Merge branch 'master' into feature/gb/manual-actions-protected-branches-permissions

* master: (103 commits)
  Include missing project attributes to Import/Export
  Create the rest of the wiki docs
  Fill in information about creating the wiki Home page
  Move wiki doc to its own index page
  Create initial file for Wiki documentation
  Default to null user when asignee is unselected
  Re-enable ref operations with gitaly after not-found fix
  #31560 Add repo parameter to gitaly:install and workhorse:install
  Remove N+1 queries when checking nodes visible to user
  Don't validate reserved words if the format doesn't match
  Revert "Shorten and improve some job names"
  Remove unused initializer
  DRY the `<<: *except-docs` a bit in `.gitlab-ci.yml`
  Make the static-analysis job be run for docs branches too
  Add download_snippet_path helper
  Refresh the markdown cache if it was `nil`
  Add some documentation for the new migration helpers
  Update comments
  Display comments for personal snippets
  Update docs on creating a project
  ...

5 files changed, 370 insertions, 97 deletions

diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index 760f33b09c1..1bf0533ca24 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -4,7 +4,7 @@ describe ApplicationController do
   let(:user) { create(:user) }
 
   describe '#check_password_expiration' do
-    let(:controller) { ApplicationController.new }
+    let(:controller) { described_class.new }
 
     it 'redirects if the user is over their password expiry' do
       user.password_expires_at = Time.new(2002)
@@ -34,7 +34,7 @@ describe ApplicationController do
 
   describe "#authenticate_user_from_token!" do
     describe "authenticating a user from a private token" do
-      controller(ApplicationController) do
+      controller(described_class) do
         def index
           render text: "authenticated"
         end
@@ -66,7 +66,7 @@ describe ApplicationController do
     end
 
     describe "authenticating a user from a personal access token" do
-      controller(ApplicationController) do
+      controller(described_class) do
         def index
           render text: 'authenticated'
         end
@@ -115,7 +115,7 @@ describe ApplicationController do
   end
 
   context 'two-factor authentication' do
-    let(:controller) { ApplicationController.new }
+    let(:controller) { described_class.new }
 
     describe '#check_two_factor_requirement' do
       subject { controller.send :check_two_factor_requirement }
diff --git a/spec/controllers/projects/deployments_controller_spec.rb b/spec/controllers/projects/deployments_controller_spec.rb
new file mode 100644
index 00000000000..89692b601b2
--- /dev/null
+++ b/spec/controllers/projects/deployments_controller_spec.rb
@@ -0,0 +1,42 @@
+require 'spec_helper'
+
+describe Projects::DeploymentsController do
+  include ApiHelpers
+
+  let(:user) { create(:user) }
+  let(:project) { create(:empty_project) }
+  let(:environment) { create(:environment, name: 'production', project: project) }
+
+  before do
+    project.add_master(user)
+
+    sign_in(user)
+  end
+
+  describe 'GET #index' do
+    it 'returns list of deployments from last 8 hours' do
+      create(:deployment, environment: environment, created_at: 9.hours.ago)
+      create(:deployment, environment: environment, created_at: 7.hours.ago)
+      create(:deployment, environment: environment)
+
+      get :index, environment_params(after: 8.hours.ago)
+
+      expect(response).to be_ok
+
+      expect(json_response['deployments'].count).to eq(2)
+    end
+
+    it 'returns a list with deployments information' do
+      create(:deployment, environment: environment)
+
+      get :index, environment_params
+
+      expect(response).to be_ok
+      expect(response).to match_response_schema('deployments')
+    end
+  end
+
+  def environment_params(opts = {})
+    opts.reverse_merge(namespace_id: project.namespace, project_id: project, environment_id: environment.id)
+  end
+end
diff --git a/spec/controllers/projects/notes_controller_spec.rb b/spec/controllers/projects/notes_controller_spec.rb
index f140eaef5d5..45f4cf9180d 100644
--- a/spec/controllers/projects/notes_controller_spec.rb
+++ b/spec/controllers/projects/notes_controller_spec.rb
@@ -167,6 +167,47 @@ describe Projects::NotesController do
     end
   end
 
