12 files changed, 118 insertions, 64 deletions

diff --git a/app/controllers/projects/application_controller.rb b/app/controllers/projects/application_controller.rb
index e2f81b09adc..89f1128ec36 100644
--- a/app/controllers/projects/application_controller.rb
+++ b/app/controllers/projects/application_controller.rb
@@ -89,4 +89,8 @@ class Projects::ApplicationController < ApplicationController
   def builds_enabled
     return render_404 unless @project.feature_available?(:builds, current_user)
   end
+
+  def require_pages_enabled!
+    not_found unless Gitlab.config.pages.enabled
+  end
 end
diff --git a/app/controllers/projects/artifacts_controller.rb b/app/controllers/projects/artifacts_controller.rb
index 59222637961..1224e9503c9 100644
--- a/app/controllers/projects/artifacts_controller.rb
+++ b/app/controllers/projects/artifacts_controller.rb
@@ -1,11 +1,13 @@
 class Projects::ArtifactsController < Projects::ApplicationController
   include ExtractsPath
+  include RendersBlob
 
   layout 'project'
   before_action :authorize_read_build!
   before_action :authorize_update_build!, only: [:keep]
   before_action :extract_ref_name_and_path
   before_action :validate_artifacts!
+  before_action :set_path_and_entry, only: [:file, :raw]
 
   def download
     if artifacts_file.file_storage?
@@ -16,22 +18,32 @@ class Projects::ArtifactsController < Projects::ApplicationController
   end
 
   def browse
-    directory = params[:path] ? "#{params[:path]}/" : ''
+    @path = params[:path]
+    directory = @path ? "#{@path}/" : ''
     @entry = build.artifacts_metadata_entry(directory)
 
     render_404 unless @entry.exists?
   end
 
   def file
-    entry = build.artifacts_metadata_entry(params[:path])
+    blob = @entry.blob
+    override_max_blob_size(blob)
 
-    if entry.exists?
-      send_artifacts_entry(build, entry)
-    else
-      render_404
+    respond_to do |format|
+      format.html do
+        render 'file'
+      end
+
+      format.json do
+        render_blob_json(blob)
+      end
     end
   end
 
+  def raw
+    send_artifacts_entry(build, @entry)
+  end
+
   def keep
     build.keep_artifacts!
     redirect_to namespace_project_build_path(project.namespace, project, build)
@@ -60,7 +72,10 @@ class Projects::ArtifactsController < Projects::ApplicationController
   end
 
   def build
-    @build ||= build_from_id || build_from_ref
+    @build ||= begin
+      build = build_from_id || build_from_ref
+      build&.present(current_user: current_user)
+    end
   end
 
   def build_from_id
@@ -77,4 +92,11 @@ class Projects::ArtifactsController < Projects::ApplicationController
   def artifacts_file
     @artifacts_file ||= build.artifacts_file
   end
+
+  def set_path_and_entry
+    @path = params[:path]
+    @entry = build.artifacts_metadata_entry(@path)
+
+    render_404 unless @entry.exists?
+  end
 end
diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb
index 840405f38cb..f0f031303d8 100644
--- a/app/controllers/projects/branches_controller.rb
+++ b/app/controllers/projects/branches_controller.rb
@@ -46,20 +46,28 @@ class Projects::BranchesController < Projects::ApplicationController
       SystemNoteService.new_issue_branch(issue, @project, current_user, branch_name) if issue
     end
 
