Merge remote-tracking branch 'ee/master' into ce-non-conflict

Conflicts: app/controllers/projects/merge_requests_controller.rb app/helpers/projects_helper.rb db/schema.rb

Merge remote-tracking branch 'ee/master' into ce-non-conflict
Conflicts: app/controllers/projects/merge_requests_controller.rb app/helpers/projects_helper.rb db/schema.rb
badfdf66 · Valery Sizov · 01ab0812 · 7453e142 · badfdf66 · badfdf66
Commit badfdf66 authored Jan 13, 2015 by Valery Sizov
303 changed files
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -310,6 +310,9 @@ v 6.9.0
  - Labels for merge requests (Drew Blessing)
  - Threaded emails by setting a Message-ID (Philip Blatter)
+v 6.8.1
+  - Bump required gitlab-shell version to 1.9.3
 v 6.8.0
  - Ability to at mention users that are participating in issue and merge req. discussion
  - Enabled GZip Compression for assets in example Nginx, make sure that Nginx is compiled with --with-http_gzip_static_module flag (this is default in Ubuntu)

--- a/CHANGELOG-EE
+++ b/CHANGELOG-EE
+v 7.7.0
+  - Added custom header logo support (Drew Blessing)
+  - Fixed preview appearance bug
+  - Improve performance for selectboxes: project share page, admin email users page
+v 7.6.2
+  - Fix failing migrations for MySQL, LDAP
+v 7.6.1
+  - No changes
+v 7.6.0
+  - Added Audit events related to membership changes for groups and projects
+  - Added option to attempt a rebase before merging merge request
+  - Dont show LDAP groups settings if LDAP disabled
+  - Added member lock for groups to disallow membership additions on project level
+  - Rebase on merge request. Introduced merge request option to rebase before merging
+  - Better message for failed pushes because of git hooks
+  - Kerberos support for web interface and git HTTP
+v 7.5.3
+  - Only set up Sidetiq from a Sidekiq server process (fixes Redis::InheritedError)
+v 7.5.0
+  - Added an ability to check each author commit's email by regex
+  - Added an ability to restrict commit authors to existing Gitlab users
+  - Add an option for automatic daily LDAP user sync
+  - Added git hook for preventing tag removal to API
+  - Added git hook for setting commit message regex to API
+  - Added an ability to block commits with certain filenames by regex expression
+  - Improved a jenkins parser
+v 7.4.4
+  - Fix broken ldap migration
+v 7.4.0
+  - Support for multiple LDAP servers
+  - Skip AD specific LDAP checks
+  - Do not show ldap users in dropdowns for groups with enabled ldap-sync
+  - Update the JIRA integration documentation
+  - Reset the homepage to show the GitLab logo by deleting the custom logo.
+v 7.3.0
+  - Add an option to change the LDAP sync time from default 1 hour
+  - User will receive an email when unsubscribed from admin notifications
+  - Show group sharing members on /my/project/team
+  - Improve explanation of the LDAP permission reset
+  - Fix some navigation issues
+  - Added support for multiple LDAP groups per Gitlab group
+v 7.2.0
+  - Improve Redmine integration
+  - Better logging for the JIRA issue closing service
+  - Administrators can now send email to all users through the admin interface
+  - JIRA issue transition ID is now customizable
+  - LDAP group settings are now visible in admin group show page and group members page
+v 7.1.0
+  - Synchronize LDAP-enabled GitLab administrators with an LDAP group (Marvin Frick, sponsored by SinnerSchrader)
+  - Synchronize SSH keys with LDAP (Oleg Girko (Jolla) and Marvin Frick (SinnerSchrader))
+  - Support Jenkins jobs with multiple modules (Marvin Frick, sponsored by SinnerSchrader)
+v 7.0.0
+  - Fix: empty brand images are displayed as empty image_tag on login page (Marvin Frick, sponsored by SinnerSchrader)
+v 6.9.4
+  - Fix bug in JIRA Issue closing triggered by commit messages
+  - Fix JIRA issue reference bug
+v 6.9.3
+  - Fix check CI status only when CI service is enabled(Daniel Aquino)
+v 6.9.2
+  - Merge community edition changes for version 6.9.2
+v 6.9.1
+  - Merge community edition changes for version 6.9.1
+v 6.9.0
+  - Add support for closing Jira tickets with commits and MR
+  - Template for Merge Request description can be added in project settings
+  - Jenkins CI service
+  - Fix LDAP email upper case bug
+v 6.8.0
+  - Customise sign-in page with custom text and logo
+v 6.7.1
+  - Handle LDAP errors in Adapter#dn_matches_filter?
+v 6.7.0
+  - Improve LDAP sign-in speed by reusing connections
+  - Add support for Active Directory nested LDAP groups
+  - Git hooks: Commit message regex
+  - Git hooks: Deny git tag removal
+  - Fix group edit in admin area
+v 6.5.0
+  - Add reset permissions button to Group#members page
+v 6.4.0
+  - Respect existing group permissions during sync with LDAP group (d3844662ec7ce816b0a85c8b40f66ee6c5ae90a1)
+v 6.3.0
+  - When looking up a user by DN, use single scope (bc8a875df1609728f1c7674abef46c01168a0d20)
+  - Try sAMAccountName if omniauth nickname is nil (9b7174c333fa07c44cc53b80459a115ef1856e38)
+v 6.2.0
+  - API: expose ldap_cn and ldap_access group attributes
+  - Use omniauth-ldap nickname attribute as GitLab username
+  - Improve group sharing UI for installation with many groups
+  - Fix empty LDAP group raises exception
+  - Respect LDAP user filter for git access
--- a/Gemfile
+++ b/Gemfile
@@ -44,6 +44,7 @@ gem 'gitlab-grack', '~> 2.0.0.pre', require: 'grack'
 # LDAP Auth
 gem 'gitlab_omniauth-ldap', '1.2.0', require: "omniauth-ldap"
+gem 'net-ldap'
 # Git Wiki
 gem 'gollum-lib', '~> 3.0.0'
@@ -119,6 +120,7 @@ gem "acts-as-taggable-on"
 gem 'slim'
 gem 'sinatra', require: nil
 gem 'sidekiq', '2.17.8'
+gem 'sidetiq', '0.6.1'
 # HTTP requests
 gem "httparty"

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -256,6 +256,7 @@ GEM
    httpauth (0.2.1)
    httpclient (2.5.3.3)
    i18n (0.6.11)
+    ice_cube (0.12.1)
    ice_nine (0.10.0)
    jasmine (2.0.2)
      jasmine-core (~> 2.0.0)
@@ -285,7 +286,7 @@ GEM
      addressable (~> 2.3)
    letter_opener (1.1.2)
      launchy (~> 2.2)
-    libv8 (3.16.14.7)
+    libv8 (3.16.14.3)
    listen (2.3.1)
      celluloid (>= 0.15.2)
      rb-fsevent (>= 0.9.3)
@@ -497,6 +498,10 @@ GEM
      json
      redis (~> 3.1)
      redis-namespace (~> 1.3)
+    sidetiq (0.6.1)
+      celluloid (>= 0.14.1)
+      ice_cube (~> 0.12.0)
+      sidekiq (>= 2.16.0)
    simple_oauth (0.1.9)
    simplecov (0.9.0)
      docile (~> 1.1.0)
@@ -674,6 +679,7 @@ DEPENDENCIES
  minitest (~> 5.3.0)
  mousetrap-rails
  mysql2
+  net-ldap
  newrelic_rpm
  nprogress-rails
  octokit (= 3.7.0)
@@ -712,6 +718,7 @@ DEPENDENCIES
  settingslogic
  shoulda-matchers (~> 2.1.0)
  sidekiq (= 2.17.8)
+  sidetiq (= 0.6.1)
  simplecov
  sinatra
  six

--- a/LICENSE
+++ b/LICENSE
-Copyright (c) 2011-2014 GitLab B.V.
+The GitLab Enterprise Edition (EE) license
-Permission is hereby granted, free of charge, to any person obtaining a copy
+Copyright (c) 2013-2014 GitLab B.V.
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-The above copyright notice and this permission notice shall be included in
+This software and associated documentation files (the "Software") can only be
-all copies or substantial portions of the Software.
+used with a valid GitLab subscription for the correct number of users. You are
+free to modify this Software and publish patches. It is forbidden to copy,
+merge, publish, distribute, sublicense, and/or sell copies of the Software.
+The above copyright notice applies only to the part of this Software that is
+not distributed as part of GitLab Community Edition (CE). Any part of this
+Software distributed as part of GitLab CE is copyrighted under the MIT Expat
+license. The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

--- a/README.md
+++ b/README.md
 # ![logo](https://about.gitlab.com/images/gitlab_logo.png) GitLab
+## Subscriber onboarding information
+Thank you for purchasing a GitLab subscription!
+For standard subscribers, please see **emergency contact info and other useful information** in [the Standard subscribers README](https://gitlab.com/standard/standard-subscriber-information/tree/master#README).
+If you would like to receive access to GitLab Enterprise Edition please create an account on https://gitlab.com/users/sign_up and send us the username. Note that your user will be visible to other Support Subscribers.
+Once your username is added, you can find the repository here:
+https://gitlab.com/subscribers/gitlab-ee
+Packages:
+https://gitlab.com/subscribers/gitlab-ee/blob/master/doc/install/packages.md
+Documentation:
+http://doc.gitlab.com/ee/
+To upgrade from CE, just perform a normal upgrade, but make use of an EE package:
+https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/update.md#updating-from-gitlab-6-6-x-and-higher-to-the-latest-version
+If you need help with your GitLab installation and for any technical questions please contact us at subscribers@gitlab.com.
+For all other questions, contact us at sales@gitlab.com 
 ## Open source software to collaborate on code
 ![Animated screenshots](https://about.gitlab.com/images/animated/compiled.gif)
@@ -21,7 +45,7 @@ To get access to the EE and support please [become a subscriber](https://about.g
 ## Canonical source
- The source of GitLab Community Edition is [hosted on GitLab.com](https://gitlab.com/gitlab-org/gitlab-ce/) and there are mirrors to make [contributing](CONTRIBUTING.md) as easy as possible.
+- The source of GitLab Enterprise Edition is [hosted on GitLab.com](https://dev.gitlab.org/gitlab/gitlab-ee/) and acessible only to [subscribers](https://about.gitlab.com/subscription/).
 ## Code status
@@ -87,7 +111,7 @@ Instructions on how to start Gitlab and how to run the tests can be found in the
 ## Documentation
-All documentation can be found on [doc.gitlab.com/ce/](http://doc.gitlab.com/ce/).
+All documentation can be found on [doc.gitlab.com/ee/](http://doc.gitlab.com/ee/).
 ## Getting help