+  describe 'DELETE destroy' do
+    let(:request_params) do
+      {
+        namespace_id: project.namespace,
+        project_id: project,
+        id: note,
+        format: :js
+      }
+    end
+
+    context 'user is the author of a note' do
+      before do
+        sign_in(note.author)
+        project.team << [note.author, :developer]
+      end
+
+      it "returns status 200 for html" do
+        delete :destroy, request_params
+
+        expect(response).to have_http_status(200)
+      end
+
+      it "deletes the note" do
+        expect { delete :destroy, request_params }.to change { Note.count }.from(1).to(0)
+      end
+    end
+
+    context 'user is not the author of a note' do
+      before do
+        sign_in(user)
+        project.team << [user, :developer]
+      end
+
+      it "returns status 404" do
+        delete :destroy, request_params
+
+        expect(response).to have_http_status(404)
+      end
+    end
+  end
+
   describe 'POST toggle_award_emoji' do
     before do
       sign_in(user)
diff --git a/spec/controllers/snippets/notes_controller_spec.rb b/spec/controllers/snippets/notes_controller_spec.rb
new file mode 100644
index 00000000000..1c494b8c7ab
--- /dev/null
+++ b/spec/controllers/snippets/notes_controller_spec.rb
@@ -0,0 +1,196 @@
+require 'spec_helper'
+
+describe Snippets::NotesController do
+  let(:user) { create(:user) }
+
+  let(:private_snippet)  { create(:personal_snippet, :private) }
+  let(:internal_snippet) { create(:personal_snippet, :internal) }
+  let(:public_snippet)   { create(:personal_snippet, :public) }
+
+  let(:note_on_private)  { create(:note_on_personal_snippet, noteable: private_snippet) }
+  let(:note_on_internal) { create(:note_on_personal_snippet, noteable: internal_snippet) }
+  let(:note_on_public)   { create(:note_on_personal_snippet, noteable: public_snippet) }
+
+  describe 'GET index' do
+    context 'when a snippet is public' do
+      before do
+        note_on_public
+
+        get :index, { snippet_id: public_snippet }
+      end
+
+      it "returns status 200" do
+        expect(response).to have_http_status(200)
+      end
+
+      it "returns not empty array of notes" do
+        expect(JSON.parse(response.body)["notes"].empty?).to be_falsey
+      end
+    end
+
+    context 'when a snippet is internal' do
+      before do
+        note_on_internal
+      end
+
+      context 'when user not logged in' do
+        it "returns status 404" do
+          get :index, { snippet_id: internal_snippet }
+
+          expect(response).to have_http_status(404)
+        end
+      end
+
+      context 'when user logged in' do
+        before do
+          sign_in(user)
+        end
+
+        it "returns status 200" do
+          get :index, { snippet_id: internal_snippet }
+
+          expect(response).to have_http_status(200)
+        end
+      end
+    end
+
+    context 'when a snippet is private' do
+      before do
+        note_on_private
+      end
+
+      context 'when user not logged in' do
+        it "returns status 404" do
+          get :index, { snippet_id: private_snippet }
+
+          expect(response).to have_http_status(404)
+        end
+      end
+
+      context 'when user other than author logged in' do
+        before do
+          sign_in(user)
+        end
+
+        it "returns status 404" do
+          get :index, { snippet_id: private_snippet }
+
+          expect(response).to have_http_status(404)
+        end
+      end
+
+      context 'when author logged in' do
+        before do
+          note_on_private
+
+          sign_in(private_snippet.author)
+        end
+
+        it "returns status 200" do
+          get :index, { snippet_id: private_snippet }
+
+          expect(response).to have_http_status(200)
+        end
+
+        it "returns 1 note" do
+          get :index, { snippet_id: private_snippet }
+
+          expect(JSON.parse(response.body)['notes'].count).to eq(1)
+        end
+      end
+    end
+
+    context 'dont show non visible notes' do
+      before do
+        note_on_public
+
+        sign_in(user)
+
+        expect_any_instance_of(Note).to receive(:cross_reference_not_visible_for?).and_return(true)
+      end
+
+      it "does not return any note" do
+        get :index, { snippet_id: public_snippet }
+
+        expect(JSON.parse(response.body)['notes'].count).to eq(0)
+      end
+    end
+  end
+
+  describe 'DELETE destroy' do
+    let(:request_params) do
+      {
+        snippet_id: public_snippet,
+        id: note_on_public,
+        format: :js
+      }
+    end
+
+    context 'when user is the author of a note' do
+      before do
+        sign_in(note_on_public.author)
+      end
+
+      it "returns status 200" do
+        delete :destroy, request_params
+
+        expect(response).to have_http_status(200)
+      end
+
+      it "deletes the note" do
+        expect{ delete :destroy, request_params }.to change{ Note.count }.from(1).to(0)
+      end
+
+      context 'system note' do
+        before do
+          expect_any_instance_of(Note).to receive(:system?).and_return(true)
+        end
+
+        it "does not delete the note" do
+          expect{ delete :destroy, request_params }.not_to change{ Note.count }
+        end
+      end
+    end
+
+    context 'when user is not the author of a note' do
+      before do
+        sign_in(user)
+
+        note_on_public
+      end
+
+      it "returns status 404" do
+        delete :destroy, request_params
+
+        expect(response).to have_http_status(404)
+      end
+
+      it "does not update the note" do
+        expect{ delete :destroy, request_params }.not_to change{ Note.count }
+      end
+    end
+  end
+
+  describe 'POST toggle_award_emoji' do
+    let(:note) { create(:note_on_personal_snippet, noteable: public_snippet) }
+    before do
+      sign_in(user)
+    end
+
+    subject { post(:toggle_award_emoji, snippet_id: public_snippet, id: note.id, name: "thumbsup") }
+
+    it "toggles the award emoji" do
+      expect { subject }.to change { note.award_emoji.count }.by(1)
+
+      expect(response).to have_http_status(200)
+    end
+
+    it "removes the already awarded emoji when it exists" do
+      note.toggle_award_emoji('thumbsup', user) # create award emoji before
+
+      expect { subject }.to change { AwardEmoji.count }.by(-1)
+
+      expect(response).to have_http_status(200)
+    end
+  end
+end
diff --git a/spec/controllers/snippets_controller_spec.rb b/spec/controllers/snippets_controller_spec.rb
index 234f3edd3d8..41cd5bdcdd8 100644
--- a/spec/controllers/snippets_controller_spec.rb
+++ b/spec/controllers/snippets_controller_spec.rb
@@ -350,144 +350,138 @@ describe SnippetsController do
     end
   end
 
