Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into 10-6-stable-frozen

# Conflicts: # GITLAB_PAGES_VERSION
author: James Lopez <james@jameslopez.es> 2018-03-08 09:13:09 +0100
committer: James Lopez <james@jameslopez.es> 2018-03-08 09:13:09 +0100
commit: 59a5a011e2eb2dd9a6b796437841ae25a80647b3 (patch)
tree: 5f92ae8e169b38b2303c58564f17656bab3d2037 /spec
parent: c7f34b54066b7c3cb6eee120fa877c0253ee1709 (diff)
parent: 7734e85bc6592c5ad3330c611c5f83a051b680b0 (diff)
download: gitlab-ce-59a5a011e2eb2dd9a6b796437841ae25a80647b3.tar.gz
54 files changed, 1571 insertions, 642 deletions
diff --git a/spec/controllers/projects/milestones_controller_spec.rb b/spec/controllers/projects/milestones_controller_spec.rb
index 00cf464ec5b..306094f7ffb 100644
--- a/spec/controllers/projects/milestones_controller_spec.rb
+++ b/spec/controllers/projects/milestones_controller_spec.rb
@@ -98,10 +98,8 @@ describe Projects::MilestonesController do
       it 'shows group milestone' do
         post :promote, namespace_id: project.namespace.id, project_id: project.id, id: milestone.iid
 
-        group_milestone = assigns(:milestone)
-
-        expect(response).to redirect_to(group_milestone_path(project.group, group_milestone.iid))
-        expect(flash[:notice]).to eq('Milestone has been promoted to group milestone.')
+        expect(flash[:notice]).to eq("#{milestone.title} promoted to group milestone")
+        expect(response).to redirect_to(project_milestones_path(project))
       end
     end
 
diff --git a/spec/controllers/projects/services_controller_spec.rb b/spec/controllers/projects/services_controller_spec.rb
index 847ac6f2be0..e4dc61b3a68 100644
--- a/spec/controllers/projects/services_controller_spec.rb
+++ b/spec/controllers/projects/services_controller_spec.rb
@@ -23,6 +23,18 @@ describe Projects::ServicesController do
       end
     end
 
+    context 'when validations fail' do
+      let(:service_params) { { active: 'true', token: '' } }
+
+      it 'returns error messages in JSON response' do
+        put :test, namespace_id: project.namespace, project_id: project, id: :hipchat, service: service_params
+
+        expect(json_response['message']).to eq "Validations failed."
+        expect(json_response['service_response']).to eq "Token can't be blank"
+        expect(response).to have_gitlab_http_status(200)
+      end
+    end
+
     context 'success' do
       context 'with empty project' do
         let(:project) { create(:project) }
diff --git a/spec/factories/notes.rb b/spec/factories/notes.rb
index 3f4e408b3a6..857333f222d 100644
--- a/spec/factories/notes.rb
+++ b/spec/factories/notes.rb
@@ -16,6 +16,8 @@ FactoryBot.define do
     factory :note_on_personal_snippet,   traits: [:on_personal_snippet]
     factory :system_note,                traits: [:system]
 
+    factory :discussion_note, class: DiscussionNote
+
     factory :discussion_note_on_merge_request, traits: [:on_merge_request], class: DiscussionNote do
       association :project, :repository
 
@@ -31,6 +33,8 @@ FactoryBot.define do
 
     factory :discussion_note_on_personal_snippet, traits: [:on_personal_snippet], class: DiscussionNote
 
+    factory :discussion_note_on_snippet, traits: [:on_snippet], class: DiscussionNote
+
     factory :legacy_diff_note_on_commit, traits: [:on_commit, :legacy_diff_note], class: LegacyDiffNote
 
     factory :legacy_diff_note_on_merge_request, traits: [:on_merge_request, :legacy_diff_note], class: LegacyDiffNote do
@@ -96,6 +100,10 @@ FactoryBot.define do
       noteable { create(:issue, project: project) }
     end
 
+    trait :on_snippet do
+      noteable { create(:snippet, project: project) }
+    end
+
     trait :on_merge_request do
       noteable { create(:merge_request, source_project: project) }
     end
diff --git a/spec/features/admin/admin_hooks_spec.rb b/spec/features/admin/admin_hooks_spec.rb
index f266f2ecc54..25ed3bdc88e 100644
--- a/spec/features/admin/admin_hooks_spec.rb
+++ b/spec/features/admin/admin_hooks_spec.rb
@@ -24,6 +24,16 @@ describe 'Admin::Hooks' do
       visit admin_hooks_path
       expect(page).to have_content(system_hook.url)
     end
+
+    it 'renders plugins list as well' do
+      allow(Gitlab::Plugin).to receive(:files).and_return(['foo.rb', 'bar.clj'])
+
+      visit admin_hooks_path
+
+      expect(page).to have_content('Plugins')
+      expect(page).to have_content('foo.rb')
+      expect(page).to have_content('bar.clj')
+    end
   end
 
   describe 'New Hook' do
diff --git a/spec/features/merge_request/maintainer_edits_fork_spec.rb b/spec/features/merge_request/maintainer_edits_fork_spec.rb
new file mode 100644
index 00000000000..a3323da1b1f
--- /dev/null
+++ b/spec/features/merge_request/maintainer_edits_fork_spec.rb
@@ -0,0 +1,44 @@
+require 'spec_helper'
+
+describe 'a maintainer edits files on a source-branch of an MR from a fork', :js do
+  include ProjectForksHelper
+  let(:user) { create(:user, username: 'the-maintainer') }
+  let(:target_project) { create(:project, :public, :repository) }
+  let(:author) { create(:user, username: 'mr-authoring-machine') }
+  let(:source_project) { fork_project(target_project, author, repository: true) }
+
+  let(:merge_request) do
+    create(:merge_request,
+           source_project: source_project,
+           target_project: target_project,
+           source_branch: 'fix',
+           target_branch: 'master',
+           author: author,
+           allow_maintainer_to_push: true)
+  end
+
+  before do
+    target_project.add_master(user)
+    sign_in(user)
+
+    visit project_merge_request_path(target_project, merge_request)
+    click_link 'Changes'
+    wait_for_requests
+    first('.js-file-title').click_link 'Edit'
+    wait_for_requests
+  end
+
+  it 'mentions commits will go to the source branch' do
+    expect(page).to have_content('Your changes can be committed to fix because a merge request is open.')
+  end
+
+  it 'allows committing to the source branch' do
+    find('.ace_text-input', visible: false).send_keys('Updated the readme')
+
+    click_button 'Commit changes'
+    wait_for_requests
+
+    expect(page).to have_content('Your changes have been successfully committed')
+    expect(page).to have_content('Updated the readme')
+  end
+end
diff --git a/spec/features/merge_request/user_allows_a_maintainer_to_push_spec.rb b/spec/features/merge_request/user_allows_a_maintainer_to_push_spec.rb
new file mode 100644
index 00000000000..eb41d7de8ed
--- /dev/null
+++ b/spec/features/merge_request/user_allows_a_maintainer_to_push_spec.rb
@@ -0,0 +1,85 @@
+require 'spec_helper'
+
+describe 'create a merge request that allows maintainers to push', :js do
+  include ProjectForksHelper
+  let(:user) { create(:user) }
+  let(:target_project) { create(:project, :public, :repository) }
+  let(:source_project) { fork_project(target_project, user, repository: true, namespace: user.namespace) }
+
+  def visit_new_merge_request
+    visit project_new_merge_request_path(
+      source_project,
+      merge_request: {
+        source_project_id: source_project.id,
+        target_project_id: target_project.id,
+        source_branch: 'fix',
+        target_branch: 'master'
+      })
+  end
+
+  before do
+    sign_in(user)
+  end
+
+  it 'allows setting maintainer push possible' do
+    visit_new_merge_request
+
+    check 'Allow edits from maintainers'
+
+    click_button 'Submit merge request'
+
+    wait_for_requests
+
+    expect(page).to have_content('Allows edits from maintainers')
+  end
+
+  it 'shows a message when one of the projects is private' do
+    source_project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
+
+    visit_new_merge_request
+
+    expect(page).to have_content('Not available for private projects')
+  end
+
+  it 'shows a message when the source branch is protected' do
+    create(:protected_branch, project: source_project, name: 'fix')
+
+    visit_new_merge_request
+
+    expect(page).to have_content('Not available for protected branches')
+  end
+
+  context 'when the merge request is being created within the same project' do
+    let(:source_project) { target_project }
+
+    it 'hides the checkbox if the merge request is being created within the same project' do
+      target_project.add_developer(user)
+
+      visit_new_merge_request
+
+      expect(page).not_to have_content('Allows edits from maintainers')
+    end
+  end
+
+  context 'when a maintainer tries to edit the option' do
+    let(:maintainer) { create(:user) }
+    let(:merge_request) do
+      create(:merge_request,
+             source_project: source_project,
+             target_project: target_project,
+             source_branch: 'fixes')
+    end
+
+    before do
+      target_project.add_master(maintainer)
+
+      sign_in(maintainer)
+    end
+
+    it 'it hides the option from maintainers' do
+      visit edit_project_merge_request_path(target_project, merge_request)
+
+      expect(page).not_to have_content('Allows edits from maintainers')
+    end
+  end
+end
diff --git a/spec/features/projects/new_project_spec.rb b/spec/features/projects/new_project_spec.rb
index fd561288091..a5954fec54b 100644
--- a/spec/features/projects/new_project_spec.rb
+++ b/spec/features/projects/new_project_spec.rb
@@ -173,11 +173,11 @@ feature 'New project' do
 
     context 'from GitHub' do
       before do
-        first('.import_github').click
+        first('.js-import-github').click
       end
 
       it 'shows import instructions' do
-        expect(page).to have_content('Import Projects from GitHub')
+        expect(page).to have_content('Import repositories from GitHub')
         expect(current_path).to eq new_import_github_path
       end
     end
diff --git a/spec/features/projects/services/disable_triggers_spec.rb b/spec/features/projects/services/disable_triggers_spec.rb
new file mode 100644
index 00000000000..1a13fe03a67
--- /dev/null
+++ b/spec/features/projects/services/disable_triggers_spec.rb
@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+describe 'Disable individual triggers' do
+  let(:project) { create(:project) }
+  let(:user) { project.owner }
+  let(:checkbox_selector) { 'input[type=checkbox][id$=_events]' }
+
+  before do
+    sign_in(user)
+
+    visit(project_settings_integrations_path(project))
+
+    click_link(service_name)
+  end
+
+  context 'service has multiple supported events' do
+    let(:service_name) { 'HipChat' }
+
+    it 'shows trigger checkboxes' do
+      event_count = HipchatService.supported_events.count
+
+      expect(page).to have_content "Trigger"
+      expect(page).to have_css(checkbox_selector, count: event_count)
+    end
+  end
+
+  context 'services only has one supported event' do
+    let(:service_name) { 'Asana' }
+
+    it "doesn't show unnecessary Trigger checkboxes" do
+      expect(page).not_to have_content "Trigger"
+      expect(page).not_to have_css(checkbox_selector)
+    end
+  end
+end
diff --git a/spec/features/projects/user_creates_files_spec.rb b/spec/features/projects/user_creates_files_spec.rb
index 7a935dd2477..8993533676b 100644
--- a/spec/features/projects/user_creates_files_spec.rb
+++ b/spec/features/projects/user_creates_files_spec.rb
@@ -133,13 +133,20 @@ describe 'User creates files' do
       before do
         project2.add_reporter(user)
         visit(project2_tree_path_root_ref)
-      end
 
-      it 'creates and commit new file in forked project', :js do
         find('.add-to-tree').click
         click_link('New file')
+      end
+
+      it 'shows a message saying the file will be committed in a fork' do
+        message = "A new branch will be created in your fork and a new merge request will be started."
 
+        expect(page).to have_content(message)
+      end
+
+      it 'creates and commit new file in forked project', :js do
         expect(page).to have_selector('.file-editor')
+        expect(page).to have_content
 
         find('#editor')
         execute_script("ace.edit('editor').setValue('*.rbca')")
diff --git a/spec/fixtures/api/schemas/entities/merge_request_basic.json b/spec/fixtures/api/schemas/entities/merge_request_basic.json
index f1199468d53..46031961cca 100644
--- a/spec/fixtures/api/schemas/entities/merge_request_basic.json
+++ b/spec/fixtures/api/schemas/entities/merge_request_basic.json
@@ -12,7 +12,8 @@
     "rebase_in_progress": { "type": "boolean" },
     "assignee_id": { "type": ["integer", "null"] },
     "subscribed": { "type": ["boolean", "null"] },
-    "participants": { "type": "array" }
+    "participants": { "type": "array" },
+    "allow_maintainer_to_push": { "type": "boolean"}
   },
   "additionalProperties": false
 }
diff --git a/spec/fixtures/api/schemas/entities/merge_request_widget.json b/spec/fixtures/api/schemas/entities/merge_request_widget.json
index cfbeec58a45..a622bf88b13 100644
--- a/spec/fixtures/api/schemas/entities/merge_request_widget.json
+++ b/spec/fixtures/api/schemas/entities/merge_request_widget.json
@@ -30,6 +30,7 @@
     "source_project_id": { "type": "integer" },
     "target_branch": { "type": "string" },
     "target_project_id": { "type": "integer" },
+    "allow_maintainer_to_push": { "type": "boolean"},
     "metrics": {
       "oneOf": [
         { "type": "null" },
diff --git a/spec/fixtures/api/schemas/public_api/v4/merge_requests.json b/spec/fixtures/api/schemas/public_api/v4/merge_requests.json
index e86176e5316..0dc2eabec5d 100644
--- a/spec/fixtures/api/schemas/public_api/v4/merge_requests.json
+++ b/spec/fixtures/api/schemas/public_api/v4/merge_requests.json
@@ -80,7 +80,8 @@
         "total_time_spent": { "type": "integer" },
         "human_time_estimate": { "type": ["string", "null"] },
         "human_total_time_spent": { "type": ["string", "null"] }
-      }
+      },
+      "allow_maintainer_to_push": { "type": ["boolean", "null"] }
     },
     "required": [
       "id", "iid", "project_id", "title", "description",
diff --git a/spec/fixtures/api/schemas/public_api/v4/notes.json b/spec/fixtures/api/schemas/public_api/v4/notes.json
index 6525f7c2c80..4c4ca3b582f 100644
--- a/spec/fixtures/api/schemas/public_api/v4/notes.json
+++ b/spec/fixtures/api/schemas/public_api/v4/notes.json
@@ -4,6 +4,7 @@
     "type": "object",
     "properties" : {
       "id": { "type": "integer" },
+      "type": { "type": ["string", "null"] },
       "body": { "type": "string" },
       "attachment": { "type": ["string", "null"] },
       "author": {
diff --git a/spec/helpers/tree_helper_spec.rb b/spec/helpers/tree_helper_spec.rb
index d3b1be599dd..ccac6e29447 100644
--- a/spec/helpers/tree_helper_spec.rb
+++ b/spec/helpers/tree_helper_spec.rb
@@ -62,4 +62,13 @@ describe TreeHelper do
       end
     end
   end
+
+  describe '#commit_in_single_accessible_branch' do
+    it 'escapes HTML from the branch name' do
+      helper.instance_variable_set(:@branch_name, "<script>alert('escape me!');</script>")
+      escaped_branch_name = '&lt;script&gt;alert(&#39;escape me!&#39;);&lt;/script&gt;'
+
+      expect(helper.commit_in_single_accessible_branch).to include(escaped_branch_name)
+    end
+  end
 end
diff --git a/spec/javascripts/environments/environments_app_spec.js b/spec/javascripts/environments/environments_app_spec.js
index 5bb37304372..e4c3bf2bef1 100644
--- a/spec/javascripts/environments/environments_app_spec.js
+++ b/spec/javascripts/environments/environments_app_spec.js
@@ -61,6 +61,7 @@ describe('Environment', () => {
     });
 