--- a/VERSION
+++ b/VERSION
-7.7.0.pre
+7.7.0.pre-ee
--- a/app/assets/images/authbuttons/kerberos_32.png
+++ b/app/assets/images/authbuttons/kerberos_32.png
--- a/app/assets/images/authbuttons/kerberos_64.png
+++ b/app/assets/images/authbuttons/kerberos_64.png
--- a/app/assets/javascripts/admin_email_select.js.coffee
+++ b/app/assets/javascripts/admin_email_select.js.coffee
+class @AdminEmailSelect
+  constructor: ->
+    $('.ajax-admin-email-select').each (i, select) =>
+      skip_ldap = $(select).hasClass('skip_ldap')
+      $(select).select2
+        placeholder: "Select group or project"
+        multiple: $(select).hasClass('multiselect')
+        minimumInputLength: 0
+        query: (query) ->
+          group_result = Api.groups query.term, skip_ldap, (groups) ->
+            groups
+          project_result = Api.projects query.term, (projects) ->
+            projects
+          $.when(project_result, group_result).done (projects, groups) ->
+            all = {id: "all"}
+            data = $.merge([all], groups[0], projects[0])
+            query.callback({ results: data})
+        id: (object) ->
+          if object.path_with_namespace
+            "project-#{object.id}"
+          else if object.path
+            "group-#{object.id}"
+          else
+            "all"
+        formatResult: (args...) =>
+          @formatResult(args...)
+        formatSelection: (args...) =>
+          @formatSelection(args...)
+        dropdownCssClass: "ajax-admin-email-dropdown"
+        escapeMarkup: (m) -> # we do not want to escape markup since we are displaying html in results
+          m
+  formatResult: (object) ->
+    if object.path_with_namespace
+      "<div class='project-result'>
+         <div class='project-name'>#{object.name}</div>
+         <div class='project-path'>#{object.path_with_namespace}</div>
+       </div>"
+    else if object.path
+      "<div class='group-result'>
+         <div class='group-name'>#{object.name}</div>
+         <div class='group-path'>#{object.path}</div>
+       </div>"
+    else
+      "<div class='group-result'>
+         <div class='group-name'>All</div>
+         <div class='group-path'>All groups and projects</div>
+       </div>"
+  formatSelection: (object) ->
+    if object.path_with_namespace
+      "Project: #{object.name}"
+    else if object.path
+      "Group: #{object.name}"
+    else
+      "All groups and projects"
--- a/app/assets/javascripts/api.js.coffee
+++ b/app/assets/javascripts/api.js.coffee
@@ -4,8 +4,10 @@
  users_path: "/api/:version/users.json"
  user_path: "/api/:version/users/:id.json"
  notes_path: "/api/:version/projects/:id/notes.json"
+  ldap_groups_path: "/api/:version/ldap/:provider/groups.json"
  namespaces_path: "/api/:version/namespaces.json"
  project_users_path: "/api/:version/projects/:id/users.json"
+  projects_path: "/api/:version/projects.json"
  # Get 20 (depends on api) recent notes
  # and sort the ascending from oldest to newest
@@ -39,7 +41,7 @@
  # Return users list. Filtered by query
  # Only active users retrieved
-  users: (query, callback) ->
+  users: (query, skip_ldap, callback) ->
    url = Api.buildUrl(Api.users_path)
    $.ajax(
@@ -49,6 +51,7 @@
        search: query
        per_page: 20
        active: true
+        skip_ldap: skip_ldap
      dataType: "json"
    ).done (users) ->
      callback(users)
@@ -114,3 +117,33 @@
  buildUrl: (url) ->
    url = gon.relative_url_root + url if gon.relative_url_root?
    return url.replace(':version', gon.api_version)
+  # Return LDAP groups list. Filtered by query
+  ldap_groups: (query, provider, callback) ->
+    url = Api.buildUrl(Api.ldap_groups_path)
+    url = url.replace(':provider', provider);
+    $.ajax(
+      url: url
+      data:
+        private_token: gon.api_token
+        search: query
+        per_page: 20
+        active: true
+      dataType: "json"
+    ).done (groups) ->
+      callback(groups)
+  # Return projects list. Filtered by query
+  projects: (query, callback) ->
+    project_url = Api.buildUrl(Api.projects_path)
+    project_query = $.ajax(
+      url: project_url
+      data:
+        private_token: gon.api_token
+        search: query
+        per_page: 20
+      dataType: "json"
+    ).done (projects) ->
+      callback(projects)
--- a/app/assets/javascripts/appearances.js.coffee
+++ b/app/assets/javascripts/appearances.js.coffee
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://coffeescript.org/
--- a/app/assets/javascripts/dispatcher.js.coffee
+++ b/app/assets/javascripts/dispatcher.js.coffee
@@ -79,6 +79,10 @@ class Dispatcher
        new ProjectFork()
      when 'users:show'
        new User()
+      when 'projects:group_links:index'
+        new GroupsSelect()
+      when 'admin:emails:show'
+        new AdminEmailSelect()
    switch path.first()
      when 'admin'

--- a/app/assets/javascripts/ldap_groups_select.js.coffee
+++ b/app/assets/javascripts/ldap_groups_select.js.coffee
+$ ->
+  ldapGroupResult = (group) ->
+    group.cn
+  groupFormatSelection = (group) ->
+    group.cn
+  $('.ajax-ldap-groups-select').each (i, select) ->
+    $(select).select2
+      id: (group) ->
+        group.cn
+      placeholder: "Search for a LDAP group"
+      minimumInputLength: 1
+      query: (query) ->
+        provider = $('#ldap_group_link_provider').val();
+        Api.ldap_groups query.term, provider, (groups) ->
+          data = { results: groups }
+          query.callback(data)
+      initSelection: (element, callback) ->
+        id = $(element).val()
+        if id isnt ""
+          callback(cn: id)
+      formatResult: ldapGroupResult
+      formatSelection: groupFormatSelection
+      dropdownCssClass: "ajax-groups-dropdown"
+      formatNoMatches: (nomatch) ->
+        "Match not found; try refining your search query."
+  $('#ldap_group_link_provider').on 'change', ->
+    $('.ajax-ldap-groups-select').select2('data', null)
\ No newline at end of file
--- a/app/assets/javascripts/project.js.coffee
+++ b/app/assets/javascripts/project.js.coffee
@@ -17,4 +17,4 @@ class @Project
      path = '/'
      $.cookie('hide_no_ssh_message', 'false', { path: path })
      $(@).parents('.no-ssh-key-message').hide()
      e.preventDefault()
\ No newline at end of file
--- a/app/assets/javascripts/project_new.js.coffee
+++ b/app/assets/javascripts/project_new.js.coffee
@@ -23,3 +23,8 @@ class @ProjectNew
        $('#project_issues_tracker_id').attr('disabled', 'disabled')
      else
        $('#project_issues_tracker_id').removeAttr('disabled')
+    $("#project_merge_requests_enabled").change ->
+      checked = $(this).prop("checked")
+      $("#project_merge_requests_template").prop "disabled", not checked
+      $("#project_merge_requests_rebase_enabled").prop "disabled", not checked
--- a/app/assets/javascripts/users_select.js.coffee
+++ b/app/assets/javascripts/users_select.js.coffee
 class @UsersSelect
  constructor: ->
    $('.ajax-users-select').each (i, select) =>
+      skip_ldap = $(select).hasClass('skip_ldap')
      $(select).select2
        placeholder: "Search for a user"
        multiple: $(select).hasClass('multiselect')
        minimumInputLength: 0
        query: (query) ->
-          Api.users query.term, (users) ->
+          Api.users query.term, skip_ldap, (users) ->
            data = { results: users }
            query.callback(data)
@@ -37,4 +39,4 @@ class @UsersSelect
     </div>"
  formatSelection: (user) ->
    user.name
\ No newline at end of file
--- a/app/assets/stylesheets/generic/common.scss
+++ b/app/assets/stylesheets/generic/common.scss
@@ -283,6 +283,15 @@ img.emoji {
  margin-bottom: 10px;
 }
+.group-name {
+  font-size: 14px;
+  line-height: 24px;
+}
+.available-groups form {
+  margin: 5px 0;
+}
 table {
  td.permission-x {
    background: #D9EDF7 !important;

--- a/app/assets/stylesheets/generic/selects.scss
+++ b/app/assets/stylesheets/generic/selects.scss
@@ -128,6 +128,15 @@ select {
  }
 }
+.project-result {
+  .project-name {
+    font-weight: bold;
+  }
+  .project-path {
+    color: #999;
+  }
+}
 .user-result {
  .user-image {
    float: left;

--- a/app/assets/stylesheets/sections/appearances.scss
+++ b/app/assets/stylesheets/sections/appearances.scss
+.appearance-logo-preview {
+  max-width: 400px;
+  margin-bottom: 20px;
+}
+.appearance-dark-logo-preview {
+  background-color: #F1F1F1;
+}
+.appearance-light-logo-preview {
+  background-color:  #373737;
+}
--- a/app/controllers/admin/appearances_controller.rb
+++ b/app/controllers/admin/appearances_controller.rb
+class Admin::AppearancesController < Admin::ApplicationController
+  before_filter :set_appearance, except: :create
+  def show
+  end
+  def preview
+  end
+  def create
+    @appearance = Appearance.new(appearance_params)
+    if @appearance.save
+      redirect_to admin_appearances_path, notice: 'Appearance was successfully created.'
+    else
+      render action: 'show'
+    end
+  end
+  def update
+    if @appearance.update(appearance_params)
+      redirect_to admin_appearances_path, notice: 'Appearance was successfully updated.'
+    else
+      render action: 'show'
+    end
+  end
+  def logo
+    appearance = Appearance.last
+    appearance.remove_logo!
+    appearance.save
+    redirect_to admin_appearances_path, notice: 'Logo was succesfully removed.'
+  end
+  def header_logos
+    appearance = Appearance.last
+    appearance.remove_light_logo!
+    appearance.remove_dark_logo!
+    appearance.save
+    redirect_to admin_appearances_path, notice: 'Header logos were succesfully removed.'
+  end
+  private
+  # Use callbacks to share common setup or constraints between actions.
+  def set_appearance
+    @appearance = Appearance.last || Appearance.new
+  end
+  # Only allow a trusted parameter "white list" through.
+  def appearance_params
+    params.require(:appearance).permit(:title, :description, :logo,
+                                       :dark_logo, :light_logo, :updated_by)
+  end
+end
--- a/app/controllers/admin/emails_controller.rb
+++ b/app/controllers/admin/emails_controller.rb
+class Admin::EmailsController < Admin::ApplicationController
+  def show
+  end
+  def create
+    AdminEmailsWorker.perform_async(params[:recipients], params[:subject], params[:body])
+    redirect_to admin_email_path, notice: 'Email sent'
+  end
+end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -242,6 +242,12 @@ class ApplicationController < ActionController::Base
    end
  end
+  def require_ldap_enabled
+    unless Gitlab.config.ldap.enabled
+      render_404 and return
+    end
+  end
  def set_filters_params
    params[:sort] ||= 'newest'
    params[:scope] = 'all' if params[:scope].blank?

--- a/app/controllers/audit_events_controller.rb
+++ b/app/controllers/audit_events_controller.rb
+class AuditEventsController < ApplicationController
+  # Authorize
+  before_filter :repository, only: :project_log
+  before_filter :authorize_admin_project!, only: :project_log
+  before_filter :group, only: :group_log
+  before_filter :authorize_admin_group!, only: :group_log
+  layout :determine_layout
+  def project_log
+    @events = AuditEvent.where(entity_type: "Project", entity_id: project.id).page(params[:page]).per(20)
+  end
+  def group_log
+    @events = AuditEvent.where(entity_type: "Group", entity_id: group.id).page(params[:page]).per(20)
+  end
+  private
+  def group
+    @group ||= Group.find_by(path: params[:group_id])
+  end
+  def authorize_admin_group!
+    render_404 unless can?(current_user, :manage_group, group)
+  end
+  def determine_layout
+    if @project
+      'project_settings'
+    elsif @group
+      'group'
+    end
+  end
+  def audit_events_params
+    params.permit(:project_id, :group_id)
+  end
+end
--- a/app/controllers/groups/group_members_controller.rb
+++ b/app/controllers/groups/group_members_controller.rb
@@ -7,21 +7,59 @@ class Groups::GroupMembersController < ApplicationController
  layout 'group'
  def create
-    @group.add_users(params[:user_ids].split(','), params[:access_level])
+    access_level = params[:access_level]
+    user_ids = params[:user_ids].split(',')
+    @group.add_users(user_ids, access_level)
+    users = User.where(id: user_ids).pluck(:id, :name)
+    users.each do |user|
+      details = {
+        add: "user_access",
+        as: Gitlab::Access.options_with_owner.key(access_level.to_i),
+        target_id: user[0],
+        target_type: "User",
+        target_details: user[1],
+      }
+      AuditEventService.new(current_user, @group, details).security_event
+    end
    redirect_to members_group_path(@group), notice: 'Users were successfully added.'
  end
  def update
    @member = @group.group_members.find(params[:id])
-    @member.update_attributes(member_params)
+    old_access_level = @member.human_access
+    if @member.update_attributes(member_params)
+      details = {
+        change: "access_level",
+        from:  old_access_level,
+        to: @member.human_access,
+        target_id: @member.user_id,
+        target_type: "User",
+        target_details: @member.user.name,
+      }
+      AuditEventService.new(current_user, @group, details).security_event
+    end
  end
  def destroy
    @users_group = @group.group_members.find(params[:id])
    if can?(current_user, :destroy, @users_group)  # May fail if last owner.
-      @users_group.destroy
+      user_id = @users_group.id
+      user_name = @users_group.user.name
+      if @users_group.destroy
+        details = {
+          remove: "user_access",
+          target_id: user_id,
+          target_type: "User",
+          target_details: user_name,
+        }
+        AuditEventService.new(current_user, @group, details).security_event
+      end
      respond_to do |format|
        format.html { redirect_to members_group_path(@group), notice: 'User was  successfully removed from group.' }
        format.js { render nothing: true }

--- a/app/controllers/groups/ldap_group_links_controller.rb
+++ b/app/controllers/groups/ldap_group_links_controller.rb
+class Groups::LdapGroupLinksController < ApplicationController
+  before_action :group
+  before_action :require_ldap_enabled
+  before_action :authorize_admin_group!
+  layout 'group'
+  def index
+  end
+  def create
+    ldap_group_link = @group.ldap_group_links.build(ldap_group_link_params)
+    if ldap_group_link.save
+      if request.referer && request.referer.include?('admin')
+        redirect_to [:admin, @group], notice: 'New LDAP link saved'
+      else
+        redirect_to :back, notice: 'New LDAP link saved'
+      end
+    else
+      redirect_to :back, alert: "Could not create new LDAP link: #{ldap_group_link.errors.full_messages * ', '}"
+    end
+  end
+  def destroy
+    @group.ldap_group_links.where(id: params[:id]).destroy_all
+    redirect_to :back, notice: 'LDAP link removed'
+  end
+  private
+  def group
+    @group ||= Group.find_by(path: params[:group_id])
+  end
+  def authorize_admin_group!
+    render_404 unless can?(current_user, :manage_group, group)
+  end
+  def ldap_group_link_params
+    params.require(:ldap_group_link).permit(:cn, :group_access, :provider)
+  end
+end
--- a/app/controllers/groups/ldaps_controller.rb
+++ b/app/controllers/groups/ldaps_controller.rb
+class Groups::LdapsController < ApplicationController
+  before_filter :group
+  before_filter :authorize_admin_group!
+  def reset_access
+    LdapGroupResetService.new.execute(group, current_user)
+    redirect_to members_group_path(@group), notice: 'Access reset complete'
+  end
+  private
+  def group
+    @group ||= Group.find_by(path: params[:group_id])
+  end
+  def authorize_admin_group!
+    unless can?(current_user, :manage_group, group)
+      return render_404
+    end
+  end
+end
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -37,6 +37,8 @@ class GroupsController < ApplicationController
    @events = @events.limit(20).offset(params[:offset] || 0)
    @last_push = current_user.recent_push if current_user
+    @shared_projects = @group.shared_projects
    respond_to do |format|
      format.html
      format.json { pager_json("events/_events", @events.count) }
@@ -147,6 +149,6 @@ class GroupsController < ApplicationController
  end
  def group_params
-    params.require(:group).permit(:name, :description, :path, :avatar)
+    params.require(:group).permit(:name, :description, :path, :avatar, :membership_lock)
  end
 end
--- a/app/controllers/help_controller.rb
+++ b/app/controllers/help_controller.rb
@@ -5,8 +5,12 @@ class HelpController < ApplicationController
  def show
    @category = params[:category]
    @file = params[:file]
+    format = params[:format] || 'md'
+    file_path = Rails.root.join('doc', @category, @file + ".#{format}")
-    if File.exists?(Rails.root.join('doc', @category, @file + '.md'))
+    if %w(png jpg jpeg gif).include?(format)
+      send_file file_path, disposition: 'inline'
+    elsif File.exists?(file_path)
      render 'show'
    else
      not_found!

