19 files changed, 429 insertions, 43 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 8428739a17b..b72cfe7284a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -44,6 +44,9 @@ v 7.9.0 (unreleased)
   - Wrap commit message in EmailsOnPush email.
   - Send EmailsOnPush emails when deleting commits using force push.  
   - Fix EmailsOnPush email comparison link to include first commit.
+  - Fix highliht of selected lines in file
+  - Reject access to group/project avatar if the user doesn't have access.
+  - Add database migration to clean group duplicates with same path and name (Make sure you have a backup before update)
   - Add GitLab active users count to rake gitlab:check
 
 v 7.8.2
diff --git a/app/assets/javascripts/blob/blob.js.coffee b/app/assets/javascripts/blob/blob.js.coffee
index a5f15f80c5c..37a175fdbc7 100644
--- a/app/assets/javascripts/blob/blob.js.coffee
+++ b/app/assets/javascripts/blob/blob.js.coffee
@@ -26,7 +26,7 @@ class @BlobView
       unless isNaN first_line
         $("#tree-content-holder .highlight .line").removeClass("hll")
         $("#LC#{line}").addClass("hll") for line in [first_line..last_line]
-        $.scrollTo("#L#{first_line}") unless e?
+        $.scrollTo("#L#{first_line}", offset: -50) unless e?
 
     # parse selected lines from hash
     # always return first and last line (initialized to NaN)
diff --git a/app/assets/stylesheets/highlight/dark.scss b/app/assets/stylesheets/highlight/dark.scss
index fcd4d47bace..df95625716a 100644
--- a/app/assets/stylesheets/highlight/dark.scss
+++ b/app/assets/stylesheets/highlight/dark.scss
@@ -13,8 +13,8 @@
   }
 
   // highlight line via anchor
-  pre.hll {
-    background-color: #fff !important;
+  pre .hll {
+    background-color: #557 !important;
   }
 
   .hll { background-color: #373b41 }
diff --git a/app/assets/stylesheets/highlight/monokai.scss b/app/assets/stylesheets/highlight/monokai.scss
index bcd2e716657..8f6b9edc7f5 100644
--- a/app/assets/stylesheets/highlight/monokai.scss
+++ b/app/assets/stylesheets/highlight/monokai.scss
@@ -13,7 +13,7 @@
   }
 
   // highlight line via anchor
-  pre.hll {
+  pre .hll {
     background-color: #49483e !important;
   }
 
diff --git a/app/assets/stylesheets/highlight/solarized_dark.scss b/app/assets/stylesheets/highlight/solarized_dark.scss
index 4a6b759bd2c..97926f906e5 100644
--- a/app/assets/stylesheets/highlight/solarized_dark.scss
+++ b/app/assets/stylesheets/highlight/solarized_dark.scss
@@ -13,8 +13,8 @@
   }
 
   // highlight line via anchor
-  pre.hll {
-    background-color: #073642 !important;
+  pre .hll {
+    background-color: #174652 !important;
   }
 
   /* Solarized Dark
diff --git a/app/assets/stylesheets/highlight/solarized_light.scss b/app/assets/stylesheets/highlight/solarized_light.scss
index 7254f4d7ac1..9398067781f 100644
--- a/app/assets/stylesheets/highlight/solarized_light.scss
+++ b/app/assets/stylesheets/highlight/solarized_light.scss
@@ -13,8 +13,8 @@
   }
 
   // highlight line via anchor
-  pre.hll {
-    background-color: #eee8d5 !important;
+  pre .hll {
+    background-color: #ddd8c5 !important;
   }
 
   /* Solarized Light
diff --git a/app/assets/stylesheets/highlight/white.scss b/app/assets/stylesheets/highlight/white.scss
index 4d6f5dfd91e..c8217d3e6bf 100644
--- a/app/assets/stylesheets/highlight/white.scss
+++ b/app/assets/stylesheets/highlight/white.scss
@@ -13,7 +13,7 @@
   }
 
