6 files changed, 57 insertions, 24 deletions

diff --git a/app/controllers/admin/hooks_controller.rb b/app/controllers/admin/hooks_controller.rb
index 93c4894ea0f..4e85b6b4cf2 100644
--- a/app/controllers/admin/hooks_controller.rb
+++ b/app/controllers/admin/hooks_controller.rb
@@ -39,6 +39,12 @@ class Admin::HooksController < Admin::ApplicationController
   end
 
   def hook_params
-    params.require(:hook).permit(:url, :enable_ssl_verification, :push_events, :tag_push_events)
+    params.require(:hook).permit(
+      :enable_ssl_verification,
+      :push_events,
+      :tag_push_events,
+      :token,
+      :url
+    )
   end
 end
diff --git a/app/controllers/projects/deploy_keys_controller.rb b/app/controllers/projects/deploy_keys_controller.rb
index 7d09288bc80..83d5ced9be8 100644
--- a/app/controllers/projects/deploy_keys_controller.rb
+++ b/app/controllers/projects/deploy_keys_controller.rb
@@ -7,31 +7,24 @@ class Projects::DeployKeysController < Projects::ApplicationController
   layout "project_settings"
 
   def index
-    @enabled_keys = @project.deploy_keys
-
-    @available_keys         = accessible_keys - @enabled_keys
-    @available_project_keys = current_user.project_deploy_keys - @enabled_keys
-    @available_public_keys  = DeployKey.are_public - @enabled_keys
-
-    # Public keys that are already used by another accessible project are already
-    # in @available_project_keys.
-    @available_public_keys -= @available_project_keys
+    @key = DeployKey.new
+    set_index_vars
   end
 
   def new
-    @key = @project.deploy_keys.new
-
-    respond_with(@key)
+    redirect_to namespace_project_deploy_keys_path(@project.namespace,
+                                                   @project)
   end
 
   def create
     @key = DeployKey.new(deploy_key_params)
+    set_index_vars
 
     if @key.valid? && @project.deploy_keys << @key
       redirect_to namespace_project_deploy_keys_path(@project.namespace,
                                                      @project)
     else
-      render "new"
+      render "index"
     end
   end
 
@@ -51,6 +44,18 @@ class Projects::DeployKeysController < Projects::ApplicationController
 
   protected
 
+  def set_index_vars
+    @enabled_keys ||= @project.deploy_keys
+
+    @available_keys         ||= accessible_keys - @enabled_keys
+    @available_project_keys ||= current_user.project_deploy_keys - @enabled_keys
+    @available_public_keys  ||= DeployKey.are_public - @enabled_keys
+
+    # Public keys that are already used by another accessible project are already
+    # in @available_project_keys.
+    @available_public_keys -= @available_project_keys
+  end
+
   def accessible_keys
     @accessible_keys ||= current_user.accessible_deploy_keys
   end
diff --git a/app/controllers/projects/hooks_controller.rb b/app/controllers/projects/hooks_controller.rb
index 5fd4f855dec..dfa9bd259e8 100644
--- a/app/controllers/projects/hooks_controller.rb
+++ b/app/controllers/projects/hooks_controller.rb
@@ -52,8 +52,16 @@ class Projects::HooksController < Projects::ApplicationController
   end
 
   def hook_params
-    params.require(:hook).permit(:url, :push_events, :issues_events,
-      :merge_requests_events, :tag_push_events, :note_events,
-      :build_events, :enable_ssl_verification)
+    params.require(:hook).permit(
+      :build_events,
+      :enable_ssl_verification,
+      :issues_events,
+      :merge_requests_events,
+      :note_events,
+      :push_events,
+      :tag_push_events,
+      :token,
+      :url
+    )
   end
 end
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index 7d4fc361ce2..016f5dd0005 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -3,8 +3,8 @@ class Projects::IssuesController < Projects::ApplicationController
   include IssuableActions
 
   before_action :module_enabled
-  before_action :issue,
-    only: [:edit, :update, :show, :referenced_merge_requests, :related_branches]
+  before_action :issue, only: [:edit, :update, :show, :referenced_merge_requests,
+                               :related_branches, :can_create_branch]
 
   # Allow read any issue
   before_action :authorize_read_issue!, only: [:show]
@@ -96,6 +96,8 @@ class Projects::IssuesController < Projects::ApplicationController
 
     if params[:move_to_project_id].to_i > 0
       new_project = Project.find(params[:move_to_project_id])
+      return render_404 unless issue.can_move?(current_user, new_project)
+
       move_service = Issues::MoveService.new(project, current_user)
       @issue = move_service.execute(@issue, new_project)
     end
@@ -139,6 +141,18 @@ class Projects::IssuesController < Projects::ApplicationController
     end
   end
 
+  def can_create_branch
+    can_create = current_user &&
+      can?(current_user, :push_code, @project) &&
+      @issue.can_be_worked_on?(current_user)
+
+    respond_to do |format|
+      format.json do
+        render json: { can_create_branch: can_create }
+      end
+    end
+  end
+
   def bulk_update
     result = Issues::BulkUpdateService.new(project, current_user, bulk_update_params).execute
     redirect_back_or_default(default: { action: 'index' }, options: { notice: "#{result[:count]} issues updated" })
diff --git a/app/controllers/projects/wikis_controller.rb b/app/controllers/projects/wikis_controller.rb
index c02bc28acef..0d6c32fabd2 100644
--- a/app/controllers/projects/wikis_controller.rb
+++ b/app/controllers/projects/wikis_controller.rb
@@ -40,10 +40,10 @@ class Projects::WikisController < Projects::ApplicationController
   end
 
   def update
-    @page = @project_wiki.find_page(params[:id])
-
     return render('empty') unless can?(current_user, :create_wiki, @project)
 
+    @page = @project_wiki.find_page(params[:id])
+
     if @page = WikiPages::UpdateService.new(@project, current_user, wiki_params).execute(@page)
       redirect_to(
         namespace_project_wiki_path(@project.namespace, @project, @page),
diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index e42d2d73947..69c92d2bed2 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -8,8 +8,6 @@ class SearchController < ApplicationController
   def show
     return if params[:search].nil? || params[:search].blank?
 
-    @search_term = params[:search]
-
     if params[:project_id].present?
       @project = Project.find_by(id: params[:project_id])
       @project = nil unless can?(current_user, :download_code, @project)
@@ -20,6 +18,8 @@ class SearchController < ApplicationController
       @group = nil unless can?(current_user, :read_group, @group)
     end
 
+    @search_term = params[:search]
+
     @scope = params[:scope]
     @show_snippets = params[:snippets].eql? 'true'
 
@@ -44,7 +44,7 @@ class SearchController < ApplicationController
         Search::GlobalService.new(current_user, params).execute
       end
 
-    @objects = @search_results.objects(@scope, params[:page])
+    @search_objects = @search_results.objects(@scope, params[:page])
   end
 
   def autocomplete