-  %w(raw download).each do |action|
-    describe "GET #{action}" do
-      context 'when the personal snippet is private' do
-        let(:personal_snippet) { create(:personal_snippet, :private, author: user) }
+  describe "GET #raw" do
+    context 'when the personal snippet is private' do
+      let(:personal_snippet) { create(:personal_snippet, :private, author: user) }
 
-        context 'when signed in' do
-          before do
-            sign_in(user)
-          end
+      context 'when signed in' do
+        before do
+          sign_in(user)
+        end
 
-          context 'when signed in user is not the author' do
-            let(:other_author) { create(:author) }
-            let(:other_personal_snippet) { create(:personal_snippet, :private, author: other_author) }
+        context 'when signed in user is not the author' do
+          let(:other_author) { create(:author) }
+          let(:other_personal_snippet) { create(:personal_snippet, :private, author: other_author) }
 
-            it 'responds with status 404' do
-              get action, id: other_personal_snippet.to_param
+          it 'responds with status 404' do
+            get :raw, id: other_personal_snippet.to_param
 
-              expect(response).to have_http_status(404)
-            end
+            expect(response).to have_http_status(404)
           end
+        end
 
-          context 'when signed in user is the author' do
-            before { get action, id: personal_snippet.to_param }
+        context 'when signed in user is the author' do
+          before { get :raw, id: personal_snippet.to_param }
 
-            it 'responds with status 200' do
-              expect(assigns(:snippet)).to eq(personal_snippet)
-              expect(response).to have_http_status(200)
-            end
+          it 'responds with status 200' do
+            expect(assigns(:snippet)).to eq(personal_snippet)
+            expect(response).to have_http_status(200)
+          end
 
-            it 'has expected headers' do
-              expect(response.header['Content-Type']).to eq('text/plain; charset=utf-8')
+          it 'has expected headers' do
+            expect(response.header['Content-Type']).to eq('text/plain; charset=utf-8')
 
-              if action == :download
-                expect(response.header['Content-Disposition']).to match(/attachment/)
-              elsif action == :raw
-                expect(response.header['Content-Disposition']).to match(/inline/)
-              end
-            end
+            expect(response.header['Content-Disposition']).to match(/inline/)
           end
         end
+      end
 
-        context 'when not signed in' do
-          it 'redirects to the sign in page' do
-            get action, id: personal_snippet.to_param
+      context 'when not signed in' do
+        it 'redirects to the sign in page' do
+          get :raw, id: personal_snippet.to_param
 
-            expect(response).to redirect_to(new_user_session_path)
-          end
+          expect(response).to redirect_to(new_user_session_path)
         end
       end
+    end
 
