Add latest changes from gitlab-org/gitlab@13-5-stable-eev13.5.0-rc42

10 files changed, 111 insertions, 59 deletions

diff --git a/app/views/admin/users/_approve_user.html.haml b/app/views/admin/users/_approve_user.html.haml
new file mode 100644
index 00000000000..b4d960d909c
--- /dev/null
+++ b/app/views/admin/users/_approve_user.html.haml
@@ -0,0 +1,7 @@
+.card.border-info
+  .card-header.gl-bg-blue-500.gl-text-white
+    = s_('AdminUsers|This user has requested access')
+  .card-body
+    = render partial: 'admin/users/user_approve_effects'
+    %br
+    = link_to s_('AdminUsers|Approve user'), approve_admin_user_path(user), method: :put, class: "btn gl-button btn-info", data: { confirm: s_('AdminUsers|Are you sure?') }
diff --git a/app/views/admin/users/_block_user.html.haml b/app/views/admin/users/_block_user.html.haml
new file mode 100644
index 00000000000..b07a72c3e28
--- /dev/null
+++ b/app/views/admin/users/_block_user.html.haml
@@ -0,0 +1,11 @@
+.card.border-warning
+  .card-header.bg-warning.text-white
+    = s_('AdminUsers|Block this user')
+  .card-body
+    = render partial: 'admin/users/user_block_effects'
+    %br
+    %button.btn.gl-button.btn-warning{ data: { 'gl-modal-action': 'block',
+      content: s_('AdminUsers|You can always unblock their account, their data will remain intact.'),
+      url: block_admin_user_path(user),
+      username: sanitize_name(user.name) } }
+      = s_('AdminUsers|Block user')
diff --git a/app/views/admin/users/_form.html.haml b/app/views/admin/users/_form.html.haml
index 9e31c8d2852..61c31d2d864 100644
--- a/app/views/admin/users/_form.html.haml
+++ b/app/views/admin/users/_form.html.haml
@@ -88,7 +88,7 @@
     .form-actions
       - if @user.new_record?
         = f.submit 'Create user', class: "btn gl-button btn-success"
-        = link_to 'Cancel', admin_users_path, class: "btn btn-cancel"
+        = link_to 'Cancel', admin_users_path, class: "gl-button btn btn-cancel"
       - else
         = f.submit 'Save changes', class: "btn gl-button btn-success"
         = link_to 'Cancel', admin_user_path(@user), class: "btn gl-button btn-cancel"
diff --git a/app/views/admin/users/_head.html.haml b/app/views/admin/users/_head.html.haml
index a60dbd51935..4abcdef7e27 100644
--- a/app/views/admin/users/_head.html.haml
+++ b/app/views/admin/users/_head.html.haml
@@ -1,13 +1,20 @@
 %h3.page-title
   = @user.name
-  - if @user.blocked?
-    %span.cred (Blocked)
+  - if @user.blocked_pending_approval?
+    %span.cred
+      = s_('AdminUsers|(Pending approval)')
+  - elsif @user.blocked?
+    %span.cred
+      = s_('AdminUsers|(Blocked)')
   - if @user.internal?
-    %span.cred (Internal)
+    %span.cred
+      = s_('AdminUsers|(Internal)')
   - if @user.admin
-    %span.cred (Admin)
+    %span.cred
+      = s_('AdminUsers|(Admin)')
   - if @user.deactivated?
-    %span.cred (Deactivated)
+    %span.cred
+      = s_('AdminUsers|(Deactivated)')
   = render_if_exists 'admin/users/audtior_user_badge'
 
   .float-right
diff --git a/app/views/admin/users/_modals.html.haml b/app/views/admin/users/_modals.html.haml
index 6cf6dc116e3..a8e5d962e5b 100644
--- a/app/views/admin/users/_modals.html.haml
+++ b/app/views/admin/users/_modals.html.haml
@@ -25,6 +25,6 @@
     'secondary-action': s_('AdminUsers|Block user') } }
     = s_('AdminUsers|You are about to permanently delete the user %{username}. This will delete all of the issues,
       merge requests, and groups linked to them. To avoid data loss,
-      consider using the %{strong_start}block user%{strong_end} feature instead. Once you %{strong_start}Delete user%{strong_end},
+      consider using the %{strongStart}block user%{strongEnd} feature instead. Once you %{strongStart}Delete user%{strongEnd},
       it cannot be undone or recovered.')
 