--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
 class OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  protect_from_forgery except: :kerberos
  Gitlab.config.omniauth.providers.each do |provider|
    define_method provider['name'] do
      handle_omniauth

--- a/app/controllers/profiles/keys_controller.rb
+++ b/app/controllers/profiles/keys_controller.rb
@@ -26,7 +26,7 @@ class Profiles::KeysController < ApplicationController
  def destroy
    @key = current_user.keys.find(params[:id])
-    @key.destroy
+    @key.destroy unless @key.is_a? LDAPKey
    respond_to do |format|
      format.html { redirect_to profile_keys_url }

--- a/app/controllers/projects/git_hooks_controller.rb
+++ b/app/controllers/projects/git_hooks_controller.rb
+class Projects::GitHooksController < Projects::ApplicationController
+  # Authorize
+  before_filter :authorize_admin_project!
+  respond_to :html
+  layout "project_settings"
+  def index
+    project.create_git_hook unless project.git_hook
+    @pre_receive_hook = project.git_hook
+  end
+  def update
+    @pre_receive_hook = project.git_hook
+    @pre_receive_hook.update_attributes(git_hook_params)
+    if @pre_receive_hook.valid?
+      redirect_to project_git_hooks_path(@project)
+    else
+      render :index
+    end
+  end
+  private
+  # Only allow a trusted parameter "white list" through.
+  def git_hook_params
+    params.require(:git_hook).permit(:deny_delete_tag, :delete_branch_regex,
+      :commit_message_regex, :force_push_regex, :author_email_regex, :member_check, :file_name_regex)
+  end
+end
--- a/app/controllers/projects/group_links_controller.rb
+++ b/app/controllers/projects/group_links_controller.rb
+class Projects::GroupLinksController < Projects::ApplicationController
+  layout 'project_settings'
+  before_filter :authorize_admin_project!
+  def index
+    @group_links = project.project_group_links.all
+  end
+  def create
+    link = project.project_group_links.new
+    link.group_id = params[:link_group_id]
+    link.group_access = params[:link_group_access]
+    link.save
+    redirect_to project_group_links_path(project)
+  end
+  def destroy
+    project.project_group_links.find(params[:id]).destroy
+    redirect_to project_group_links_path(project)
+  end
+end
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -113,7 +113,13 @@ class Projects::MergeRequestsController < Projects::ApplicationController
    return access_denied! unless allowed_to_merge?
    if @merge_request.open? && @merge_request.can_be_merged?
+<<<<<<< HEAD
      AutoMergeWorker.perform_async(@merge_request.id, current_user.id, params)
+=======
+      @merge_request.should_remove_source_branch = params[:should_remove_source_branch]
+      @merge_request.should_rebase = params[:should_rebase]
+      @merge_request.automerge!(current_user, params[:commit_message])
+>>>>>>> ee/master
      @status = true
    else
      @status = false

--- a/app/controllers/projects/team_members_controller.rb
+++ b/app/controllers/projects/team_members_controller.rb
@@ -7,6 +7,7 @@ class Projects::TeamMembersController < Projects::ApplicationController
  def index
    @group = @project.group
    @project_members = @project.project_members.order('access_level DESC')
+    @project_group_links = @project.project_group_links
  end
  def new
@@ -15,8 +16,19 @@ class Projects::TeamMembersController < Projects::ApplicationController
  def create
    users = User.where(id: params[:user_ids].split(','))
+    access_level = params[:access_level]
-    @project.team << [users, params[:access_level]]
+    @project.team << [users, access_level]
+    users.each do |user|
+      details = {
+        add: "user_access",
+        as: Gitlab::Access.options_with_owner.key(access_level.to_i),
+        target_id: user.id,
+        target_type: "User",
+        target_details: user.name,
+      }
+      AuditEventService.new(current_user, @project, details).security_event
+    end
    if params[:redirect_to]
      redirect_to params[:redirect_to]
@@ -27,7 +39,19 @@ class Projects::TeamMembersController < Projects::ApplicationController
  def update
    @user_project_relation = @project.project_members.find_by(user_id: member)
-    @user_project_relation.update_attributes(member_params)
+    old_access_level = @user_project_relation.human_access
+    if @user_project_relation.update_attributes(member_params)
+      details = {
+        change: "access_level",
+        from:  old_access_level,
+        to: @user_project_relation.human_access,
+        target_id: @user_project_relation.user_id,
+        target_type: "User",
+        target_details: @user_project_relation.user.name,
+      }
+      AuditEventService.new(current_user, @project, details).security_event
+    end
    unless @user_project_relation.valid?
      flash[:alert] = "User should have at least one role"
@@ -37,7 +61,18 @@ class Projects::TeamMembersController < Projects::ApplicationController
  def destroy
    @user_project_relation = @project.project_members.find_by(user_id: member)
-    @user_project_relation.destroy
+    user_id = @user_project_relation.user_id
+    user_name = @user_project_relation.user.name
+    if @user_project_relation.destroy
+      details = {
+        remove: "user_access",
+        target_id: user_id,
+        target_type: "User",
+        target_details: user_name,
+      }
+      AuditEventService.new(current_user, @project, details).security_event
+    end
    respond_to do |format|
      format.html { redirect_to project_team_index_path(@project) }

--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -177,7 +177,8 @@ class ProjectsController < ApplicationController
    params.require(:project).permit(
      :name, :path, :description, :issues_tracker, :tag_list,
      :issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id, :default_branch,
-      :wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id
+      :wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :merge_requests_template,
+      :merge_requests_rebase_enabled
    )
  end
 end
--- a/app/controllers/unsubscribes_controller.rb
+++ b/app/controllers/unsubscribes_controller.rb
+class UnsubscribesController < ApplicationController
+  skip_before_filter :authenticate_user!,
+                     :reject_blocked, :set_current_user_for_observers,
+                     :add_abilities
+  layout 'public_users'
+  def show
+    @user = get_user
+  end
+  def create
+    @user = get_user
+    if @user
+      @user.admin_unsubscribe!
+      Notify.send_unsubscribed_notification(@user).deliver
+    end
+    redirect_to new_user_session_path, notice: 'You have been unsubscribed'
+  end
+  protected
+  def get_user
+    @email = Base64.urlsafe_decode64(params[:email])
+    User.where(email: @email).first
+  end
+end
--- a/app/finders/projects_finder.rb
+++ b/app/finders/projects_finder.rb
@@ -37,12 +37,24 @@ class ProjectsFinder
          )
        else
          # User has no access to group or group projects
+          # or has access through shared project
          #
          # Return only:
          #   public projects
          #   internal projects
-          #
+          #   shared projects
-          group.projects.public_and_internal_only
+          projects_ids = []
+          ProjectGroupLink.where(project_id: group.projects).each do |shared_project|
+            if shared_project.group.users.include?(current_user) || shared_project.project.users.include?(current_user)
+              projects_ids << shared_project.project.id
+            end
+          end
+          group.projects.where(
+            "projects.id IN (?) OR projects.visibility_level IN (?)",
+            projects_ids,
+            Project.public_and_internal_levels
+          )
        end
      end
    else

--- a/app/helpers/appearances_helper.rb
+++ b/app/helpers/appearances_helper.rb
 module AppearancesHelper
-  def brand_item
-    nil
-  end
  def brand_title
-    'GitLab Community Edition'
+    if brand_item
+      brand_item.title
+    else
+      'GitLab Enterprise Edition'
+    end
  end
  def brand_image
-    nil
+    if brand_item.logo?
+      image_tag brand_item.logo
+    else
+      nil
+    end
+  end
+  def brand_header_logo
+    if brand_item.header_logos?
+      haml_tag(:style) do
+        # Dark theme/light logo
+        haml_concat ".dark_theme .app_logo a h1 {" \
+                    "background: url('#{brand_item.light_logo}') " \
+                    "no-repeat center center !important; }"
+        # Light theme/dark logo
+        haml_concat ".light_theme .app_logo a h1 {" \
+                    "background: url('#{brand_item.dark_logo}') " \
+                    "no-repeat center center !important; }"
+      end
+    end
  end
  def brand_text
-    nil
+    markdown(brand_item.description)
+  end
+  def brand_item
+    @appearance ||= Appearance.first
  end
 end
--- a/app/helpers/audit_events_helper.rb
+++ b/app/helpers/audit_events_helper.rb
+module AuditEventsHelper
+  def human_text(details)
+    details.map{ |key, value| select_keys(key, value) }.join(" ").humanize
+  end
+  def select_keys(key, value)
+    if key.match(/^target_.*/)
+      ""
+    else
+      "#{key.to_s} <strong>#{value}</strong>"
+    end
+  end
+end
--- a/app/helpers/branches_helper.rb
+++ b/app/helpers/branches_helper.rb
@@ -19,4 +19,14 @@ module BranchesHelper
    current_user.can?(action, project)
  end
+  def can_rebase?(project, branch_name)
+    if project.protected_branch? branch_name
+      can?(current_user, :push_code_to_protected_branches, project)
+    elsif can?(current_user, :push_code, project)
+      true
+    else
+      false
+    end
+  end
 end
--- a/app/helpers/groups_helper.rb
+++ b/app/helpers/groups_helper.rb
@@ -36,6 +36,8 @@ module GroupsHelper
  def group_settings_page?
    if current_controller?('groups')
      current_action?('edit') || current_action?('projects')
+    elsif current_controller?('ldap_group_links') || current_controller?('audit_events')
+      true
    else
      false
    end

--- a/app/helpers/merge_requests_helper.rb
+++ b/app/helpers/merge_requests_helper.rb
@@ -30,8 +30,15 @@ module MergeRequestsHelper
    classes
  end
-  def ci_build_details_path(merge_request)
+  def ci_build_details_path merge_request
-    merge_request.source_project.ci_service.build_page(merge_request.last_commit.sha)
+    build_url = merge_request.source_project.ci_service.build_page(merge_request.last_commit.sha)
+    parsed_url = URI.parse(build_url)
+    unless parsed_url.userinfo.blank?
+      parsed_url.userinfo = ''
+    end
+    parsed_url.to_s
  end
  def merge_path_description(merge_request, separator)