   // highlight line via anchor
-  pre.hll {
+  pre .hll {
     background-color: #f8eec7 !important;
   }
 
diff --git a/app/controllers/import/base_controller.rb b/app/controllers/import/base_controller.rb
index 7dc0cac8d4c..edb8bd4160b 100644
--- a/app/controllers/import/base_controller.rb
+++ b/app/controllers/import/base_controller.rb
@@ -3,19 +3,17 @@ class Import::BaseController < ApplicationController
   private
 
   def get_or_create_namespace
-    existing_namespace = Namespace.find_by_path_or_name(@target_namespace)
-
-    if existing_namespace
-      if existing_namespace.owner == current_user
-        namespace = existing_namespace
-      else
+    begin
+      namespace = Group.create!(name: @target_namespace, path: @target_namespace, owner: current_user)
+      namespace.add_owner(current_user)
+    rescue ActiveRecord::RecordNotUnique, ActiveRecord::RecordInvalid
+      namespace = Namespace.find_by_path_or_name(@target_namespace)
+      unless namespace.owner == current_user
         @already_been_taken = true
         return false
       end
-    else
-      namespace = Group.create(name: @target_namespace, path: @target_namespace, owner: current_user)
-      namespace.add_owner(current_user)
-      namespace
     end
+
+    namespace
   end
 end
diff --git a/app/controllers/projects/imports_controller.rb b/app/controllers/projects/imports_controller.rb
index 79d9910ce87..b64491b4666 100644
--- a/app/controllers/projects/imports_controller.rb
+++ b/app/controllers/projects/imports_controller.rb
@@ -37,7 +37,7 @@ class Projects::ImportsController < Projects::ApplicationController
   private
 
   def require_no_repo
-    if @project.repository_exists?
+    if @project.repository_exists? && !@project.import_in_progress?
       redirect_to(namespace_project_path(@project.namespace, @project)) and return
     end
   end
diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb
index 810ac9f34bd..c5f3da54ea2 100644
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -1,24 +1,15 @@
 class UploadsController < ApplicationController
-  skip_before_filter :authenticate_user!, :reject_blocked!
-  before_filter :authorize_access
+  skip_before_filter :authenticate_user!
+  before_filter :find_model, :authorize_access!
 
   def show
-    unless upload_model && upload_mount
-      return not_found!
-    end
-
-    model = upload_model.find(params[:id])
-    uploader = model.send(upload_mount)
-
-    if model.respond_to?(:project) && !can?(current_user, :read_project, model.project)
-      return not_found!
-    end
+    uploader = @model.send(upload_mount)
 
     unless uploader.file_storage?
       return redirect_to uploader.url
     end
 
-    unless uploader.file.exists?
+    unless uploader.file && uploader.file.exists?
       return not_found!
     end
 
@@ -28,9 +19,34 @@ class UploadsController < ApplicationController
 
   private
 
-  def authorize_access
-    unless params[:mounted_as] == 'avatar'
-      authenticate_user! && reject_blocked!
+  def find_model
+    unless upload_model && upload_mount
+      return not_found!
+    end
+
+    @model = upload_model.find(params[:id])
+  end
+
+  def authorize_access!
+    authorized = 
+      case @model
+      when Project
+        can?(current_user, :read_project, @model)
+      when Group
+        can?(current_user, :read_group, @model)
+      when Note
+        can?(current_user, :read_project, @model.project)
+      else
+        # No authentication required for user avatars.
+        true
+      end
+
+    return if authorized
+
+    if current_user
+      not_found!
+    else
+      authenticate_user!
     end
   end
 
diff --git a/app/models/repository.rb b/app/models/repository.rb
index 5b52739df2b..6117db418a7 100644
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -146,7 +146,8 @@ class Repository
   end
 
