Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq into ce-to-ee

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Conflicts:
	app/controllers/autocomplete_controller.rb
	app/controllers/omniauth_callbacks_controller.rb
	app/controllers/projects/services_controller.rb
	app/helpers/projects_helper.rb
	app/services/audit_event_service.rb
	db/schema.rb
	doc/api/users.md
	doc/update/6.x-or-7.x-to-7.13.md
	features/project/project.feature

CHANGELOG

 Please view this file on the master branch, on stable branches it's out of date.
 
 v 7.13.0 (unreleased)
+  - Only enable HSTS header for HTTPS and port 443 (Stan Hu)
+  - Fix user autocomplete for unauthenticated users accessing public projects (Stan Hu)
+  - Fix redirection to home page URL for unauthorized users (Daniel Gerhardt)
+  - Add branch switching support for graphs (Daniel Gerhardt)
   - Fix external issue tracker hook/test for HTTPS URLs (Daniel Gerhardt)
   - Remove link leading to a 404 error in Deploy Keys page (Stan Hu)
   - Add support for unlocking users in admin settings (Stan Hu)
-  - Fix order of issues imported form GitHub (Hiroyuki Sato)
+  - Add Irker service configuration options (Stan Hu)
+  - Fix order of issues imported from GitHub (Hiroyuki Sato)
   - Bump rugments to 1.0.0beta8 to fix C prototype function highlighting (Jonathon Reinhart)
   - Fix Merge Request webhook to properly fire "merge" action when accepted from the web UI
   - Add `two_factor_enabled` field to admin user API (Stan Hu)
   - Fix invalid timestamps in RSS feeds (Rowan Wookey)
-  - Fix error when deleting a user who has projects (Stan Hu)
   - Fix downloading of patches on public merge requests when user logged out (Stan Hu)
   - The password for the default administrator (root) account has been changed from "5iveL!fe" to "password".
   - Fix Error 500 when relative submodule resolves to a namespace that has a different name from its path (Stan Hu)
@@ -17,6 +21,7 @@ v 7.13.0 (unreleased)
   - Update maintenance documentation to explain no need to recompile asssets for omnibus installations (Stan Hu)
   - Support commenting on diffs in side-by-side mode (Stan Hu)
   - Fix JavaScript error when clicking on the comment button on a diff line that has a comment already (Stan Hu)
+  - Return 40x error codes if branch could not be deleted in UI (Stan Hu)
   - Remove project visibility icons from dashboard projects list
   - Rename "Design" profile settings page to "Preferences".
   - Allow users to customize their default Dashboard page.
@@ -34,6 +39,20 @@ v 7.13.0 (unreleased)
   - Faster automerge check and merge itself when source and target branches are in same repository 
   - Correctly show anonymous authorized applications under Profile > Applications.
   - Query Optimization in MySQL.
+  - Allow users to be blocked and unblocked via the API
+  - Use native Postgres database cleaning during backup restore
+  - Redesign project page. Show README as default instead of activity. Move project activity to separate page
+  - Make left menu more hierarchical and less contextual by adding back item at top
+  - A fork can’t have a visibility level that is greater than the original project.
+  - Faster code search in repository and wiki. Fixes search page timeout for big repositories 
+  - Allow administrators to disable 2FA for a specific user
+  - Add error message for SSH key linebreaks
+
+v 7.12.2
+  - Correctly show anonymous authorized applications under Profile > Applications.
+  - Faster automerge check and merge itself when source and target branches are in same repository
+  - Audit log for user authentication
+  - Fix transferring of project to another group using the API.
 
 v 7.12.1
   - Fix error when deleting a user who has projects (Stan Hu)
@@ -43,6 +62,8 @@ v 7.12.1
   - Fix closed merge request scope at milestone page (Dmitriy Zaporozhets)
   - Revert merge request states renaming 
   - Fix hooks for web based events with external issue references (Daniel Gerhardt)
+  - Improve performance for issue and merge request pages
+  - Compress database dumps to reduce backup size
 
 v 7.12.0
   - Fix Error 500 when one user attempts to access a personal, internal snippet (Stan Hu)

CONTRIBUTING.md

@@ -67,7 +67,7 @@ To start with GitLab download the [GitLab Development Kit](https://gitlab.com/gi
 
 If you can, please submit a merge request with the fix or improvements including tests. If you don't know how to fix the issue but can write a test that exposes the issue we will accept that as well. In general bug fixes that include a regression test are merged quickly while new features without proper tests are least likely to receive timely feedback. The workflow to make a merge request is as follows:
 
-1. Fork the project on GitLab Cloud
+1. Fork the project into your personal space on GitLab.com
 1. Create a feature branch
 1. Write [tests](https://gitlab.com/gitlab-org/gitlab-development-kit#running-the-tests) and code
 1. Add your changes to the [CHANGELOG](CHANGELOG)

Gemfile

@@ -204,7 +204,7 @@ gem 'jquery-ui-rails'
 gem 'nprogress-rails'
 gem 'raphael-rails',      '~> 2.1.2'
 gem 'request_store'
-gem 'select2-rails'
+gem 'select2-rails',      '~> 3.5.9'
 gem 'virtus'
 
 gem "gitlab-license", "~> 0.0.2"
@@ -234,26 +234,20 @@ group :development, :test do
   gem 'fuubar', '~> 2.0.0'
   gem 'pry-rails'
 
-  gem 'coveralls', require: false
+  gem 'coveralls',        '~> 0.8.2', require: false
   gem 'database_cleaner', '~> 1.4.0'
   gem 'factory_girl_rails'
   gem 'rspec-rails',      '~> 3.3.0'
   gem 'rubocop',          '0.28.0',   require: false
   gem 'spinach-rails'
 
-  # rest-client is a coveralls dependency and not used directly in GitLab, but
-  # we specify a version here to pick up some security fixes.
-  # See https://github.com/rest-client/rest-client/issues/369
-  # and http://www.osvdb.org/show/osvdb/117461
-  gem 'rest-client', '~> 1.8.0'
-
   # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
   gem 'minitest', '~> 5.3.0'
 
   # Generate Fake data
   gem 'ffaker', '~> 2.0.0'
 
-  gem 'capybara',            '~> 2.3.0'
+  gem 'capybara',            '~> 2.4.0'
   gem 'capybara-screenshot', '~> 1.0.0'
   gem 'poltergeist',         '~> 1.6.0'
 