--- a/app/helpers/oauth_helper.rb
+++ b/app/helpers/oauth_helper.rb
@@ -3,6 +3,14 @@ module OauthHelper
    Gitlab.config.ldap.enabled
  end
+  def kerberos_enabled?
+    enabled_oauth_providers.include?(:kerberos)
+  end
+  def standard_login_form_only?
+    ldap_enabled? || kerberos_enabled?
+  end
  def default_providers
    [:twitter, :github, :google_oauth2, :ldap]
  end
@@ -13,11 +21,13 @@ module OauthHelper
  def enabled_social_providers
    enabled_oauth_providers.select do |name|
-      [:twitter, :github, :google_oauth2].include?(name.to_sym)
+      [:twitter, :github, :google_oauth2, :kerberos].include?(name.to_sym)
    end
  end
  def additional_providers
-    enabled_oauth_providers.reject{|provider| provider.to_s.starts_with?('ldap')}
+    enabled_oauth_providers.reject do |provider| 
+      provider.to_s.starts_with?('ldap') || provider == :kerberos
+    end
  end
 end
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -257,5 +257,13 @@ module ProjectsHelper
  def github_import_enabled?
    Gitlab.config.omniauth.enabled && enabled_oauth_providers.include?(:github)
  end
+  def membership_locked?
+    if @project.group && @project.group.membership_lock
+      true
+    else
+      false
+    end
+  end
 end
--- a/app/helpers/selects_helper.rb
+++ b/app/helpers/selects_helper.rb
@@ -2,6 +2,7 @@ module SelectsHelper
  def users_select_tag(id, opts = {})
    css_class = "ajax-users-select "
    css_class << "multiselect " if opts[:multiple]
+    css_class << "skip_ldap " if opts[:skip_ldap]
    css_class << (opts[:class] || '')
    value = opts[:selected] || ''
@@ -18,6 +19,14 @@ module SelectsHelper
    hidden_field_tag(id, value, class: css_class, 'data-placeholder' => placeholder, 'data-project-id' => project_id)
  end
+  def ldap_server_select_options
+    options_from_collection_for_select(
+      Gitlab::LDAP::Config.servers,
+      'provider_name',
+      'label'
+    )
+  end
  def groups_select_tag(id, opts = {})
    css_class = "ajax-groups-select "
    css_class << "multiselect " if opts[:multiple]
@@ -26,4 +35,13 @@ module SelectsHelper
    hidden_field_tag(id, value, class: css_class)
  end
+  def admin_email_select_tag(id, opts = {})
+    css_class = "ajax-admin-email-select "
+    css_class << "multiselect " if opts[:multiple]
+    css_class << (opts[:class] || '')
+    value = opts[:selected] || ''
+    hidden_field_tag(id, value, class: css_class)
+  end
 end
--- a/app/helpers/tab_helper.rb
+++ b/app/helpers/tab_helper.rb
@@ -89,8 +89,8 @@ module TabHelper
  def project_tab_class
    return "active" if current_page?(controller: "/projects", action: :edit, id: @project)
-    if ['services', 'hooks', 'deploy_keys', 'team_members', 'protected_branches'].include? controller.controller_name
+    if ['services', 'git_hooks', 'hooks', 'deploy_keys', 'team_members', 'protected_branches'].include? controller.controller_name
-     "active"
+      "active"
    end
  end

--- a/app/mailers/emails/admin_notification.rb
+++ b/app/mailers/emails/admin_notification.rb
+module Emails
+  module AdminNotification
+    def send_admin_notification(user_id, subject, body)
+      email = recipient(user_id)
+      @unsubscribe_url = unsubscribe_url(email: Base64.urlsafe_encode64(email))
+      @body = body
+      mail to: email, subject: subject
+    end
+    def send_unsubscribed_notification(user_id)
+      email = recipient(user_id)
+      mail to: email, subject: "Unsubscribed from GitLab administrator notifications"
+    end
+  end
+end
--- a/app/mailers/notify.rb
+++ b/app/mailers/notify.rb
 class Notify < ActionMailer::Base
  include ActionDispatch::Routing::PolymorphicRoutes
+  include Emails::AdminNotification
  include Emails::Issues
  include Emails::MergeRequests
  include Emails::Notes

--- a/app/models/appearance.rb
+++ b/app/models/appearance.rb
+class Appearance < ActiveRecord::Base
+  validates :title, presence: true
+  validates :description, presence: true
+  validates :logo, file_size: { maximum: 1000.kilobytes.to_i }
+  validates :dark_logo, file_size: { maximum: 1000.kilobytes.to_i },
+            presence: true, if: :light_logo?
+  validates :light_logo, file_size: { maximum: 1000.kilobytes.to_i },
+            presence: true, if: :dark_logo?
+  mount_uploader :logo, AttachmentUploader
+  mount_uploader :dark_logo, AttachmentUploader
+  mount_uploader :light_logo, AttachmentUploader
+  def header_logos?
+    dark_logo? && light_logo?
+  end
+end
--- a/app/models/audit_event.rb
+++ b/app/models/audit_event.rb
+class AuditEvent < ActiveRecord::Base
+  serialize :details, Hash
+  belongs_to :user, foreign_key: :author_id
+  validates :author_id, presence: true
+  validates :entity_id, presence: true
+  validates :entity_type, presence: true
+  after_initialize :initialize_details
+  def initialize_details
+    self.details = {} if details.nil?
+  end
+  def author_name
+    self.user.name
+  end
+end
--- a/app/models/git_hook.rb
+++ b/app/models/git_hook.rb
+class GitHook < ActiveRecord::Base
+  belongs_to :project
+  validates :project, presence: true
+  def commit_message_allowed?(message)
+    if commit_message_regex.present?
+      if message =~ Regexp.new(commit_message_regex)
+        true
+      else
+        false
+      end
+    else
+      true
+    end
+  end
+  def commit_validation?
+    commit_message_regex.present? || author_email_regex.present? || member_check || file_name_regex.present?
+  end
+end
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -19,6 +19,9 @@ require 'file_size_validator'
 class Group < Namespace
  has_many :group_members, dependent: :destroy, as: :source, class_name: 'GroupMember'
  has_many :users, through: :group_members
+  has_many :project_group_links, dependent: :destroy
+  has_many :shared_projects, through: :project_group_links, source: :project
+  has_many :ldap_group_links, foreign_key: 'group_id', dependent: :destroy
  validate :avatar_type, if: ->(user) { user.avatar_changed? }
  validates :avatar, file_size: { maximum: 200.kilobytes.to_i }
@@ -70,10 +73,27 @@ class Group < Namespace
    end
  end
+  def human_ldap_access
+    Gitlab::Access.options_with_owner.key ldap_access
+  end
  def public_profile?
    projects.public_only.any?
  end
+  # NOTE: Backwards compatibility with old ldap situation
+  def ldap_cn
+    ldap_group_links.first.try(:cn)
+  end
+  def ldap_access
+    ldap_group_links.first.try(:group_access)
+  end
+  def ldap_synced?
+    ldap_cn.present?
+  end
  class << self
    def search(query)
      where("LOWER(namespaces.name) LIKE :query", query: "%#{query.downcase}%")

--- a/app/models/jira_issue.rb
+++ b/app/models/jira_issue.rb
+class JiraIssue
+  def initialize(issue_identifier)
+    @issue_identifier = issue_identifier
+  end
+  def to_s
+    @issue_identifier.to_s
+  end
+  def id
+    @issue_identifier.to_s
+  end
+  def iid
+    @issue_identifier.to_s
+  end
+  def ==(other)
+    other.is_a?(self.class) && (to_s == other.to_s)
+  end
+end
--- a/app/models/key.rb
+++ b/app/models/key.rb
@@ -25,6 +25,8 @@ class Key < ActiveRecord::Base
  validates :key, presence: true, length: { within: 0..5000 }, format: { with: /\A(ssh|ecdsa)-.*\Z/ }, uniqueness: true
  validates :fingerprint, uniqueness: true, presence: { message: 'cannot be generated' }
+  scope :ldap, -> { where(type: 'LDAPKey') }
  delegate :name, :email, to: :user, prefix: true
  after_create :add_to_shell

--- a/app/models/ldap_group_link.rb
+++ b/app/models/ldap_group_link.rb
+class LdapGroupLink < ActiveRecord::Base
+  include Gitlab::Access
+  belongs_to :group
+  validates :cn, :group_access, :group_id, presence: true
+  validates :cn, uniqueness: { scope: [:group_id, :provider] }
+  validates :group_access, inclusion: { in: Gitlab::Access.all_values }
+  scope :with_provider, ->(provider) { where(provider: provider) }
+  def access_field
+    group_access
+  end
+  def config
+    Gitlab::LDAP::Config.new(provider)
+  rescue Gitlab::LDAP::Config::InvalidProvider
+    nil
+  end
+  # default to the first LDAP server
+  def provider
+    read_attribute(:provider) || Gitlab::LDAP::Config.providers.first
+  end
+  def provider_label
+    config.label
+  end
+end
--- a/app/models/ldap_key.rb
+++ b/app/models/ldap_key.rb
+# == Schema Information
+#
+# Table name: keys
+#
+#  id         :integer          not null, primary key
+#  user_id    :integer
+#  created_at :datetime
+#  updated_at :datetime
+#  key        :text
+#  title      :string(255)
+#  identifier :string(255)
+#  type       :string(255)
+#
+class LDAPKey < Key
+end
--- a/app/models/members/group_member.rb
+++ b/app/models/members/group_member.rb
@@ -26,6 +26,7 @@ class GroupMember < Member
  scope :with_group, ->(group) { where(source_id: group.id) }
  scope :with_user, ->(user) { where(user_id: user.id) }
+  scope :with_ldap_dn, -> { joins(user: :identities).where("identities.provider LIKE ?", 'ldap%') }
  after_create :notify_create
  after_update :notify_update

--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -40,6 +40,9 @@ class MergeRequest < ActiveRecord::Base
  attr_accessor :should_remove_source_branch
+  # If true, merge request should rebase before merging
+  attr_accessor :should_rebase
  # When this attribute is true some MR validation is ignored
  # It allows us to close or modify broken merge requests
  attr_accessor :allow_broken

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -51,6 +51,7 @@ class Project < ActiveRecord::Base
  belongs_to :group, -> { where(type: Group) }, foreign_key: "namespace_id"
  belongs_to :namespace
+  has_one :git_hook, dependent: :destroy
  has_one :last_event, -> {order 'events.created_at DESC'}, class_name: 'Event', foreign_key: 'project_id'
  # Project services
@@ -64,10 +65,13 @@ class Project < ActiveRecord::Base
  has_one :assembla_service, dependent: :destroy
  has_one :gemnasium_service, dependent: :destroy
  has_one :slack_service, dependent: :destroy
+  has_one :jira_service, dependent: :destroy
+  has_one :jenkins_service, dependent: :destroy
  has_one :buildbox_service, dependent: :destroy
  has_one :bamboo_service, dependent: :destroy
  has_one :teamcity_service, dependent: :destroy
  has_one :pushover_service, dependent: :destroy
  has_one :forked_project_link, dependent: :destroy, foreign_key: "forked_to_project_id"
  has_one :forked_from_project, through: :forked_project_link
  # Merge Requests for target project should be removed with it
@@ -90,6 +94,9 @@ class Project < ActiveRecord::Base
  has_many :users_star_projects, dependent: :destroy
  has_many :starrers, through: :users_star_projects, source: :user
+  has_many :project_group_links, dependent: :destroy
+  has_many :invited_groups, through: :project_group_links, source: :group
  delegate :name, to: :owner, allow_nil: true, prefix: true
  delegate :members, to: :team, prefix: true
@@ -316,7 +323,7 @@ class Project < ActiveRecord::Base
  def available_services_names
    %w(gitlab_ci campfire hipchat pivotaltracker flowdock assembla
-       emails_on_push gemnasium slack pushover buildbox bamboo teamcity)
+       emails_on_push gemnasium slack pushover buildbox bamboo teamcity jira jenkins)
  end
  def gitlab_ci?
@@ -331,6 +338,19 @@ class Project < ActiveRecord::Base
    @ci_service ||= ci_services.select(&:activated?).first
  end
+  def jira_tracker?
+    self.issues_tracker == "jira"
+  end
+  def redmine_tracker?
+    self.issues_tracker == "redmine"
+  end
+  # For compatibility with old code
+  def code
+    path
+  end
  def items_for(entity)
    case entity
    when 'issue' then
@@ -582,6 +602,14 @@ class Project < ActiveRecord::Base
    merge_requests.where(source_project_id: self.id)
  end
+  def group_ldap_synced?
+    if group
+      group.ldap_synced?
+    else
+      false
+    end
+  end
  def create_repository
    if gitlab_shell.add_repository(path_with_namespace)
      true

