9 files changed, 59 insertions, 46 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 9fe1e8c90c7..d249a014802 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,10 +1,15 @@
 Please view this file on the master branch, on stable branches it's out of date.
 
 v 7.14.0 (unreleased)
+  - Remove repository graph log to fix slow cache updates after push event (Stan Hu)
+  - Fix label read access for unauthenticated users (Daniel Gerhardt)
+  - Fix access to disabled features for unauthenticated users (Daniel Gerhardt)
   - Fix OAuth provider bug where GitLab would not go return to the redirect_uri after sign-in (Stan Hu)
   - Fix file upload dialog for comment editing (Daniel Gerhardt)
+  - Set OmniAuth full_host parameter to ensure redirect URIs are correct (Stan Hu)
   - Expire Rails cache entries after two weeks to prevent endless Redis growth
   - Add support for destroying project milestones (Stan Hu)
+  - Add fetch command to the MR page.
 
 v 7.13.0 (unreleased)
   - Only enable HSTS header for HTTPS and port 443 (Stan Hu)
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index b191819a117..586359f3080 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -1,6 +1,6 @@
 class ProjectsController < ApplicationController
   prepend_before_filter :render_go_import, only: [:show]
-  skip_before_action :authenticate_user!, only: [:show]
+  skip_before_action :authenticate_user!, only: [:show, :activity]
   before_action :project, except: [:new, :create]
   before_action :repository, except: [:new, :create]
 
diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb
index f61baf00525..3cd52b381bd 100644
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -131,8 +131,12 @@ module ProjectsHelper
       nav_tabs << :snippets
     end
 
+    if can?(current_user, :read_label, project)
+      nav_tabs << :labels
+    end
+
     if can?(current_user, :read_milestone, project)
-      nav_tabs << [:milestones, :labels]
+      nav_tabs << :milestones
     end
 
     nav_tabs.flatten
diff --git a/app/models/ability.rb b/app/models/ability.rb
index d3631d49ec6..9258d981ac9 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -31,10 +31,11 @@ class Ability
                 end
 
       if project && project.public?
-        [
+        rules = [
           :read_project,
           :read_wiki,
           :read_issue,
+          :read_label,
           :read_milestone,
           :read_project_snippet,
           :read_project_member,
@@ -42,6 +43,8 @@ class Ability
           :read_note,
           :download_code
         ]
+
+        rules - project_disabled_features_rules(project)
       else
         group = if subject.kind_of?(Group)
                   subject
@@ -102,28 +105,7 @@ class Ability
           rules -= project_archived_rules
         end
 
-        unless project.issues_enabled
-          rules -= named_abilities('issue')
-        end
-
-        unless project.merge_requests_enabled
-          rules -= named_abilities('merge_request')
-        end
-
-        unless project.issues_enabled or project.merge_requests_enabled
-          rules -= named_abilities('label')
-          rules -= named_abilities('milestone')
-        end
-
-        unless project.snippets_enabled
-          rules -= named_abilities('project_snippet')
-        end
-
-        unless project.wiki_enabled
-          rules -= named_abilities('wiki')
-        end
-
-        rules
+        rules - project_disabled_features_rules(project)
       end
     end
 
@@ -205,6 +187,33 @@ class Ability
       ]
     end
 
+    def project_disabled_features_rules(project)
+      rules = []
+
+      unless project.issues_enabled
+        rules += named_abilities('issue')
+      end
+
+      unless project.merge_requests_enabled
+        rules += named_abilities('merge_request')
+      end
+
+      unless project.issues_enabled or project.merge_requests_enabled
+        rules += named_abilities('label')
+        rules += named_abilities('milestone')
+      end
+
+      unless project.snippets_enabled
+        rules += named_abilities('project_snippet')
+      end
+
+      unless project.wiki_enabled
+        rules += named_abilities('wiki')
+      end
+
+      rules
+    end
+
     def group_abilities(user, group)
       rules = []
 
diff --git a/app/models/repository.rb b/app/models/repository.rb
index 1d208aa71c4..807b33b2a3e 100644
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -119,7 +119,7 @@ class Repository
   end
 
   def cache_keys
-    %i(size branch_names tag_names commit_count graph_log
+    %i(size branch_names tag_names commit_count
        readme version contribution_guide changelog license)
   end
 