diff --git a/app/views/admin/users/_user.html.haml b/app/views/admin/users/_user.html.haml
index 160303890f5..70ab95bfa61 100644
--- a/app/views/admin/users/_user.html.haml
+++ b/app/views/admin/users/_user.html.haml
@@ -4,7 +4,12 @@
       = _('Name')
     .table-mobile-content
       = render 'user_detail', user: user
-  .table-section.section-25
+  .table-section.section-10
+    .table-mobile-header{ role: 'rowheader' }
+      = _('Projects')
+    .table-mobile-content.gl-str-truncated{ data: { testid: "user-project-count-#{user.id}" } }
+      = user.authorized_projects.length
+  .table-section.section-15
     .table-mobile-header{ role: 'rowheader' }
       = _('Created on')
     .table-mobile-content
@@ -30,15 +35,22 @@
                   %span.small
                     = s_('AdminUsers|Cannot unblock LDAP blocked users')
                 - elsif user.blocked?
-                  = link_to _('Unblock'), unblock_admin_user_path(user), method: :put
+                  - if user.blocked_pending_approval?
+                    = link_to s_('AdminUsers|Approve'), approve_admin_user_path(user), method: :put
+                    %button.btn.btn-default-tertiary{ data: { 'gl-modal-action': 'block',
+                      url: block_admin_user_path(user),
+                      username: sanitize_name(user.name) } }
+                      = s_('AdminUsers|Block')
+                  - else
+                    = link_to _('Unblock'), unblock_admin_user_path(user), method: :put
                 - else
-                  %button.btn.gl-button.btn-default-tertiary{ data: { 'gl-modal-action': 'block',
+                  %button.btn.btn-default-tertiary{ data: { 'gl-modal-action': 'block',
                     url: block_admin_user_path(user),
                     username: sanitize_name(user.name) } }
                     = s_('AdminUsers|Block')
               - if user.can_be_deactivated?
                 %li
-                  %button.btn.gl-button.btn-default-tertiary{ data: { 'gl-modal-action': 'deactivate',
+                  %button.btn.btn-default-tertiary{ data: { 'gl-modal-action': 'deactivate',
                     url: deactivate_admin_user_path(user),
                     username: sanitize_name(user.name) } }
                     = s_('AdminUsers|Deactivate')
@@ -52,13 +64,13 @@
               %li.divider
               - if user.can_be_removed?
                 %li
-                  %button.delete-user-button.btn.gl-button.btn-default-tertiary.text-danger{ data: { 'gl-modal-action': 'delete',
+                  %button.delete-user-button.btn.btn-default-tertiary.text-danger{ data: { 'gl-modal-action': 'delete',
                     delete_user_url: admin_user_path(user),
                     block_user_url: block_admin_user_path(user),
                     username: sanitize_name(user.name) } }
                     = s_('AdminUsers|Delete user')
                 %li
-                  %button.delete-user-button.btn.gl-button.btn-default-tertiary.text-danger{ data: { 'gl-modal-action': 'delete-with-contributions',
+                  %button.delete-user-button.btn.btn-default-tertiary.text-danger{ data: { 'gl-modal-action': 'delete-with-contributions',
                     delete_user_url: admin_user_path(user, hard_delete: true),
                     block_user_url: block_admin_user_path(user),
                     username: sanitize_name(user.name) } }
diff --git a/app/views/admin/users/_user_approve_effects.html.haml b/app/views/admin/users/_user_approve_effects.html.haml
new file mode 100644
index 00000000000..54e51bf3467
--- /dev/null
+++ b/app/views/admin/users/_user_approve_effects.html.haml
@@ -0,0 +1,11 @@
+%p
+  = s_('AdminUsers|Approved users can:')
+%ul
+  %li
+    = s_('AdminUsers|Log in')
+  %li
+    = s_('AdminUsers|Access Git repositories')
+  %li
+    = s_('AdminUsers|Access the API')
+  %li
+    = s_('AdminUsers|Be added to groups and projects')
diff --git a/app/views/admin/users/_user_detail.html.haml b/app/views/admin/users/_user_detail.html.haml
index 3839231cb95..3bafd1cb396 100644
--- a/app/views/admin/users/_user_detail.html.haml
+++ b/app/views/admin/users/_user_detail.html.haml
@@ -15,3 +15,5 @@
 