     describe('with paginated environments', () => {
+      let backupInterceptors;
       const environmentsResponseInterceptor = (request, next) => {
         next((response) => {
           response.headers.set('X-nExt-pAge', '2');
@@ -84,16 +85,16 @@ describe('Environment', () => {
       };
 
       beforeEach(() => {
-        Vue.http.interceptors.push(environmentsResponseInterceptor);
-        Vue.http.interceptors.push(headersInterceptor);
+        backupInterceptors = Vue.http.interceptors;
+        Vue.http.interceptors = [
+          environmentsResponseInterceptor,
+          headersInterceptor,
+        ];
         component = mountComponent(EnvironmentsComponent, mockData);
       });
 
       afterEach(() => {
-        Vue.http.interceptors = _.without(
-          Vue.http.interceptors, environmentsResponseInterceptor,
-        );
-        Vue.http.interceptors = _.without(Vue.http.interceptors, headersInterceptor);
+        Vue.http.interceptors = backupInterceptors;
       });
 
       it('should render a table with environments', (done) => {
diff --git a/spec/javascripts/importer_status_spec.js b/spec/javascripts/importer_status_spec.js
index 71a2cd51f63..0575d02886d 100644
--- a/spec/javascripts/importer_status_spec.js
+++ b/spec/javascripts/importer_status_spec.js
@@ -29,7 +29,10 @@ describe('Importer Status', () => {
       `);
       spyOn(ImporterStatus.prototype, 'initStatusPage').and.callFake(() => {});
       spyOn(ImporterStatus.prototype, 'setAutoUpdate').and.callFake(() => {});
-      instance = new ImporterStatus('', importUrl);
+      instance = new ImporterStatus({
+        jobsUrl: '',
+        importUrl,
+      });
     });
 
     it('sets table row to active after post request', (done) => {
@@ -65,7 +68,9 @@ describe('Importer Status', () => {
 
       spyOn(ImporterStatus.prototype, 'initStatusPage').and.callFake(() => {});
       spyOn(ImporterStatus.prototype, 'setAutoUpdate').and.callFake(() => {});
-      instance = new ImporterStatus(jobsUrl);
+      instance = new ImporterStatus({
+        jobsUrl,
+      });
     });
 
     function setupMock(importStatus) {
@@ -86,17 +91,17 @@ describe('Importer Status', () => {
 
     it('sets the job status to done', (done) => {
       setupMock('finished');
-      expectJobStatus(done, 'done');
+      expectJobStatus(done, 'Done');
     });
 
     it('sets the job status to scheduled', (done) => {
       setupMock('scheduled');
-      expectJobStatus(done, 'scheduled');
+      expectJobStatus(done, 'Scheduled');
     });
 
     it('sets the job status to started', (done) => {
       setupMock('started');
-      expectJobStatus(done, 'started');
+      expectJobStatus(done, 'Started');
     });
 
     it('sets the job status to custom status', (done) => {
diff --git a/spec/javascripts/pages/labels/components/promote_label_modal_spec.js b/spec/javascripts/pages/labels/components/promote_label_modal_spec.js
new file mode 100644
index 00000000000..ba2e07f02f7
--- /dev/null
+++ b/spec/javascripts/pages/labels/components/promote_label_modal_spec.js
@@ -0,0 +1,88 @@
+import Vue from 'vue';
+import promoteLabelModal from '~/pages/projects/labels/components/promote_label_modal.vue';
+import eventHub from '~/pages/projects/labels/event_hub';
+import axios from '~/lib/utils/axios_utils';
+import mountComponent from '../../../helpers/vue_mount_component_helper';
+
+describe('Promote label modal', () => {
+  let vm;
+  const Component = Vue.extend(promoteLabelModal);
+  const labelMockData = {
+    labelTitle: 'Documentation',
+    labelColor: '#5cb85c',
+    labelTextColor: '#ffffff',
+    url: `${gl.TEST_HOST}/dummy/promote/labels`,
+  };
+
+  describe('Modal title and description', () => {
+    beforeEach(() => {
+      vm = mountComponent(Component, labelMockData);
+    });
+
+    afterEach(() => {
+      vm.$destroy();
+    });
+
+    it('contains the proper description', () => {
+      expect(vm.text).toContain('Promoting this label will make it available for all projects inside the group');
+    });
+
+    it('contains a label span with the color', () => {
+      const labelFromTitle = vm.$el.querySelector('.modal-header .label.color-label');
+
+      expect(labelFromTitle.style.backgroundColor).not.toBe(null);
+      expect(labelFromTitle.textContent).toContain(vm.labelTitle);
+    });
+  });
+
+  describe('When requesting a label promotion', () => {
+    beforeEach(() => {
+      vm = mountComponent(Component, {
+        ...labelMockData,
+      });
+      spyOn(eventHub, '$emit');
+    });
+
+    afterEach(() => {
+      vm.$destroy();
+    });
+
+    it('redirects when a label is promoted', (done) => {
+      const responseURL = `${gl.TEST_HOST}/dummy/endpoint`;
+      spyOn(axios, 'post').and.callFake((url) => {
+        expect(url).toBe(labelMockData.url);
+        expect(eventHub.$emit).toHaveBeenCalledWith('promoteLabelModal.requestStarted', labelMockData.url);
+        return Promise.resolve({
+          request: {
+            responseURL,
+          },
+        });
+      });
+
+      vm.onSubmit()
+        .then(() => {
+          expect(eventHub.$emit).toHaveBeenCalledWith('promoteLabelModal.requestFinished', { labelUrl: labelMockData.url, successful: true });
+        })
+        .then(done)
+        .catch(done.fail);
+    });
+
+    it('displays an error if promoting a label failed', (done) => {
+      const dummyError = new Error('promoting label failed');
+      dummyError.response = { status: 500 };
+      spyOn(axios, 'post').and.callFake((url) => {
+        expect(url).toBe(labelMockData.url);
+        expect(eventHub.$emit).toHaveBeenCalledWith('promoteLabelModal.requestStarted', labelMockData.url);
+        return Promise.reject(dummyError);
+      });
+
+      vm.onSubmit()
+        .catch((error) => {
+          expect(error).toBe(dummyError);
+          expect(eventHub.$emit).toHaveBeenCalledWith('promoteLabelModal.requestFinished', { labelUrl: labelMockData.url, successful: false });
+        })
+        .then(done)
+        .catch(done.fail);
+    });
+  });
+});
diff --git a/spec/javascripts/pages/milestones/shared/components/promote_milestone_modal_spec.js b/spec/javascripts/pages/milestones/shared/components/promote_milestone_modal_spec.js
new file mode 100644
index 00000000000..bf044fe8fb5
--- /dev/null
+++ b/spec/javascripts/pages/milestones/shared/components/promote_milestone_modal_spec.js
@@ -0,0 +1,83 @@
+import Vue from 'vue';
+import promoteMilestoneModal from '~/pages/milestones/shared/components/promote_milestone_modal.vue';
+import eventHub from '~/pages/milestones/shared/event_hub';
+import axios from '~/lib/utils/axios_utils';
+import mountComponent from '../../../../helpers/vue_mount_component_helper';
+
+describe('Promote milestone modal', () => {
+  let vm;
+  const Component = Vue.extend(promoteMilestoneModal);
+  const milestoneMockData = {
+    milestoneTitle: 'v1.0',
+    url: `${gl.TEST_HOST}/dummy/promote/milestones`,
+  };
+
+  describe('Modal title and description', () => {
+    beforeEach(() => {
+      vm = mountComponent(Component, milestoneMockData);
+    });
+
+    afterEach(() => {
+      vm.$destroy();
+    });
+
+    it('contains the proper description', () => {
+      expect(vm.text).toContain('Promoting this milestone will make it available for all projects inside the group.');
+    });
+
+    it('contains the correct title', () => {
+      expect(vm.title).toEqual('Promote v1.0 to group milestone?');
+    });
+  });
+
+  describe('When requesting a milestone promotion', () => {
+    beforeEach(() => {
+      vm = mountComponent(Component, {
+        ...milestoneMockData,
+      });
+      spyOn(eventHub, '$emit');
+    });
+
+    afterEach(() => {
+      vm.$destroy();
+    });
+
+    it('redirects when a milestone is promoted', (done) => {
+      const responseURL = `${gl.TEST_HOST}/dummy/endpoint`;
+      spyOn(axios, 'post').and.callFake((url) => {
+        expect(url).toBe(milestoneMockData.url);
+        expect(eventHub.$emit).toHaveBeenCalledWith('promoteMilestoneModal.requestStarted', milestoneMockData.url);
+        return Promise.resolve({
+          request: {
+            responseURL,
+          },
+        });
+      });
+
+      vm.onSubmit()
+        .then(() => {
+          expect(eventHub.$emit).toHaveBeenCalledWith('promoteMilestoneModal.requestFinished', { milestoneUrl: milestoneMockData.url, successful: true });
+        })
+        .then(done)
+        .catch(done.fail);
+    });
+
+    it('displays an error if promoting a milestone failed', (done) => {
+      const dummyError = new Error('promoting milestone failed');
+      dummyError.response = { status: 500 };
+      spyOn(axios, 'post').and.callFake((url) => {
+        expect(url).toBe(milestoneMockData.url);
+        expect(eventHub.$emit).toHaveBeenCalledWith('promoteMilestoneModal.requestStarted', milestoneMockData.url);
+        return Promise.reject(dummyError);
+      });
+
+      vm.onSubmit()
+        .catch((error) => {
+          expect(error).toBe(dummyError);
+          expect(eventHub.$emit).toHaveBeenCalledWith('promoteMilestoneModal.requestFinished', { milestoneUrl: milestoneMockData.url, successful: false });
+        })
+        .then(done)
+        .catch(done.fail);
+    });
+  });
+});
diff --git a/spec/javascripts/prometheus_metrics/prometheus_metrics_spec.js b/spec/javascripts/prometheus_metrics/prometheus_metrics_spec.js
index f6c0f51cf62..955ec6a531c 100644
--- a/spec/javascripts/prometheus_metrics/prometheus_metrics_spec.js
+++ b/spec/javascripts/prometheus_metrics/prometheus_metrics_spec.js
@@ -85,7 +85,7 @@ describe('PrometheusMetrics', () => {
       expect(prometheusMetrics.$monitoredMetricsLoading.hasClass('hidden')).toBeTruthy();
       expect(prometheusMetrics.$monitoredMetricsList.hasClass('hidden')).toBeFalsy();
 
-      expect(prometheusMetrics.$monitoredMetricsCount.text()).toEqual('12');
+      expect(prometheusMetrics.$monitoredMetricsCount.text()).toEqual('3 exporters with 12 metrics were found');
       expect($metricsListLi.length).toEqual(metrics.length);
       expect($metricsListLi.first().find('.badge').text()).toEqual(`${metrics[0].active_metrics}`);
     });
diff --git a/spec/javascripts/sidebar/sidebar_assignees_spec.js b/spec/javascripts/sidebar/sidebar_assignees_spec.js
index 2fbb7268e0b..ebaaa6e806b 100644
--- a/spec/javascripts/sidebar/sidebar_assignees_spec.js
+++ b/spec/javascripts/sidebar/sidebar_assignees_spec.js
@@ -1,6 +1,6 @@
 import _ from 'underscore';
 import Vue from 'vue';
-import SidebarAssignees from '~/sidebar/components/assignees/sidebar_assignees';
+import SidebarAssignees from '~/sidebar/components/assignees/sidebar_assignees.vue';
 import SidebarMediator from '~/sidebar/sidebar_mediator';
 import SidebarService from '~/sidebar/services/sidebar_service';
 import SidebarStore from '~/sidebar/stores/sidebar_store';
diff --git a/spec/javascripts/vue_mr_widget/components/mr_widget_maintainer_edit_spec.js b/spec/javascripts/vue_mr_widget/components/mr_widget_maintainer_edit_spec.js
new file mode 100644
index 00000000000..cee22d5342a
--- /dev/null
+++ b/spec/javascripts/vue_mr_widget/components/mr_widget_maintainer_edit_spec.js
@@ -0,0 +1,40 @@
+import Vue from 'vue';
+import maintainerEditComponent from '~/vue_merge_request_widget/components/mr_widget_maintainer_edit.vue';
+import mountComponent from 'spec/helpers/vue_mount_component_helper';
+
+describe('RWidgetMaintainerEdit', () => {
+  let Component;
+  let vm;
+
+  beforeEach(() => {
+    Component = Vue.extend(maintainerEditComponent);
+  });
+
+  afterEach(() => {
+    vm.$destroy();
+  });
+
+  describe('when a maintainer is allowed to edit', () => {
+    beforeEach(() => {
+      vm = mountComponent(Component, {
+        maintainerEditAllowed: true,
+      });
+    });
+
+    it('it renders the message', () => {
+      expect(vm.$el.textContent.trim()).toEqual('Allows edits from maintainers');
+    });
+  });
+
+  describe('when a maintainer is not allowed to edit', () => {
+    beforeEach(() => {
+      vm = mountComponent(Component, {
+        maintainerEditAllowed: false,
+      });
+    });
+
+    it('hides the message', () => {
+      expect(vm.$el.textContent.trim()).toEqual('');
+    });
+  });
+});
diff --git a/spec/javascripts/vue_mr_widget/mr_widget_options_spec.js b/spec/javascripts/vue_mr_widget/mr_widget_options_spec.js
index 18ba34b55a5..ebe151ac3b1 100644
--- a/spec/javascripts/vue_mr_widget/mr_widget_options_spec.js
+++ b/spec/javascripts/vue_mr_widget/mr_widget_options_spec.js
@@ -349,6 +349,7 @@ describe('mrWidgetOptions', () => {
       expect(comps['mr-widget-pipeline-blocked']).toBeDefined();
       expect(comps['mr-widget-pipeline-failed']).toBeDefined();
       expect(comps['mr-widget-merge-when-pipeline-succeeds']).toBeDefined();
+      expect(comps['mr-widget-maintainer-edit']).toBeDefined();
     });
   });
 
diff --git a/spec/javascripts/vue_shared/components/clipboard_button_spec.js b/spec/javascripts/vue_shared/components/clipboard_button_spec.js
index d0fc10d69ea..f598b1afa74 100644
--- a/spec/javascripts/vue_shared/components/clipboard_button_spec.js
+++ b/spec/javascripts/vue_shared/components/clipboard_button_spec.js
@@ -10,6 +10,7 @@ describe('clipboard button', () => {
     vm = mountComponent(Component, {
       text: 'copy me',
       title: 'Copy this value into Clipboard!',
+      cssClass: 'btn-danger',
     });
   });
 