Gemfile.lock

@@ -82,7 +82,7 @@ GEM
       columnize (~> 0.8)
       debugger-linecache (~> 1.2)
     cal-heatmap-rails (0.0.1)
-    capybara (2.3.0)
+    capybara (2.4.4)
       mime-types (>= 1.16)
       nokogiri (>= 1.3.3)
       rack (>= 1.0.0)
@@ -599,7 +599,7 @@ GEM
     seed-fu (2.3.5)
       activerecord (>= 3.1, < 4.3)
       activesupport (>= 3.1, < 4.3)
-    select2-rails (3.5.2)
+    select2-rails (3.5.9.3)
       thor (~> 0.14)
     settingslogic (2.0.9)
     sexp_processor (4.4.5)
@@ -704,7 +704,7 @@ GEM
     underscore-rails (1.4.4)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.6)
+    unf_ext (0.0.7.1)
     unicorn (4.6.3)
       kgio (~> 2.6)
       rack
@@ -754,13 +754,13 @@ DEPENDENCIES
   browser (~> 0.8.0)
   byebug
   cal-heatmap-rails (~> 0.0.1)
-  capybara (~> 2.3.0)
+  capybara (~> 2.4.0)
   capybara-screenshot (~> 1.0.0)
   carrierwave
   charlock_holmes
   coffee-rails
   colored
-  coveralls
+  coveralls (~> 0.8.2)
   creole (~> 0.3.6)
   d3_rails (~> 3.5.5)
   database_cleaner (~> 1.4.0)
@@ -836,7 +836,6 @@ DEPENDENCIES
   redis-rails
   request_store
   rerun (~> 0.10.0)
-  rest-client (~> 1.8.0)
   rqrcode-rails3
   rspec-rails (~> 3.3.0)
   rubocop (= 0.28.0)
@@ -845,7 +844,7 @@ DEPENDENCIES
   sass-rails (~> 4.0.5)
   sdoc
   seed-fu
-  select2-rails
+  select2-rails (~> 3.5.9)
   settingslogic
   shoulda-matchers (~> 2.8.0)
   sidekiq (~> 3.3)
@@ -881,4 +880,4 @@ DEPENDENCIES
   wikicloth (= 0.8.1)
 
 BUNDLED WITH
-   1.10.4
+   1.10.5

README.md

@@ -49,7 +49,7 @@ To use EE and get official support please [become a subscriber](https://about.gi
 
 ## Code status
 
-- [![build status](https://ci.gitlab.org/projects/1/status.png?ref=master)](https://ci.gitlab.org/projects/1?ref=master) on ci.gitlab.org (master branch)
+- [![build status](https://ci.gitlab.com/projects/1/status.png?ref=master)](https://ci.gitlab.com/projects/1?ref=master) on ci.gitlab.com (master branch)
 
 - [![Build Status](https://semaphoreapp.com/api/v1/projects/2f1a5809-418b-4cc2-a1f4-819607579fe7/243338/badge.png)](https://semaphoreapp.com/gitlabhq/gitlabhq)
 
@@ -98,7 +98,7 @@ Since 2011 a minor or major version of GitLab is released on the 22nd of every m
 
 ## Upgrading
 
-For updating the Omnibus installation please see the [update documentation](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/update.md). For installations from source there is an [upgrader script](doc/update/upgrader.md) and there are [upgrade guides](doc/update) detailing all necessary commands to migrate to the next version.
+For upgrading information please see our [update page](https://about.gitlab.com/update/).
 
 ## Install a development environment
 

app/assets/javascripts/application.js.coffee

@@ -16,7 +16,6 @@
 #= require jquery.scrollTo
 #= require jquery.blockUI
 #= require jquery.turbolinks
-#= require jquery.sticky-kit.min
 #= require turbolinks
 #= require autosave
 #= require bootstrap
@@ -41,6 +40,7 @@
 #= require shortcuts_issuable
 #= require shortcuts_network
 #= require cal-heatmap
+#= require jquery.nicescroll.min
 #= require_tree .
 
 window.slugify = (text) ->
@@ -107,6 +107,8 @@ window.addEventListener "hashchange", shiftWindow
 $.timeago.settings.allowFuture = true
 
 $ ->
+  $(".nicescroll").niceScroll(cursoropacitymax: '0.4', cursorcolor: '#FFF', cursorborder: "1px solid #FFF")
+
   # Click a .js-select-on-focus field, select the contents
   $(".js-select-on-focus").on "focusin", ->
     # Prevent a mouseup event from deselecting the input

app/assets/javascripts/dispatcher.js.coffee

@@ -62,8 +62,9 @@ class Dispatcher
         shortcut_handler = new ShortcutsNavigation()
       when 'projects:commits:show'
         shortcut_handler = new ShortcutsNavigation()
+      when 'projects:activity'
+        shortcut_handler = new ShortcutsNavigation()
       when 'projects:show'
-        new Activities()
         shortcut_handler = new ShortcutsNavigation()
       when 'groups:show'
         new Activities()

app/assets/javascripts/dropzone_input.js.coffee

@@ -25,10 +25,10 @@ class @DropzoneInput
     form_dropzone = $(form).find('.div-dropzone')
     form_dropzone.parent().addClass "div-dropzone-wrapper"
     form_dropzone.append divHover
-    $(".div-dropzone-hover").append iconPaperclip
+    form_dropzone.find(".div-dropzone-hover").append iconPaperclip
     form_dropzone.append divSpinner
-    $(".div-dropzone-spinner").append iconSpinner
-    $(".div-dropzone-spinner").css
+    form_dropzone.find(".div-dropzone-spinner").append iconSpinner
+    form_dropzone.find(".div-dropzone-spinner").css
       "opacity": 0
       "display": "none"
 

app/assets/javascripts/merge_request_tabs.js.coffee

@@ -69,7 +69,6 @@ class @MergeRequestTabs
       @loadCommits($target.attr('href'))
     else if action == 'diffs'
       @loadDiff($target.attr('href'))
-      @stickyDiffHeaders()
 
     @setCurrentAction(action)
 
@@ -137,15 +136,11 @@ class @MergeRequestTabs
       url: "#{source}.json"
       success: (data) =>
         document.getElementById('diffs').innerHTML = data.html
-        @stickyDiffHeaders()
         @diffsLoaded = true
 
   toggleLoading: ->
     $('.mr-loading-status .loading').toggle()
 
-  stickyDiffHeaders: ->
-    $('.diff-header').trigger('sticky_kit:recalc')
-
   _get: (options) ->
     defaults = {
       beforeSend: @toggleLoading

app/assets/javascripts/pager.js.coffee

@@ -12,7 +12,7 @@
     @loading.show()
     $.ajax
       type: "GET"
-      url: location.href
+      url: $(".content_list").data('href') || location.href
       data: "limit=" + @limit + "&offset=" + @offset
       complete: =>
         @loading.hide()

app/assets/javascripts/project_show.js.coffee

 class @ProjectShow
   constructor: ->
-    $('.project-home-panel .star').on 'ajax:success', (e, data, status, xhr) ->
-      $(@).toggleClass('on').find('.count').html(data.star_count)
-    .on 'ajax:error', (e, xhr, status, error) ->
-      new Flash('Star toggle failed. Try again later.', 'alert')
-
-    $("a[data-toggle='tab']").on "shown.bs.tab", (e) ->
-        $.cookie "default_view", $(e.target).attr("href"), { expires: 30, path: '/' }
-
-      defaultView = $.cookie("default_view")
-      if defaultView
-        $("a[href=" + defaultView + "]").tab "show"
-      else
-        $("a[data-toggle='tab']:first").tab "show"
+    # I kept class for future

app/assets/javascripts/shortcuts_navigation.coffee

@@ -4,6 +4,7 @@ class @ShortcutsNavigation extends Shortcuts
   constructor: ->
     super()
     Mousetrap.bind('g p', -> ShortcutsNavigation.findAndFollowLink('.shortcuts-project'))
+    Mousetrap.bind('g e', -> ShortcutsNavigation.findAndFollowLink('.shortcuts-project-activity'))
     Mousetrap.bind('g f', -> ShortcutsNavigation.findAndFollowLink('.shortcuts-tree'))
     Mousetrap.bind('g c', -> ShortcutsNavigation.findAndFollowLink('.shortcuts-commits'))
     Mousetrap.bind('g n', -> ShortcutsNavigation.findAndFollowLink('.shortcuts-network'))

app/assets/stylesheets/base/mixins.scss

@@ -109,7 +109,7 @@
     font-size: 1.2em;
   }
 
-  blockquote p {
+  blockquote {
     color: #888;
     font-size: 15px;
     line-height: 1.5;

app/assets/stylesheets/generic/mobile.scss

@@ -44,20 +44,18 @@
   .project-home-panel {
     padding-left: 0 !important;
 