-    if result[:status] == :success
-      @branch = result[:branch]
-
-      if redirect_to_autodeploy
-        redirect_to(
-          url_to_autodeploy_setup(project, branch_name),
-          notice: view_context.autodeploy_flash_notice(branch_name))
-      else
-        redirect_to namespace_project_tree_path(@project.namespace, @project,
-                                                @branch.name)
+    respond_to do |format|
+      format.html do
+        if result[:status] == :success
+          if redirect_to_autodeploy
+            redirect_to url_to_autodeploy_setup(project, branch_name),
+              notice: view_context.autodeploy_flash_notice(branch_name)
+          else
+            redirect_to namespace_project_tree_path(@project.namespace, @project, branch_name)
+          end
+        else
+          @error = result[:message]
+          render action: 'new'
+        end
+      end
+
+      format.json do
+        if result[:status] == :success
+          render json: { name: branch_name, url: namespace_project_tree_url(@project.namespace, @project, branch_name) }
+        else
+          render json: result[:messsage], status: :unprocessable_entity
+        end
       end
-    else
-      @error = result[:message]
-      render action: 'new'
     end
   end
 
diff --git a/app/controllers/projects/deploy_keys_controller.rb b/app/controllers/projects/deploy_keys_controller.rb
index d0c44e297e3..f27089b8590 100644
--- a/app/controllers/projects/deploy_keys_controller.rb
+++ b/app/controllers/projects/deploy_keys_controller.rb
@@ -8,7 +8,12 @@ class Projects::DeployKeysController < Projects::ApplicationController
   layout "project_settings"
 
   def index
-    redirect_to_repository_settings(@project)
+    respond_to do |format|
+      format.html { redirect_to_repository_settings(@project) }
+      format.json do
+        render json: Projects::Settings::DeployKeysPresenter.new(@project, current_user: current_user).as_json
+      end
+    end
   end
 
   def new
@@ -19,7 +24,7 @@ class Projects::DeployKeysController < Projects::ApplicationController
     @key = DeployKey.new(deploy_key_params.merge(user: current_user))
 
     unless @key.valid? && @project.deploy_keys << @key
-      flash[:alert] = @key.errors.full_messages.join(', ').html_safe      
+      flash[:alert] = @key.errors.full_messages.join(', ').html_safe
     end
     redirect_to_repository_settings(@project)
   end
@@ -27,7 +32,10 @@ class Projects::DeployKeysController < Projects::ApplicationController
   def enable
     Projects::EnableDeployKeyService.new(@project, current_user, params).execute
 
-    redirect_to_repository_settings(@project)
+    respond_to do |format|
+      format.html { redirect_to_repository_settings(@project) }
+      format.json { head :ok }
+    end
   end
 
   def disable
@@ -35,7 +43,11 @@ class Projects::DeployKeysController < Projects::ApplicationController
     return render_404 unless deploy_key_project
 
     deploy_key_project.destroy!
-    redirect_to_repository_settings(@project)
+
+    respond_to do |format|
+      format.html { redirect_to_repository_settings(@project) }
+      format.json { head :ok }
+    end
   end
 
   protected
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index cbf67137261..af9157bfbb5 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -11,7 +11,7 @@ class Projects::IssuesController < Projects::ApplicationController
   before_action :redirect_to_external_issue_tracker, only: [:index, :new]
   before_action :module_enabled
   before_action :issue, only: [:edit, :update, :show, :referenced_merge_requests,
-                               :related_branches, :can_create_branch, :rendered_title]
+                               :related_branches, :can_create_branch, :rendered_title, :create_merge_request]
 
   # Allow read any issue
   before_action :authorize_read_issue!, only: [:show, :rendered_title]
@@ -22,6 +22,9 @@ class Projects::IssuesController < Projects::ApplicationController
   # Allow modify issue
   before_action :authorize_update_issue!, only: [:edit, :update]
 
+  # Allow create a new branch and empty WIP merge request from current issue
+  before_action :authorize_create_merge_request!, only: [:create_merge_request]
+
   respond_to :html
 
   def index
@@ -191,7 +194,7 @@ class Projects::IssuesController < Projects::ApplicationController
 
     respond_to do |format|
       format.json do
-        render json: { can_create_branch: can_create }
+        render json: { can_create_branch: can_create, has_related_branch: @issue.has_related_branch? }
       end
     end
   end
@@ -201,6 +204,16 @@ class Projects::IssuesController < Projects::ApplicationController
     render json: { title: view_context.markdown_field(@issue, :title) }
   end
 