@@ -28,4 +29,8 @@ describe('clipboard button', () => {
     expect(vm.$el.getAttribute('data-placement')).toEqual('top');
     expect(vm.$el.getAttribute('data-container')).toEqual(null);
   });
+
+  it('should render provided classname', () => {
+    expect(vm.$el.classList).toContain('btn-danger');
+  });
 });
diff --git a/spec/lib/gitlab/checks/change_access_spec.rb b/spec/lib/gitlab/checks/change_access_spec.rb
index b49ddbfc780..48e9902027c 100644
--- a/spec/lib/gitlab/checks/change_access_spec.rb
+++ b/spec/lib/gitlab/checks/change_access_spec.rb
@@ -30,9 +30,10 @@ describe Gitlab::Checks::ChangeAccess do
       end
     end
 
-    context 'when the user is not allowed to push code' do
+    context 'when the user is not allowed to push to the repo' do
       it 'raises an error' do
         expect(user_access).to receive(:can_do_action?).with(:push_code).and_return(false)
+        expect(user_access).to receive(:can_push_to_branch?).with('master').and_return(false)
 
         expect { subject.exec }.to raise_error(Gitlab::GitAccess::UnauthorizedError, 'You are not allowed to push code to this project.')
       end
diff --git a/spec/lib/gitlab/ci/charts_spec.rb b/spec/lib/gitlab/ci/charts_spec.rb
index f8188675013..1668d3bbaac 100644
--- a/spec/lib/gitlab/ci/charts_spec.rb
+++ b/spec/lib/gitlab/ci/charts_spec.rb
@@ -1,6 +1,51 @@
 require 'spec_helper'
 
 describe Gitlab::Ci::Charts do
+  context "yearchart" do
+    let(:project) { create(:project) }
+    let(:chart) { Gitlab::Ci::Charts::YearChart.new(project) }
+
+    subject { chart.to }
+
+    it 'goes until the end of the current month (including the whole last day of the month)' do
+      is_expected.to eq(Date.today.end_of_month.end_of_day)
+    end
+
+    it 'starts at the beginning of the current year' do
+      expect(chart.from).to eq(chart.to.years_ago(1).beginning_of_month.beginning_of_day)
+    end
+  end
+
+  context "monthchart" do
+    let(:project) { create(:project) }
+    let(:chart) { Gitlab::Ci::Charts::MonthChart.new(project) }
+
+    subject { chart.to }
+
+    it 'includes the whole current day' do
+      is_expected.to eq(Date.today.end_of_day)
+    end
+
+    it 'starts one month ago' do
+      expect(chart.from).to eq(1.month.ago.beginning_of_day)
+    end
+  end
+
+  context "weekchart" do
+    let(:project) { create(:project) }
+    let(:chart) { Gitlab::Ci::Charts::WeekChart.new(project) }
+
+    subject { chart.to }
+
+    it 'includes the whole current day' do
+      is_expected.to eq(Date.today.end_of_day)
+    end
+
+    it 'starts one week ago' do
+      expect(chart.from).to eq(1.week.ago.beginning_of_day)
+    end
+  end
+
   context "pipeline_times" do
     let(:project) { create(:project) }
     let(:chart) { Gitlab::Ci::Charts::PipelineTime.new(project) }
diff --git a/spec/lib/gitlab/contributions_calendar_spec.rb b/spec/lib/gitlab/contributions_calendar_spec.rb
index 167876ca158..2c63f3b0455 100644
--- a/spec/lib/gitlab/contributions_calendar_spec.rb
+++ b/spec/lib/gitlab/contributions_calendar_spec.rb
@@ -77,6 +77,13 @@ describe Gitlab::ContributionsCalendar do
       expect(calendar(contributor).activity_dates[today]).to eq(1)
     end
 
+    it "counts the discussions on merge requests and issues" do
+      create_event(public_project, today, 0, Event::COMMENTED, :discussion_note_on_merge_request)
+      create_event(public_project, today, 2, Event::COMMENTED, :discussion_note_on_issue)
+
+      expect(calendar(contributor).activity_dates[today]).to eq(2)
+    end
+
     context "when events fall under different dates depending on the time zone" do
       before do
         create_event(public_project, today, 1)
diff --git a/spec/lib/gitlab/data_builder/pipeline_spec.rb b/spec/lib/gitlab/data_builder/pipeline_spec.rb
index f13041e498c..9ca960502c8 100644
--- a/spec/lib/gitlab/data_builder/pipeline_spec.rb
+++ b/spec/lib/gitlab/data_builder/pipeline_spec.rb
@@ -26,6 +26,7 @@ describe Gitlab::DataBuilder::Pipeline do
     it { expect(attributes[:tag]).to eq(pipeline.tag) }
     it { expect(attributes[:id]).to eq(pipeline.id) }
     it { expect(attributes[:status]).to eq(pipeline.status) }
+    it { expect(attributes[:detailed_status]).to eq('passed') }
 
     it { expect(build_data).to be_a(Hash) }
     it { expect(build_data[:id]).to eq(build.id) }
diff --git a/spec/lib/gitlab/git/gitlab_projects_spec.rb b/spec/lib/gitlab/git/gitlab_projects_spec.rb
index f4b964e1ee9..45bcd730332 100644
--- a/spec/lib/gitlab/git/gitlab_projects_spec.rb
+++ b/spec/lib/gitlab/git/gitlab_projects_spec.rb
@@ -61,10 +61,11 @@ describe Gitlab::Git::GitlabProjects do
     let(:remote_name) { 'remote-name' }
     let(:branch_name) { 'master' }
     let(:force) { false }
+    let(:prune) { true }
     let(:tags) { true }
-    let(:args) { { force: force, tags: tags }.merge(extra_args) }
+    let(:args) { { force: force, tags: tags, prune: prune }.merge(extra_args) }
     let(:extra_args) { {} }
-    let(:cmd) { %W(git fetch #{remote_name} --prune --quiet --tags) }
+    let(:cmd) { %W(git fetch #{remote_name} --quiet --prune --tags) }
 
     subject { gl_projects.fetch_remote(remote_name, 600, args) }
 
@@ -97,7 +98,7 @@ describe Gitlab::Git::GitlabProjects do
 
     context 'with --force' do
       let(:force) { true }
-      let(:cmd) { %W(git fetch #{remote_name} --prune --quiet --force --tags) }
+      let(:cmd) { %W(git fetch #{remote_name} --quiet --prune --force --tags) }
 
       it 'executes the command with forced option' do
         stub_spawn(cmd, 600, tmp_repo_path, {}, success: true)
@@ -108,7 +109,18 @@ describe Gitlab::Git::GitlabProjects do
 
     context 'with --no-tags' do
       let(:tags) { false }
-      let(:cmd) { %W(git fetch #{remote_name} --prune --quiet --no-tags) }
+      let(:cmd) { %W(git fetch #{remote_name} --quiet --prune --no-tags) }
+
+      it 'executes the command' do
+        stub_spawn(cmd, 600, tmp_repo_path, {}, success: true)
+
+        is_expected.to be_truthy
+      end
+    end
+
+    context 'with no prune' do
+      let(:prune) { false }
+      let(:cmd) { %W(git fetch #{remote_name} --quiet --tags) }
 
       it 'executes the command' do
         stub_spawn(cmd, 600, tmp_repo_path, {}, success: true)
diff --git a/spec/lib/gitlab/gitaly_client/repository_service_spec.rb b/spec/lib/gitlab/gitaly_client/repository_service_spec.rb
index c50e73cecfc..1c41dbcb9ef 100644
--- a/spec/lib/gitlab/gitaly_client/repository_service_spec.rb
+++ b/spec/lib/gitlab/gitaly_client/repository_service_spec.rb
@@ -85,6 +85,20 @@ describe Gitlab::GitalyClient::RepositoryService do
     end
   end
 
+  describe '#fetch_remote' do
+    let(:ssh_auth) { double(:ssh_auth, ssh_import?: true, ssh_key_auth?: false, ssh_known_hosts: nil) }
+    let(:import_url) { 'ssh://example.com' }
+
+    it 'sends a fetch_remote_request message' do
+      expect_any_instance_of(Gitaly::RepositoryService::Stub)
+        .to receive(:fetch_remote)
+        .with(gitaly_request_with_params(no_prune: false), kind_of(Hash))
+        .and_return(double(value: true))
+
+      client.fetch_remote(import_url, ssh_auth: ssh_auth, forced: false, no_tags: false, timeout: 60)
+    end
+  end
+
   describe '#rebase_in_progress?' do
     let(:rebase_id) { 1 }
 
diff --git a/spec/lib/gitlab/import_export/all_models.yml b/spec/lib/gitlab/import_export/all_models.yml
index b20cc34dd5c..bece82e531a 100644
--- a/spec/lib/gitlab/import_export/all_models.yml
+++ b/spec/lib/gitlab/import_export/all_models.yml
@@ -278,6 +278,7 @@ project:
 - custom_attributes
 - lfs_file_locks
 - project_badges
+- source_of_merge_requests
 award_emoji:
 - awardable
 - user
diff --git a/spec/lib/gitlab/import_export/safe_model_attributes.yml b/spec/lib/gitlab/import_export/safe_model_attributes.yml
index ddcbb7a0033..0b938892da5 100644
--- a/spec/lib/gitlab/import_export/safe_model_attributes.yml
+++ b/spec/lib/gitlab/import_export/safe_model_attributes.yml
@@ -168,6 +168,7 @@ MergeRequest:
 - last_edited_by_id
 - head_pipeline_id
 - discussion_locked
+- allow_maintainer_to_push
 MergeRequestDiff:
 - id
 - state
diff --git a/spec/lib/gitlab/shell_spec.rb b/spec/lib/gitlab/shell_spec.rb
index 4506cbc3982..56b45d8da3c 100644
--- a/spec/lib/gitlab/shell_spec.rb
+++ b/spec/lib/gitlab/shell_spec.rb
@@ -508,8 +508,8 @@ describe Gitlab::Shell do
     end
 
     shared_examples 'fetch_remote' do |gitaly_on|
-      def fetch_remote(ssh_auth = nil)
-        gitlab_shell.fetch_remote(repository.raw_repository, 'remote-name', ssh_auth: ssh_auth)
+      def fetch_remote(ssh_auth = nil, prune = true)
+        gitlab_shell.fetch_remote(repository.raw_repository, 'remote-name', ssh_auth: ssh_auth, prune: prune)
       end
 
       def expect_gitlab_projects(fail = false, options = {})
@@ -555,27 +555,33 @@ describe Gitlab::Shell do
       end
 
       it 'returns true when the command succeeds' do
-        expect_call(false, force: false, tags: true)
+        expect_call(false, force: false, tags: true, prune: true)
 
         expect(fetch_remote).to be_truthy
       end
 
+      it 'returns true when the command succeeds' do
+        expect_call(false, force: false, tags: true, prune: false)
+
+        expect(fetch_remote(nil, false)).to be_truthy
+      end
+
       it 'raises an exception when the command fails' do
-        expect_call(true, force: false, tags: true)
+        expect_call(true, force: false, tags: true, prune: true)
 
         expect { fetch_remote }.to raise_error(Gitlab::Shell::Error)
       end
 
       it 'allows forced and no_tags to be changed' do
-        expect_call(false, force: true, tags: false)
+        expect_call(false, force: true, tags: false, prune: true)
 
-        result = gitlab_shell.fetch_remote(repository.raw_repository, 'remote-name', forced: true, no_tags: true)
+        result = gitlab_shell.fetch_remote(repository.raw_repository, 'remote-name', forced: true, no_tags: true, prune: true)
         expect(result).to be_truthy
       end
 
       context 'SSH auth' do
         it 'passes the SSH key if specified' do
-          expect_call(false, force: false, tags: true, ssh_key: 'foo')
+          expect_call(false, force: false, tags: true, prune: true, ssh_key: 'foo')
 
           ssh_auth = build_ssh_auth(ssh_key_auth?: true, ssh_private_key: 'foo')
 
@@ -583,7 +589,7 @@ describe Gitlab::Shell do
         end
 
         it 'does not pass an empty SSH key' do
-          expect_call(false, force: false, tags: true)
+          expect_call(false, force: false, tags: true, prune: true)
 
           ssh_auth = build_ssh_auth(ssh_key_auth: true, ssh_private_key: '')
 
@@ -591,7 +597,7 @@ describe Gitlab::Shell do
         end
 
         it 'does not pass the key unless SSH key auth is to be used' do
-          expect_call(false, force: false, tags: true)
+          expect_call(false, force: false, tags: true, prune: true)
 
           ssh_auth = build_ssh_auth(ssh_key_auth: false, ssh_private_key: 'foo')
 
@@ -599,7 +605,7 @@ describe Gitlab::Shell do
         end
 
         it 'passes the known_hosts data if specified' do
-          expect_call(false, force: false, tags: true, known_hosts: 'foo')
+          expect_call(false, force: false, tags: true, prune: true, known_hosts: 'foo')
 
           ssh_auth = build_ssh_auth(ssh_known_hosts: 'foo')
 