-    .project-home-row {
-      .project-home-desc {
-        margin-right: 0 !important;
-        float: none !important;
+    .project-avatar {
+      display: block;
     }
 
-      .project-repo-buttons {
-        position: static;
-        margin-top: 15px;
-        width: 100%;
-        float: none;
-        text-align: left;
+    .project-repo-buttons,
+    .git-clone-holder {
+      display: none;
     }
   }
+
+  .project-stats {
+    display: none;
   }
 
   .container .title {

app/assets/stylesheets/generic/sidebar.scss

@@ -2,6 +2,9 @@
   .sidebar-wrapper {
     position: fixed;
     top: 0;
+    bottom: 0;
+    overflow-y: auto;
+    overflow-x: hidden;
     left: 0;
     height: 100%;
     transition-duration: .3s;
@@ -21,8 +24,9 @@
 }
 
 .nav-sidebar {
+  margin-top: 29 + $header-height;
+  margin-bottom: 50px;
   transition-duration: .3s;
-  margin: 0;
   list-style: none;
   overflow: hidden;
 
@@ -39,12 +43,12 @@
     }
 
     a {
+      padding: 8px 15px;
+      font-size: 13px;
+      line-height: 18px;
       color: $gray;
       display: block;
       text-decoration: none;
-      padding: 8px 15px;
-      font-size: 14px;
-      line-height: 20px;
       padding-left: 16px;
 
       &:hover {
@@ -88,14 +92,17 @@
     width: $sidebar_width;
 
     .nav-sidebar {
-      margin-top: 29px;
-      position: fixed;
-      top: $header-height;
       width: $sidebar_width;
     }
 
     .nav-sidebar li a{
       width: 230px;
+
+      &.back-link {
+        i {
+          visibility: hidden;
+        }
+      }
     }
   }
 }
@@ -108,15 +115,9 @@
     width: $sidebar_collapsed_width;
 
     .nav-sidebar {
-      margin-top: 29px;
-      position: fixed;
-      top: $header-height;
       width: $sidebar_collapsed_width;
 
       li a {
-        font-size: 14px;
-        padding: 8px 15px;
-        text-align: left;
         padding-left: 16px;
       }
     }
@@ -175,7 +176,7 @@
 }
 
 .sidebar-user {
-  position: absolute;
+  position: fixed;
   bottom: 0;
   width: $sidebar_width;
   padding: 10px;

app/assets/stylesheets/generic/typography.scss

@@ -17,6 +17,14 @@ pre {
     background: #333;
     color: $background-color;
   }
+
+  &.plain-readme {
+    background: none;
+    border: none;
+    padding: 0;
+    margin: 0;
+    font-size: 14px;
+  }
 }
 
 .monospace {

app/assets/stylesheets/pages/notes.scss

@@ -72,13 +72,28 @@ ul.notes {
   .note {
     display: block;
     position:relative;
+
     .note-body {
       overflow: auto;
+
       .note-text {
         overflow: auto;
         word-wrap: break-word;
         @include md-typography;
 
+        // Reset ul style types since we're nested inside a ul already
+        & > ul {
+          list-style-type: disc;
+
+          ul {
+            list-style-type: circle;
+
+            ul {
+              list-style-type: square;
+            }
+          }
+        }
+
         // Reduce left padding of first task list ul element
         ul.task-list:first-child {
           padding-left: 10px;
@@ -94,6 +109,7 @@ ul.notes {
         }
       }
     }
+
     .note-header {
       padding-bottom: 3px;
     }

app/assets/stylesheets/pages/projects.scss

@@ -15,48 +15,31 @@
 }
 
 .project-home-panel {
-  margin-top: 10px;
-  margin-bottom: 15px;
-  position: relative;
-  padding-left: 65px;
-  min-height: 50px;
+  text-align: center;
+  margin-bottom: 20px;
 
   .project-identicon-holder {
-    position: absolute;
-    left: 0;
-    top: -14px;
+    margin-bottom: 15px;
 
-    .avatar {
-      width: 50px;
-      height: 50px;
+    .avatar, .identicon {
+      margin: 0 auto;
+      float: none;
     }
 
     .identicon {
-      font-size: 26px;
-      line-height: 50px;
+      @include border-radius(50%);
     }
   }
 
-  .project-home-row {
-    @extend .clearfix;
-    margin-bottom: 15px;
-
-    &.project-home-row-top {
-      margin-bottom: 15px;
-    }
-
-    .project-home-desc {
-      color: $gray;
-      float: left;
-      font-size: 16px;
-      line-height: 1.3;
-      margin-right: 250px;
-
-      // Render Markdown-generated HTML inline for this block
+  .lead {
     p {
       display: inline;
     }
   }
+
+  .git-clone-holder {
+    max-width: 600px;
+    margin: 0 auto;
   }
 
   .visibility-level-label {
@@ -67,22 +50,22 @@
   }
 
   .project-repo-buttons {
-    margin-top: -3px;
-    position: absolute;
-    right: 0;
-    width: 265px;
-    text-align: right;
+    margin-top: 25px;
+    margin-bottom: 25px;
 
     .btn {
+      @extend .btn-info;
+
+      margin-left: 10px;
       font-weight: bold;
       font-size: 14px;
       line-height: 16px;
+      padding: 8px 12px;
 
       .count {
-        padding-left: 10px;
-        border-left: 1px solid #ccc;
+        padding-left: 7px;
         display: inline-block;
-        margin-left: 10px;
+        margin-left: 7px;
       }
     }
   }
@@ -307,3 +290,15 @@ table.table.protected-branches-list tr.no-border {
   float: left;
   margin-right: 10px;
 }
+
+.project-stats {
+  text-align: center;
+
+  ul.nav-pills { display:inline-block; }
+  li { display:inline; }
+  a { float:left; }
+}
+
+pre.light-well {
+  border-color: #f1f1f1;
+}

app/assets/stylesheets/themes/gitlab-theme.scss

@@ -35,9 +35,9 @@
 
     .sidebar-wrapper {
       background: $color-darker;
-      border-right: 1px solid $color-darker;
 
       .sidebar-user {
+        background: $color-darker;
         color: $color-light;
 