+  def create_merge_request
+    result = MergeRequests::CreateFromIssueService.new(project, current_user, issue_iid: issue.iid).execute
+
+    if result[:status] == :success
+      render json: MergeRequestCreateSerializer.new.represent(result[:merge_request])
+    else
+      render json: result[:messsage], status: :unprocessable_entity
+    end
+  end
+
   protected
 
   def issue
@@ -224,6 +237,10 @@ class Projects::IssuesController < Projects::ApplicationController
     return render_404 unless can?(current_user, :admin_issue, @project)
   end
 
+  def authorize_create_merge_request!
+    return render_404 unless can?(current_user, :push_code, @project) && @issue.can_be_worked_on?(current_user)
+  end
+
   def module_enabled
     return render_404 unless @project.feature_available?(:issues, current_user) && @project.default_issues_tracker?
   end
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 09dc8b38229..a63b7ff0bed 100755
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -120,7 +120,8 @@ class Projects::MergeRequestsController < Projects::ApplicationController
       define_diff_comment_vars
     else
       build_merge_request
-      @diffs = @merge_request.diffs(diff_options)
+      @compare = @merge_request
+      @diffs = @compare.diffs(diff_options)
       @diff_notes_disabled = true
     end
 
@@ -584,12 +585,14 @@ class Projects::MergeRequestsController < Projects::ApplicationController
       end
     end
 
-    @diffs =
+    @compare =
       if @start_sha
-        @merge_request_diff.compare_with(@start_sha).diffs(diff_options)
+        @merge_request_diff.compare_with(@start_sha)
       else
-        @merge_request_diff.diffs(diff_options)
+        @merge_request_diff
       end
+
+    @diffs = @compare.diffs(diff_options)
   end
 
   def define_diff_comment_vars
@@ -598,11 +601,11 @@ class Projects::MergeRequestsController < Projects::ApplicationController
       noteable_id: @merge_request.id
     }
 
-    @diff_notes_disabled = !@merge_request_diff.latest? || @start_sha
+    @diff_notes_disabled = false
 
     @use_legacy_diff_notes = !@merge_request.has_complete_diff_refs?
 
-    @grouped_diff_discussions = @merge_request.grouped_diff_discussions(@merge_request_diff.diff_refs)
+    @grouped_diff_discussions = @merge_request.grouped_diff_discussions(@compare.diff_refs)
     @notes = prepare_notes_for_rendering(@grouped_diff_discussions.values.flatten.flat_map(&:notes))
   end
 
diff --git a/app/controllers/projects/milestones_controller.rb b/app/controllers/projects/milestones_controller.rb
index d0dd524c484..c56bce19eee 100644
--- a/app/controllers/projects/milestones_controller.rb
+++ b/app/controllers/projects/milestones_controller.rb
@@ -1,12 +1,14 @@
 class Projects::MilestonesController < Projects::ApplicationController
+  include MilestoneActions
+
   before_action :module_enabled
-  before_action :milestone, only: [:edit, :update, :destroy, :show, :sort_issues, :sort_merge_requests]
+  before_action :milestone, only: [:edit, :update, :destroy, :show, :sort_issues, :sort_merge_requests, :merge_requests, :participants, :labels]
 
   # Allow read any milestone
   before_action :authorize_read_milestone!
 
   # Allow admin milestone
-  before_action :authorize_admin_milestone!, except: [:index, :show]
+  before_action :authorize_admin_milestone!, except: [:index, :show, :merge_requests, :participants, :labels]
 
   respond_to :html
 
diff --git a/app/controllers/projects/pages_controller.rb b/app/controllers/projects/pages_controller.rb
index fbd18b68141..93b2c180810 100644
--- a/app/controllers/projects/pages_controller.rb
+++ b/app/controllers/projects/pages_controller.rb
@@ -1,6 +1,7 @@
 class Projects::PagesController < Projects::ApplicationController
   layout 'project_settings'
 