@@ -607,7 +613,7 @@ describe Gitlab::Shell do
         end
 
         it 'does not pass empty known_hosts data' do
-          expect_call(false, force: false, tags: true)
+          expect_call(false, force: false, tags: true, prune: true)
 
           ssh_auth = build_ssh_auth(ssh_known_hosts: '')
 
@@ -615,7 +621,7 @@ describe Gitlab::Shell do
         end
 
         it 'does not pass known_hosts data unless SSH is to be used' do
-          expect_call(false, force: false, tags: true)
+          expect_call(false, force: false, tags: true, prune: true)
 
           ssh_auth = build_ssh_auth(ssh_import?: false, ssh_known_hosts: 'foo')
 
@@ -642,7 +648,7 @@ describe Gitlab::Shell do
 
         it 'passes the correct params to the gitaly service' do
           expect(repository.gitaly_repository_client).to receive(:fetch_remote)
-            .with(remote_name, ssh_auth: ssh_auth, forced: true, no_tags: true, timeout: timeout)
+            .with(remote_name, ssh_auth: ssh_auth, forced: true, no_tags: true, prune: true, timeout: timeout)
 
           subject
         end
diff --git a/spec/lib/gitlab/user_access_spec.rb b/spec/lib/gitlab/user_access_spec.rb
index 7280acb6c82..40c8286b1b9 100644
--- a/spec/lib/gitlab/user_access_spec.rb
+++ b/spec/lib/gitlab/user_access_spec.rb
@@ -1,6 +1,8 @@
 require 'spec_helper'
 
 describe Gitlab::UserAccess do
+  include ProjectForksHelper
+
   let(:access) { described_class.new(user, project: project) }
   let(:project) { create(:project, :repository) }
   let(:user) { create(:user) }
@@ -118,6 +120,39 @@ describe Gitlab::UserAccess do
       end
     end
 
+    describe 'allowing pushes to maintainers of forked projects' do
+      let(:canonical_project) { create(:project, :public, :repository) }
+      let(:project) { fork_project(canonical_project, create(:user), repository: true) }
+
+      before do
+        create(
+          :merge_request,
+          target_project: canonical_project,
+          source_project: project,
+          source_branch: 'awesome-feature',
+          allow_maintainer_to_push: true
+        )
+      end
+
+      it 'allows users that have push access to the canonical project to push to the MR branch' do
+        canonical_project.add_developer(user)
+
+        expect(access.can_push_to_branch?('awesome-feature')).to be_truthy
+      end
+
+      it 'does not allow the user to push to other branches' do
+        canonical_project.add_developer(user)
+
+        expect(access.can_push_to_branch?('master')).to be_falsey
+      end
+
+      it 'does not allow the user to push if he does not have push access to the canonical project' do
+        canonical_project.add_guest(user)
+
+        expect(access.can_push_to_branch?('awesome-feature')).to be_falsey
+      end
+    end
+
     describe 'merge to protected branch if allowed for developers' do
       before do
         @branch = create :protected_branch, :developers_can_merge, project: project
diff --git a/spec/lib/gitlab/utils_spec.rb b/spec/lib/gitlab/utils_spec.rb
index bda239b7871..71a743495a2 100644
--- a/spec/lib/gitlab/utils_spec.rb
+++ b/spec/lib/gitlab/utils_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Gitlab::Utils do
-  delegate :to_boolean, :boolean_to_yes_no, :slugify, :random_string, :which, to: :described_class
+  delegate :to_boolean, :boolean_to_yes_no, :slugify, :random_string, :which, :ensure_array_from_string, to: :described_class
 
   describe '.slugify' do
     {
@@ -83,4 +83,18 @@ describe Gitlab::Utils do
       expect(which('sh', 'PATH' => '/bin')).to eq('/bin/sh')
     end
   end
+
+  describe '.ensure_array_from_string' do
+    it 'returns the same array if given one' do
+      arr = ['a', 4, true, { test: 1 }]
+
+      expect(ensure_array_from_string(arr)).to eq(arr)
+    end
+
+    it 'turns comma-separated strings into arrays' do
+      str = 'seven, eight, 9, 10'
+
+      expect(ensure_array_from_string(str)).to eq(%w[seven eight 9 10])
+    end
+  end
 end
diff --git a/spec/models/environment_spec.rb b/spec/models/environment_spec.rb
index ceb570ac777..412eca4a56b 100644
--- a/spec/models/environment_spec.rb
+++ b/spec/models/environment_spec.rb
@@ -142,15 +142,15 @@ describe Environment do
     let(:commit)        { project.commit.parent }
 
     it 'returns deployment id for the environment' do
-      expect(environment.first_deployment_for(commit)).to eq deployment1
+      expect(environment.first_deployment_for(commit.id)).to eq deployment1
     end
 
     it 'return nil when no deployment is found' do
-      expect(environment.first_deployment_for(head_commit)).to eq nil
+      expect(environment.first_deployment_for(head_commit.id)).to eq nil
     end
 
     it 'returns a UTF-8 ref' do
-      expect(environment.first_deployment_for(commit).ref).to be_utf8
+      expect(environment.first_deployment_for(commit.id).ref).to be_utf8
     end
   end
 
diff --git a/spec/models/event_spec.rb b/spec/models/event_spec.rb
index 67f49348acb..8ea92410022 100644
--- a/spec/models/event_spec.rb
+++ b/spec/models/event_spec.rb
@@ -49,6 +49,22 @@ describe Event do
         end
       end
     end
+
+    describe 'after_create :track_user_interacted_projects' do
+      let(:event) { build(:push_event, project: project, author: project.owner) }
+
+      it 'passes event to UserInteractedProject.track' do
+        expect(UserInteractedProject).to receive(:available?).and_return(true)
+        expect(UserInteractedProject).to receive(:track).with(event)
+        event.save
+      end
+
+      it 'does not call UserInteractedProject.track if its not yet available' do
+        expect(UserInteractedProject).to receive(:available?).and_return(false)
+        expect(UserInteractedProject).not_to receive(:track)
+        event.save
+      end
+    end
   end
 
   describe "Push event" do
diff --git a/spec/models/members/project_member_spec.rb b/spec/models/members/project_member_spec.rb
index 3e46fa36375..b8b0e63f92e 100644
--- a/spec/models/members/project_member_spec.rb
+++ b/spec/models/members/project_member_spec.rb
@@ -45,14 +45,6 @@ describe ProjectMember do
     let(:project) { owner.project }
     let(:master)  { create(:project_member, project: project) }
 
-    let(:owner_todos)  { (0...2).map { create(:todo, user: owner.user, project: project) } }
-    let(:master_todos) { (0...3).map { create(:todo, user: master.user, project: project) } }
-
-    before do
-      owner_todos
-      master_todos
-    end
-
     it "creates an expired event when left due to expiry" do
       expired = create(:project_member, project: project, expires_at: Time.now - 6.days)
       expired.destroy
@@ -63,21 +55,6 @@ describe ProjectMember do
       master.destroy
       expect(Event.recent.first.action).to eq(Event::LEFT)
     end
-
-    it "destroys itself and delete associated todos" do
-      expect(owner.user.todos.size).to eq(2)
-      expect(master.user.todos.size).to eq(3)
-      expect(Todo.count).to eq(5)
-
-      master_todo_ids = master_todos.map(&:id)
-      master.destroy
-
-      expect(owner.user.todos.size).to eq(2)
-      expect(Todo.count).to eq(2)
-      master_todo_ids.each do |id|
-        expect(Todo.exists?(id)).to eq(false)
-      end
-    end
   end
 
   describe '.import_team' do
diff --git a/spec/models/merge_request_spec.rb b/spec/models/merge_request_spec.rb
index 243eeddc7a8..7986aa31e16 100644
--- a/spec/models/merge_request_spec.rb
+++ b/spec/models/merge_request_spec.rb
@@ -2084,4 +2084,82 @@ describe MergeRequest do
       it_behaves_like 'checking whether a rebase is in progress'
     end
   end
+
+  describe '#allow_maintainer_to_push' do
+    let(:merge_request) do
+      build(:merge_request, source_branch: 'fixes', allow_maintainer_to_push: true)
+    end
+
+    it 'is false when pushing by a maintainer is not possible' do
+      expect(merge_request).to receive(:maintainer_push_possible?) { false }
+
+      expect(merge_request.allow_maintainer_to_push).to be_falsy
+    end
+
+    it 'is true when pushing by a maintainer is possible' do
+      expect(merge_request).to receive(:maintainer_push_possible?) { true }
+
+      expect(merge_request.allow_maintainer_to_push).to be_truthy
+    end
+  end
+
+  describe '#maintainer_push_possible?' do
+    let(:merge_request) do
+      build(:merge_request, source_branch: 'fixes')
+    end
+
+    before do
+      allow(ProtectedBranch).to receive(:protected?) { false }
+    end
+
+    it 'does not allow maintainer to push if the source project is the same as the target' do
+      merge_request.target_project = merge_request.source_project = create(:project, :public)
+
+      expect(merge_request.maintainer_push_possible?).to be_falsy
+    end
+
+    it 'allows maintainer to push when both source and target are public' do
+      merge_request.target_project = build(:project, :public)
+      merge_request.source_project = build(:project, :public)
+
+      expect(merge_request.maintainer_push_possible?).to be_truthy
+    end
+
+    it 'is not available for protected branches' do
+      merge_request.target_project = build(:project, :public)
+      merge_request.source_project = build(:project, :public)
+
+      expect(ProtectedBranch).to receive(:protected?)
+                                   .with(merge_request.source_project, 'fixes')
+                                   .and_return(true)
+
+      expect(merge_request.maintainer_push_possible?).to be_falsy
+    end
+  end
+
+  describe '#can_allow_maintainer_to_push?' do
+    let(:target_project) { create(:project, :public) }
+    let(:source_project) { fork_project(target_project) }
+    let(:merge_request) do
+      create(:merge_request,
+             source_project: source_project,
+             source_branch: 'fixes',
+             target_project: target_project)
+    end
+    let(:user) { create(:user) }
+
+    before do
+      allow(merge_request).to receive(:maintainer_push_possible?) { true }
+    end
+
+    it 'is false if the user does not have push access to the source project' do
+      expect(merge_request.can_allow_maintainer_to_push?(user)).to be_falsy
+    end
+
+    it 'is true when the user has push access to the source project' do
+      source_project.add_developer(user)
+
+      expect(merge_request.can_allow_maintainer_to_push?(user)).to be_truthy
+    end
+  end
 end
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index b1c9e6754b9..e970cd7dfdb 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -1,6 +1,8 @@
 require 'spec_helper'
 
 describe Project do
+  include ProjectForksHelper
+
   describe 'associations' do
     it { is_expected.to belong_to(:group) }
     it { is_expected.to belong_to(:namespace) }
@@ -3378,4 +3380,103 @@ describe Project do
       end
     end
   end
+
+  context 'with cross project merge requests' do
+    let(:user) { create(:user) }
+    let(:target_project) { create(:project, :repository) }
+    let(:project) { fork_project(target_project, nil, repository: true) }
+    let!(:merge_request) do
+      create(
+        :merge_request,
+        target_project: target_project,
+        target_branch: 'target-branch',
+        source_project: project,
+        source_branch: 'awesome-feature-1',
+        allow_maintainer_to_push: true
+      )
+    end
+
+    before do
+      target_project.add_developer(user)
+    end
+
+    describe '#merge_requests_allowing_push_to_user' do
+      it 'returns open merge requests for which the user has developer access to the target project' do
+        expect(project.merge_requests_allowing_push_to_user(user)).to include(merge_request)
+      end
+
+      it 'does not include closed merge requests' do
+        merge_request.close
+
+        expect(project.merge_requests_allowing_push_to_user(user)).to be_empty
+      end
+
+      it 'does not include merge requests for guest users' do
+        guest = create(:user)
+        target_project.add_guest(guest)
+
+        expect(project.merge_requests_allowing_push_to_user(guest)).to be_empty
+      end
+
+      it 'does not include the merge request for other users' do
+        other_user = create(:user)
+
+        expect(project.merge_requests_allowing_push_to_user(other_user)).to be_empty
+      end
+
+      it 'is empty when no user is passed' do
+        expect(project.merge_requests_allowing_push_to_user(nil)).to be_empty
+      end
+    end
+
+    describe '#branch_allows_maintainer_push?' do
+      it 'allows access if the user can merge the merge request' do
+        expect(project.branch_allows_maintainer_push?(user, 'awesome-feature-1'))
+          .to be_truthy
+      end
+
+      it 'does not allow guest users access' do
+        guest = create(:user)
+        target_project.add_guest(guest)
+
+        expect(project.branch_allows_maintainer_push?(guest, 'awesome-feature-1'))
+          .to be_falsy
+      end
+
+      it 'does not allow access to branches for which the merge request was closed' do
+        create(:merge_request, :closed,
+               target_project: target_project,
+               target_branch: 'target-branch',
+               source_project: project,
+               source_branch: 'rejected-feature-1',
+               allow_maintainer_to_push: true)
+
+        expect(project.branch_allows_maintainer_push?(user, 'rejected-feature-1'))
+          .to be_falsy
+      end
+
+      it 'does not allow access if the user cannot merge the merge request' do
+        create(:protected_branch, :masters_can_push, project: target_project, name: 'target-branch')
+
+        expect(project.branch_allows_maintainer_push?(user, 'awesome-feature-1'))
+          .to be_falsy
+      end
+
+      it 'caches the result' do
+        control = ActiveRecord::QueryRecorder.new { project.branch_allows_maintainer_push?(user, 'awesome-feature-1') }
+
+        expect { 3.times { project.branch_allows_maintainer_push?(user, 'awesome-feature-1') } }
+          .not_to exceed_query_limit(control)
+      end
+
+      context 'when the requeststore is active', :request_store do
+        it 'only queries per project across instances' do
+          control = ActiveRecord::QueryRecorder.new { project.branch_allows_maintainer_push?(user, 'awesome-feature-1') }
+
+          expect { 2.times { described_class.find(project.id).branch_allows_maintainer_push?(user, 'awesome-feature-1') } }
+            .not_to exceed_query_limit(control).with_threshold(2)
+        end
+      end
+    end
+  end
 end
diff --git a/spec/models/repository_spec.rb b/spec/models/repository_spec.rb
index 38653e18306..579069ffa14 100644
--- a/spec/models/repository_spec.rb
+++ b/spec/models/repository_spec.rb
@@ -1004,7 +1004,7 @@ describe Repository do
       end
     end
 