-      context 'when the personal snippet is internal' do
-        let(:personal_snippet) { create(:personal_snippet, :internal, author: user) }
+    context 'when the personal snippet is internal' do
+      let(:personal_snippet) { create(:personal_snippet, :internal, author: user) }
 
-        context 'when signed in' do
-          before do
-            sign_in(user)
-          end
+      context 'when signed in' do
+        before do
+          sign_in(user)
+        end
 
-          it 'responds with status 200' do
-            get action, id: personal_snippet.to_param
+        it 'responds with status 200' do
+          get :raw, id: personal_snippet.to_param
 
-            expect(assigns(:snippet)).to eq(personal_snippet)
-            expect(response).to have_http_status(200)
-          end
+          expect(assigns(:snippet)).to eq(personal_snippet)
+          expect(response).to have_http_status(200)
         end
+      end
 
-        context 'when not signed in' do
-          it 'redirects to the sign in page' do
-            get action, id: personal_snippet.to_param
+      context 'when not signed in' do
+        it 'redirects to the sign in page' do
+          get :raw, id: personal_snippet.to_param
 
-            expect(response).to redirect_to(new_user_session_path)
-          end
+          expect(response).to redirect_to(new_user_session_path)
         end
       end
+    end
 
-      context 'when the personal snippet is public' do
-        let(:personal_snippet) { create(:personal_snippet, :public, author: user) }
+    context 'when the personal snippet is public' do
+      let(:personal_snippet) { create(:personal_snippet, :public, author: user) }
 
-        context 'when signed in' do
-          before do
-            sign_in(user)
-          end
+      context 'when signed in' do
+        before do
+          sign_in(user)
+        end
 
-          it 'responds with status 200' do
-            get action, id: personal_snippet.to_param
+        it 'responds with status 200' do
+          get :raw, id: personal_snippet.to_param
 
-            expect(assigns(:snippet)).to eq(personal_snippet)
-            expect(response).to have_http_status(200)
-          end
+          expect(assigns(:snippet)).to eq(personal_snippet)
+          expect(response).to have_http_status(200)
+        end
 
-          context 'CRLF line ending' do
-            let(:personal_snippet) do
-              create(:personal_snippet, :public, author: user, content: "first line\r\nsecond line\r\nthird line")
-            end
+        context 'CRLF line ending' do
+          let(:personal_snippet) do
+            create(:personal_snippet, :public, author: user, content: "first line\r\nsecond line\r\nthird line")
+          end
 
-            it 'returns LF line endings by default' do
-              get action, id: personal_snippet.to_param
+          it 'returns LF line endings by default' do
+            get :raw, id: personal_snippet.to_param
 
-              expect(response.body).to eq("first line\nsecond line\nthird line")
-            end
+            expect(response.body).to eq("first line\nsecond line\nthird line")
+          end
 
-            it 'does not convert line endings when parameter present' do
-              get action, id: personal_snippet.to_param, line_ending: :raw
+          it 'does not convert line endings when parameter present' do
+            get :raw, id: personal_snippet.to_param, line_ending: :raw
 
-              expect(response.body).to eq("first line\r\nsecond line\r\nthird line")
-            end
+            expect(response.body).to eq("first line\r\nsecond line\r\nthird line")
           end
         end
+      end
 
-        context 'when not signed in' do
-          it 'responds with status 200' do
-            get action, id: personal_snippet.to_param
+      context 'when not signed in' do
+        it 'responds with status 200' do
+          get :raw, id: personal_snippet.to_param
 
-            expect(assigns(:snippet)).to eq(personal_snippet)
-            expect(response).to have_http_status(200)
-          end
+          expect(assigns(:snippet)).to eq(personal_snippet)
+          expect(response).to have_http_status(200)
         end
       end
+    end
 
-      context 'when the personal snippet does not exist' do
-        context 'when signed in' do
-          before do
-            sign_in(user)
-          end
+    context 'when the personal snippet does not exist' do
+      context 'when signed in' do
+        before do
+          sign_in(user)
+        end
 
-          it 'responds with status 404' do
-            get action, id: 'doesntexist'
+        it 'responds with status 404' do
+          get :raw, id: 'doesntexist'
 
-            expect(response).to have_http_status(404)
-          end
+          expect(response).to have_http_status(404)
         end
+      end
 
-        context 'when not signed in' do
-          it 'responds with status 404' do
-            get action, id: 'doesntexist'
+      context 'when not signed in' do
+        it 'responds with status 404' do
+          get :raw, id: 'doesntexist'
 
-            expect(response).to have_http_status(404)
-          end
+          expect(response).to have_http_status(404)
         end
       end
     end