         &:hover {

app/controllers/admin/projects_controller.rb

@@ -23,7 +23,8 @@ class Admin::ProjectsController < Admin::ApplicationController
   end
 
   def transfer
-    ::Projects::TransferService.new(@project, current_user, params.dup).execute
+    namespace = Namespace.find_by(id: params[:new_namespace_id])
+    ::Projects::TransferService.new(@project, current_user, params.dup).execute(namespace)
 
     @project.reload
     redirect_to admin_namespace_project_path(@project.namespace, @project)

app/controllers/admin/users_controller.rb

@@ -55,6 +55,12 @@ class Admin::UsersController < Admin::ApplicationController
     end
   end
 
+  def disable_two_factor
+    user.disable_two_factor!
+    redirect_to admin_user_path(user),
+      notice: 'Two-factor Authentication has been disabled for this user'
+  end
+
   def create
     opts = {
       force_random_password: true,

app/controllers/application_controller.rb

@@ -56,7 +56,7 @@ class ApplicationController < ActionController::Base
   def authenticate_user!(*args)
     # If user is not signed-in and tries to access root_path - redirect him to landing page
     if current_application_settings.home_page_url.present?
-      if current_user.nil? && controller_name == 'dashboard' && action_name == 'show'
+      if current_user.nil? && root_path == request.path
         redirect_to current_application_settings.home_page_url and return
       end
     end
@@ -183,7 +183,10 @@ class ApplicationController < ActionController::Base
     headers['X-XSS-Protection'] = '1; mode=block'
     headers['X-UA-Compatible'] = 'IE=edge'
     headers['X-Content-Type-Options'] = 'nosniff'
-    headers['Strict-Transport-Security'] = 'max-age=31536000' if Gitlab.config.gitlab.https
+    # Enabling HSTS for non-standard ports would send clients to the wrong port
+    if Gitlab.config.gitlab.https and Gitlab.config.gitlab.port == 443
+      headers['Strict-Transport-Security'] = 'max-age=31536000'
+    end
   end
 
   def add_gon_variables
@@ -271,6 +274,7 @@ class ApplicationController < ActionController::Base
     params[:scope] = 'all' if params[:scope].blank?
     params[:state] = 'opened' if params[:state].blank?
 
+    @sort = params[:sort]
     @filter_params = params.dup
 
     if @project

app/controllers/autocomplete_controller.rb

 class AutocompleteController < ApplicationController
+  skip_before_action :authenticate_user!, only: [:users]
+
   def users
+    begin
       @users =
         if params[:project_id].present?
           project = Project.find(params[:project_id])
@@ -13,10 +16,20 @@ class AutocompleteController < ApplicationController
           if can?(current_user, :read_group, group)
             group.users
           end
-      else
+        elsif current_user
           User.all
         end
+    rescue ActiveRecord::RecordNotFound
+      if current_user
+        return render json: {}, status: 404
+      end
+    end
+
+    if @users.nil? && current_user.nil?
+      authenticate_user!
+    end
 
+    @users ||= User.none
     @users = @users.non_ldap if params[:skip_ldap] == 'true'
     @users = @users.search(params[:search]) if params[:search].present?
     @users = @users.active

app/controllers/omniauth_callbacks_controller.rb

@@ -32,6 +32,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
       if @user.otp_required_for_login?
         prompt_for_two_factor(gl_user)
       else
+        log_audit_event(gl_user, with: :ldap)
         sign_in_and_redirect(gl_user)
       end
     else
@@ -52,6 +53,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
     if current_user
       # Add new authentication method
       current_user.identities.find_or_create_by(extern_uid: oauth['uid'], provider: oauth['provider'])
+      log_audit_event(current_user, with: oauth['provider'])
       redirect_to profile_account_path, notice: 'Authentication method updated'
     else
       @user = Gitlab::OAuth::User.new(oauth)
@@ -59,6 +61,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
 
       # Only allow properly saved users to login.
       if @user.persisted? && @user.valid?
+        log_audit_event(@user.gl_user, with: oauth['provider'])
         sign_in_and_redirect(@user.gl_user)
       else
         error_message =
@@ -88,4 +91,9 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
   def oauth
     @oauth ||= request.env['omniauth.auth']
   end
+
+  def log_audit_event(user, options = {})
+    AuditEventService.new(user, user, options).
+      for_authentication.security_event
+  end
 end

app/controllers/profiles/preferences_controller.rb

@@ -32,6 +32,7 @@ class Profiles::PreferencesController < Profiles::ApplicationController
     params.require(:user).permit(
       :color_scheme_id,
       :dashboard,
+      :project_view,
       :theme_id
     )
   end

app/controllers/profiles/two_factor_auths_controller.rb

@@ -29,13 +29,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
   end
 
   def destroy
-    current_user.update_attributes({
-      two_factor_enabled:        false,
-      encrypted_otp_secret:      nil,
-      encrypted_otp_secret_iv:   nil,
-      encrypted_otp_secret_salt: nil,
-      otp_backup_codes:          nil
-    })
+    current_user.disable_two_factor!
 
     redirect_to profile_account_path
   end

app/controllers/profiles_controller.rb

@@ -38,8 +38,11 @@ class ProfilesController < Profiles::ApplicationController
     redirect_to profile_account_path
   end
 
-  def history
-    @events = current_user.recent_events.page(params[:page]).per(PER_PAGE)
+  def audit_log
+    @events = AuditEvent.where(entity_type: "User", entity_id: current_user.id).
+      order("created_at DESC").
+      page(params[:page]).
+      per(PER_PAGE)
   end
 
   def update_username

app/controllers/projects/branches_controller.rb

@@ -32,7 +32,7 @@ class Projects::BranchesController < Projects::ApplicationController
   end
 
   def destroy
-    DeleteBranchService.new(project, current_user).execute(params[:id])
+    status = DeleteBranchService.new(project, current_user).execute(params[:id])
     @branch_name = params[:id]
 
     respond_to do |format|
@@ -40,7 +40,7 @@ class Projects::BranchesController < Projects::ApplicationController
         redirect_to namespace_project_branches_path(@project.namespace,
                                                     @project)
       end
-      format.js
+      format.js { render status: status[:return_code] }
     end
   end
 end

app/controllers/projects/graphs_controller.rb

 class Projects::GraphsController < Projects::ApplicationController
+  include ExtractsPath
+
   # Authorize
   before_action :require_non_empty_project
+  before_action :assign_ref_vars
   before_action :authorize_download_code!
 
   def show
@@ -13,7 +16,7 @@ class Projects::GraphsController < Projects::ApplicationController
   end
 
   def commits
-    @commits = @project.repository.commits(nil, nil, 2000, 0, true)
+    @commits = @project.repository.commits(@ref, nil, 2000, 0, true)
     @commits_graph = Gitlab::Graphs::Commits.new(@commits)
     @commits_per_week_days = @commits_graph.commits_per_week_days
     @commits_per_time = @commits_graph.commits_per_time
@@ -23,7 +26,7 @@ class Projects::GraphsController < Projects::ApplicationController
   private
 
   def fetch_graph
-    @commits = @project.repository.commits(nil, nil, 6000, 0, true)
+    @commits = @project.repository.commits(@ref, nil, 6000, 0, true)
     @log = []
 