-    context 'with Gitaly disabled', :skip_gitaly_mock do
+    context 'with Gitaly disabled', :disable_gitaly do
       context 'when pre hooks were successful' do
         it 'runs without errors' do
           hook = double(trigger: [true, nil])
@@ -1896,7 +1896,7 @@ describe Repository do
       it_behaves_like 'adding tag'
     end
 
-    context 'when Gitaly operation_user_add_tag feature is disabled', :skip_gitaly_mock do
+    context 'when Gitaly operation_user_add_tag feature is disabled', :disable_gitaly do
       it_behaves_like 'adding tag'
 
       it 'passes commit SHA to pre-receive and update hooks and tag SHA to post-receive hook' do
@@ -1955,7 +1955,7 @@ describe Repository do
       end
     end
 
-    context 'with gitaly disabled', :skip_gitaly_mock do
+    context 'with gitaly disabled', :disable_gitaly do
       it_behaves_like "user deleting a branch"
 
       let(:old_rev) { '0b4bc9a49b562e85de7cc9e834518ea6828729b9' } # git rev-parse feature
diff --git a/spec/models/user_interacted_project_spec.rb b/spec/models/user_interacted_project_spec.rb
new file mode 100644
index 00000000000..cb4bb3372d4
--- /dev/null
+++ b/spec/models/user_interacted_project_spec.rb
@@ -0,0 +1,60 @@
+require 'spec_helper'
+
+describe UserInteractedProject do
+  describe '.track' do
+    subject { described_class.track(event) }
+    let(:event) { build(:event) }
+
+    Event::ACTIONS.each do |action|
+      context "for all actions (event types)" do
+        let(:event) { build(:event, action: action) }
+        it 'creates a record' do
+          expect { subject }.to change { described_class.count }.from(0).to(1)
+        end
+      end
+    end
+
+    it 'sets project accordingly' do
+      subject
+      expect(described_class.first.project).to eq(event.project)
+    end
+
+    it 'sets user accordingly' do
+      subject
+      expect(described_class.first.user).to eq(event.author)
+    end
+
+    it 'only creates a record once per user/project' do
+      expect do
+        subject
+        described_class.track(event)
+      end.to change { described_class.count }.from(0).to(1)
+    end
+
+    describe 'with an event without a project' do
+      let(:event) { build(:event, project: nil) }
+
+      it 'ignores the event' do
+        expect { subject }.not_to change { described_class.count }
+      end
+    end
+  end
+
+  describe '.available?' do
+    before do
+      described_class.instance_variable_set('@available_flag', nil)
+    end
+
+    it 'checks schema version and properly caches positive result' do
+      expect(ActiveRecord::Migrator).to receive(:current_version).and_return(described_class::REQUIRED_SCHEMA_VERSION - 1 - rand(1000))
+      expect(described_class.available?).to be_falsey
+      expect(ActiveRecord::Migrator).to receive(:current_version).and_return(described_class::REQUIRED_SCHEMA_VERSION + rand(1000))
+      expect(described_class.available?).to be_truthy
+      expect(ActiveRecord::Migrator).not_to receive(:current_version)
+      expect(described_class.available?).to be_truthy # cached response
+    end
+  end
+
+  it { is_expected.to validate_presence_of(:project_id) }
+  it { is_expected.to validate_presence_of(:user_id) }
+end
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index 129344f105f..ea76e604153 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -308,4 +308,41 @@ describe ProjectPolicy do
   it_behaves_like 'project policies as master'
   it_behaves_like 'project policies as owner'
   it_behaves_like 'project policies as admin'
+
+  context 'when a public project has merge requests allowing access' do
+    include ProjectForksHelper
+    let(:user) { create(:user) }
+    let(:target_project) { create(:project, :public) }
+    let(:project) { fork_project(target_project) }
+    let!(:merge_request) do
+      create(
+        :merge_request,
+        target_project: target_project,
+        source_project: project,
+        allow_maintainer_to_push: true
+      )
+    end
+    let(:maintainer_abilities) do
+      %w(create_build update_build create_pipeline update_pipeline)
+    end
+
+    subject { described_class.new(user, project) }
+
+    it 'does not allow pushing code' do
+      expect_disallowed(*maintainer_abilities)
+    end
+
+    it 'allows pushing if the user is a member with push access to the target project' do
+      target_project.add_developer(user)
+
+      expect_allowed(*maintainer_abilities)
+    end
+
+    it 'dissallows abilities to a maintainer if the merge request was closed' do
+      target_project.add_developer(user)
+      merge_request.close!
+
+      expect_disallowed(*maintainer_abilities)
+    end
+  end
 end
diff --git a/spec/requests/api/discussions_spec.rb b/spec/requests/api/discussions_spec.rb
new file mode 100644
index 00000000000..4a44b219a67
--- /dev/null
+++ b/spec/requests/api/discussions_spec.rb
@@ -0,0 +1,33 @@
+require 'spec_helper'
+
+describe API::Discussions do
+  let(:user) { create(:user) }
+  let!(:project) { create(:project, :public, namespace: user.namespace) }
+  let(:private_user)    { create(:user) }
+
+  before do
+    project.add_reporter(user)
+  end
+
+  context "when noteable is an Issue" do
+    let!(:issue) { create(:issue, project: project, author: user) }
+    let!(:issue_note) { create(:discussion_note_on_issue, noteable: issue, project: project, author: user) }
+
+    it_behaves_like "discussions API", 'projects', 'issues', 'iid' do
+      let(:parent) { project }
+      let(:noteable) { issue }
+      let(:note) { issue_note }
+    end
+  end
+
+  context "when noteable is a Snippet" do
+    let!(:snippet) { create(:project_snippet, project: project, author: user) }
+    let!(:snippet_note) { create(:discussion_note_on_snippet, noteable: snippet, project: project, author: user) }
+
+    it_behaves_like "discussions API", 'projects', 'snippets', 'id' do
+      let(:parent) { project }
+      let(:noteable) { snippet }
+      let(:note) { snippet_note }
+    end
+  end
+end
diff --git a/spec/requests/api/internal_spec.rb b/spec/requests/api/internal_spec.rb
index 827f4c04324..ca0aac87ba9 100644
--- a/spec/requests/api/internal_spec.rb
+++ b/spec/requests/api/internal_spec.rb
@@ -335,21 +335,8 @@ describe API::Internal do
       end
 
       context "git push" do
-        context "gitaly disabled", :disable_gitaly do
-          it "has the correct payload" do
-            push(key, project)
-
-            expect(response).to have_gitlab_http_status(200)
-            expect(json_response["status"]).to be_truthy
-            expect(json_response["repository_path"]).to eq(project.repository.path_to_repo)
-            expect(json_response["gl_repository"]).to eq("project-#{project.id}")
-            expect(json_response["gitaly"]).to be_nil
-            expect(user).not_to have_an_activity_record
-          end
-        end
-
-        context "gitaly enabled" do
-          it "has the correct payload" do
+        context 'project as namespace/project' do
+          it do
             push(key, project)
 
             expect(response).to have_gitlab_http_status(200)
@@ -365,17 +352,6 @@ describe API::Internal do
             expect(user).not_to have_an_activity_record
           end
         end
-
-        context 'project as namespace/project' do
-          it do
-            push(key, project)
-
-            expect(response).to have_gitlab_http_status(200)
-            expect(json_response["status"]).to be_truthy
-            expect(json_response["repository_path"]).to eq(project.repository.path_to_repo)
-            expect(json_response["gl_repository"]).to eq("project-#{project.id}")
-          end
-        end
       end
     end
 
diff --git a/spec/requests/api/merge_requests_spec.rb b/spec/requests/api/merge_requests_spec.rb
index 484322752c0..3764aec0c71 100644
--- a/spec/requests/api/merge_requests_spec.rb
+++ b/spec/requests/api/merge_requests_spec.rb
@@ -616,6 +616,25 @@ describe API::MergeRequests do
         expect(json_response['changes_count']).to eq('5+')
       end
     end
+
+    context 'for forked projects' do
+      let(:user2) { create(:user) }
+      let(:project) { create(:project, :public, :repository) }
+      let(:forked_project) { fork_project(project, user2, repository: true) }
+      let(:merge_request) do
+        create(:merge_request,
+               source_project: forked_project,
+               target_project: project,
+               source_branch: 'fixes',
+               allow_maintainer_to_push: true)
+      end
+
+      it 'includes the `allow_maintainer_to_push` field' do
+        get api("/projects/#{project.id}/merge_requests/#{merge_request.iid}", user)
+
+        expect(json_response['allow_maintainer_to_push']).to be_truthy
+      end
+    end
   end
 
   describe 'GET /projects/:id/merge_requests/:merge_request_iid/participants' do
@@ -815,6 +834,7 @@ describe API::MergeRequests do
 
     context 'forked projects' do
       let!(:user2) { create(:user) }
+      let(:project) { create(:project, :public, :repository) }
       let!(:forked_project) { fork_project(project, user2, repository: true) }
       let!(:unrelated_project) { create(:project,  namespace: create(:user).namespace, creator_id: user2.id) }
 
@@ -872,6 +892,14 @@ describe API::MergeRequests do
         expect(response).to have_gitlab_http_status(400)
       end
 
+      it 'allows setting `allow_maintainer_to_push`' do
+        post api("/projects/#{forked_project.id}/merge_requests", user2),
+          title: 'Test merge_request', source_branch: "feature_conflict", target_branch: "master",
+          author: user2, target_project_id: project.id, allow_maintainer_to_push: true
+        expect(response).to have_gitlab_http_status(201)
+        expect(json_response['allow_maintainer_to_push']).to be_truthy
+      end
+
       context 'when target_branch and target_project_id is specified' do
         let(:params) do
           { title: 'Test merge_request',
diff --git a/spec/requests/api/notes_spec.rb b/spec/requests/api/notes_spec.rb
index 981c9c27325..dd568c24c72 100644
--- a/spec/requests/api/notes_spec.rb
+++ b/spec/requests/api/notes_spec.rb
@@ -3,117 +3,86 @@ require 'spec_helper'
 describe API::Notes do
   let(:user) { create(:user) }
   let!(:project) { create(:project, :public, namespace: user.namespace) }
-  let!(:issue) { create(:issue, project: project, author: user) }
-  let!(:merge_request) { create(:merge_request, source_project: project, target_project: project, author: user) }
-  let!(:snippet) { create(:project_snippet, project: project, author: user) }
-  let!(:issue_note) { create(:note, noteable: issue, project: project, author: user) }
-  let!(:merge_request_note) { create(:note, noteable: merge_request, project: project, author: user) }
-  let!(:snippet_note) { create(:note, noteable: snippet, project: project, author: user) }
-
-  # For testing the cross-reference of a private issue in a public issue
   let(:private_user)    { create(:user) }
-  let(:private_project) do
-    create(:project, namespace: private_user.namespace)
-    .tap { |p| p.add_master(private_user) }
-  end
-  let(:private_issue)    { create(:issue, project: private_project) }
-
-  let(:ext_proj)  { create(:project, :public) }
-  let(:ext_issue) { create(:issue, project: ext_proj) }
-
-  let!(:cross_reference_note) do
-    create :note,
-    noteable: ext_issue, project: ext_proj,
-    note: "mentioned in issue #{private_issue.to_reference(ext_proj)}",
-    system: true
-  end
 
   before do
     project.add_reporter(user)
   end
 
-  describe "GET /projects/:id/noteable/:noteable_id/notes" do
-    context "when noteable is an Issue" do
-      context 'sorting' do
-        before do
-          create_list(:note, 3, noteable: issue, project: project, author: user)
-        end
-
-        it 'sorts by created_at in descending order by default' do
-          get api("/projects/#{project.id}/issues/#{issue.iid}/notes", user)
-
-          response_dates = json_response.map { |noteable| noteable['created_at'] }
-
-          expect(json_response.length).to eq(4)
-          expect(response_dates).to eq(response_dates.sort.reverse)
-        end
-
-        it 'sorts by ascending order when requested' do
-          get api("/projects/#{project.id}/issues/#{issue.iid}/notes?sort=asc", user)
-
-          response_dates = json_response.map { |noteable| noteable['created_at'] }
-
-          expect(json_response.length).to eq(4)
-          expect(response_dates).to eq(response_dates.sort)
-        end
-
-        it 'sorts by updated_at in descending order when requested' do
-          get api("/projects/#{project.id}/issues/#{issue.iid}/notes?order_by=updated_at", user)
-
-          response_dates = json_response.map { |noteable| noteable['updated_at'] }
+  context "when noteable is an Issue" do
+    let!(:issue) { create(:issue, project: project, author: user) }
+    let!(:issue_note) { create(:note, noteable: issue, project: project, author: user) }
 
-          expect(json_response.length).to eq(4)
-          expect(response_dates).to eq(response_dates.sort.reverse)
-        end
+    it_behaves_like "noteable API", 'projects', 'issues', 'iid' do
+      let(:parent) { project }
+      let(:noteable) { issue }
+      let(:note) { issue_note }
+    end
 
-        it 'sorts by updated_at in ascending order when requested' do
-          get api("/projects/#{project.id}/issues/#{issue.iid}/notes??order_by=updated_at&sort=asc", user)
+    context 'when user does not have access to create noteable' do
+      let(:private_issue) { create(:issue, project: create(:project, :private)) }
 
-          response_dates = json_response.map { |noteable| noteable['updated_at'] }
+      ##
+      # We are posting to project user has access to, but we use issue id
+      # from a different project, see #15577
+      #
+      before do
+        post api("/projects/#{private_issue.project.id}/issues/#{private_issue.iid}/notes", user),
+             body: 'Hi!'
+      end
 
-          expect(json_response.length).to eq(4)
-          expect(response_dates).to eq(response_dates.sort)
-        end
+      it 'responds with resource not found error' do
+        expect(response.status).to eq 404
       end
 
-      it "returns an array of issue notes" do
-        get api("/projects/#{project.id}/issues/#{issue.iid}/notes", user)
+      it 'does not create new note' do
+        expect(private_issue.notes.reload).to be_empty
+      end
+    end
 