--- a/app/models/project_group_link.rb
+++ b/app/models/project_group_link.rb
+class ProjectGroupLink < ActiveRecord::Base
+  GUEST     = 10
+  REPORTER  = 20
+  DEVELOPER = 30
+  MASTER    = 40
+  belongs_to :project
+  belongs_to :group
+  validates :project_id, presence: true
+  validates :group_id, presence: true
+  validates :group_id, uniqueness: { scope: [:project_id], message: "already shared with this group" }
+  validates :group_access, presence: true
+  validates :group_access, inclusion: { in: Gitlab::Access.values }, presence: true
+  def self.access_options
+    Gitlab::Access.options
+  end
+  def self.default_access
+    DEVELOPER
+  end
+  def human_access
+    self.class.access_options.key(self.group_access)
+  end
+end
--- a/app/models/project_services/jenkins_service.rb
+++ b/app/models/project_services/jenkins_service.rb
+# == Schema Information
+#
+# Table name: services
+#
+#  id          :integer          not null, primary key
+#  type        :string(255)
+#  title       :string(255)
+#  project_id  :integer          not null
+#  created_at  :datetime
+#  updated_at  :datetime
+#  active      :boolean          default(FALSE), not null
+#  properties  :text
+#
+class JenkinsService < CiService
+  prop_accessor :project_url
+  validates :project_url, presence: true, if: :activated?
+  delegate :execute, to: :service_hook, prefix: nil
+  after_save :compose_service_hook, if: :activated?
+  def compose_service_hook
+    hook = service_hook || build_service_hook
+    jenkins_url = project_url.sub(/job\/.*/, '')
+    hook.url = jenkins_url + "/gitlab/build_now"
+    hook.save
+  end
+  def title
+    'Jenkins CI'
+  end
+  def description
+    'An extendable open source continuous integration server'
+  end
+  def help
+    'You must have installed GitLab Hook plugin into Jenkins.'
+  end
+  def to_param
+    'jenkins'
+  end
+  def fields
+    [
+      { type: 'text', name: 'project_url', placeholder: 'Jenkins project URL like http://jenkins.example.com/job/my-project/' }
+    ]
+  end
+  def build_page sha
+    project_url + "/scm/bySHA1/#{sha}"
+  end
+  def commit_status sha
+    parsed_url = URI.parse(build_page(sha))
+    if parsed_url.userinfo.blank?
+      response = HTTParty.get(build_page(sha), verify: false)
+    else
+      get_url = build_page(sha).gsub("#{parsed_url.userinfo}@", "")
+      auth = {
+          username: URI.decode(parsed_url.user),
+          password: URI.decode(parsed_url.password),
+      }
+      response = HTTParty.get(get_url, verify: false, basic_auth: auth)
+    end
+    if response.code == 200
+      # img.build-caption-status-icon for old jenkins version
+      src = Nokogiri.parse(response).css('img.build-caption-status-icon,.build-caption>img').first.attributes['src'].value
+      if src =~ /blue\.png$/
+        'success'
+      elsif src =~ /(red\.png|aborted\.png)$/
+        'failed'
+      elsif src =~ /anime\.gif$/
+        'running'
+      else
+        'pending'
+      end
+    else
+      :error
+    end
+  end
+end
--- a/app/models/project_services/jira_service.rb
+++ b/app/models/project_services/jira_service.rb
+# == Schema Information
+#
+# Table name: services
+#
+#  id          :integer          not null, primary key
+#  type        :string(255)
+#  title       :string(255)
+#  project_id  :integer          not null
+#  created_at  :datetime
+#  updated_at  :datetime
+#  active      :boolean          default(FALSE), not null
+#  properties  :text
+#
+class JiraService < Service
+  include HTTParty
+  prop_accessor :project_url, :username, :password,
+                :api_version, :jira_issue_transition_id
+  validates :username, :password, presence: true, if: :activated?
+  before_validation :set_api_version
+  def title
+    'JIRA'
+  end
+  def description
+    'Bug, issue tracking, and project management system'
+  end
+  def to_param
+    'jira'
+  end
+  def fields
+    [
+      { type: 'text', name: 'project_url', placeholder: 'Url to JIRA, http://jira.example' },
+      { type: 'text', name: 'username', placeholder: '' },
+      { type: 'password', name: 'password', placeholder: '' },
+      { type: 'text', name: 'api_version', placeholder: '2' },
+      { type: 'text', name: 'jira_issue_transition_id', placeholder: '2' }
+    ]
+  end
+  def set_api_version
+    self.api_version = "2"
+  end
+  def execute(push, issue = nil)
+    close_issue(push, issue) if issue
+  end
+  private
+  def close_issue(push_data, issue_name)
+    url = close_issue_url(issue_name)
+    commit_url = push_data[:commits].first[:url]
+    message = {
+      'update' => {
+        'comment' => [{
+          'add' => {
+            'body' => "Issue solved with #{commit_url}"
+          }
+        }]
+      },
+      'transition' => {
+        'id' => jira_issue_transition_id
+      }
+    }
+    json_body = message.to_json
+    Rails.logger.info("#{self.class.name}: sending POST with body #{json_body} to #{url}")
+    JiraService.post(
+      url,
+      body: json_body,
+      headers: {
+        'Content-Type' => 'application/json',
+        'Authorization' => "Basic #{auth}"
+      }
+    )
+  end
+  def close_issue_url(issue_name)
+    "#{self.project_url.chomp("/")}/rest/api/#{self.api_version}/issue/#{issue_name}/transitions"
+  end
+  def auth
+    require 'base64'
+    Base64.urlsafe_encode64("#{self.username}:#{self.password}")
+  end
+end
--- a/app/models/project_team.rb
+++ b/app/models/project_team.rb
@@ -52,6 +52,7 @@ class ProjectTeam
  end
  def add_users_ids(user_ids, access)
+    return false if group_member_lock
    ProjectMember.add_users_into_projects(
      [project.id],
      user_ids,
@@ -145,14 +146,63 @@ class ProjectTeam
      access << group.group_members.find_by(user_id: user_id).try(:access_field)
    end
+    if project.invited_groups.any?
+      access << max_invited_level(user_id)
+    end
    access.compact.max
  end
+  def max_invited_level(user_id)
+    project.project_group_links.map do |group_link|
+      invited_group = group_link.group
+      access = invited_group.group_members.find_by(user_id: user_id).try(:access_field)
+      # If group member has higher access level we should restrict it
+      # to max allowed access level
+      if access && access > group_link.group_access
+        access = group_link.group_access
+      end
+      access
+    end.compact.max
+  end
  private
  def fetch_members(level = nil)
    project_members = project.project_members
    group_members = group ? group.group_members : []
+    invited_members = []
+    if project.invited_groups.any?
+      project.project_group_links.each do |group_link|
+        invited_group = group_link.group
+        im = invited_group.group_members
+        if level
+          int_level = GroupMember.access_level_roles[level.to_s.singularize.titleize]
+          # Skip group members if we ask for masters
+          # but max group access is developers
+          next if int_level > group_link.group_access
+          # If we ask for developers and max
+          # group access is developers we need to provide
+          # both group master, developers as devs
+          if int_level == group_link.group_access
+            im.where("access_level >= ?)", group_link.group_access)
+          else
+            im.send(level)
+          end
+        end
+        invited_members << im
+      end
+      invited_members = invited_members.flatten.compact
+    end
    if level
      project_members = project_members.send(level)
@@ -160,6 +210,7 @@ class ProjectTeam
    end
    user_ids = project_members.pluck(:user_id)
+    user_ids += invited_members.map(&:user_id) if invited_members.any?
    user_ids += group_members.pluck(:user_id) if group
    User.where(id: user_ids)
@@ -168,4 +219,8 @@ class ProjectTeam
  def group
    project.group
  end
+  def group_member_lock
+    group && group.membership_lock
+  end
 end
--- a/app/models/security_event.rb
+++ b/app/models/security_event.rb
+class SecurityEvent < AuditEvent
+end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -180,6 +180,8 @@ class User < ActiveRecord::Base
  scope :not_in_team, ->(team){ where('users.id NOT IN (:ids)', ids: team.member_ids) }
  scope :not_in_project, ->(project) { project.users.present? ? where("id not in (:ids)", ids: project.users.map(&:id) ) : all }
  scope :without_projects, -> { where('id NOT IN (SELECT DISTINCT(user_id) FROM members)') }
+  scope :subscribed_for_admin_email, -> { where(admin_email_unsubscribed_at: nil) }
+  scope :ldap, -> { joins(:identities).where('identities.provider LIKE ?', 'ldap%') }
  scope :potential_team_members, ->(team) { team.members.any? ? active.not_in_team(team) : active  }
  #
@@ -213,6 +215,10 @@ class User < ActiveRecord::Base
        User.where(name: name).first
    end
+    def existing_member?(email)
+      User.where(email: email).any? || Email.where(email: email).any?
+    end
    def filter(filter_name)
      case filter_name
      when "admins"; self.admins
@@ -299,7 +305,8 @@ class User < ActiveRecord::Base
    @authorized_projects ||= begin
                               project_ids = personal_projects.pluck(:id)
                               project_ids += groups_projects.pluck(:id)
-                               project_ids += projects.pluck(:id).uniq
+                               project_ids += projects.pluck(:id)
+                               project_ids += groups.joins(:shared_projects).pluck(:project_id)
                               Project.where(id: project_ids).joins(:namespace).order('namespaces.name ASC')
                             end
  end
@@ -434,7 +441,7 @@ class User < ActiveRecord::Base
    if !Gitlab.config.ldap.enabled
      false
    elsif ldap_user?
-      !last_credential_check_at || (last_credential_check_at + 1.hour) < Time.now
+      !last_credential_check_at || (last_credential_check_at + Gitlab.config.ldap['sync_time']) < Time.now
    else
      false
    end
@@ -543,6 +550,10 @@ class User < ActiveRecord::Base
    SystemHooksService.new
  end
+  def admin_unsubscribe!
+    update_column :admin_email_unsubscribed_at, Time.now
+  end
  def starred?(project)
    starred_projects.exists?(project)
  end

--- a/app/services/audit_event_service.rb
+++ b/app/services/audit_event_service.rb
+class AuditEventService
+  def initialize(author, entity, details = {})
+    @author, @entity, @details = author, entity, details
+  end
+  def security_event
+    SecurityEvent.create(
+      author_id: @author.id,
+      entity_id: @entity.id,
+      entity_type: @entity.class.name,
+      details: @details
+    )
+  end
+end
--- a/app/services/files/base_service.rb
+++ b/app/services/files/base_service.rb
@@ -13,5 +13,9 @@ module Files
    def repository
      project.repository
    end
+    def git_hook
+      project.git_hook
+    end
  end
 end
--- a/app/services/files/create_service.rb
+++ b/app/services/files/create_service.rb
@@ -17,6 +17,10 @@ module Files
        return error("You can only create files if you are on top of a branch")
      end
+      if git_hook && !git_hook.commit_message_allowed?(params[:commit_message])
+        return error("Commit message must match next format: #{git_hook.commit_message_regex}")
+      end
      file_name = File.basename(path)
      file_path = path

--- a/app/services/files/delete_service.rb
+++ b/app/services/files/delete_service.rb
@@ -17,6 +17,10 @@ module Files
        return error("You can only create files if you are on top of a branch")
      end
+      if git_hook && !git_hook.commit_message_allowed?(params[:commit_message])
+        return error("Commit message must match next format: #{git_hook.commit_message_regex}")
+      end
      blob = repository.blob_at_branch(ref, path)
      unless blob

--- a/app/services/files/update_service.rb
+++ b/app/services/files/update_service.rb
@@ -17,6 +17,10 @@ module Files
        return error("You can only create files if you are on top of a branch")
      end
+      if git_hook && !git_hook.commit_message_allowed?(params[:commit_message])
+        return error("Commit message must match next format: #{git_hook.commit_message_regex}")
+      end
      blob = repository.blob_at_branch(ref, path)
      unless blob

--- a/app/services/git_push_service.rb
+++ b/app/services/git_push_service.rb
@@ -82,7 +82,11 @@ class GitPushService
        author ||= commit_user(commit)
        issues_to_close.each do |issue|
-          Issues::CloseService.new(project, author, {}).execute(issue, commit)
+          if project.jira_tracker? && project.jira_service.active
+            project.jira_service.execute(push_data, issue)
+          else
+            Issues::CloseService.new(project, author, {}).execute(issue, commit)
+          end
        end
      end

--- a/app/services/ldap_group_reset_service.rb
+++ b/app/services/ldap_group_reset_service.rb
+class LdapGroupResetService
+  def execute(group, current_user)
+    # Only for ldap connected users
+    # reset last_credential_check_at to force LDAP::Access::update_permissions
+    # set Gitlab::Access::Guest to later on upgrade the access of a user
+    # trigger the lowest access possible for all LDAP connected users
+    a = group.members.with_ldap_dn.map do |member|
+      # don't unauthorize the current user
+      next if current_user == member.user
+      member.update_attribute :access_level, Gitlab::Access::GUEST
+    end
+    group.users.ldap.update_all last_credential_check_at: nil
+  end
+end
--- a/app/services/merge_requests/build_service.rb
+++ b/app/services/merge_requests/build_service.rb
@@ -19,6 +19,9 @@ module MergeRequests
      # Generate suggested MR title based on source branch name
      merge_request.title = merge_request.source_branch.titleize.humanize
+      # Set MR description based on project template
+      merge_request.description = merge_request.target_project.merge_requests_template
      compare_result = CompareService.new.execute(
        current_user,
        merge_request.source_project,