     @commits.each do |commit|

app/controllers/projects/refs_controller.rb

@@ -8,14 +8,18 @@ class Projects::RefsController < Projects::ApplicationController
   def switch
     respond_to do |format|
       format.html do
-        new_path = if params[:destination] == "tree"
-                     namespace_project_tree_path(@project.namespace, @project,
-                                                 (@id))
-                   elsif params[:destination] == "blob"
-                     namespace_project_blob_path(@project.namespace, @project,
-                                                 (@id))
-                   elsif params[:destination] == "graph"
+        new_path =
+          case params[:destination]
+          when "tree"
+            namespace_project_tree_path(@project.namespace, @project, @id)
+          when "blob"
+            namespace_project_blob_path(@project.namespace, @project, @id)
+          when "graph"
             namespace_project_network_path(@project.namespace, @project, @id, @options)
+          when "graphs"
+            namespace_project_graph_path(@project.namespace, @project, @id)
+          when "graphs_commits"
+            commits_namespace_project_graph_path(@project.namespace, @project, @id)
           else
             namespace_project_commits_path(@project.namespace, @project, @id)
           end

app/controllers/projects/services_controller.rb

@@ -7,7 +7,9 @@ class Projects::ServicesController < Projects::ApplicationController
                     :colorize_messages, :channels,
                     :push_events, :issues_events, :merge_requests_events, :tag_push_events,
                     :note_events, :send_from_committer_email, :disable_diffs, :external_wiki_url,
-                    :jira_issue_transition_id, :notify, :color]
+                    :jira_issue_transition_id,
+                    :notify, :color,
+                    :server_host, :server_port, :default_irc_uri]
 
   # Authorize
   before_action :authorize_admin_project!

app/controllers/projects_controller.rb

@@ -6,7 +6,7 @@ class ProjectsController < ApplicationController
 
   # Authorize
   before_action :authorize_admin_project!, only: [:edit, :update, :destroy, :transfer, :archive, :unarchive]
-  before_action :event_filter, only: :show
+  before_action :event_filter, only: [:show, :activity]
 
   layout :determine_layout
 
@@ -52,10 +52,21 @@ class ProjectsController < ApplicationController
   end
 
   def transfer
-    transfer_params = params.permit(:new_namespace_id)
-    ::Projects::TransferService.new(project, current_user, transfer_params).execute
-    if @project.errors[:namespace_id].present?
-      flash[:alert] = @project.errors[:namespace_id].first
+    namespace = Namespace.find_by(id: params[:new_namespace_id])
+    ::Projects::TransferService.new(project, current_user).execute(namespace)
+
+    if @project.errors[:new_namespace].present?
+      flash[:alert] = @project.errors[:new_namespace].first
+    end
+  end
+
+  def activity
+    respond_to do |format|
+      format.html
+      format.json do
+        load_events
+        pager_json('events/_events', @events.count)
+      end
     end
   end
 
@@ -65,15 +76,12 @@ class ProjectsController < ApplicationController
       return
     end
 
-    @show_star = !(current_user && current_user.starred?(@project))
-
     respond_to do |format|
       format.html do
         if @project.repository_exists?
           if @project.empty_repo?
             render 'projects/empty'
           else
-            @last_push = current_user.recent_push(@project.id) if current_user
             render :show
           end
         else
@@ -81,11 +89,6 @@ class ProjectsController < ApplicationController
         end
       end
 
-      format.json do
-        load_events
-        pager_json('events/_events', @events.count)
-      end
-
       format.atom do
         load_events
         render layout: false
@@ -147,7 +150,10 @@ class ProjectsController < ApplicationController
   def toggle_star
     current_user.toggle_star(@project)
     @project.reload
-    render json: { star_count: @project.star_count }
+
+    render json: {
+      html: view_to_html_string("projects/buttons/_star")
+    }
   end
 
   def markdown_preview

app/controllers/sessions_controller.rb

@@ -37,6 +37,8 @@ class SessionsController < Devise::SessionsController
         resource.update_attributes(reset_password_token: nil,
                                    reset_password_sent_at: nil)
       end
+      authenticated_with = user_params[:otp_attempt] ? "two-factor" : "standard"
+      log_audit_event(current_user, with: authenticated_with)
     end
   end
 
@@ -95,4 +97,9 @@ class SessionsController < Devise::SessionsController
     user.valid_otp?(user_params[:otp_attempt]) ||
     user.invalidate_otp_backup_code!(user_params[:otp_attempt])
   end
+
+  def log_audit_event(user, options = {})
+    AuditEventService.new(user, user, options).
+      for_authentication.security_event
+  end
 end

app/finders/issuable_finder.rb

@@ -10,7 +10,7 @@
 #     state: 'open' or 'closed' or 'all'
 #     group_id: integer
 #     project_id: integer
-#     milestone_id: integer
+#     milestone_title: string
 #     assignee_id: integer
 #     search: string
 #     label_name: string
@@ -76,7 +76,7 @@ class IssuableFinder
     return @milestones if defined?(@milestones)
 
     @milestones =
-      if milestones? && params[:milestone_title] != NONE
+      if milestones? && params[:milestone_title] != Milestone::None.title
         Milestone.where(title: params[:milestone_title])
       else
         nil

app/helpers/application_helper.rb

@@ -213,6 +213,10 @@ module ApplicationHelper
       Haml::Helpers.preserve(markdown(file_content))
     elsif asciidoc?(file_name)
       asciidoc(file_content)
+    elsif plain?(file_name)
+      content_tag :pre, class: 'plain-readme' do
+        file_content
+      end
     else
       GitHub::Markup.render(file_name, file_content).
         force_encoding(file_content.encoding).html_safe
@@ -221,6 +225,10 @@ module ApplicationHelper
     simple_format(file_content)
   end
 
+  def plain?(filename)
+    Gitlab::MarkupHelper.plain?(filename)
+  end
+
   def markup?(filename)
     Gitlab::MarkupHelper.markup?(filename)
   end

app/helpers/application_settings_helper.rb

@@ -32,7 +32,7 @@ module ApplicationSettingsHelper
   def restricted_level_checkboxes(help_block_id)
     Gitlab::VisibilityLevel.options.map do |name, level|
       checked = restricted_visibility_levels(true).include?(level)
-      css_class = 'btn btn-primary'
+      css_class = 'btn'
       css_class += ' active' if checked
       checkbox_name = 'application_setting[restricted_visibility_levels][]'
 

app/helpers/gitlab_markdown_helper.rb

@@ -118,7 +118,7 @@ module GitlabMarkdownHelper
 
   # Returns a random markdown tip for use as a textarea placeholder
   def random_markdown_tip
-    "Tip: #{MARKDOWN_TIPS.sample}"
+    MARKDOWN_TIPS.sample
   end
 
   private

app/helpers/gitlab_routing_helper.rb

@@ -17,6 +17,10 @@ module GitlabRoutingHelper
     namespace_project_path(project.namespace, project, *args)
   end
 