-        expect(response).to have_gitlab_http_status(200)
-        expect(response).to include_pagination_headers
-        expect(json_response).to be_an Array
-        expect(json_response.first['body']).to eq(issue_note.note)
+    context "when referencing other project" do
+      # For testing the cross-reference of a private issue in a public project
+      let(:private_project) do
+        create(:project, namespace: private_user.namespace)
+        .tap { |p| p.add_master(private_user) }
       end
+      let(:private_issue)    { create(:issue, project: private_project) }
 
-      it "returns a 404 error when issue id not found" do
-        get api("/projects/#{project.id}/issues/12345/notes", user)
+      let(:ext_proj)  { create(:project, :public) }
+      let(:ext_issue) { create(:issue, project: ext_proj) }
 
-        expect(response).to have_gitlab_http_status(404)
+      let!(:cross_reference_note) do
+        create :note,
+        noteable: ext_issue, project: ext_proj,
+        note: "mentioned in issue #{private_issue.to_reference(ext_proj)}",
+        system: true
       end
 
-      context "and current user cannot view the notes" do
-        it "returns an empty array" do
-          get api("/projects/#{ext_proj.id}/issues/#{ext_issue.iid}/notes", user)
-
-          expect(response).to have_gitlab_http_status(200)
-          expect(response).to include_pagination_headers
-          expect(json_response).to be_an Array
-          expect(json_response).to be_empty
-        end
+      describe "GET /projects/:id/noteable/:noteable_id/notes" do
+        context "current user cannot view the notes" do
+          it "returns an empty array" do
+            get api("/projects/#{ext_proj.id}/issues/#{ext_issue.iid}/notes", user)
 
-        context "and issue is confidential" do
-          before do
-            ext_issue.update_attributes(confidential: true)
+            expect(response).to have_gitlab_http_status(200)
+            expect(response).to include_pagination_headers
+            expect(json_response).to be_an Array
+            expect(json_response).to be_empty
           end
 
-          it "returns 404" do
-            get api("/projects/#{ext_proj.id}/issues/#{ext_issue.iid}/notes", user)
+          context "issue is confidential" do
+            before do
+              ext_issue.update_attributes(confidential: true)
+            end
 
-            expect(response).to have_gitlab_http_status(404)
+            it "returns 404" do
+              get api("/projects/#{ext_proj.id}/issues/#{ext_issue.iid}/notes", user)
+
+              expect(response).to have_gitlab_http_status(404)
+            end
           end
         end
 
-        context "and current user can view the note" do
+        context "current user can view the note" do
           it "returns an empty array" do
             get api("/projects/#{ext_proj.id}/issues/#{ext_issue.iid}/notes", private_user)
 
@@ -124,172 +93,29 @@ describe API::Notes do
           end
         end
       end
-    end
-
-    context "when noteable is a Snippet" do
-      context 'sorting' do
-        before do
-          create_list(:note, 3, noteable: snippet, project: project, author: user)
-        end
-
-        it 'sorts by created_at in descending order by default' do
-          get api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user)
-
-          response_dates = json_response.map { |noteable| noteable['created_at'] }
-
-          expect(json_response.length).to eq(4)
-          expect(response_dates).to eq(response_dates.sort.reverse)
-        end
-
-        it 'sorts by ascending order when requested' do
-          get api("/projects/#{project.id}/snippets/#{snippet.id}/notes?sort=asc", user)
-
-          response_dates = json_response.map { |noteable| noteable['created_at'] }
-
-          expect(json_response.length).to eq(4)
-          expect(response_dates).to eq(response_dates.sort)
-        end
-
-        it 'sorts by updated_at in descending order when requested' do
-          get api("/projects/#{project.id}/snippets/#{snippet.id}/notes?order_by=updated_at", user)
-
-          response_dates = json_response.map { |noteable| noteable['updated_at'] }
-
-          expect(json_response.length).to eq(4)
-          expect(response_dates).to eq(response_dates.sort.reverse)
-        end
 
-        it 'sorts by updated_at in ascending order when requested' do
-          get api("/projects/#{project.id}/snippets/#{snippet.id}/notes??order_by=updated_at&sort=asc", user)
+      describe "GET /projects/:id/noteable/:noteable_id/notes/:note_id" do
+        context "current user cannot view the notes" do
+          it "returns a 404 error" do
+            get api("/projects/#{ext_proj.id}/issues/#{ext_issue.iid}/notes/#{cross_reference_note.id}", user)
 
-          response_dates = json_response.map { |noteable| noteable['updated_at'] }
-
-          expect(json_response.length).to eq(4)
-          expect(response_dates).to eq(response_dates.sort)
-        end
-      end
-      it "returns an array of snippet notes" do
-        get api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user)
-
-        expect(response).to have_gitlab_http_status(200)
-        expect(response).to include_pagination_headers
-        expect(json_response).to be_an Array
-        expect(json_response.first['body']).to eq(snippet_note.note)
-      end
-
-      it "returns a 404 error when snippet id not found" do
-        get api("/projects/#{project.id}/snippets/42/notes", user)
-
-        expect(response).to have_gitlab_http_status(404)
-      end
-
-      it "returns 404 when not authorized" do
-        get api("/projects/#{project.id}/snippets/#{snippet.id}/notes", private_user)
-
-        expect(response).to have_gitlab_http_status(404)
-      end
-    end
-
-    context "when noteable is a Merge Request" do
-      context 'sorting' do
-        before do
-          create_list(:note, 3, noteable: merge_request, project: project, author: user)
-        end
-
-        it 'sorts by created_at in descending order by default' do
-          get api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/notes", user)
-
-          response_dates = json_response.map { |noteable| noteable['created_at'] }
-
-          expect(json_response.length).to eq(4)
-          expect(response_dates).to eq(response_dates.sort.reverse)
-        end
-
-        it 'sorts by ascending order when requested' do
-          get api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/notes?sort=asc", user)
-
-          response_dates = json_response.map { |noteable| noteable['created_at'] }
-
-          expect(json_response.length).to eq(4)
-          expect(response_dates).to eq(response_dates.sort)
-        end
-
-        it 'sorts by updated_at in descending order when requested' do
-          get api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/notes?order_by=updated_at", user)
-
-          response_dates = json_response.map { |noteable| noteable['updated_at'] }
-
-          expect(json_response.length).to eq(4)
-          expect(response_dates).to eq(response_dates.sort.reverse)
-        end
-
-        it 'sorts by updated_at in ascending order when requested' do
-          get api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/notes??order_by=updated_at&sort=asc", user)
-
-          response_dates = json_response.map { |noteable| noteable['updated_at'] }
-
-          expect(json_response.length).to eq(4)
-          expect(response_dates).to eq(response_dates.sort)
-        end
-      end
-      it "returns an array of merge_requests notes" do
-        get api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/notes", user)
-
-        expect(response).to have_gitlab_http_status(200)
-        expect(response).to include_pagination_headers
-        expect(json_response).to be_an Array
-        expect(json_response.first['body']).to eq(merge_request_note.note)
-      end
-
-      it "returns a 404 error if merge request id not found" do
-        get api("/projects/#{project.id}/merge_requests/4444/notes", user)
-
-        expect(response).to have_gitlab_http_status(404)
-      end
-
-      it "returns 404 when not authorized" do
-        get api("/projects/#{project.id}/merge_requests/4444/notes", private_user)
-
-        expect(response).to have_gitlab_http_status(404)
-      end
-    end
-  end
-
-  describe "GET /projects/:id/noteable/:noteable_id/notes/:note_id" do
-    context "when noteable is an Issue" do
-      it "returns an issue note by id" do
-        get api("/projects/#{project.id}/issues/#{issue.iid}/notes/#{issue_note.id}", user)
-
-        expect(response).to have_gitlab_http_status(200)
-        expect(json_response['body']).to eq(issue_note.note)
-      end
-
-      it "returns a 404 error if issue note not found" do
-        get api("/projects/#{project.id}/issues/#{issue.iid}/notes/12345", user)
-
-        expect(response).to have_gitlab_http_status(404)
-      end
-
-      context "and current user cannot view the note" do
-        it "returns a 404 error" do
-          get api("/projects/#{ext_proj.id}/issues/#{ext_issue.iid}/notes/#{cross_reference_note.id}", user)
-
-          expect(response).to have_gitlab_http_status(404)
-        end
-
-        context "when issue is confidential" do
-          before do
-            issue.update_attributes(confidential: true)
+            expect(response).to have_gitlab_http_status(404)
           end
 
-          it "returns 404" do
-            get api("/projects/#{project.id}/issues/#{issue.iid}/notes/#{issue_note.id}", private_user)
+          context "when issue is confidential" do
+            before do
+              issue.update_attributes(confidential: true)
+            end
 
-            expect(response).to have_gitlab_http_status(404)
+            it "returns 404" do
+              get api("/projects/#{project.id}/issues/#{issue.iid}/notes/#{issue_note.id}", private_user)
+
+              expect(response).to have_gitlab_http_status(404)
+            end
           end
         end
 
-        context "and current user can view the note" do
+        context "current user can view the note" do
           it "returns an issue note by id" do
             get api("/projects/#{ext_proj.id}/issues/#{ext_issue.iid}/notes/#{cross_reference_note.id}", private_user)
 
@@ -299,132 +125,27 @@ describe API::Notes do
         end
       end
     end
-
-    context "when noteable is a Snippet" do
-      it "returns a snippet note by id" do
-        get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/#{snippet_note.id}", user)
-
-        expect(response).to have_gitlab_http_status(200)
-        expect(json_response['body']).to eq(snippet_note.note)
-      end
-
-      it "returns a 404 error if snippet note not found" do
-        get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/12345", user)
-
-        expect(response).to have_gitlab_http_status(404)
-      end
-    end
   end
 
-  describe "POST /projects/:id/noteable/:noteable_id/notes" do
-    context "when noteable is an Issue" do
-      it "creates a new issue note" do
-        post api("/projects/#{project.id}/issues/#{issue.iid}/notes", user), body: 'hi!'
-
-        expect(response).to have_gitlab_http_status(201)
-        expect(json_response['body']).to eq('hi!')
-        expect(json_response['author']['username']).to eq(user.username)
-      end
-
-      it "returns a 400 bad request error if body not given" do
-        post api("/projects/#{project.id}/issues/#{issue.iid}/notes", user)
-
-        expect(response).to have_gitlab_http_status(400)
-      end
-
-      it "returns a 401 unauthorized error if user not authenticated" do
-        post api("/projects/#{project.id}/issues/#{issue.iid}/notes"), body: 'hi!'
-
-        expect(response).to have_gitlab_http_status(401)
-      end
-
-      context 'when an admin or owner makes the request' do
-        it 'accepts the creation date to be set' do
-          creation_time = 2.weeks.ago
-          post api("/projects/#{project.id}/issues/#{issue.iid}/notes", user),
-            body: 'hi!', created_at: creation_time
-
-          expect(response).to have_gitlab_http_status(201)
-          expect(json_response['body']).to eq('hi!')
-          expect(json_response['author']['username']).to eq(user.username)
-          expect(Time.parse(json_response['created_at'])).to be_like_time(creation_time)
-        end
-      end
-
-      context 'when the user is posting an award emoji on an issue created by someone else' do
-        let(:issue2) { create(:issue, project: project) }
-
-        it 'creates a new issue note' do
-          post api("/projects/#{project.id}/issues/#{issue2.iid}/notes", user), body: ':+1:'
-
-          expect(response).to have_gitlab_http_status(201)
-          expect(json_response['body']).to eq(':+1:')
-        end
-      end
-
-      context 'when the user is posting an award emoji on his/her own issue' do
-        it 'creates a new issue note' do
-          post api("/projects/#{project.id}/issues/#{issue.iid}/notes", user), body: ':+1:'
-
-          expect(response).to have_gitlab_http_status(201)
-          expect(json_response['body']).to eq(':+1:')
-        end
-      end
-    end
-
-    context "when noteable is a Snippet" do
-      it "creates a new snippet note" do
-        post api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user), body: 'hi!'
+  context "when noteable is a Snippet" do
+    let!(:snippet) { create(:project_snippet, project: project, author: user) }
+    let!(:snippet_note) { create(:note, noteable: snippet, project: project, author: user) }
 
-        expect(response).to have_gitlab_http_status(201)
-        expect(json_response['body']).to eq('hi!')
-        expect(json_response['author']['username']).to eq(user.username)
-      end
-
-      it "returns a 400 bad request error if body not given" do
-        post api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user)
-
-        expect(response).to have_gitlab_http_status(400)
-      end
-
-      it "returns a 401 unauthorized error if user not authenticated" do
-        post api("/projects/#{project.id}/snippets/#{snippet.id}/notes"), body: 'hi!'
-
-        expect(response).to have_gitlab_http_status(401)
-      end
+    it_behaves_like "noteable API", 'projects', 'snippets', 'id' do
+      let(:parent) { project }
+      let(:noteable) { snippet }
+      let(:note) { snippet_note }
     end
+  end
 
-    context 'when user does not have access to read the noteable' do
-      it 'responds with 404' do
-        project = create(:project, :private) { |p| p.add_guest(user) }
-        issue = create(:issue, :confidential, project: project)
-
-        post api("/projects/#{project.id}/issues/#{issue.iid}/notes", user),
-          body: 'Foo'
-
-        expect(response).to have_gitlab_http_status(404)
-      end
-    end
-
-    context 'when user does not have access to create noteable' do
-      let(:private_issue) { create(:issue, project: create(:project, :private)) }
-
-      ##
-      # We are posting to project user has access to, but we use issue id
-      # from a different project, see #15577
-      #
-      before do
-        post api("/projects/#{private_issue.project.id}/issues/#{private_issue.iid}/notes", user),
-             body: 'Hi!'
-      end
-
-      it 'responds with resource not found error' do
-        expect(response.status).to eq 404
-      end
+  context "when noteable is a Merge Request" do
+    let!(:merge_request) { create(:merge_request, source_project: project, target_project: project, author: user) }
+    let!(:merge_request_note) { create(:note, noteable: merge_request, project: project, author: user) }
 