--- a/app/views/admin/appearances/_form.html.haml
+++ b/app/views/admin/appearances/_form.html.haml
+= form_for @appearance, url: admin_appearances_path, html: { class: 'form-horizontal'} do |f|
+  - if @appearance.errors.any?
+    .alert.alert-danger
+      - @appearance.errors.full_messages.each do |msg|
+        %p= msg
+  %fieldset.sign-in
+    %legend
+      Sign in/Sign up pages:
+  .form-group
+    = f.label :title, class: 'control-label'
+    .col-sm-10
+      = f.text_field :title, class: "form-control"
+  .form-group
+    = f.label :description, class: 'control-label'
+    .col-sm-10
+      = f.text_area :description, class: "form-control", rows: 10
+      .hint
+        Description parsed with #{link_to "GitLab Flavored Markdown", help_page_path('markdown', 'markdown'), target: '_blank'}.
+  .form-group
+    = f.label :logo, class: 'control-label'
+    .col-sm-10
+      - if @appearance.logo?
+        = image_tag @appearance.logo, class: 'appearance-logo-preview'
+        %br
+        = link_to 'Remove logo', logo_admin_appearances_path, data: { confirm: "Logo will be removed. Are you sure?"}, method: :delete, class: "btn btn-remove btn-small remove-logo"
+        %hr
+      = f.file_field :logo, class: ""
+      .hint
+        Maximum logo size is 1MB, page optimized for logo size 640x360px
+  %fieldset.app_logo
+    %legend
+      Navigation bar:
+  .form-group
+    = f.label :dark_logo, class: 'control-label'
+    .col-sm-10
+      - if @appearance.dark_logo?
+        = image_tag @appearance.dark_logo, class: 'appearance-dark-logo-preview'
+      = f.file_field :dark_logo, class: ""
+      .hint
+        Maximum size is 1MB, page optimized for logo size 40x40px
+    = f.label :light_logo, class: 'control-label'
+    .col-sm-10
+      - if @appearance.light_logo?
+        = image_tag @appearance.light_logo, class: 'appearance-light-logo-preview'
+      = f.file_field :light_logo, class: ""
+      .hint
+        Maximum size is 1MB, page optimized for logo size 41x41px
+      -if @appearance.light_logo? || @appearance.dark_logo?
+        %br
+          = link_to 'Remove header logos', header_logos_admin_appearances_path, data: { confirm: "Header logos will be removed. Are you sure?"}, method: :delete, class: "btn btn-remove btn-small remove-logo"
+  .form-actions
+    = f.submit 'Save', class: 'btn btn-save'
+    - if @appearance.persisted?
+      = link_to 'Preview last save', preview_admin_appearances_path, class: 'btn', target: '_blank'
+    - if @appearance.updated_at
+      %span.pull-right
+        Last edit #{time_ago_with_tooltip(@appearance.updated_at)}
--- a/app/views/admin/appearances/preview.html.haml
+++ b/app/views/admin/appearances/preview.html.haml
+%h3.page-title
+  Appearance settings - Preview
+%hr
+.ui-box
+  .title
+    Sign-in page
+  %div
+    .login-page
+      .container
+        .content
+          .login-title
+            %h1= brand_title
+      %hr
+      .container
+        .content
+          .row
+            .col-sm-7
+              .brand-image
+                = brand_image
+              .brand_text
+                = brand_text
+            .col-sm-4
+              .login-box
+                %h3.page-title Sign in
+                = text_field_tag :login, nil, class: "form-control top", placeholder: "Username or Email"
+                = password_field_tag :password, nil, class: "form-control bottom", placeholder: "Password"
+                = button_tag "Sign in", class: "btn-create btn"
--- a/app/views/admin/appearances/show.html.haml
+++ b/app/views/admin/appearances/show.html.haml
+%h3.page-title
+  Appearance settings
+%p.light
+  You can modify the look and feel of GitLab here
+= render 'form'
--- a/app/views/admin/emails/show.html.haml
+++ b/app/views/admin/emails/show.html.haml
+%h3.page-title
+  Send email notication
+%p.light
+  You can notify the app / group or a project by sending them an email notification
+= form_tag admin_email_path, class: 'form-horizontal', id: 'new-admin-email' do
+  .form-group
+    %label.control-label{for: :subject} Subject
+    .col-sm-10
+      = text_field_tag :subject, '', class: 'form-control', required: true
+  .form-group
+    %label.control-label{for: :body} Body
+    .col-sm-10
+      = text_area_tag :body, '', class: 'form-control', rows: 15, required: true
+  .form-group
+    %label.control-label{for: :recipients} Recipient group
+    .col-sm-10
+      = admin_email_select_tag(:recipients)
+  .form-actions
+    = submit_tag 'Send message', class: 'btn btn-create'
--- a/app/views/admin/groups/_form.html.haml
+++ b/app/views/admin/groups/_form.html.haml
@@ -25,3 +25,7 @@
      = f.submit 'Save changes', class: "btn btn-primary"
      = link_to  'Cancel', admin_group_path(@group), class: "btn btn-cancel"
+- if @group.persisted?
+  %h3.page-title Linked LDAP groups
+  = render 'ldap_group_links/form', group: @group
+  = render 'ldap_group_links/ldap_group_links', group: @group
--- a/app/views/admin/groups/show.html.haml
+++ b/app/views/admin/groups/show.html.haml
@@ -31,6 +31,17 @@
          %strong
            = @group.created_at.stamp("March 1, 1999")
+    .panel.panel-default
+      .panel-heading Linked LDAP groups
+      %ul.well-list
+        - if @group.ldap_group_links.any?
+          - @group.ldap_group_links.each do |ldap_group_link|
+            %li
+              cn:
+              %strong= ldap_group_link.cn
+              as
+              %strong= ldap_group_link.human_access
    .panel.panel-default
      .panel-heading
        %h3.panel-title
@@ -49,6 +60,22 @@
      .panel-footer
        = paginate @projects, param_name: 'projects_page', theme: 'gitlab'
+    - if @group.shared_projects.any?
+      .panel.panel-default
+        .panel-heading
+          Projects shared with #{@group.name}
+          %span.badge
+            #{@group.shared_projects.count}
+        %ul.well-list
+          - @group.shared_projects.sort_by(&:name).each do |project|
+            %li
+              %strong
+                = link_to project.name_with_namespace, [:admin, project]
+                %span.label.label-gray
+                  = repository_size(project)
+              %span.pull-right.light
+                %span.monospace= project.path_with_namespace + ".git"
  .col-md-6
    .panel.panel-default
      .panel-heading
@@ -60,7 +87,7 @@
        = form_tag project_teams_update_admin_group_path(@group), id: "new_team_member", class: "bulk_import", method: :put  do
          %div
-            = users_select_tag(:user_ids, multiple: true)
+            = users_select_tag(:user_ids, { multiple: true, skip_ldap: @group.ldap_synced? })
          %div.prepend-top-10
            = select_tag :access_level, options_for_select(GroupMember.access_level_roles), class: "project-access-select select2"
          %hr

--- a/app/views/admin/users/index.html.haml
+++ b/app/views/admin/users/index.html.haml
@@ -32,6 +32,7 @@
      .panel-heading
        Users (#{@users.total_count})
        .panel-head-actions
+          = link_to 'Send email to users', admin_email_path, class: 'btn btn-info'
          .dropdown.inline
            %a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
              %span.light sort:

--- a/app/views/audit_events/_event_table.html.haml
+++ b/app/views/audit_events/_event_table.html.haml
+- if defined?(events)
+  %table.table#audits
+    %thead
+      %tr
+        %th Author
+        %th Action
+        %th Target
+        %th At
+    %tbody
+      - events.each do |event|
+        %tr
+          %td #{event.author_name}
+          %td
+            %span
+              #{raw human_text(event.details)}
+          %td #{event.details[:target_details]}
+          %td #{event.created_at}
+  = paginate events, theme: "gitlab"
--- a/app/views/audit_events/group_log.html.haml
+++ b/app/views/audit_events/group_log.html.haml
+%h3.page-title Group Audit Events
+%p.light Events in #{@group.name}
+= render 'event_table', events: @events
--- a/app/views/audit_events/project_log.html.haml
+++ b/app/views/audit_events/project_log.html.haml
+%h3.page-title Project Audit Events
+%p.light Events in #{@project.path_with_namespace}
+= render 'event_table', events: @events
--- a/app/views/devise/sessions/_new_kerberos.html.haml
+++ b/app/views/devise/sessions/_new_kerberos.html.haml
+= form_tag(user_omniauth_callback_path(provider), id: 'new_kerberos_user' ) do
+  = text_field_tag :username, nil, {class: "form-control top", placeholder: "Kerberos Login", autofocus: "autofocus"}
+  = password_field_tag :password, nil, {class: "form-control bottom", placeholder: "Password"}
+  %br/
+  = button_tag "Kerberos Sign in", class: "btn-save btn"
\ No newline at end of file
--- a/app/views/devise/shared/_signin_box.html.haml
+++ b/app/views/devise/shared/_signin_box.html.haml
@@ -7,6 +7,9 @@
        - @ldap_servers.each_with_index do |server, i|
          %li{class: (:active if i.zero?)}
            = link_to server['label'], "#tab-#{server['provider_name']}", 'data-toggle' => 'tab'
+        - if kerberos_enabled?
+          %li{class: (:active unless ldap_enabled?)}
+            = link_to "Kerberos", "#tab-kerberos", 'data-toggle' => 'tab'
        - if signin_enabled?
          %li
            = link_to 'Standard', '#tab-signin', 'data-toggle' => 'tab'
@@ -14,6 +17,9 @@
        - @ldap_servers.each_with_index do |server, i|
          %div.tab-pane{id: "tab-#{server['provider_name']}", class: (:active if i.zero?)}
            = render 'devise/sessions/new_ldap', provider: server['provider_name']
+        - if kerberos_enabled?
+          %div#tab-kerberos.tab-pane{class: (:active unless ldap_enabled?)}
+            = render 'devise/sessions/new_kerberos', provider: :kerberos
        - if signin_enabled?
          %div#tab-signin.tab-pane
            = render 'devise/sessions/new_base'

--- a/app/views/groups/_new_group_member.html.haml
+++ b/app/views/groups/_new_group_member.html.haml
 = form_for @users_group, url: group_group_members_path(@group), html: { class: 'form-horizontal users-group-form' } do |f|
  .form-group
    = f.label :user_ids, "People", class: 'control-label'
-    .col-sm-10= users_select_tag(:user_ids, multiple: true, class: 'input-large')
+    .col-sm-10= users_select_tag(:user_ids, { multiple: true, skip_ldap: @group.ldap_synced? , class: 'input-large' })
  .form-group
    = f.label :access_level, "Group Access", class: 'control-label'

--- a/app/views/groups/_settings_nav.html.haml
+++ b/app/views/groups/_settings_nav.html.haml
@@ -9,3 +9,14 @@
      %i.fa.fa-folder
      %span
        Projects
+  - if ldap_enabled?
+    = nav_link(controller: :ldap_group_links) do
+      = link_to group_ldap_group_links_path(@group) do
+        %i.fa.fa-exchange
+        %span
+          LDAP Groups
+  = nav_link(controller: :audit_events) do
+    = link_to group_audit_events_path(@group) do
+      %i.fa.fa-file-text-o
+      %span
+        Audit Events
--- a/app/views/groups/_shared_projects.html.haml
+++ b/app/views/groups/_shared_projects.html.haml
+- if projects.present?
+  .panel.panel-default
+    .panel-heading
+      Projects shared with
+      %strong #{@group.name}
+      (#{projects.count})
+    %ul.well-list
+      - projects.each do |project|
+        %li.project-row
+          = link_to project_path(project), class: dom_class(project) do
+            %span.namespace-name
+              - if project.namespace
+                = project.namespace.human_name
+                \/
+            %span.project-name
+              = truncate(project.name, length: 25)
+            %span.arrow
+              %i.icon-angle-right
--- a/app/views/groups/edit.html.haml
+++ b/app/views/groups/edit.html.haml
@@ -23,6 +23,15 @@
            %hr
            = link_to 'Remove avatar', group_avatar_path(@group.to_param), data: { confirm: "Group avatar will be removed. Are you sure?"}, method: :delete, class: "btn btn-remove btn-small remove-avatar"
+      .form-group
+        %hr
+        = f.label :name, class: 'control-label' do
+          Member lock
+        .col-sm-10
+          .checkbox
+            = f.check_box :membership_lock
+            %span.descr Prevent adding new members to project membership within this group
      .form-actions
        = f.submit 'Save group', class: "btn btn-save"
@@ -33,5 +42,4 @@
      Removing group will cause all child projects and resources to be removed.
      %br
      %strong Removed group can not be restored!
    = link_to 'Remove Group', @group, data: {confirm: 'Removed group can not be restored! Are you sure?'}, method: :delete, class: "btn btn-remove"
--- a/app/views/groups/ldap_group_links/index.html.haml
+++ b/app/views/groups/ldap_group_links/index.html.haml
+%h3.page-title Linked LDAP groups
+= render 'ldap_group_links/form', group: @group
+= render 'ldap_group_links/ldap_group_links', group: @group
--- a/app/views/groups/members.html.haml
+++ b/app/views/groups/members.html.haml
@@ -17,6 +17,10 @@
  - if current_user && current_user.can?(:manage_group, @group)
    .pull-right
+      - if ldap_enabled? && @group.ldap_group_links.any?
+        = link_to reset_access_group_ldap_path(@group), class: 'btn btn-grouped', data: { confirm: "Force GitLab to do LDAP permission checks for all group members? All members besides yourself will be reduced to 'Guest' access until their next interaction with GitLab." }, method: :put do
+          Clear LDAP permission cache
      = link_to '#', class: 'btn btn-new js-toggle-button' do
        Add members
        %i.fa.fa-chevron-down
@@ -24,6 +28,19 @@
    .js-toggle-content.hide.new-group-member-holder
      = render "new_group_member"
+- if ldap_enabled? && @group.ldap_group_links.any?
+  .bs-callout.bs-callout-info
+    The members of this group are sync with LDAP.
+    Because LDAP permissions in GitLab get updated one user at a time and because GitLab caches LDAP check results, changes on your LDAP server or in this group's LDAP sync settings may take up to #{Gitlab.config.ldap['sync_time']}s to show in the list below.
+    %ul
+      - @group.ldap_group_links.each do |ldap_group_link|
+        %li
+          People in cn
+          %code= ldap_group_link.cn
+          are given
+          %code= ldap_group_link.human_access
+          access.
 .panel.panel-default.prepend-top-20
  .panel-heading
    %strong #{@group.name}

