9 files changed, 42 insertions, 40 deletions

diff --git a/app/assets/stylesheets/pages/diff.scss b/app/assets/stylesheets/pages/diff.scss
index 3ffe8ae304d..95ea49ad465 100644
--- a/app/assets/stylesheets/pages/diff.scss
+++ b/app/assets/stylesheets/pages/diff.scss
@@ -14,7 +14,7 @@
       position: -webkit-sticky;
       position: sticky;
       top: $mr-file-header-top;
-      z-index: 220;
+      z-index: 120;
 
       &::before {
         content: '';
diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index a570da61d54..e9ec8876688 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -103,7 +103,8 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
     [
       *::ApplicationSettingsHelper.visible_attributes,
       *::ApplicationSettingsHelper.external_authorization_service_attributes,
-      *lets_encrypt_visible_attributes,
+      :lets_encrypt_notification_email,
+      :lets_encrypt_terms_of_service_accepted,
       :domain_blacklist_file,
       disabled_oauth_sign_in_sources: [],
       import_sources: [],
@@ -143,13 +144,4 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
 
     render action
   end
-
-  def lets_encrypt_visible_attributes
-    return [] unless Feature.enabled?(:pages_auto_ssl)
-
-    [
-      :lets_encrypt_notification_email,
-      :lets_encrypt_terms_of_service_accepted
-    ]
-  end
 end
diff --git a/app/helpers/blob_helper.rb b/app/helpers/blob_helper.rb
index 0d6a6496993..4b0713001a1 100644
--- a/app/helpers/blob_helper.rb
+++ b/app/helpers/blob_helper.rb
@@ -18,7 +18,16 @@ module BlobHelper
   end
 
   def ide_edit_path(project = @project, ref = @ref, path = @path, options = {})
-    segments = [ide_path, 'project', project.full_path, 'edit', ref]
+    project_path =
+      if !current_user || can?(current_user, :push_code, project)
+        project.full_path
+      else
+        # We currently always fork to the user's namespace
+        # in edit_fork_button_tag
+        "#{current_user.namespace.full_path}/#{project.path}"
+      end
+
+    segments = [ide_path, 'project', project_path, 'edit', ref]
     segments.concat(['-', encode_ide_path(path)]) if path.present?
     File.join(segments)
   end
diff --git a/app/models/pages_domain.rb b/app/models/pages_domain.rb
index d6d879c6d89..e6e491634ab 100644
--- a/app/models/pages_domain.rb
+++ b/app/models/pages_domain.rb
@@ -12,9 +12,11 @@ class PagesDomain < ApplicationRecord
 
   validates :domain, hostname: { allow_numeric_hostname: true }
   validates :domain, uniqueness: { case_sensitive: false }
-  validates :certificate, presence: { message: 'must be present if HTTPS-only is enabled' }, if: ->(domain) { domain.project&.pages_https_only? }
+  validates :certificate, presence: { message: 'must be present if HTTPS-only is enabled' },
+            if: :certificate_should_be_present?
   validates :certificate, certificate: true, if: ->(domain) { domain.certificate.present? }
-  validates :key, presence: { message: 'must be present if HTTPS-only is enabled' }, if: ->(domain) { domain.project&.pages_https_only? }
+  validates :key, presence: { message: 'must be present if HTTPS-only is enabled' },
+            if: :certificate_should_be_present?
   validates :key, certificate_key: true, if: ->(domain) { domain.key.present? }
   validates :verification_code, presence: true, allow_blank: false
 
@@ -249,4 +251,8 @@ class PagesDomain < ApplicationRecord
   rescue OpenSSL::PKey::PKeyError, OpenSSL::Cipher::CipherError
     nil
   end
+
+  def certificate_should_be_present?
+    !auto_ssl_enabled? && project&.pages_https_only?
+  end
 end
diff --git a/app/views/admin/application_settings/_pages.html.haml b/app/views/admin/application_settings/_pages.html.haml
index d7d709ffd62..5b8c1e4d54f 100644
--- a/app/views/admin/application_settings/_pages.html.haml
+++ b/app/views/admin/application_settings/_pages.html.haml
@@ -15,22 +15,21 @@
       .form-text.text-muted
         = _("Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled")
         = link_to icon('question-circle'), help_page_path('user/project/pages/getting_started_part_three.md', anchor: 'dns-txt-record')
-    - if Feature.enabled?(:pages_auto_ssl)
-      %h5
-        = _("Configure Let's Encrypt")
-      %p
-        - lets_encrypt_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: "https://letsencrypt.org/" }
-        = _("%{lets_encrypt_link_start}Let's Encrypt%{lets_encrypt_link_end} is a free, automated, and open certificate authority (CA), that give digital certificates in order to enable HTTPS (SSL/TLS) for websites.").html_safe % { lets_encrypt_link_start: lets_encrypt_link_start, lets_encrypt_link_end: '</a>'.html_safe }
-      .form-group
-        = f.label :lets_encrypt_notification_email, _("Email"), class: 'label-bold'
-        = f.text_field :lets_encrypt_notification_email, class: 'form-control'
-        .form-text.text-muted
-          = _("A Let's Encrypt account will be configured for this GitLab installation using your email address. You will receive emails to warn of expiring certificates.")
-      .form-group
-        .form-check
-          = f.check_box :lets_encrypt_terms_of_service_accepted, class: 'form-check-input'
-          = f.label :lets_encrypt_terms_of_service_accepted, class: 'form-check-label' do
-            - terms_of_service_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: lets_encrypt_terms_of_service_admin_application_settings_path }
-            = _("I have read and agree to the Let's Encrypt %{link_start}Terms of Service%{link_end}").html_safe % { link_start: terms_of_service_link_start, link_end: '</a>'.html_safe }
+    %h5
+      = _("Configure Let's Encrypt")
+    %p
+      - lets_encrypt_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: "https://letsencrypt.org/" }
+      = _("%{lets_encrypt_link_start}Let's Encrypt%{lets_encrypt_link_end} is a free, automated, and open certificate authority (CA), that give digital certificates in order to enable HTTPS (SSL/TLS) for websites.").html_safe % { lets_encrypt_link_start: lets_encrypt_link_start, lets_encrypt_link_end: '</a>'.html_safe }
+    .form-group
+      = f.label :lets_encrypt_notification_email, _("Email"), class: 'label-bold'
+      = f.text_field :lets_encrypt_notification_email, class: 'form-control'
+      .form-text.text-muted
+        = _("A Let's Encrypt account will be configured for this GitLab installation using your email address. You will receive emails to warn of expiring certificates.")
+    .form-group
+      .form-check
+        = f.check_box :lets_encrypt_terms_of_service_accepted, class: 'form-check-input'
+        = f.label :lets_encrypt_terms_of_service_accepted, class: 'form-check-label' do
+          - terms_of_service_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: lets_encrypt_terms_of_service_admin_application_settings_path }
+          = _("I have read and agree to the Let's Encrypt %{link_start}Terms of Service%{link_end}").html_safe % { link_start: terms_of_service_link_start, link_end: '</a>'.html_safe }
 