-      it 'does not create new note' do
-        expect(private_issue.notes.reload).to be_empty
-      end
+    it_behaves_like "noteable API", 'projects', 'merge_requests', 'iid' do
+      let(:parent) { project }
+      let(:noteable) { merge_request }
+      let(:note) { merge_request_note }
     end
 
     context 'when the merge request discussion is locked' do
@@ -461,145 +182,4 @@ describe API::Notes do
       end
     end
   end
-
-  describe "POST /projects/:id/noteable/:noteable_id/notes to test observer on create" do
-    it "creates an activity event when an issue note is created" do
-      expect(Event).to receive(:create!)
-
-      post api("/projects/#{project.id}/issues/#{issue.iid}/notes", user), body: 'hi!'
-    end
-  end
-
-  describe 'PUT /projects/:id/noteable/:noteable_id/notes/:note_id' do
-    context 'when noteable is an Issue' do
-      it 'returns modified note' do
-        put api("/projects/#{project.id}/issues/#{issue.iid}/"\
-                  "notes/#{issue_note.id}", user), body: 'Hello!'
-
-        expect(response).to have_gitlab_http_status(200)
-        expect(json_response['body']).to eq('Hello!')
-      end
-
-      it 'returns a 404 error when note id not found' do
-        put api("/projects/#{project.id}/issues/#{issue.iid}/notes/12345", user),
-                body: 'Hello!'
-
-        expect(response).to have_gitlab_http_status(404)
-      end
-
-      it 'returns a 400 bad request error if body not given' do
-        put api("/projects/#{project.id}/issues/#{issue.iid}/"\
-                  "notes/#{issue_note.id}", user)
-
-        expect(response).to have_gitlab_http_status(400)
-      end
-    end
-
-    context 'when noteable is a Snippet' do
-      it 'returns modified note' do
-        put api("/projects/#{project.id}/snippets/#{snippet.id}/"\
-                  "notes/#{snippet_note.id}", user), body: 'Hello!'
-
-        expect(response).to have_gitlab_http_status(200)
-        expect(json_response['body']).to eq('Hello!')
-      end
-
-      it 'returns a 404 error when note id not found' do
-        put api("/projects/#{project.id}/snippets/#{snippet.id}/"\
-                  "notes/12345", user), body: "Hello!"
-
-        expect(response).to have_gitlab_http_status(404)
-      end
-    end
-
-    context 'when noteable is a Merge Request' do
-      it 'returns modified note' do
-        put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/"\
-                  "notes/#{merge_request_note.id}", user), body: 'Hello!'
-
-        expect(response).to have_gitlab_http_status(200)
-        expect(json_response['body']).to eq('Hello!')
-      end
-
-      it 'returns a 404 error when note id not found' do
-        put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/"\
-                  "notes/12345", user), body: "Hello!"
-
-        expect(response).to have_gitlab_http_status(404)
-      end
-    end
-  end
-
-  describe 'DELETE /projects/:id/noteable/:noteable_id/notes/:note_id' do
-    context 'when noteable is an Issue' do
-      it 'deletes a note' do
-        delete api("/projects/#{project.id}/issues/#{issue.iid}/"\
-                   "notes/#{issue_note.id}", user)
-
-        expect(response).to have_gitlab_http_status(204)
-        # Check if note is really deleted
-        delete api("/projects/#{project.id}/issues/#{issue.iid}/"\
-                   "notes/#{issue_note.id}", user)
-        expect(response).to have_gitlab_http_status(404)
-      end
-
-      it 'returns a 404 error when note id not found' do
-        delete api("/projects/#{project.id}/issues/#{issue.iid}/notes/12345", user)
-
-        expect(response).to have_gitlab_http_status(404)
-      end
-
-      it_behaves_like '412 response' do
-        let(:request) { api("/projects/#{project.id}/issues/#{issue.iid}/notes/#{issue_note.id}", user) }
-      end
-    end
-
-    context 'when noteable is a Snippet' do
-      it 'deletes a note' do
-        delete api("/projects/#{project.id}/snippets/#{snippet.id}/"\
-                   "notes/#{snippet_note.id}", user)
-
-        expect(response).to have_gitlab_http_status(204)
-        # Check if note is really deleted
-        delete api("/projects/#{project.id}/snippets/#{snippet.id}/"\
-                   "notes/#{snippet_note.id}", user)
-        expect(response).to have_gitlab_http_status(404)
-      end
-
-      it 'returns a 404 error when note id not found' do
-        delete api("/projects/#{project.id}/snippets/#{snippet.id}/"\
-                   "notes/12345", user)
-
-        expect(response).to have_gitlab_http_status(404)
-      end
-
-      it_behaves_like '412 response' do
-        let(:request) { api("/projects/#{project.id}/snippets/#{snippet.id}/notes/#{snippet_note.id}", user) }
-      end
-    end
-
-    context 'when noteable is a Merge Request' do
-      it 'deletes a note' do
-        delete api("/projects/#{project.id}/merge_requests/"\
-                   "#{merge_request.iid}/notes/#{merge_request_note.id}", user)
-
-        expect(response).to have_gitlab_http_status(204)
-        # Check if note is really deleted
-        delete api("/projects/#{project.id}/merge_requests/"\
-                   "#{merge_request.iid}/notes/#{merge_request_note.id}", user)
-        expect(response).to have_gitlab_http_status(404)
-      end
-
-      it 'returns a 404 error when note id not found' do
-        delete api("/projects/#{project.id}/merge_requests/"\
-                   "#{merge_request.iid}/notes/12345", user)
-
-        expect(response).to have_gitlab_http_status(404)
-      end
-
-      it_behaves_like '412 response' do
-        let(:request) { api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/notes/#{merge_request_note.id}", user) }
-      end
-    end
-  end
 end
diff --git a/spec/serializers/merge_request_widget_entity_spec.rb b/spec/serializers/merge_request_widget_entity_spec.rb
index 80a271ba7fb..d2072198d83 100644
--- a/spec/serializers/merge_request_widget_entity_spec.rb
+++ b/spec/serializers/merge_request_widget_entity_spec.rb
@@ -147,9 +147,9 @@ describe MergeRequestWidgetEntity do
       allow(resource).to receive(:diff_head_sha) { 'sha' }
     end
 
-    context 'when no diff head commit' do
+    context 'when diff head commit is empty' do
       it 'returns nil' do
-        allow(resource).to receive(:diff_head_commit) { nil }
+        allow(resource).to receive(:diff_head_sha) { '' }
 
         expect(subject[:diff_head_sha]).to be_nil
       end
@@ -157,8 +157,6 @@ describe MergeRequestWidgetEntity do
 
     context 'when diff head commit present' do
       it 'returns diff head commit short id' do
-        allow(resource).to receive(:diff_head_commit) { double }
-
         expect(subject[:diff_head_sha]).to eq('sha')
       end
     end
diff --git a/spec/services/members/destroy_service_spec.rb b/spec/services/members/destroy_service_spec.rb
index 10c264a90c5..36b6e5a701e 100644
--- a/spec/services/members/destroy_service_spec.rb
+++ b/spec/services/members/destroy_service_spec.rb
@@ -19,32 +19,11 @@ describe Members::DestroyService do
     end
   end
 
-  def number_of_assigned_issuables(user)
-    Issue.assigned_to(user).count + MergeRequest.assigned_to(user).count
-  end
-
   shared_examples 'a service destroying a member' do
     it 'destroys the member' do
       expect { described_class.new(current_user).execute(member, opts) }.to change { member.source.members_and_requesters.count }.by(-1)
     end
 
-    it 'unassigns issues and merge requests' do
-      if member.invite?
-        expect { described_class.new(current_user).execute(member, opts) }
-          .not_to change { number_of_assigned_issuables(member_user) }
-      else
-        create :issue, assignees: [member_user]
-        issue = create :issue, project: group_project, assignees: [member_user]
-        merge_request = create :merge_request, target_project: group_project, source_project: group_project, assignee: member_user
-
-        expect { described_class.new(current_user).execute(member, opts) }
-          .to change { number_of_assigned_issuables(member_user) }.from(3).to(1)
-
-        expect(issue.reload.assignee_ids).to be_empty
-        expect(merge_request.reload.assignee_id).to be_nil
-      end
-    end
-
     it 'destroys member notification_settings' do
       if member_user.notification_settings.any?
         expect { described_class.new(current_user).execute(member, opts) }
@@ -56,6 +35,29 @@ describe Members::DestroyService do
     end
   end
 
+  shared_examples 'a service destroying a member with access' do
+    it_behaves_like 'a service destroying a member'
+
+    it 'invalidates cached counts for todos and assigned issues and merge requests', :aggregate_failures do
+      create(:issue, project: group_project, assignees: [member_user])
+      create(:merge_request, source_project: group_project, assignee: member_user)
+      create(:todo, :pending, project: group_project, user: member_user)
+      create(:todo, :done, project: group_project, user: member_user)
+
+      expect(member_user.assigned_open_merge_requests_count).to be(1)
+      expect(member_user.assigned_open_issues_count).to be(1)
+      expect(member_user.todos_pending_count).to be(1)
+      expect(member_user.todos_done_count).to be(1)
+
+      described_class.new(current_user).execute(member, opts)
+
+      expect(member_user.assigned_open_merge_requests_count).to be(0)
+      expect(member_user.assigned_open_issues_count).to be(0)
+      expect(member_user.todos_pending_count).to be(0)
+      expect(member_user.todos_done_count).to be(0)
+    end
+  end
+
   shared_examples 'a service destroying an access requester' do
     it_behaves_like 'a service destroying a member'
 
@@ -74,29 +76,39 @@ describe Members::DestroyService do
     end
   end
 
-  context 'with a member' do
+  context 'with a member with access' do
     before do
-      group_project.add_developer(member_user)
-      group.add_developer(member_user)
+      group_project.update_attribute(:visibility_level, Gitlab::VisibilityLevel::PRIVATE)
+      group.update_attribute(:visibility_level, Gitlab::VisibilityLevel::PRIVATE)
     end
 
     context 'when current user cannot destroy the given member' do
-      it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do
+      context 'with a project member' do
         let(:member) { group_project.members.find_by(user_id: member_user.id) }
-      end
 
-      it_behaves_like 'a service destroying a member' do
-        let(:opts) { { skip_authorization: true } }
-        let(:member) { group_project.members.find_by(user_id: member_user.id) }
-      end
+        before do
+          group_project.add_developer(member_user)
+        end
 
-      it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError' do
-        let(:member) { group.members.find_by(user_id: member_user.id) }
+        it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError'
+
+        it_behaves_like 'a service destroying a member with access' do
+          let(:opts) { { skip_authorization: true } }
+        end
       end
 
-      it_behaves_like 'a service destroying a member' do
-        let(:opts) { { skip_authorization: true } }
+      context 'with a group member' do
         let(:member) { group.members.find_by(user_id: member_user.id) }
+
+        before do
+          group.add_developer(member_user)
+        end
+
+        it_behaves_like 'a service raising Gitlab::Access::AccessDeniedError'
+
+        it_behaves_like 'a service destroying a member with access' do
+          let(:opts) { { skip_authorization: true } }
+        end
       end
     end
 
@@ -106,12 +118,24 @@ describe Members::DestroyService do
         group.add_owner(current_user)
       end
 
-      it_behaves_like 'a service destroying a member' do
+      context 'with a project member' do
         let(:member) { group_project.members.find_by(user_id: member_user.id) }
+
+        before do
+          group_project.add_developer(member_user)
+        end
+
+        it_behaves_like 'a service destroying a member with access'
       end
 
-      it_behaves_like 'a service destroying a member' do
+      context 'with a group member' do
         let(:member) { group.members.find_by(user_id: member_user.id) }
+
+        before do
+          group.add_developer(member_user)
+        end
+
+        it_behaves_like 'a service destroying a member with access'
       end
     end
   end
diff --git a/spec/services/merge_requests/update_service_spec.rb b/spec/services/merge_requests/update_service_spec.rb
index c31259239ee..5279ea6164e 100644
--- a/spec/services/merge_requests/update_service_spec.rb
+++ b/spec/services/merge_requests/update_service_spec.rb
@@ -1,6 +1,8 @@
 require 'spec_helper'
 