   def timestamps_by_user_log(user)
-    args = %W(git log --author=#{user.email} --since=#{(Date.today - 1.year).to_s} --branches --pretty=format:%cd --date=short)
+    author_emails = '(' + user.all_emails.map{ |e| Regexp.escape(e) }.join('|') + ')'
+    args = %W(git log -E --author=#{author_emails} --since=#{(Date.today - 1.year).to_s} --branches --pretty=format:%cd --date=short)
     dates = Gitlab::Popen.popen(args, path_to_repo).first.split("\n")
 
     if dates.present?
diff --git a/app/views/users/_profile.html.haml b/app/views/users/_profile.html.haml
index 3b44959baad..0a70b738071 100644
--- a/app/views/users/_profile.html.haml
+++ b/app/views/users/_profile.html.haml
@@ -12,7 +12,7 @@
     - unless user.linkedin.blank?
       %li
         %span.light LinkedIn:
-        %strong= user.linkedin
+        %strong= link_to user.linkedin, "http://www.linkedin.com/in/#{user.linkedin}"
     - unless user.twitter.blank?
       %li
         %span.light Twitter:
diff --git a/db/migrate/20150306023106_fix_namespace_duplication.rb b/db/migrate/20150306023106_fix_namespace_duplication.rb
new file mode 100644
index 00000000000..334e5574559
--- /dev/null
+++ b/db/migrate/20150306023106_fix_namespace_duplication.rb
@@ -0,0 +1,21 @@
+class FixNamespaceDuplication < ActiveRecord::Migration
+  def up
+    #fixes path duplication
+    select_all('SELECT MAX(id) max, COUNT(id) cnt, path FROM namespaces GROUP BY path HAVING COUNT(id) > 1').each do |nms|
+      bad_nms_ids = select_all("SELECT id FROM namespaces WHERE path = '#{nms['path']}' AND id <> #{nms['max']}").map{|x| x["id"]}
+      execute("UPDATE projects SET namespace_id = #{nms["max"]} WHERE namespace_id IN(#{bad_nms_ids.join(', ')})")
+      execute("DELETE FROM namespaces WHERE id IN(#{bad_nms_ids.join(', ')})")
+    end
+
+    #fixes name duplication
+    select_all('SELECT MAX(id) max, COUNT(id) cnt, name FROM namespaces GROUP BY name HAVING COUNT(id) > 1').each do |nms|
+      bad_nms_ids = select_all("SELECT id FROM namespaces WHERE name = '#{nms['name']}' AND id <> #{nms['max']}").map{|x| x["id"]}
+      execute("UPDATE projects SET namespace_id = #{nms["max"]} WHERE namespace_id IN(#{bad_nms_ids.join(', ')})")
+      execute("DELETE FROM namespaces WHERE id IN(#{bad_nms_ids.join(', ')})")
+    end
+  end
+
+  def down
+    # not implemented
+  end
+end
diff --git a/db/migrate/20150306023112_add_unique_index_to_namespace.rb b/db/migrate/20150306023112_add_unique_index_to_namespace.rb
new file mode 100644
index 00000000000..6472138e3ef
--- /dev/null
+++ b/db/migrate/20150306023112_add_unique_index_to_namespace.rb
@@ -0,0 +1,9 @@
+class AddUniqueIndexToNamespace < ActiveRecord::Migration
+  def change
+    remove_index :namespaces, column: :name if index_exists?(:namespaces, :name)
+    remove_index :namespaces, column: :path if index_exists?(:namespaces, :path)
+
+    add_index :namespaces, :name, unique: true
+    add_index :namespaces, :path, unique: true
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index a686bb4b3cd..3afbc082b70 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20150225065047) do
+ActiveRecord::Schema.define(version: 20150306023112) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -242,9 +242,9 @@ ActiveRecord::Schema.define(version: 20150225065047) do
   end
 