       .row-second-line.str-truncated-100
         = mail_to user.email, user.email, class: 'text-secondary'
+        - unless Feature.disabled?(:security_auto_fix) || !user.internal? || user.website_url.blank?
+          = link_to "(#{_('more information')})", user.website_url
diff --git a/app/views/admin/users/index.html.haml b/app/views/admin/users/index.html.haml
index 118bdf7bb17..33faef92646 100644
--- a/app/views/admin/users/index.html.haml
+++ b/app/views/admin/users/index.html.haml
@@ -30,6 +30,11 @@
       = link_to admin_users_path(filter: "blocked") do
         = s_('AdminUsers|Blocked')
         %small.badge.badge-pill= limited_counter_with_delimiter(User.blocked)
+    - if Feature.enabled?(:admin_approval_for_new_user_signups, default_enabled: true)
+      = nav_link(html_options: { class: "#{active_when(params[:filter] == 'blocked_pending_approval')} filter-blocked-pending-approval" }) do
+        = link_to admin_users_path(filter: "blocked_pending_approval") do
+          = s_('AdminUsers|Pending approval')
+          %small.badge.badge-pill= limited_counter_with_delimiter(User.blocked_pending_approval)
     = nav_link(html_options: { class: active_when(params[:filter] == 'deactivated') }) do
       = link_to admin_users_path(filter: "deactivated") do
         = s_('AdminUsers|Deactivated')
@@ -51,7 +56,7 @@
         = search_field_tag :search_query, params[:search_query], placeholder: s_('AdminUsers|Search by name, email or username'), class: 'form-control search-text-input js-search-input', spellcheck: false, data: { qa_selector: 'user_search_field' }
         - if @sort.present?
           = hidden_field_tag :sort, @sort
-        = icon("search", class: "search-icon")
+        = sprite_icon('search', css_class: 'search-icon')
         = button_tag s_('AdminUsers|Search users') if Rails.env.test?
       .dropdown.user-sort-dropdown
         = label_tag 'Sort by', nil, class: 'label-bold'
@@ -72,7 +77,8 @@
   .table-holder
     .thead-white.text-nowrap.gl-responsive-table-row.table-row-header{ role: 'row' }
       .table-section.section-40{ role: 'rowheader' }= _('Name')
-      .table-section.section-25{ role: 'rowheader' }= _('Created on')
+      .table-section.section-10{ role: 'rowheader' }= _('Projects')
+      .table-section.section-15{ role: 'rowheader' }= _('Created on')
       .table-section.section-15{ role: 'rowheader' }= _('Last activity')
 
     = render partial: 'admin/users/user', collection: @users
diff --git a/app/views/admin/users/show.html.haml b/app/views/admin/users/show.html.haml
index a08c29714e0..9c6f151a6b1 100644
--- a/app/views/admin/users/show.html.haml
+++ b/app/views/admin/users/show.html.haml
@@ -54,7 +54,7 @@
           %strong{ class: @user.two_factor_enabled? ? 'cgreen' : 'cred' }
             - if @user.two_factor_enabled?
               Enabled
-              = link_to 'Disable', disable_two_factor_admin_user_path(@user), data: {confirm: 'Are you sure?'}, method: :patch, class: 'btn gl-button btn-sm btn-remove float-right', title: 'Disable Two-factor Authentication'
+              = link_to 'Disable', disable_two_factor_admin_user_path(@user), data: {confirm: 'Are you sure?'}, method: :patch, class: 'btn gl-button btn-sm btn-danger float-right', title: 'Disable Two-factor Authentication'
             - else
               Disabled
 