 describe MergeRequests::UpdateService, :mailer do
+  include ProjectForksHelper
+
   let(:project) { create(:project, :repository) }
   let(:user) { create(:user) }
   let(:user2) { create(:user) }
@@ -538,5 +540,40 @@ describe MergeRequests::UpdateService, :mailer do
       let(:open_issuable) { merge_request }
       let(:closed_issuable) { create(:closed_merge_request, source_project: project) }
     end
+
+    context 'setting `allow_maintainer_to_push`' do
+      let(:target_project) { create(:project, :public) }
+      let(:source_project) { fork_project(target_project) }
+      let(:user) { create(:user) }
+      let(:merge_request) do
+        create(:merge_request,
+               source_project: source_project,
+               source_branch: 'fixes',
+               target_project: target_project)
+      end
+
+      before do
+        allow(ProtectedBranch).to receive(:protected?).with(source_project, 'fixes') { false }
+      end
+
+      it 'does not allow a maintainer of the target project to set `allow_maintainer_to_push`' do
+        target_project.add_developer(user)
+
+        update_merge_request(allow_maintainer_to_push: true, title: 'Updated title')
+
+        expect(merge_request.title).to eq('Updated title')
+        expect(merge_request.allow_maintainer_to_push).to be_falsy
+      end
+
+      it 'is allowed by a user that can push to the source and can update the merge request' do
+        merge_request.update!(assignee: user)
+        source_project.add_developer(user)
+
+        update_merge_request(allow_maintainer_to_push: true, title: 'Updated title')
+
+        expect(merge_request.title).to eq('Updated title')
+        expect(merge_request.allow_maintainer_to_push).to be_truthy
+      end
+    end
   end
 end
diff --git a/spec/support/matchers/match_ids.rb b/spec/support/matchers/match_ids.rb
new file mode 100644
index 00000000000..d8424405b96
--- /dev/null
+++ b/spec/support/matchers/match_ids.rb
@@ -0,0 +1,24 @@
+RSpec::Matchers.define :match_ids do |*expected|
+  match do |actual|
+    actual_ids = map_ids(actual)
+    expected_ids = map_ids(expected)
+
+    expect(actual_ids).to match_array(expected_ids)
+  end
+
+  description do
+    'matches elements by ids'
+  end
+
+  def map_ids(elements)
+    elements = elements.flatten if elements.respond_to?(:flatten)
+
+    if elements.respond_to?(:map)
+      elements.map(&:id)
+    elsif elements.respond_to?(:id)
+      [elements.id]
+    else
+      raise ArgumentError, "could not map elements to ids: #{elements}"
+    end
+  end
+end
diff --git a/spec/support/shared_examples/requests/api/discussions.rb b/spec/support/shared_examples/requests/api/discussions.rb
new file mode 100644
index 00000000000..b6aeb30d69c
--- /dev/null
+++ b/spec/support/shared_examples/requests/api/discussions.rb
@@ -0,0 +1,169 @@
+shared_examples 'discussions API' do |parent_type, noteable_type, id_name|
+  describe "GET /#{parent_type}/:id/#{noteable_type}/:noteable_id/discussions" do
+    it "returns an array of discussions" do
+      get api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/discussions", user)
+
+      expect(response).to have_gitlab_http_status(200)
+      expect(response).to include_pagination_headers
+      expect(json_response).to be_an Array
+      expect(json_response.first['id']).to eq(note.discussion_id)
+    end
+
+    it "returns a 404 error when noteable id not found" do
+      get api("/#{parent_type}/#{parent.id}/#{noteable_type}/12345/discussions", user)
+
+      expect(response).to have_gitlab_http_status(404)
+    end
+
+    it "returns 404 when not authorized" do
+      parent.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
+
+      get api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/discussions", private_user)
+
+      expect(response).to have_gitlab_http_status(404)
+    end
+  end
+
+  describe "GET /#{parent_type}/:id/#{noteable_type}/:noteable_id/discussions/:discussion_id" do
+    it "returns a discussion by id" do
+      get api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/discussions/#{note.discussion_id}", user)
+
+      expect(response).to have_gitlab_http_status(200)
+      expect(json_response['id']).to eq(note.discussion_id)
+      expect(json_response['notes'].first['body']).to eq(note.note)
+    end
+
+    it "returns a 404 error if discussion not found" do
+      get api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/discussions/12345", user)
+
+      expect(response).to have_gitlab_http_status(404)
+    end
+  end
+
+  describe "POST /#{parent_type}/:id/#{noteable_type}/:noteable_id/discussions" do
+    it "creates a new note" do
+      post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/discussions", user), body: 'hi!'
+
+      expect(response).to have_gitlab_http_status(201)
+      expect(json_response['notes'].first['body']).to eq('hi!')
+      expect(json_response['notes'].first['author']['username']).to eq(user.username)
+    end
+
+    it "returns a 400 bad request error if body not given" do
+      post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/discussions", user)
+
+      expect(response).to have_gitlab_http_status(400)
+    end
+
+    it "returns a 401 unauthorized error if user not authenticated" do
+      post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/discussions"), body: 'hi!'
+
+      expect(response).to have_gitlab_http_status(401)
+    end
+
+    context 'when an admin or owner makes the request' do
+      it 'accepts the creation date to be set' do
+        creation_time = 2.weeks.ago
+        post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/discussions", user),
+          body: 'hi!', created_at: creation_time
+
+        expect(response).to have_gitlab_http_status(201)
+        expect(json_response['notes'].first['body']).to eq('hi!')
+        expect(json_response['notes'].first['author']['username']).to eq(user.username)
+        expect(Time.parse(json_response['notes'].first['created_at'])).to be_like_time(creation_time)
+      end
+    end
+
+    context 'when user does not have access to read the discussion' do
+      before do
+        parent.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
+      end
+
+      it 'responds with 404' do
+        post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/discussions", private_user),
+          body: 'Foo'
+
+        expect(response).to have_gitlab_http_status(404)
+      end
+    end
+  end
+
+  describe "POST /#{parent_type}/:id/#{noteable_type}/:noteable_id/discussions/:discussion_id/notes" do
+    it 'adds a new note to the discussion' do
+      post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
+               "discussions/#{note.discussion_id}/notes", user), body: 'Hello!'
+
+      expect(response).to have_gitlab_http_status(201)
+      expect(json_response['body']).to eq('Hello!')
+      expect(json_response['type']).to eq('DiscussionNote')
+    end
+
+    it 'returns a 400 bad request error if body not given' do
+      post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
+               "discussions/#{note.discussion_id}/notes", user)
+
+      expect(response).to have_gitlab_http_status(400)
+    end
+
+    it "returns a 400 bad request error if discussion is individual note" do
+      note.update_attribute(:type, nil)
+
+      post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
+               "discussions/#{note.discussion_id}/notes", user), body: 'hi!'
+
+      expect(response).to have_gitlab_http_status(400)
+    end
+  end
+
+  describe "PUT /#{parent_type}/:id/#{noteable_type}/:noteable_id/discussions/:discussion_id/notes/:note_id" do
+    it 'returns modified note' do
+      put api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
+              "discussions/#{note.discussion_id}/notes/#{note.id}", user), body: 'Hello!'
+
+      expect(response).to have_gitlab_http_status(200)
+      expect(json_response['body']).to eq('Hello!')
+    end
+
+    it 'returns a 404 error when note id not found' do
+      put api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
+              "discussions/#{note.discussion_id}/notes/12345", user),
+              body: 'Hello!'
+
+      expect(response).to have_gitlab_http_status(404)
+    end
+
+    it 'returns a 400 bad request error if body not given' do
+      put api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
+              "discussions/#{note.discussion_id}/notes/#{note.id}", user)
+
+      expect(response).to have_gitlab_http_status(400)
+    end
+  end
+
+  describe "DELETE /#{parent_type}/:id/#{noteable_type}/:noteable_id/discussions/:discussion_id/notes/:note_id" do
+    it 'deletes a note' do
+      delete api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
+                 "discussions/#{note.discussion_id}/notes/#{note.id}", user)
+
+      expect(response).to have_gitlab_http_status(204)
+      # Check if note is really deleted
+      delete api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
+                 "discussions/#{note.discussion_id}/notes/#{note.id}", user)
+      expect(response).to have_gitlab_http_status(404)
+    end
+
+    it 'returns a 404 error when note id not found' do
+      delete api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
+                 "discussions/#{note.discussion_id}/notes/12345", user)
+
+      expect(response).to have_gitlab_http_status(404)
+    end
+
+    it_behaves_like '412 response' do
+      let(:request) do
+        api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
+            "discussions/#{note.discussion_id}/notes/#{note.id}", user)
+      end
+    end
+  end
+end
diff --git a/spec/support/shared_examples/requests/api/notes.rb b/spec/support/shared_examples/requests/api/notes.rb
new file mode 100644
index 00000000000..79b2196660c
--- /dev/null
+++ b/spec/support/shared_examples/requests/api/notes.rb
@@ -0,0 +1,206 @@
+shared_examples 'noteable API' do |parent_type, noteable_type, id_name|
+  describe "GET /#{parent_type}/:id/#{noteable_type}/:noteable_id/notes" do
+    context 'sorting' do
+      before do
+        params = { noteable: noteable, author: user }
+        params[:project] = parent if parent.is_a?(Project)
+
+        create_list(:note, 3, params)
+      end
+
+      it 'sorts by created_at in descending order by default' do
+        get api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes", user)
+
+        response_dates = json_response.map { |note| note['created_at'] }
+
+        expect(json_response.length).to eq(4)
+        expect(response_dates).to eq(response_dates.sort.reverse)
+      end
+
+      it 'sorts by ascending order when requested' do
+        get api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes?sort=asc", user)
+
+        response_dates = json_response.map { |note| note['created_at'] }
+
+        expect(json_response.length).to eq(4)
+        expect(response_dates).to eq(response_dates.sort)
+      end
+
+      it 'sorts by updated_at in descending order when requested' do
+        get api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes?order_by=updated_at", user)
+
+        response_dates = json_response.map { |note| note['updated_at'] }
+
+        expect(json_response.length).to eq(4)
+        expect(response_dates).to eq(response_dates.sort.reverse)
+      end
+
+      it 'sorts by updated_at in ascending order when requested' do
+        get api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes?order_by=updated_at&sort=asc", user)
+
+        response_dates = json_response.map { |note| note['updated_at'] }
+
+        expect(json_response.length).to eq(4)
+        expect(response_dates).to eq(response_dates.sort)
+      end
+    end
+
+    it "returns an array of notes" do
+      get api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes", user)
+
+      expect(response).to have_gitlab_http_status(200)
+      expect(response).to include_pagination_headers
+      expect(json_response).to be_an Array
+      expect(json_response.first['body']).to eq(note.note)
+    end
+
+    it "returns a 404 error when noteable id not found" do
+      get api("/#{parent_type}/#{parent.id}/#{noteable_type}/12345/notes", user)
+
+      expect(response).to have_gitlab_http_status(404)
+    end
+
+    it "returns 404 when not authorized" do
+      parent.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
+
+      get api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes", private_user)
+
+      expect(response).to have_gitlab_http_status(404)
+    end
+  end
+
+  describe "GET /#{parent_type}/:id/#{noteable_type}/:noteable_id/notes/:note_id" do
+    it "returns a note by id" do
+      get api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes/#{note.id}", user)
+
+      expect(response).to have_gitlab_http_status(200)
+      expect(json_response['body']).to eq(note.note)
+    end
+
+    it "returns a 404 error if note not found" do
+      get api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes/12345", user)
+
+      expect(response).to have_gitlab_http_status(404)
+    end
+  end
+
+  describe "POST /#{parent_type}/:id/#{noteable_type}/:noteable_id/notes" do
+    it "creates a new note" do
+      post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes", user), body: 'hi!'
+
+      expect(response).to have_gitlab_http_status(201)
+      expect(json_response['body']).to eq('hi!')
+      expect(json_response['author']['username']).to eq(user.username)
+    end
+
+    it "returns a 400 bad request error if body not given" do
+      post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes", user)
+
+      expect(response).to have_gitlab_http_status(400)
+    end
+
+    it "returns a 401 unauthorized error if user not authenticated" do
+      post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes"), body: 'hi!'
+
+      expect(response).to have_gitlab_http_status(401)
+    end
+
+    it "creates an activity event when a note is created" do
+      expect(Event).to receive(:create!)
+
+      post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes", user), body: 'hi!'
+    end
+
+    context 'when an admin or owner makes the request' do
+      it 'accepts the creation date to be set' do
+        creation_time = 2.weeks.ago
+        post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes", user),
+          body: 'hi!', created_at: creation_time
+
+        expect(response).to have_gitlab_http_status(201)
+        expect(json_response['body']).to eq('hi!')
+        expect(json_response['author']['username']).to eq(user.username)
+        expect(Time.parse(json_response['created_at'])).to be_like_time(creation_time)
+      end
+    end
+
+    context 'when the user is posting an award emoji on a noteable created by someone else' do
+      it 'creates a new note' do
+        parent.add_developer(private_user)
+        post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes", private_user), body: ':+1:'
+
+        expect(response).to have_gitlab_http_status(201)
+        expect(json_response['body']).to eq(':+1:')
+      end
+    end
+
+    context 'when the user is posting an award emoji on his/her own noteable' do
+      it 'creates a new note' do
+        post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes", user), body: ':+1:'
+
+        expect(response).to have_gitlab_http_status(201)
+        expect(json_response['body']).to eq(':+1:')
+      end
+    end
+
+    context 'when user does not have access to read the noteable' do
+      before do
+        parent.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
+      end
+
+      it 'responds with 404' do
+        post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes", private_user),
+          body: 'Foo'
+
+        expect(response).to have_gitlab_http_status(404)
+      end
+    end
+  end
+
+  describe "PUT /#{parent_type}/:id/#{noteable_type}/:noteable_id/notes/:note_id" do
+    it 'returns modified note' do
+      put api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
+                "notes/#{note.id}", user), body: 'Hello!'
+
+      expect(response).to have_gitlab_http_status(200)
+      expect(json_response['body']).to eq('Hello!')
+    end
+
+    it 'returns a 404 error when note id not found' do
+      put api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes/12345", user),
+              body: 'Hello!'
+
+      expect(response).to have_gitlab_http_status(404)
+    end
+
+    it 'returns a 400 bad request error if body not given' do
+      put api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
+                "notes/#{note.id}", user)
+
+      expect(response).to have_gitlab_http_status(400)
+    end
+  end
+
+  describe "DELETE /#{parent_type}/:id/#{noteable_type}/:noteable_id/notes/:note_id" do
+    it 'deletes a note' do
+      delete api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
+                 "notes/#{note.id}", user)
+
+      expect(response).to have_gitlab_http_status(204)
+      # Check if note is really deleted
+      delete api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
+                 "notes/#{note.id}", user)
+      expect(response).to have_gitlab_http_status(404)
+    end
+
+    it 'returns a 404 error when note id not found' do
+      delete api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes/12345", user)
+
+      expect(response).to have_gitlab_http_status(404)
+    end
+
+    it_behaves_like '412 response' do
+      let(:request) { api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes/#{note.id}", user) }
+    end
+  end
+end
diff --git a/spec/views/projects/tree/show.html.haml_spec.rb b/spec/views/projects/tree/show.html.haml_spec.rb
index 44b32df0395..3b098320ad7 100644
--- a/spec/views/projects/tree/show.html.haml_spec.rb
+++ b/spec/views/projects/tree/show.html.haml_spec.rb
@@ -13,6 +13,7 @@ describe 'projects/tree/show' do
 
     allow(view).to receive(:can?).and_return(true)
     allow(view).to receive(:can_collaborate_with_project?).and_return(true)
+    allow(view).to receive_message_chain('user_access.can_push_to_branch?').and_return(true)
     allow(view).to receive(:current_application_settings).and_return(Gitlab::CurrentSettings.current_application_settings)
   end
 
diff --git a/spec/workers/post_receive_spec.rb b/spec/workers/post_receive_spec.rb
index 5d9b0679796..cd6661f09a1 100644
--- a/spec/workers/post_receive_spec.rb
+++ b/spec/workers/post_receive_spec.rb
@@ -114,6 +114,18 @@ describe PostReceive do
     end
   end
 
+  describe '#process_wiki_changes' do
+    let(:gl_repository) { "wiki-#{project.id}" }
+
+    it 'updates project activity' do
+      described_class.new.perform(gl_repository, key_id, base64_changes)
+
+      expect { project.reload }
+        .to change(project, :last_activity_at)
+        .and change(project, :last_repository_updated_at)
+    end
+  end
+
   context "webhook" do
     it "fetches the correct project" do
       expect(Project).to receive(:find_by).with(id: project.id.to_s)
author	James Lopez <james@jameslopez.es>	2018-03-08 09:13:09 +0100
committer	James Lopez <james@jameslopez.es>	2018-03-08 09:13:09 +0100
commit	59a5a011e2eb2dd9a6b796437841ae25a80647b3 (patch)
tree	5f92ae8e169b38b2303c58564f17656bab3d2037 /spec
parent	c7f34b54066b7c3cb6eee120fa877c0253ee1709 (diff)
parent	7734e85bc6592c5ad3330c611c5f83a051b680b0 (diff)
download	gitlab-ce-59a5a011e2eb2dd9a6b796437841ae25a80647b3.tar.gz