--- a/app/views/groups/show.html.haml
+++ b/app/views/groups/show.html.haml
@@ -20,3 +20,5 @@
      = spinner
    %aside.side.col-md-4
      = render "projects", projects: @projects
+      %br
+      = render "shared_projects", projects: @shared_projects
--- a/app/views/help/index.html.haml
+++ b/app/views/help/index.html.haml
 %div
  %h1
    GitLab
+    %span.light Enterprise Edition
    %span= Gitlab::VERSION
    %small= Gitlab::REVISION
  %p.slead

--- a/app/views/layouts/_head.html.haml
+++ b/app/views/layouts/_head.html.haml
@@ -7,7 +7,7 @@
  -# https://github.com/gitlabhq/gitlabhq/pull/5958#issuecomment-45397555
  - if controller_name == 'projects' && action_name == 'show'
    %meta{name: "go-import", content: "#{@project.web_url_without_protocol} git #{@project.web_url}.git"}
-  %meta{content: "GitLab Community Edition", name: "description"}
+  %meta{content: "GitLab Enterprise Edition", name: "description"}
  %title
    = "#{title} | " if defined?(title)

--- a/app/views/layouts/_head_panel.html.haml
+++ b/app/views/layouts/_head_panel.html.haml
@@ -2,6 +2,7 @@
  .navbar-inner
    .container
      %div.app_logo
+        - brand_header_logo if brand_item
        = link_to root_path, class: "home has_bottom_tooltip", title: "Dashboard" do
          %h1 GITLAB
      %h1.title= title

--- a/app/views/layouts/nav/_admin.html.haml
+++ b/app/views/layouts/nav/_admin.html.haml
@@ -39,7 +39,11 @@
      %i.fa.fa-cog
      %span
        Background Jobs
+  = nav_link(controller: :appearances) do
+    = link_to admin_appearances_path do
+      %i.fa.fa-image
+      %span
+        Appearance
  = nav_link(controller: :application_settings) do
    = link_to admin_application_settings_path do
      %i.fa.fa-cogs