@@ -144,24 +144,6 @@ class Repository
     end
   end
 
-  def graph_log
-    cache.fetch(:graph_log) do
-      commits = raw_repository.log(limit: 6000, skip_merges: true,
-                                   ref: root_ref)
-
-      commits.map do |rugged_commit|
-        commit = Gitlab::Git::Commit.new(rugged_commit)
-
-        {
-          author_name: commit.author_name,
-          author_email: commit.author_email,
-          additions: commit.stats.additions,
-          deletions: commit.stats.deletions,
-        }
-      end
-    end
-  end
-
   def lookup_cache
     @lookup_cache ||= {}
   end
diff --git a/app/views/projects/merge_requests/_show.html.haml b/app/views/projects/merge_requests/_show.html.haml
index b6d9b135c70..faaa85896cf 100644
--- a/app/views/projects/merge_requests/_show.html.haml
+++ b/app/views/projects/merge_requests/_show.html.haml
@@ -31,6 +31,16 @@
               %li= link_to "Email Patches", merge_request_path(@merge_request, format: :patch)
               %li= link_to "Plain Diff",    merge_request_path(@merge_request, format: :diff)
 
+    - if @merge_request.open? and @merge_request.source_branch_exists?
+      .append-bottom-20
+        .slead
+          %span
+            Fetch the branch with
+            %strong.label-branch<
+              git fetch
+              \ #{@merge_request.source_project.http_url_to_repo}
+              \ #{@merge_request.source_branch}
+
     = render "projects/merge_requests/show/how_to_merge"
     = render "projects/merge_requests/widget/show.html.haml"
 
diff --git a/app/views/projects/show.html.haml b/app/views/projects/show.html.haml
index b90cadfb1e2..769dd68f089 100644
--- a/app/views/projects/show.html.haml
+++ b/app/views/projects/show.html.haml
@@ -6,7 +6,9 @@
   = render 'shared/no_ssh'
   = render 'shared/no_password'
 
-= render 'projects/last_push'
+- if prefer_readme?
+  = render 'projects/last_push'
+
 = render "home_panel"
 
 .project-stats
diff --git a/config/initializers/7_omniauth.rb b/config/initializers/7_omniauth.rb
index df73ec1304a..7f73546ac89 100644
--- a/config/initializers/7_omniauth.rb
+++ b/config/initializers/7_omniauth.rb
@@ -11,6 +11,7 @@ if Gitlab::LDAP::Config.enabled?
   end
 end
 
+OmniAuth.config.full_host = Settings.gitlab['url']
 OmniAuth.config.allowed_request_methods = [:post]
 #In case of auto sign-in, the GET method is used (users don't get to click on a button)
 OmniAuth.config.allowed_request_methods << :get if Gitlab.config.omniauth.auto_sign_in_with_provider.present?
diff --git a/lib/support/init.d/gitlab b/lib/support/init.d/gitlab
index 946902e2f6d..a3455728a94 100755
--- a/lib/support/init.d/gitlab
+++ b/lib/support/init.d/gitlab
@@ -41,7 +41,7 @@ shell_path="/bin/bash"
 test -f /etc/default/gitlab && . /etc/default/gitlab
 
 # Switch to the app_user if it is not he/she who is running the script.
-if [ "$USER" != "$app_user" ]; then
+if [ `whoami` != "$app_user" ]; then
   eval su - "$app_user" -s $shell_path -c $(echo \")$0 "$@"$(echo \"); exit;
 fi