+  def activity_project_path(project, *args)
+    activity_namespace_project_path(project.namespace, project, *args)
+  end
+
   def edit_project_path(project, *args)
     edit_namespace_project_path(project.namespace, project, *args)
   end

app/helpers/milestones_helper.rb

@@ -29,6 +29,8 @@ module MilestonesHelper
       end.active
 
     grouped_milestones = Milestones::GroupService.new(milestones).execute
+    grouped_milestones.unshift(Milestone::None)
+
     options_from_collection_for_select(grouped_milestones, 'title', 'title', params[:milestone_title])
   end
 end

app/helpers/preferences_helper.rb

@@ -42,6 +42,13 @@ module PreferencesHelper
     end
   end
 
+  def project_view_choices
+    [
+      ['Readme (default)', :readme],
+      ['Activity view', :activity]
+    ]
+  end
+
   def user_application_theme
     theme = Gitlab::Themes.by_id(current_user.try(:theme_id))
     theme.css_class
@@ -50,4 +57,9 @@ module PreferencesHelper
   def user_color_scheme_class
     COLOR_SCHEMES[current_user.try(:color_scheme_id)] if defined?(current_user)
   end
+
+  def prefer_readme?
+    !current_user ||
+      current_user.project_view == 'readme'
+  end
 end

app/helpers/projects_helper.rb

@@ -84,58 +84,21 @@ module ProjectsHelper
     @project.milestones.active.order("due_date, title ASC")
   end
 
-  def link_to_toggle_star(title, starred)
-    cls = 'star-btn btn btn-sm btn-default'
-
-    toggle_text =
-      if starred
-        ' Unstar'
+  def project_for_deploy_key(deploy_key)
+    if deploy_key.projects.include?(@project)
+      @project
     else
-        ' Star'
-      end
-
-    toggle_html = content_tag('span', class: 'toggle') do
-      icon('star') + toggle_text
-    end
-
-    count_html = content_tag('span', class: 'count') do
-      @project.star_count.to_s
-    end
-
-    link_opts = {
-      title: title,
-      class: cls,
-      method: :post,
-      remote: true,
-      data: { type: 'json' }
-    }
-
-    path = toggle_star_namespace_project_path(@project.namespace, @project)
-
-    content_tag 'span', class: starred ? 'turn-on' : 'turn-off' do
-      link_to(path, link_opts) do
-        toggle_html + ' ' + count_html
-      end
-    end
-  end
-
-  def link_to_toggle_fork
-    html = content_tag('span') do
-      icon('code-fork') + ' Fork'
+      deploy_key.projects.find { |project| can?(current_user, :read_project, project) }
     end
-
-    count_html = content_tag(:span, class: 'count') do
-      @project.forks_count.to_s
   end
 
-    html + count_html
-  end
+  def can_change_visibility_level?(project, current_user)
+    return false unless can?(current_user, :change_visibility_level, project)
 
-  def project_for_deploy_key(deploy_key)
-    if deploy_key.projects.include?(@project)
-      @project
+    if project.forked?
+      project.forked_from_project.visibility_level > Gitlab::VisibilityLevel::PRIVATE
     else
-      deploy_key.projects.find { |project| can?(current_user, :read_project, project) }
+      true
     end
   end
 
@@ -285,14 +248,6 @@ module ProjectsHelper
     end
   end
 
-  def github_import_enabled?
-    enabled_oauth_providers.include?(:github)
-  end
-
-  def gitlab_import_enabled?
-    enabled_oauth_providers.include?(:gitlab)
-  end
-
   def membership_locked?
     if @project.group && @project.group.membership_lock
       true
@@ -301,16 +256,6 @@ module ProjectsHelper
     end
   end
 
-  def service_field_value(type, value)
-    return value unless type == 'password'
-
-    if value.present?
-      "***********"
-    else
-      nil
-    end
-  end
-
   def user_max_access_in_project(user, project)
     level = project.team.max_member_access(user)
 
@@ -322,4 +267,21 @@ module ProjectsHelper
   def leave_project_message(project)
     "Are you sure you want to leave \"#{project.name}\" project?"
   end
+
+  def new_readme_path
+    ref = @repository.root_ref if @repository
+    ref ||= 'master'
+
+    namespace_project_new_blob_path(@project.namespace, @project, tree_join(ref), file_name: 'README.md')
+  end
+
+  def last_push_event
+    if current_user
+      current_user.recent_push(@project.id)
+    end
+  end
+
+  def readme_cache_key
+    [@project.id, @project.commit.sha, "readme"].join('-')
+  end
 end

app/helpers/visibility_level_helper.rb

@@ -86,4 +86,10 @@ module VisibilityLevelHelper
   def default_snippet_visibility
     current_application_settings.default_snippet_visibility
   end
+
+  def skip_level?(form_model, level)
+    form_model.is_a?(Project) &&
+    form_model.forked? &&
+    !Gitlab::VisibilityLevel.allowed_fork_levels(form_model.forked_from_project.visibility_level).include?(level)
+  end
 end

app/models/concerns/mentionable.rb

@@ -79,22 +79,36 @@ module Mentionable
     end
   end
 
-  # If the mentionable_text field is about to change, locate any *added* references and create cross references for
-  # them. Invoke from an observer's #before_save implementation.
-  def notice_added_references(p = project, a = author)
-    ch = changed_attributes
-    original, mentionable_changed = "", false
-    self.class.mentionable_attrs.each do |attr|
-      if ch[attr]
-        original << ch[attr]
-        mentionable_changed = true
-      end
-    end
+  # When a mentionable field is changed, creates cross-reference notes that
+  # don't already exist
+  def create_new_cross_references!(p = project, a = author)
+    changes = detect_mentionable_changes
+
+    return if changes.empty?
 
-    # Only proceed if the saved changes actually include a chance to an attr_mentionable field.
-    return unless mentionable_changed
+    original_text = changes.collect { |_, vals| vals.first }.join(' ')
 
-    preexisting = references(p, self.author, original)
+    preexisting = references(p, self.author, original_text)
     create_cross_references!(p, a, preexisting)
   end
+
+  private
+
+  # Returns a Hash of changed mentionable fields
+  #
+  # Preference is given to the `changes` Hash, but falls back to
+  # `previous_changes` if it's empty (i.e., the changes have already been
+  # persisted).
+  #
+  # See ActiveModel::Dirty.
+  #
+  # Returns a Hash.
+  def detect_mentionable_changes
+    source = (changes.present? ? changes : previous_changes).dup
+
+    mentionable = self.class.mentionable_attrs
+
+    # Only include changed fields that are mentionable
+    source.select { |key, val| mentionable.include?(key) }
+  end
 end

app/models/key.rb

@@ -24,6 +24,7 @@ class Key < ActiveRecord::Base
 
   validates :title, presence: true, length: { within: 0..255 }
   validates :key, presence: true, length: { within: 0..5000 }, format: { with: /\A(ssh|ecdsa)-.*\Z/ }, uniqueness: true
+  validates :key, format: { without: /\n|\r/, message: 'should be a single line' }
   validates :fingerprint, uniqueness: true, presence: { message: 'cannot be generated' }
 
   scope :ldap, -> { where(type: 'LDAPKey') }

app/models/milestone.rb

@@ -14,6 +14,10 @@
 #
 
 class Milestone < ActiveRecord::Base
+  # Represents a "No Milestone" state used for filtering Issues and Merge
+  # Requests that have no milestone assigned.
+  None = Struct.new(:title).new('No Milestone')
+
   include InternalId
   include Sortable
 

app/models/note.rb

@@ -356,7 +356,7 @@ class Note < ActiveRecord::Base
   end
 
   def set_references
-    notice_added_references(project, author)
+    create_new_cross_references!(project, author)
   end
 
   def editable?