--- a/app/views/ldap_group_links/_form.html.haml
+++ b/app/views/ldap_group_links/_form.html.haml
+%section.ldap-group-links
+  = form_for [group, LdapGroupLink.new] do |f|
+    %fieldset
+      %legend
+      %div.form-holder
+        .form-group.clearfix
+          = f.label :cn, class: 'control-label' do
+            LDAP Server
+          .col-sm-10
+            = f.select :provider, ldap_server_select_options
+        .form-group.clearfix
+          = f.label :cn, class: 'control-label' do
+            LDAP Group cn
+          .col-sm-10
+            = f.hidden_field :cn, placeholder: "Ex. QA group", class: "xxlarge ajax-ldap-groups-select input-mn-300"
+            .help-block
+              Synchronize #{group.name}'s members with this LDAP group.
+              %br
+              If you select an LDAP group you do not belong to you will lose ownership of #{group.name}.
+        .form-group.clearfix
+          = f.label :group_access, class: 'control-label' do
+            LDAP Access
+          .col-sm-10
+            = f.select :group_access, options_for_select(GroupMember.access_level_roles)
+            .help-block
+              Default, minimum permission level for LDAP group members of #{group.name}.
+              %br
+              You can manage permission levels for individual group members in the Members tab.
+      .form-actions
+        = f.submit 'Add synchronization', class: "btn btn-create"
--- a/app/views/ldap_group_links/_ldap_group_link.html.haml
+++ b/app/views/ldap_group_links/_ldap_group_link.html.haml
+%li
+  %h4= ldap_group_link.cn
+  .pull-right
+    = link_to group_ldap_group_link_path(group, ldap_group_link), method: :delete, class: 'btn btn-danger btn-small' do
+      = fa_icon('unlink', text: 'unlink')
+  - if ldap_group_link.config
+    %p.light
+      As
+      %strong #{ldap_group_link.human_access}
+      on
+      %strong #{ldap_group_link.provider_label}
+      server
+  - else
+    %p.cred
+      %i.fa.fa-warning
+      Config for
+      %code #{ldap_group_link.provider}
+      does not present in GitLab
--- a/app/views/ldap_group_links/_ldap_group_links.html.haml
+++ b/app/views/ldap_group_links/_ldap_group_links.html.haml
+.panel.panel-default
+  .panel-heading
+    %h4.panel-title
+      Linked LDAP groups
+      == (#{group.ldap_group_links.count})
+  - if group.ldap_group_links.any?
+    %ul.well-list
+      = render collection: group.ldap_group_links, partial: 'ldap_group_links/ldap_group_link', locals: { group: group }
+  - else
+    .panel-body
+      No linked LDAP groups
--- a/app/views/notify/send_admin_notification.html.haml
+++ b/app/views/notify/send_admin_notification.html.haml
--- a/app/views/notify/send_admin_notification.text.haml
+++ b/app/views/notify/send_admin_notification.text.haml
--- a/app/views/notify/send_unsubscribed_notification.html.haml
+++ b/app/views/notify/send_unsubscribed_notification.html.haml
--- a/app/views/notify/send_unsubscribed_notification.text.haml
+++ b/app/views/notify/send_unsubscribed_notification.text.haml
--- a/app/views/profiles/keys/_key.html.haml
+++ b/app/views/profiles/keys/_key.html.haml
--- a/app/views/profiles/keys/_key_details.html.haml
+++ b/app/views/profiles/keys/_key_details.html.haml
--- a/app/views/projects/_settings_nav.html.haml
+++ b/app/views/projects/_settings_nav.html.haml
--- a/app/views/projects/edit.html.haml
+++ b/app/views/projects/edit.html.haml
--- a/app/views/projects/git_hooks/index.html.haml
+++ b/app/views/projects/git_hooks/index.html.haml
--- a/app/views/projects/group_links/index.html.haml
+++ b/app/views/projects/group_links/index.html.haml
--- a/app/views/projects/merge_requests/show/_mr_accept.html.haml
+++ b/app/views/projects/merge_requests/show/_mr_accept.html.haml
--- a/app/views/projects/services/_form.html.haml
+++ b/app/views/projects/services/_form.html.haml
--- a/app/views/projects/team_members/_form.html.haml
+++ b/app/views/projects/team_members/_form.html.haml
--- a/app/views/projects/team_members/_shared_group_members.html.haml
+++ b/app/views/projects/team_members/_shared_group_members.html.haml
--- a/app/views/projects/team_members/_team_member.html.haml
+++ b/app/views/projects/team_members/_team_member.html.haml
--- a/app/views/projects/team_members/index.html.haml
+++ b/app/views/projects/team_members/index.html.haml
--- a/app/views/unsubscribes/show.html.haml
+++ b/app/views/unsubscribes/show.html.haml
--- a/app/workers/admin_emails_worker.rb
+++ b/app/workers/admin_emails_worker.rb
--- a/app/workers/ldap_sync_worker.rb
+++ b/app/workers/ldap_sync_worker.rb
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
--- a/config/initializers/7_omniauth.rb
+++ b/config/initializers/7_omniauth.rb
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
--- a/config/routes.rb
+++ b/config/routes.rb
--- a/db/migrate/20130711063759_create_project_group_links.rb
+++ b/db/migrate/20130711063759_create_project_group_links.rb
--- a/db/migrate/20130802124933_add_ldap_settings_to_group.rb
+++ b/db/migrate/20130802124933_add_ldap_settings_to_group.rb
--- a/db/migrate/20130809090140_add_ldap_access_to_group.rb
+++ b/db/migrate/20130809090140_add_ldap_access_to_group.rb
--- a/db/migrate/20130820102832_add_access_to_project_group_link.rb
+++ b/db/migrate/20130820102832_add_access_to_project_group_link.rb
--- a/db/migrate/20140319135450_create_git_hooks.rb
+++ b/db/migrate/20140319135450_create_git_hooks.rb
--- a/db/migrate/20140414093351_create_appearances.rb
+++ b/db/migrate/20140414093351_create_appearances.rb
--- a/db/migrate/20140508105809_add_mr_template_to_project.rb
+++ b/db/migrate/20140508105809_add_mr_template_to_project.rb
--- a/db/migrate/20140513095908_add_username_password_api_version_to_services.rb
+++ b/db/migrate/20140513095908_add_username_password_api_version_to_services.rb
--- a/db/migrate/20140811083829_add_unsubscribed_at_field_to_users.rb
+++ b/db/migrate/20140811083829_add_unsubscribed_at_field_to_users.rb
--- a/db/migrate/20140811155127_add_jira_issue_transition_id_to_services.rb
+++ b/db/migrate/20140811155127_add_jira_issue_transition_id_to_services.rb
--- a/db/migrate/20140813090117_add_ldap_groups_table.rb
+++ b/db/migrate/20140813090117_add_ldap_groups_table.rb
--- a/db/migrate/20140813133925_rename_ldap_group_to_ldap_group_link.rb
+++ b/db/migrate/20140813133925_rename_ldap_group_to_ldap_group_link.rb
--- a/db/migrate/20140907223153_remove_columns_for_services.rb
+++ b/db/migrate/20140907223153_remove_columns_for_services.rb
--- a/db/migrate/20141010132608_add_provider_to_ldap_group_links.rb
+++ b/db/migrate/20141010132608_add_provider_to_ldap_group_links.rb
--- a/db/migrate/20141027173526_add_author_email_regex_to_git_hook.rb
+++ b/db/migrate/20141027173526_add_author_email_regex_to_git_hook.rb
--- a/db/migrate/20141030133853_add_member_check_to_git_hooks.rb
+++ b/db/migrate/20141030133853_add_member_check_to_git_hooks.rb
--- a/db/migrate/20141103160516_add_file_name_regex_to_git_hooks.rb
+++ b/db/migrate/20141103160516_add_file_name_regex_to_git_hooks.rb
--- a/db/migrate/20141118150935_add_audit_event.rb
+++ b/db/migrate/20141118150935_add_audit_event.rb
--- a/db/migrate/20141126120926_add_merge_request_rebase_enabled_to_projects.rb
+++ b/db/migrate/20141126120926_add_merge_request_rebase_enabled_to_projects.rb
--- a/db/migrate/20141212124604_add_group_membership_lock.rb
+++ b/db/migrate/20141212124604_add_group_membership_lock.rb
--- a/db/migrate/20141213212220_add_header_logos_to_appearances.rb
+++ b/db/migrate/20141213212220_add_header_logos_to_appearances.rb
--- a/db/migrate/20141230100055_remove_old_fields_from_namespace.rb
+++ b/db/migrate/20141230100055_remove_old_fields_from_namespace.rb
--- a/db/schema.rb
+++ b/db/schema.rb
--- a/doc/README.md
+++ b/doc/README.md
--- a/doc/administration/audit_events.md
+++ b/doc/administration/audit_events.md
--- a/doc/administration/audit_events_group.png
+++ b/doc/administration/audit_events_group.png
--- a/doc/administration/audit_events_project.png
+++ b/doc/administration/audit_events_project.png
--- a/doc/api/projects.md
+++ b/doc/api/projects.md
--- a/doc/customization/branded_login_page.md
+++ b/doc/customization/branded_login_page.md
--- a/doc/customization/branded_login_page/admin_area.png
+++ b/doc/customization/branded_login_page/admin_area.png
--- a/doc/customization/branded_login_page/appearance.png
+++ b/doc/customization/branded_login_page/appearance.png
--- a/doc/customization/branded_login_page/company_login_page.png
+++ b/doc/customization/branded_login_page/company_login_page.png
--- a/doc/customization/branded_login_page/default_login_page.png
+++ b/doc/customization/branded_login_page/default_login_page.png
--- a/doc/development/ee_features.md
+++ b/doc/development/ee_features.md
--- a/doc/git_hooks/git_hooks.md
+++ b/doc/git_hooks/git_hooks.md
--- a/doc/git_hooks/git_hooks.png
+++ b/doc/git_hooks/git_hooks.png
--- a/doc/install/README.md
+++ b/doc/install/README.md
--- a/doc/install/installation.md
+++ b/doc/install/installation.md
--- a/doc/install/ldap.md
+++ b/doc/install/ldap.md
--- a/doc/install/packages.md
+++ b/doc/install/packages.md
--- a/doc/integration/README.md
+++ b/doc/integration/README.md
--- a/doc/integration/external-issue-tracker.md
+++ b/doc/integration/external-issue-tracker.md
--- a/doc/integration/jenkins.md
+++ b/doc/integration/jenkins.md
--- a/doc/integration/jenkins_gitlab_deploy.png
+++ b/doc/integration/jenkins_gitlab_deploy.png
--- a/doc/integration/jenkins_gitlab_service.png
+++ b/doc/integration/jenkins_gitlab_service.png
--- a/doc/integration/jenkins_project.png
+++ b/doc/integration/jenkins_project.png
--- a/doc/integration/jira.md
+++ b/doc/integration/jira.md
--- a/doc/integration/jira_project_name.png
+++ b/doc/integration/jira_project_name.png
--- a/doc/integration/jira_service.png
+++ b/doc/integration/jira_service.png
--- a/doc/integration/jira_service_close_issue.png
+++ b/doc/integration/jira_service_close_issue.png
--- a/doc/integration/jira_service_commit.png
+++ b/doc/integration/jira_service_commit.png
--- a/doc/integration/kerberos.md
+++ b/doc/integration/kerberos.md
--- a/doc/integration/ldap.md
+++ b/doc/integration/ldap.md
--- a/doc/integration/ldap/select_group_cn.png
+++ b/doc/integration/ldap/select_group_cn.png
--- a/doc/integration/ldap/select_group_cn_admin.png
+++ b/doc/integration/ldap/select_group_cn_admin.png
--- a/doc/integration/ldap/select_group_cn_engineering.png
+++ b/doc/integration/ldap/select_group_cn_engineering.png
--- a/doc/integration/ldap/two_linked_ldap_groups.png
+++ b/doc/integration/ldap/two_linked_ldap_groups.png
--- a/doc/release/manual_testing.md
+++ b/doc/release/manual_testing.md
--- a/doc/tools/email.md
+++ b/doc/tools/email.md
--- a/doc/tools/email1.png
+++ b/doc/tools/email1.png
--- a/doc/tools/email2.png
+++ b/doc/tools/email2.png
--- a/doc/tools/email3.png
+++ b/doc/tools/email3.png
--- a/doc/update/6.0-ce-to-ee.md
+++ b/doc/update/6.0-ce-to-ee.md
--- a/doc/update/6.0-to-6.2.md
+++ b/doc/update/6.0-to-6.2.md
--- a/doc/update/6.1-ce-to-ee.md
+++ b/doc/update/6.1-ce-to-ee.md
--- a/doc/update/6.2-ce-to-ee.md
+++ b/doc/update/6.2-ce-to-ee.md
--- a/doc/update/6.3-ce-to-ee.md
+++ b/doc/update/6.3-ce-to-ee.md
--- a/doc/update/6.4-ce-to-ee.md
+++ b/doc/update/6.4-ce-to-ee.md
--- a/doc/update/6.5-ce-to-ee.md
+++ b/doc/update/6.5-ce-to-ee.md
--- a/doc/update/6.6-ce-to-ee.md
+++ b/doc/update/6.6-ce-to-ee.md
--- a/doc/update/6.7-ce-to-ee.md
+++ b/doc/update/6.7-ce-to-ee.md
--- a/doc/update/6.8-ce-to-ee.md
+++ b/doc/update/6.8-ce-to-ee.md
--- a/doc/update/6.9-ce-to-ee.md
+++ b/doc/update/6.9-ce-to-ee.md
--- a/doc/update/6.x-or-7.x-to-7.6.md
+++ b/doc/update/6.x-or-7.x-to-7.6.md
--- a/doc/update/7.0-ce-to-ee.md
+++ b/doc/update/7.0-ce-to-ee.md
--- a/doc/update/7.1-ce-to-ee.md
+++ b/doc/update/7.1-ce-to-ee.md
--- a/doc/update/7.3-ce-to-ee.md
+++ b/doc/update/7.3-ce-to-ee.md
--- a/doc/update/7.4-ce-to-ee.md
+++ b/doc/update/7.4-ce-to-ee.md
--- a/doc/update/7.5-ce-to-ee.md
+++ b/doc/update/7.5-ce-to-ee.md
--- a/doc/update/7.6-ce-to-ee.md
+++ b/doc/update/7.6-ce-to-ee.md
--- a/doc/update/README.md
+++ b/doc/update/README.md
--- a/doc/workflow/README.md
+++ b/doc/workflow/README.md
--- a/doc/workflow/gitlab_flow.md
+++ b/doc/workflow/gitlab_flow.md
--- a/doc/workflow/groups.md
+++ b/doc/workflow/groups.md
--- a/doc/workflow/groups/max_access_level.png
+++ b/doc/workflow/groups/max_access_level.png
--- a/doc/workflow/groups/membership_lock.png
+++ b/doc/workflow/groups/membership_lock.png
--- a/doc/workflow/groups/other_group_sees_shared_project.png
+++ b/doc/workflow/groups/other_group_sees_shared_project.png
--- a/doc/workflow/groups/share_project_with_groups.png
+++ b/doc/workflow/groups/share_project_with_groups.png
--- a/doc/workflow/merge_request_settings.png
+++ b/doc/workflow/merge_request_settings.png
--- a/doc/workflow/merge_request_widget.png
+++ b/doc/workflow/merge_request_widget.png
--- a/doc/workflow/share_projects_with_other_groups.md
+++ b/doc/workflow/share_projects_with_other_groups.md
--- a/features/admin/appearance.feature
+++ b/features/admin/appearance.feature
--- a/features/admin/emails.feature
+++ b/features/admin/emails.feature
--- a/features/admin/groups.feature
+++ b/features/admin/groups.feature
--- a/features/groups.feature
+++ b/features/groups.feature
--- a/features/groups_management.feature
+++ b/features/groups_management.feature
--- a/features/project/git_hooks.feature
+++ b/features/project/git_hooks.feature
--- a/features/project/group_links.feature
+++ b/features/project/group_links.feature
--- a/features/project/merge_requests.feature
+++ b/features/project/merge_requests.feature
--- a/features/project/project.feature
+++ b/features/project/project.feature
--- a/features/project/service.feature
+++ b/features/project/service.feature
--- a/features/project/team_management.feature
+++ b/features/project/team_management.feature
--- a/features/steps/admin/appearance.rb
+++ b/features/steps/admin/appearance.rb
--- a/features/steps/admin/email.rb
+++ b/features/steps/admin/email.rb
--- a/features/steps/admin/groups.rb
+++ b/features/steps/admin/groups.rb
--- a/features/steps/dashboard/help.rb
+++ b/features/steps/dashboard/help.rb
--- a/features/steps/groups.rb
+++ b/features/steps/groups.rb
--- a/features/steps/groups_management.rb
+++ b/features/steps/groups_management.rb
--- a/features/steps/project/git_hooks.rb
+++ b/features/steps/project/git_hooks.rb
--- a/features/steps/project/merge_requests.rb
+++ b/features/steps/project/merge_requests.rb
--- a/features/steps/project/project.rb
+++ b/features/steps/project/project.rb
--- a/features/steps/project/project_group_links.rb
+++ b/features/steps/project/project_group_links.rb
--- a/features/steps/project/services.rb
+++ b/features/steps/project/services.rb
--- a/features/steps/project/team_management.rb
+++ b/features/steps/project/team_management.rb
--- a/features/steps/shared/admin.rb
+++ b/features/steps/shared/admin.rb
--- a/features/steps/shared/authentication.rb
+++ b/features/steps/shared/authentication.rb
--- a/features/steps/shared/group.rb
+++ b/features/steps/shared/group.rb
--- a/features/steps/shared/paths.rb
+++ b/features/steps/shared/paths.rb
--- a/features/steps/shared/project.rb
+++ b/features/steps/shared/project.rb
--- a/features/steps/user.rb
+++ b/features/steps/user.rb
--- a/features/user.feature
+++ b/features/user.feature
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
--- a/lib/api/ldap.rb
+++ b/lib/api/ldap.rb
--- a/lib/api/project_git_hook.rb
+++ b/lib/api/project_git_hook.rb
--- a/lib/api/project_members.rb
+++ b/lib/api/project_members.rb
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
--- a/lib/gitlab/kerberos/authentication.rb
+++ b/lib/gitlab/kerberos/authentication.rb
--- a/lib/gitlab/ldap/access.rb
+++ b/lib/gitlab/ldap/access.rb
--- a/lib/gitlab/ldap/adapter.rb
+++ b/lib/gitlab/ldap/adapter.rb
--- a/lib/gitlab/ldap/config.rb
+++ b/lib/gitlab/ldap/config.rb
--- a/lib/gitlab/ldap/group.rb
+++ b/lib/gitlab/ldap/group.rb
--- a/lib/gitlab/ldap/person.rb
+++ b/lib/gitlab/ldap/person.rb
--- a/lib/gitlab/reference_extractor.rb
+++ b/lib/gitlab/reference_extractor.rb
--- a/lib/gitlab/satellite/merge_action.rb
+++ b/lib/gitlab/satellite/merge_action.rb
--- a/lib/gitlab/upgrader.rb
+++ b/lib/gitlab/upgrader.rb
--- a/lib/tasks/migrate/ldap.rake
+++ b/lib/tasks/migrate/ldap.rake
--- a/public/header_logo_dark.png
+++ b/public/header_logo_dark.png
--- a/public/header_logo_light.png
+++ b/public/header_logo_light.png
--- a/spec/controllers/unsubscribes_controller_spec.rb
+++ b/spec/controllers/unsubscribes_controller_spec.rb
--- a/spec/factories.rb
+++ b/spec/factories.rb
--- a/spec/factories/appearances.rb
+++ b/spec/factories/appearances.rb
--- a/spec/factories/git_hooks.rb
+++ b/spec/factories/git_hooks.rb
--- a/spec/factories/project_group_links.rb
+++ b/spec/factories/project_group_links.rb
--- a/spec/finders/projects_finder_spec.rb
+++ b/spec/finders/projects_finder_spec.rb
--- a/spec/helpers/gitlab_markdown_helper_spec.rb
+++ b/spec/helpers/gitlab_markdown_helper_spec.rb
--- a/spec/helpers/merge_request_helper_spec.rb
+++ b/spec/helpers/merge_request_helper_spec.rb
--- a/spec/helpers/merge_requests_helper.rb
+++ b/spec/helpers/merge_requests_helper.rb
--- a/spec/helpers/oauth_helper_spec.rb
+++ b/spec/helpers/oauth_helper_spec.rb
--- a/spec/lib/gitlab/auth_spec.rb
+++ b/spec/lib/gitlab/auth_spec.rb
--- a/spec/lib/gitlab/git_access_spec.rb
+++ b/spec/lib/gitlab/git_access_spec.rb
--- a/spec/lib/gitlab/kerberos/authentication_spec.rb
+++ b/spec/lib/gitlab/kerberos/authentication_spec.rb
--- a/spec/lib/gitlab/ldap/access_spec.rb
+++ b/spec/lib/gitlab/ldap/access_spec.rb
--- a/spec/lib/gitlab/reference_extractor_spec.rb
+++ b/spec/lib/gitlab/reference_extractor_spec.rb
--- a/spec/lib/gitlab/satellite/merge_action_spec.rb
+++ b/spec/lib/gitlab/satellite/merge_action_spec.rb
--- a/spec/lib/gitlab/upgrader_spec.rb
+++ b/spec/lib/gitlab/upgrader_spec.rb
--- a/spec/mailers/notify_spec.rb
+++ b/spec/mailers/notify_spec.rb
--- a/spec/models/appearance_spec.rb
+++ b/spec/models/appearance_spec.rb
--- a/spec/models/concerns/mentionable_spec.rb
+++ b/spec/models/concerns/mentionable_spec.rb
--- a/spec/models/git_hook_spec.rb
+++ b/spec/models/git_hook_spec.rb
--- a/spec/models/jira_issue_spec.rb
+++ b/spec/models/jira_issue_spec.rb
--- a/spec/models/jira_service_spec.rb
+++ b/spec/models/jira_service_spec.rb
--- a/spec/models/ldap_group_link_spec.rb
+++ b/spec/models/ldap_group_link_spec.rb
--- a/spec/models/merge_request_spec.rb
+++ b/spec/models/merge_request_spec.rb
--- a/spec/models/project_group_link_spec.rb
+++ b/spec/models/project_group_link_spec.rb
--- a/spec/models/project_team_spec.rb
+++ b/spec/models/project_team_spec.rb
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
--- a/spec/requests/api/groups_spec.rb
+++ b/spec/requests/api/groups_spec.rb
--- a/spec/requests/api/ldap_spec.rb
+++ b/spec/requests/api/ldap_spec.rb
--- a/spec/requests/api/project_git_hook_spec.rb
+++ b/spec/requests/api/project_git_hook_spec.rb
--- a/spec/requests/api/project_members_spec.rb
+++ b/spec/requests/api/project_members_spec.rb
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
--- a/spec/routing/admin_routing_spec.rb
+++ b/spec/routing/admin_routing_spec.rb
--- a/spec/services/ldap_group_reset_service_spec.rb
+++ b/spec/services/ldap_group_reset_service_spec.rb
--- a/spec/workers/admin_emails_worker_spec.rb
+++ b/spec/workers/admin_emails_worker_spec.rb