   add_index "namespaces", ["created_at", "id"], name: "index_namespaces_on_created_at_and_id", using: :btree
-  add_index "namespaces", ["name"], name: "index_namespaces_on_name", using: :btree
+  add_index "namespaces", ["name"], name: "index_namespaces_on_name", unique: true, using: :btree
   add_index "namespaces", ["owner_id"], name: "index_namespaces_on_owner_id", using: :btree
-  add_index "namespaces", ["path"], name: "index_namespaces_on_path", using: :btree
+  add_index "namespaces", ["path"], name: "index_namespaces_on_path", unique: true, using: :btree
   add_index "namespaces", ["type"], name: "index_namespaces_on_type", using: :btree
 
   create_table "notes", force: true do |t|
@@ -334,12 +334,12 @@ ActiveRecord::Schema.define(version: 20150225065047) do
     t.string   "import_url"
     t.integer  "visibility_level",       default: 0,        null: false
     t.boolean  "archived",               default: false,    null: false
-    t.string   "avatar"
     t.string   "import_status"
     t.float    "repository_size",        default: 0.0
     t.integer  "star_count",             default: 0,        null: false
     t.string   "import_type"
     t.string   "import_source"
+    t.string   "avatar"
   end
 
   add_index "projects", ["created_at", "id"], name: "index_projects_on_created_at_and_id", using: :btree
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 3584a754c62..4eb280f9554 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -11,7 +11,7 @@ RUN apt-get update -q \
 # If the Omnibus package version below is outdated please contribute a merge request to update it.
 # If you run GitLab Enterprise Edition point it to a location where you have downloaded it.
 RUN TMP_FILE=$(mktemp); \
-    wget -q -O $TMP_FILE https://downloads-packages.s3.amazonaws.com/ubuntu-14.04/gitlab_7.8.1-omnibus-1_amd64.deb \
+    wget -q -O $TMP_FILE https://downloads-packages.s3.amazonaws.com/ubuntu-14.04/gitlab_7.8.3-omnibus-1_amd64.deb \
     && dpkg -i $TMP_FILE \
     && rm -f $TMP_FILE
 
diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb
new file mode 100644
index 00000000000..0f9780356b1
--- /dev/null
+++ b/spec/controllers/uploads_controller_spec.rb
@@ -0,0 +1,296 @@
+require 'spec_helper'
+
+describe UploadsController do
+  let!(:user) { create(:user, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) }
+
+  describe "GET show" do
+    context "when viewing a user avatar" do
+      context "when signed in" do
+        before do
+          sign_in(user)
+        end
+
+        context "when the user is blocked" do
+          before do
+            user.block
+          end
+
+          it "redirects to the sign in page" do
+            get :show, model: "user", mounted_as: "avatar", id: user.id, filename: "image.png"
+
+            expect(response).to redirect_to(new_user_session_path)
+          end
+        end
+
+        context "when the user isn't blocked" do
+          it "responds with status 200" do
+            get :show, model: "user", mounted_as: "avatar", id: user.id, filename: "image.png"
+
+            expect(response.status).to eq(200)
+          end
+        end
+      end
+      
+      context "when not signed in" do
+        it "responds with status 200" do
+          get :show, model: "user", mounted_as: "avatar", id: user.id, filename: "image.png"
+
+          expect(response.status).to eq(200)
+        end
+      end
+    end
+
+    context "when viewing a project avatar" do
+      let!(:project) { create(:project, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) }
+
+      context "when the project is public" do
+        before do
+          project.update_attribute(:visibility_level, Project::PUBLIC)
+        end
+
+        context "when not signed in" do
+          it "responds with status 200" do
+            get :show, model: "project", mounted_as: "avatar", id: project.id, filename: "image.png"
+
+            expect(response.status).to eq(200)
+          end
+        end
+
+        context "when signed in" do
+          before do
+            sign_in(user)
+          end
+
+          it "responds with status 200" do
+            get :show, model: "project", mounted_as: "avatar", id: project.id, filename: "image.png"
+
+            expect(response.status).to eq(200)
+          end
+        end
+      end
+
+      context "when the project is private" do
+        before do
+          project.update_attribute(:visibility_level, Project::PRIVATE)
+        end
+
+        context "when not signed in" do
+          it "redirects to the sign in page" do
+            get :show, model: "project", mounted_as: "avatar", id: project.id, filename: "image.png"
+
+            expect(response).to redirect_to(new_user_session_path)
+          end
+        end
+
+        context "when signed in" do
+          before do
+            sign_in(user)
+          end
+
+          context "when the user has access to the project" do
+            before do
+              project.team << [user, :master]
+            end
+
+            context "when the user is blocked" do
+              before do
+                user.block
+                project.team << [user, :master]
+              end
+
+              it "redirects to the sign in page" do
+                get :show, model: "project", mounted_as: "avatar", id: project.id, filename: "image.png"
+
+                expect(response).to redirect_to(new_user_session_path)
+              end
+            end
+
+            context "when the user isn't blocked" do
+              it "responds with status 200" do
+                get :show, model: "project", mounted_as: "avatar", id: project.id, filename: "image.png"
+
+                expect(response.status).to eq(200)
+              end
+            end
+          end
+
+          context "when the user doesn't have access to the project" do
+            it "responds with status 404" do
+              get :show, model: "project", mounted_as: "avatar", id: project.id, filename: "image.png"
+
+              expect(response.status).to eq(404)
+            end
+          end
+        end
+      end
+    end
+
+    context "when viewing a group avatar" do
+      let!(:group) { create(:group, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) }
+      let!(:project) { create(:project, namespace: group) }
+
+      context "when the group has public projects" do
+        before do
+          project.update_attribute(:visibility_level, Project::PUBLIC)
+        end
+
+        context "when not signed in" do
+          it "responds with status 200" do
+            get :show, model: "group", mounted_as: "avatar", id: group.id, filename: "image.png"
+
+            expect(response.status).to eq(200)
+          end
+        end
+
+        context "when signed in" do
+          before do
+            sign_in(user)
+          end
+
+          it "responds with status 200" do
+            get :show, model: "group", mounted_as: "avatar", id: group.id, filename: "image.png"
+
+            expect(response.status).to eq(200)
+          end
+        end
+      end
+
+      context "when the project doesn't have public projects" do
+        context "when not signed in" do
+          it "redirects to the sign in page" do
+            get :show, model: "group", mounted_as: "avatar", id: group.id, filename: "image.png"
+
+            expect(response).to redirect_to(new_user_session_path)
+          end
+        end
+
+        context "when signed in" do
+          before do
+            sign_in(user)
+          end
+
+          context "when the user has access to the project" do
+            before do
+              project.team << [user, :master]
+            end
+
+            context "when the user is blocked" do
+              before do
+                user.block
+                project.team << [user, :master]
+              end
+
+              it "redirects to the sign in page" do
+                get :show, model: "group", mounted_as: "avatar", id: group.id, filename: "image.png"
+
+                expect(response).to redirect_to(new_user_session_path)
+              end
+            end
+
+            context "when the user isn't blocked" do
+              it "responds with status 200" do
+                get :show, model: "group", mounted_as: "avatar", id: group.id, filename: "image.png"
+
+                expect(response.status).to eq(200)
+              end
+            end
+          end
+
+          context "when the user doesn't have access to the project" do
+            it "responds with status 404" do
+              get :show, model: "group", mounted_as: "avatar", id: group.id, filename: "image.png"
+
+              expect(response.status).to eq(404)
+            end
+          end
+        end
+      end
+    end
+
+    context "when viewing a note attachment" do
+      let!(:note) { create(:note, :with_attachment) }
+      let(:project) { note.project }
+
+      context "when the project is public" do
+        before do
+          project.update_attribute(:visibility_level, Project::PUBLIC)
+        end
+
+        context "when not signed in" do
+          it "responds with status 200" do
+            get :show, model: "note", mounted_as: "attachment", id: note.id, filename: "image.png"
+
+            expect(response.status).to eq(200)
+          end
+        end
+
+        context "when signed in" do
+          before do
+            sign_in(user)
+          end
+
+          it "responds with status 200" do
+            get :show, model: "note", mounted_as: "attachment", id: note.id, filename: "image.png"
+
+            expect(response.status).to eq(200)
+          end
+        end
+      end
+
+      context "when the project is private" do
+        before do
+          project.update_attribute(:visibility_level, Project::PRIVATE)
+        end
+
+        context "when not signed in" do
+          it "redirects to the sign in page" do
+            get :show, model: "note", mounted_as: "attachment", id: note.id, filename: "image.png"
+
+            expect(response).to redirect_to(new_user_session_path)
+          end
+        end
+
+        context "when signed in" do
+          before do
+            sign_in(user)
+          end
+
+          context "when the user has access to the project" do
+            before do
+              project.team << [user, :master]
+            end
+
+            context "when the user is blocked" do
+              before do
+                user.block
+                project.team << [user, :master]
+              end
+
+              it "redirects to the sign in page" do
+                get :show, model: "note", mounted_as: "attachment", id: note.id, filename: "image.png"
+
+                expect(response).to redirect_to(new_user_session_path)
+              end
+            end
+
+            context "when the user isn't blocked" do
+              it "responds with status 200" do
+                get :show, model: "note", mounted_as: "attachment", id: note.id, filename: "image.png"
+
+                expect(response.status).to eq(200)
+              end
+            end
+          end
+
+          context "when the user doesn't have access to the project" do
+            it "responds with status 404" do
+              get :show, model: "note", mounted_as: "attachment", id: note.id, filename: "image.png"
+
+              expect(response.status).to eq(404)
+            end
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/spec/models/repository_spec.rb b/spec/models/repository_spec.rb
index eeb0f3d9ee0..b3a38f6c5b9 100644
--- a/spec/models/repository_spec.rb
+++ b/spec/models/repository_spec.rb
@@ -18,4 +18,27 @@ describe Repository do
 