   = f.submit _('Save changes'), class: "btn btn-success"
diff --git a/app/views/projects/pages_domains/_form.html.haml b/app/views/projects/pages_domains/_form.html.haml
index 5b657966909..0e5c65a2f72 100644
--- a/app/views/projects/pages_domains/_form.html.haml
+++ b/app/views/projects/pages_domains/_form.html.haml
@@ -11,7 +11,7 @@
 
 - if Gitlab.config.pages.external_https
 
-  - auto_ssl_available = ::Gitlab::LetsEncrypt.enabled?(@domain)
+  - auto_ssl_available = ::Gitlab::LetsEncrypt.enabled?
   - auto_ssl_enabled = @domain.auto_ssl_enabled?
   - auto_ssl_available_and_enabled = auto_ssl_available && auto_ssl_enabled
 
diff --git a/app/views/projects/pages_domains/_helper_text.html.haml b/app/views/projects/pages_domains/_helper_text.html.haml
index 5a79fefabfc..4e3daa597e0 100644
--- a/app/views/projects/pages_domains/_helper_text.html.haml
+++ b/app/views/projects/pages_domains/_helper_text.html.haml
@@ -2,8 +2,4 @@
 - docs_link_start = "<a href=\"%{docs_link_url}\" target=\"_blank\" rel=\"noopener noreferrer\" class=\"text-nowrap\">".html_safe % { docs_link_url: docs_link_url }
 - docs_link_end = "</a>".html_safe
 
--# Hiding behind a feature flag to avoid any changes to this feature's implemention
--# when the :pages_auto_ssl feature flag is disabled.  This check should be removed
--# once the :pages_auto_ssl feature flag is removed.
-- if Feature.enabled?(:pages_auto_ssl)
-  %p= _("Learn more about adding certificates to your project by following the %{docs_link_start}documentation on GitLab Pages%{docs_link_end}.").html_safe % { docs_link_url: docs_link_url, docs_link_start: docs_link_start, docs_link_end: docs_link_end }
+%p= _("Learn more about adding certificates to your project by following the %{docs_link_start}documentation on GitLab Pages%{docs_link_end}.").html_safe % { docs_link_url: docs_link_url, docs_link_start: docs_link_start, docs_link_end: docs_link_end }
diff --git a/app/workers/pages_domain_ssl_renewal_cron_worker.rb b/app/workers/pages_domain_ssl_renewal_cron_worker.rb
index 40c34d29970..e5dde07a648 100644
--- a/app/workers/pages_domain_ssl_renewal_cron_worker.rb
+++ b/app/workers/pages_domain_ssl_renewal_cron_worker.rb
@@ -5,9 +5,9 @@ class PagesDomainSslRenewalCronWorker
   include CronjobQueue
 
   def perform
-    PagesDomain.need_auto_ssl_renewal.find_each do |domain|
-      next unless ::Gitlab::LetsEncrypt.enabled?(domain)
+    return unless ::Gitlab::LetsEncrypt.enabled?
 
+    PagesDomain.need_auto_ssl_renewal.find_each do |domain|
       PagesDomainSslRenewalWorker.perform_async(domain.id)
     end
   end
diff --git a/app/workers/pages_domain_ssl_renewal_worker.rb b/app/workers/pages_domain_ssl_renewal_worker.rb
index b32458ca777..87fd8059946 100644
--- a/app/workers/pages_domain_ssl_renewal_worker.rb
+++ b/app/workers/pages_domain_ssl_renewal_worker.rb
@@ -6,7 +6,7 @@ class PagesDomainSslRenewalWorker
   def perform(domain_id)
     domain = PagesDomain.find_by_id(domain_id)
     return unless domain&.enabled?
-    return unless ::Gitlab::LetsEncrypt.enabled?(domain)
+    return unless ::Gitlab::LetsEncrypt.enabled?
 
     ::PagesDomains::ObtainLetsEncryptCertificateService.new(domain).execute
   end