+  before_action :require_pages_enabled!
   before_action :authorize_read_pages!, only: [:show]
   before_action :authorize_update_pages!, except: [:show]
 
diff --git a/app/controllers/projects/pages_domains_controller.rb b/app/controllers/projects/pages_domains_controller.rb
index b8c253f6ae3..3a93977fd27 100644
--- a/app/controllers/projects/pages_domains_controller.rb
+++ b/app/controllers/projects/pages_domains_controller.rb
@@ -1,6 +1,7 @@
 class Projects::PagesDomainsController < Projects::ApplicationController
   layout 'project_settings'
 
+  before_action :require_pages_enabled!
   before_action :authorize_update_pages!, except: [:show]
   before_action :domain, only: [:show, :destroy]
 
diff --git a/app/controllers/projects/pipelines_controller.rb b/app/controllers/projects/pipelines_controller.rb
index 1780cc0233c..454b8ee17af 100644
--- a/app/controllers/projects/pipelines_controller.rb
+++ b/app/controllers/projects/pipelines_controller.rb
@@ -9,19 +9,19 @@ class Projects::PipelinesController < Projects::ApplicationController
   def index
     @scope = params[:scope]
     @pipelines = PipelinesFinder
-      .new(project)
-      .execute(scope: @scope)
+      .new(project, scope: @scope)
+      .execute
       .page(params[:page])
       .per(30)
 
     @running_count = PipelinesFinder
-      .new(project).execute(scope: 'running').count
+      .new(project, scope: 'running').execute.count
 
     @pending_count = PipelinesFinder
-      .new(project).execute(scope: 'pending').count
+      .new(project, scope: 'pending').execute.count
 
     @finished_count = PipelinesFinder
-      .new(project).execute(scope: 'finished').count
+      .new(project, scope: 'finished').execute.count
 
     @pipelines_count = PipelinesFinder
       .new(project).execute.count
diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb
index a0b08ad130f..a02cc477e08 100644
--- a/app/controllers/projects/raw_controller.rb
+++ b/app/controllers/projects/raw_controller.rb
@@ -15,7 +15,7 @@ class Projects::RawController < Projects::ApplicationController
 
       return if cached_blob?
 
-      if @blob.valid_lfs_pointer?
+      if @blob.stored_externally?
         send_lfs_object
       else
         send_git_blob @repository, @blob
diff --git a/app/controllers/projects/uploads_controller.rb b/app/controllers/projects/uploads_controller.rb
index 61686499bd3..6966a7c5fee 100644
--- a/app/controllers/projects/uploads_controller.rb
+++ b/app/controllers/projects/uploads_controller.rb
@@ -1,33 +1,11 @@
 class Projects::UploadsController < Projects::ApplicationController
+  include UploadsActions
+
   skip_before_action :project, :repository,
     if: -> { action_name == 'show' && image_or_video? }
 
   before_action :authorize_upload_file!, only: [:create]
 
-  def create
-    link_to_file = ::Projects::UploadService.new(project, params[:file]).
-      execute
-
-    respond_to do |format|
-      if link_to_file
-        format.json do
-          render json: { link: link_to_file }
-        end
-      else
-        format.json do
-          render json: 'Invalid file.', status: :unprocessable_entity
-        end
-      end
-    end
-  end
-
-  def show
-    return render_404 if uploader.nil? || !uploader.file.exists?
-
-    disposition = uploader.image_or_video? ? 'inline' : 'attachment'
-    send_file uploader.file.path, disposition: disposition
-  end
-
   private
 
   def uploader
@@ -52,4 +30,10 @@ class Projects::UploadsController < Projects::ApplicationController
   def image_or_video?
     uploader && uploader.file.exists? && uploader.image_or_video?
   end
+
+  def uploader_class
+    FileUploader
+  end
+
+  alias_method :model, :project
 end