app/models/project_services/irker_service.rb

@@ -21,26 +21,11 @@
 require 'uri'
 
 class IrkerService < Service
+  prop_accessor :server_host, :server_port, :default_irc_uri
   prop_accessor :colorize_messages, :recipients, :channels
   validates :recipients, presence: true, if: :activated?
-  validate :check_recipients_count, if: :activated?
 
   before_validation :get_channels
-  after_initialize :initialize_settings
-
-  # Writer for RSpec tests
-  attr_writer :settings
-
-  def initialize_settings
-    # See the documentation (doc/project_services/irker.md) for possible values
-    # here
-    @settings ||= {
-      server_ip: 'localhost',
-      server_port: 6659,
-      max_channels: 3,
-      default_irc_uri: nil
-    }
-  end
 
   def title
     'Irker (IRC gateway)'
@@ -51,20 +36,6 @@ class IrkerService < Service
     'gateway.'
   end
 
-  def help
-    msg = 'Recipients have to be specified with a full URI: '\
-    'irc[s]://irc.network.net[:port]/#channel. Special cases: if you want '\
-    'the channel to be a nickname instead, append ",isnick" to the channel '\
-    'name; if the channel is protected by a secret password, append '\
-    '"?key=secretpassword" to the URI.'
-
-    unless @settings[:default_irc].nil?
-      msg += ' Note that a default IRC URI is provided by this service\'s '\
-      "administrator: #{default_irc}. You can thus just give a channel name."
-    end
-    msg
-  end
-
   def to_param
     'irker'
   end
@@ -77,30 +48,45 @@ class IrkerService < Service
     return unless supported_events.include?(data[:object_kind])
 
     IrkerWorker.perform_async(project_id, channels,
-                              colorize_messages, data, @settings)
+                              colorize_messages, data, settings)
+  end
+
+  def settings
+    { server_host: server_host.present? ? server_host : 'localhost',
+      server_port: server_port.present? ? server_port : 6659
+    }
   end
 
   def fields
     [
+      { type: 'text', name: 'server_host', placeholder: 'localhost',
+        help: 'Irker daemon hostname (defaults to localhost)' },
+      { type: 'text', name: 'server_port', placeholder: 6659,
+        help: 'Irker daemon port (defaults to 6659)' },
+      { type: 'text', name: 'default_irc_uri', title: 'Default IRC URI',
+        help: 'A default IRC URI to prepend before each recipient (optional)',
+        placeholder: 'irc://irc.network.net:6697/' },
       { type: 'textarea', name: 'recipients',
-        placeholder: 'Recipients/channels separated by whitespaces' },
+        placeholder: 'Recipients/channels separated by whitespaces',
+        help: 'Recipients have to be specified with a full URI: '\
+        'irc[s]://irc.network.net[:port]/#channel. Special cases: if '\
+        'you want the channel to be a nickname instead, append ",isnick" to ' \
+        'the channel name; if the channel is protected by a secret password, ' \
+        ' append "?key=secretpassword" to the URI. Note that if you specify a ' \
+        ' default IRC URI to prepend before each recipient, you can just give ' \
+        ' a channel name.'  },
       { type: 'checkbox', name: 'colorize_messages' },
     ]
   end
 
-  private
-
-  def check_recipients_count
-    return true if recipients.nil? || recipients.empty?
-
-    if recipients.split(/\s+/).count > max_chans
-      errors.add(:recipients, "are limited to #{max_chans}")
-    end
+  def help
+    ' NOTE: Irker does NOT have built-in authentication, which makes it' \
+    ' vulnerable to spamming IRC channels if it is hosted outside of a ' \
+    ' firewall. Please make sure you run the daemon within a secured network ' \
+    ' to prevent abuse. For more details, read: http://www.catb.org/~esr/irker/security.html.'
   end
 
-  def max_chans
-    @settings[:max_channels]
-  end
+  private
 
   def get_channels
     return true unless :activated?
@@ -114,40 +100,35 @@ class IrkerService < Service
 
   def map_recipients
     self.channels = recipients.split(/\s+/).map do |recipient|
-      format_channel default_irc_uri, recipient
+      format_channel(recipient)
     end
     channels.reject! &:nil?
   end
 
-  def default_irc_uri
-    default_irc = @settings[:default_irc_uri]
-    if !(default_irc.nil? || default_irc[-1] == '/')
-      default_irc += '/'
-    end
-    default_irc
-  end
-
-  def format_channel(default_irc, recipient)
-    cnt = 0
-    url = nil
+  def format_channel(recipient)
+    uri = nil
 
     # Try to parse the chan as a full URI
     begin
-      uri = URI.parse(recipient)
-      raise URI::InvalidURIError if uri.scheme.nil? && cnt == 0
+      uri = consider_uri(URI.parse(recipient))
     rescue URI::InvalidURIError
-      unless default_irc.nil?
-        cnt += 1
-        recipient = "#{default_irc}#{recipient}"
-        retry if cnt == 1
     end
-    else
-      url = consider_uri uri
+
+    unless uri.present? and default_irc_uri.nil?
+      begin
+        new_recipient = URI.join(default_irc_uri, '/', recipient).to_s
+        uri = consider_uri(URI.parse(new_recipient))
+      rescue
+        Rails.logger.error("Unable to create a valid URL from #{default_irc_uri} and #{recipient}")
       end
-    url
+    end
+
+    uri
   end
 
   def consider_uri(uri)
+    return nil if uri.scheme.nil?
+
     # Authorize both irc://domain.com/#chan and irc://domain.com/chan
     if uri.is_a?(URI) && uri.scheme[/^ircs?\z/] && !uri.path.nil?
       # Do not authorize irc://domain.com/

app/models/repository.rb

@@ -431,6 +431,40 @@ class Repository
     end
   end
 
+  def search_files(query, ref)
+    offset = 2
+    args = %W(git grep -i -n --before-context #{offset} --after-context #{offset} #{query} #{ref || root_ref})
+    Gitlab::Popen.popen(args, path_to_repo).first.scrub.split(/^--$/)
+  end
+
+  def parse_search_result(result)
+    ref = nil
+    filename = nil
+    startline = 0
+
+    lines = result.lines
+    lines.each_with_index do |line, index|
+      if line =~ /^.*:.*:\d+:/
+        ref, filename, startline = line.split(':')
+        startline = startline.to_i - index
+        break
+      end
+    end
+
+    data = lines.map do |line|
+      line.sub(ref, '').sub(filename, '').sub(/^:-\d+-/, '').sub(/^::\d+:/, '')
+    end
+
+    data = data.join("")
+
+    OpenStruct.new(
+      filename: filename,
+      ref: ref,
+      startline: startline,
+      data: data
+    )
+  end
+
   private
 
   def cache

app/models/user.rb

@@ -178,6 +178,10 @@ class User < ActiveRecord::Base
   # Note: When adding an option, it MUST go on the end of the array.
   enum dashboard: [:projects, :stars]
 