@@ -137,7 +137,7 @@
 
   .col-md-6
     - unless @user == current_user
-      - unless @user.confirmed?
+      - if can_force_email_confirmation?(@user)
         .card.border-info
           .card-header.bg-info.text-white
             Confirm user
@@ -150,50 +150,46 @@
 
       = render 'admin/users/user_detail_note'
 
-      - if @user.deactivated?
-        .card.border-info
-          .card-header.bg-info.text-white
-            Reactivate this user
-          .card-body
-            = render partial: 'admin/users/user_activation_effects'
-            %br
-            = link_to 'Activate user', activate_admin_user_path(@user), method: :put, class: "btn gl-button btn-info", data: { confirm: 'Are you sure?' }
-      - elsif @user.can_be_deactivated?
-        .card.border-warning
-          .card-header.bg-warning.text-white
-            Deactivate this user
-          .card-body
-            = render partial: 'admin/users/user_deactivation_effects'
-            %br
-            %button.btn.gl-button.btn-warning{ data: { 'gl-modal-action': 'deactivate',
-              content: 'You can always re-activate their account, their data will remain intact.',
-              url: deactivate_admin_user_path(@user),
-              username: sanitize_name(@user.name) } }
-              = s_('AdminUsers|Deactivate user')
+      - unless @user.internal?
+        - if @user.deactivated?
+          .card.border-info
+            .card-header.bg-info.text-white
+              Reactivate this user
+            .card-body
+              = render partial: 'admin/users/user_activation_effects'
+              %br
+              = link_to 'Activate user', activate_admin_user_path(@user), method: :put, class: "btn gl-button btn-info", data: { confirm: 'Are you sure?' }
+        - elsif @user.can_be_deactivated?
+          .card.border-warning
+            .card-header.bg-warning.text-white
+              Deactivate this user
+            .card-body
+              = render partial: 'admin/users/user_deactivation_effects'
+              %br
+              %button.btn.gl-button.btn-warning{ data: { 'gl-modal-action': 'deactivate',
+                content: 'You can always re-activate their account, their data will remain intact.',
+                url: deactivate_admin_user_path(@user),
+                username: sanitize_name(@user.name) } }
+                = s_('AdminUsers|Deactivate user')
 
       - if @user.blocked?
-        .card.border-info
-          .card-header.bg-info.text-white
-            This user is blocked
-          .card-body
-            %p A blocked user cannot:
-            %ul
-              %li Log in
-              %li Access Git repositories
-            %br
-            = link_to 'Unblock user', unblock_admin_user_path(@user), method: :put, class: "btn gl-button btn-info", data: { confirm: 'Are you sure?' }
-      - else
-        .card.border-warning
-          .card-header.bg-warning.text-white
-            Block this user
-          .card-body
-            = render partial: 'admin/users/user_block_effects'
-            %br
-            %button.btn.gl-button.btn-warning{ data: { 'gl-modal-action': 'block',
-              content: 'You can always unblock their account, their data will remain intact.',
-              url: block_admin_user_path(@user),
-              username: sanitize_name(@user.name) } }
-              = s_('AdminUsers|Block user')
+        - if @user.blocked_pending_approval?
+          = render 'admin/users/approve_user', user: @user
+          = render 'admin/users/block_user', user: @user
+        - else
+          .card.border-info
+            .card-header.gl-bg-blue-500.gl-text-white
+              This user is blocked
+            .card-body
+              %p A blocked user cannot:
+              %ul
+                %li Log in
+                %li Access Git repositories
+              %br
+              = link_to 'Unblock user', unblock_admin_user_path(@user), method: :put, class: "btn gl-button btn-info", data: { confirm: s_('AdminUsers|Are you sure?') }
+      - elsif !@user.internal?
+        = render 'admin/users/block_user', user: @user
+
       - if @user.access_locked?
         .card.border-info
           .card-header.bg-info.text-white