_services_from_active_templates(@project)
 
         @project.create_labels
       end
@@ -106,6 +106,8 @@ module Projects
       unless @project.group || @project.gitlab_project_import?
         @project.team << [current_user, :master, current_user]
       end
+
+      @project.group.refresh_members_authorized_projects if @project.group
     end
 
     def skip_wiki?
@@ -135,5 +137,12 @@ module Projects
 
       @project
     end
+
+    def create_services_from_active_templates(project)
+      Service.where(template: true, active: true).each do |template|
+        service = Service.build_from_template(project.id, template)
+        service.save!
+      end
+    end
   end
 end
diff --git a/app/services/projects/participants_service.rb b/app/services/projects/participants_service.rb
index d38328403c1..6040391fd94 100644
--- a/app/services/projects/participants_service.rb
+++ b/app/services/projects/participants_service.rb
@@ -1,7 +1,7 @@
 module Projects
   class ParticipantsService < BaseService
     attr_reader :noteable
-    
+
     def execute(noteable)
       @noteable = noteable
 
@@ -15,7 +15,8 @@ module Projects
 
       [{
         name: noteable.author.name,
-        username: noteable.author.username
+        username: noteable.author.username,
+        avatar_url: noteable.author.avatar_url
       }]
     end
 
@@ -28,14 +29,14 @@ module Projects
 
     def sorted(users)
       users.uniq.to_a.compact.sort_by(&:username).map do |user|
-        { username: user.username, name: user.name }
+        { username: user.username, name: user.name, avatar_url: user.avatar_url }
       end
     end
 
     def groups
       current_user.authorized_groups.sort_by(&:path).map do |group|
         count = group.users.count
-        { username: group.path, name: group.name, count: count }
+        { username: group.path, name: group.name, count: count, avatar_url: group.avatar.url }
       end
     end
 
diff --git a/app/services/slash_commands/interpret_service.rb b/app/services/slash_commands/interpret_service.rb
index 5a81194a5f4..d75c5b1800e 100644
--- a/app/services/slash_commands/interpret_service.rb
+++ b/app/services/slash_commands/interpret_service.rb
@@ -193,7 +193,7 @@ module SlashCommands
     desc 'Subscribe'
     condition do
       issuable.persisted? &&
-        !issuable.subscribed?(current_user)
+        !issuable.subscribed?(current_user, project)
     end
     command :subscribe do
       @updates[:subscription_event] = 'subscribe'
@@ -202,7 +202,7 @@ module SlashCommands
     desc 'Unsubscribe'
     condition do
       issuable.persisted? &&
-        issuable.subscribed?(current_user)
+        issuable.subscribed?(current_user, project)
     end
     command :unsubscribe do
       @updates[:subscription_event] = 'unsubscribe'
diff --git a/app/services/user_project_access_changed_service.rb b/app/services/user_project_access_changed_service.rb
new file mode 100644
index 00000000000..2469b4f0d7c
--- /dev/null
+++ b/app/services/user_project_access_changed_service.rb
@@ -0,0 +1,9 @@
+class UserProjectAccessChangedService
+  def initialize(user_ids)
+    @user_ids = Array.wrap(user_ids)
+  end
+
+  def execute
+    AuthorizedProjectsWorker.bulk_perform_async(@user_ids.map { |id| [id] })
+  end
+end