3 files changed, 53 insertions, 3 deletions

diff --git a/app/services/notification_service.rb b/app/services/notification_service.rb
index 3735a136365..e294b23bc23 100644
--- a/app/services/notification_service.rb
+++ b/app/services/notification_service.rb
@@ -107,12 +107,17 @@ class NotificationService
 
     recipients = []
 
+    mentioned_users = note.mentioned_users
+    mentioned_users.select! do |user|
+      user.can?(:read_project, note.project)
+    end
+
     # Add all users participating in the thread (author, assignee, comment authors)
     participants = 
       if target.respond_to?(:participants)
         target.participants(note.author)
       else
-        note.mentioned_users
+        mentioned_users
       end
     recipients = recipients.concat(participants)
 
@@ -120,8 +125,8 @@ class NotificationService
     recipients = add_project_watchers(recipients, note.project)
 
     # Reject users with Mention notification level, except those mentioned in _this_ note.
-    recipients = reject_mention_users(recipients - note.mentioned_users, note.project)
-    recipients = recipients + note.mentioned_users
+    recipients = reject_mention_users(recipients - mentioned_users, note.project)
+    recipients = recipients + mentioned_users
 
     recipients = reject_muted_users(recipients, note.project)
 
diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb
index b35aed005da..1bb2462565a 100644
--- a/app/services/projects/create_service.rb
+++ b/app/services/projects/create_service.rb
@@ -87,6 +87,8 @@ module Projects
 
       @project.build_missing_services
 
+      @project.create_labels
+
       event_service.create_project(@project, current_user)
       system_hook_service.execute_hooks_for(@project, :create)
 
diff --git a/app/services/projects/download_service.rb b/app/services/projects/download_service.rb
new file mode 100644
index 00000000000..99f22293d0d
--- /dev/null
+++ b/app/services/projects/download_service.rb
@@ -0,0 +1,43 @@
+module Projects
+  class DownloadService < BaseService
+
+    WHITELIST = [
+      /^[^.]+\.fogbugz.com$/
+    ]
+
+    def initialize(project, url)
+      @project, @url = project, url
+    end
+
+    def execute
+      return nil unless valid_url?(@url)
+
+      uploader = FileUploader.new(@project)
+      uploader.download!(@url)
+      uploader.store!
+
+      filename = uploader.image? ? uploader.file.basename : uploader.file.filename
+
+      {
+        'alt'       => filename,
+        'url'       => uploader.secure_url,
+        'is_image'  => uploader.image?
+      }
+    end
+
+    private
+
+    def valid_url?(url)
+      url && http?(url) && valid_domain?(url)
+    end
+
+    def http?(url)
+      url =~ /\A#{URI::regexp(['http', 'https'])}\z/
+    end
+
+    def valid_domain?(url)
+      host = URI.parse(url).host
+      WHITELIST.any? { |entry| entry === host }
+    end
+  end
+end