     it { is_expected.to eq('c1acaa58bbcbc3eafe538cb8274ba387047b69f8') }
   end
+
+  context :timestamps_by_user_log do
+    before do
+      Date.stub(:today).and_return(Date.new(2015, 03, 01))
+    end
+
+    describe 'single e-mail for user' do
+      let(:user) { create(:user, email: sample_commit.author_email) }
+
+      subject { repository.timestamps_by_user_log(user) }
+
+      it { is_expected.to eq(["2014-08-06", "2014-07-31", "2014-07-31"]) }
+    end
+
+    describe 'multiple emails for user' do
+      let(:email_alias) { create(:email, email: another_sample_commit.author_email) }
+      let(:user) { create(:user, email: sample_commit.author_email, emails: [email_alias]) }
+
+      subject { repository.timestamps_by_user_log(user) }
+
+      it { is_expected.to eq(["2015-01-10", "2014-08-06", "2014-07-31", "2014-07-31"]) }
+    end
+  end
 end
diff --git a/spec/support/repo_helpers.rb b/spec/support/repo_helpers.rb
index 4c4775da692..aadf791bf3f 100644
--- a/spec/support/repo_helpers.rb
+++ b/spec/support/repo_helpers.rb
@@ -43,6 +43,25 @@ eos
     )
   end
 
+  def another_sample_commit
+    OpenStruct.new(
+        id: "e56497bb5f03a90a51293fc6d516788730953899",
+        parent_id: '4cd80ccab63c82b4bad16faa5193fbd2aa06df40',
+        author_full_name: "Sytse Sijbrandij",
+        author_email: "sytse@gitlab.com",
+        files_changed_count: 1,
+        message: <<eos
+Add directory structure for tree_helper spec
+
+This directory structure is needed for a testing the method flatten_tree(tree) in the TreeHelper module
+
+See [merge request #275](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/275#note_732774)
+
+See merge request !2
+eos
+    )
+  end
+
   def sample_big_commit
     OpenStruct.new(
       id: "913c66a37b4a45b9769037c55c2d238bd0942d2e",