+  # User's Project preference
+  # Note: When adding an option, it MUST go on the end of the array.
+  enum project_view: [:readme, :activity]
+
   alias_attribute :private_token, :authentication_token
 
   delegate :path, to: :namespace, allow_nil: true, prefix: true
@@ -350,6 +354,16 @@ class User < ActiveRecord::Base
     @reset_token
   end
 
+  def disable_two_factor!
+    update_attributes(
+      two_factor_enabled:        false,
+      encrypted_otp_secret:      nil,
+      encrypted_otp_secret_iv:   nil,
+      encrypted_otp_secret_salt: nil,
+      otp_backup_codes:          nil
+    )
+  end
+
   def namespace_uniq
     namespace_name = self.username
     existing_namespace = Namespace.by_path(namespace_name)

app/services/audit_event_service.rb

@@ -60,6 +60,15 @@ class AuditEventService
           target_details: key_title,
         }
       end
+  end
+
+  def for_authentication
+    @details = {
+      with: @details[:with],
+      target_id: @author.id,
+      target_type: "User",
+      target_details: @author.name,
+    }
 
     self
   end

app/services/issues/update_service.rb

 module Issues
   class UpdateService < Issues::BaseService
     def execute(issue)
-      state = params[:state_event]
-
-      case state
+      case params.delete(:state_event)
       when 'reopen'
         Issues::ReopenService.new(project, current_user, {}).execute(issue)
       when 'close'
         Issues::CloseService.new(project, current_user, {}).execute(issue)
-      when 'task_check'
-        issue.update_nth_task(params[:task_num].to_i, true)
-      when 'task_uncheck'
-        issue.update_nth_task(params[:task_num].to_i, false)
       end
 
       params[:assignee_id]  = "" if params[:assignee_id] == IssuableFinder::NONE
@@ -20,8 +14,7 @@ module Issues
       filter_params
       old_labels = issue.labels.to_a
 
-      if params.present? && issue.update_attributes(params.except(:state_event,
-                                                                  :task_num))
+      if params.present? && issue.update_attributes(params)
         issue.reset_events_cache
 
         if issue.labels != old_labels
@@ -42,7 +35,7 @@ module Issues
           create_title_change_note(issue, issue.previous_changes['title'].first)
         end
 
-        issue.notice_added_references(issue.project, current_user)
+        issue.create_new_cross_references!(issue.project, current_user)
         execute_hooks(issue, 'update')
       end
 

app/services/merge_requests/update_service.rb

@@ -11,17 +11,11 @@ module MergeRequests
       params.except!(:target_project_id)
       params.except!(:source_branch)
 
-      state = params[:state_event]
-
-      case state
+      case params.delete(:state_event)
       when 'reopen'
         MergeRequests::ReopenService.new(project, current_user, {}).execute(merge_request)
       when 'close'
         MergeRequests::CloseService.new(project, current_user, {}).execute(merge_request)
-      when 'task_check'
-        merge_request.update_nth_task(params[:task_num].to_i, true)
-      when 'task_uncheck'
-        merge_request.update_nth_task(params[:task_num].to_i, false)
       end
 
       params[:assignee_id]  = "" if params[:assignee_id] == IssuableFinder::NONE
@@ -30,9 +24,7 @@ module MergeRequests
       filter_params
       old_labels = merge_request.labels.to_a
 
-      if params.present? && merge_request.update_attributes(
-        params.except(:state_event, :task_num)
-      )
+      if params.present? && merge_request.update_attributes(params)
         merge_request.reset_events_cache
 
         if merge_request.labels != old_labels
@@ -67,7 +59,7 @@ module MergeRequests
           merge_request.mark_as_unchecked
         end
 
-        merge_request.notice_added_references(merge_request.project, current_user)
+        merge_request.create_new_cross_references!(merge_request.project, current_user)
         execute_hooks(merge_request, 'update')
       end
 

app/services/projects/transfer_service.rb

@@ -11,19 +11,16 @@ module Projects
     include Gitlab::ShellAdapter
     class TransferError < StandardError; end
 
-    def execute
-      namespace_id = params[:new_namespace_id]
-      namespace = Namespace.find_by(id: namespace_id)
-
-      if allowed_transfer?(current_user, project, namespace)
-        transfer(project, namespace)
+    def execute(new_namespace)
+      if allowed_transfer?(current_user, project, new_namespace)
+        transfer(project, new_namespace)
       else
-        project.errors.add(:namespace, 'is invalid')
+        project.errors.add(:new_namespace, 'is invalid')
         false
       end
     rescue Projects::TransferService::TransferError => ex
       project.reload
-      project.errors.add(:namespace_id, ex.message)
+      project.errors.add(:new_namespace, ex.message)
       false
     end
 

app/views/admin/users/show.html.haml

@@ -43,6 +43,7 @@
           %strong{class: @user.two_factor_enabled? ? 'cgreen' : 'cred'}
             - if @user.two_factor_enabled?
               Enabled
+              = link_to 'Disable', disable_two_factor_admin_user_path(@user), data: {confirm: 'Are you sure?'}, method: :patch, class: 'btn btn-xs btn-remove pull-right', title: 'Disable Two-factor Authentication'
             - else
               Disabled
 

app/views/events/_event.html.haml

@@ -5,6 +5,7 @@
 
     - if event.created_project?
       = cache [event, current_user] do
+        = image_tag avatar_icon(event.author_email, 24), class: "avatar s24", alt:''
         = render "events/event/created_project", event: event
     - else
       = cache event do

app/views/help/_shortcuts.html.haml

@@ -79,6 +79,12 @@
                 %td.shortcut
                   .key g
                   .key p
+                %td
+                  Go to the project's home page
+              %tr
+                %td.shortcut
+                  .key g
+                  .key e
                 %td
                   Go to the project's activity feed
               %tr

app/views/layouts/_head.html.haml

@@ -7,14 +7,29 @@
   %title= page_title
 
   = favicon_link_tag 'favicon.ico'
-  = stylesheet_link_tag    "application", :media => "all"
-  = stylesheet_link_tag    "print", :media => "print"
+
+  = stylesheet_link_tag "application", media: "all"
+  = stylesheet_link_tag "print",       media: "print"
+
   = javascript_include_tag "application"
+
   = csrf_meta_tags
+
   = include_gon
+
   %meta{name: 'viewport', content: 'width=device-width, initial-scale=1, maximum-scale=1'}
   %meta{name: 'theme-color', content: '#474D57'}
 
+  -# Apple Safari/iOS home screen icons
+  = favicon_link_tag 'touch-icon-iphone.png',        rel: 'apple-touch-icon'
+  = favicon_link_tag 'touch-icon-ipad.png',          rel: 'apple-touch-icon', sizes: '76x76'
+  = favicon_link_tag 'touch-icon-iphone-retina.png', rel: 'apple-touch-icon', sizes: '120x120'
+  = favicon_link_tag 'touch-icon-ipad-retina.png',   rel: 'apple-touch-icon', sizes: '152x152'
+
+  -# Windows 8 pinned site tile
+  %meta{name: 'msapplication-TileImage', content: image_url('msapplication-tile.png')}
+  %meta{name: 'msapplication-TileColor', content: '#30353E'}
+
   = yield :meta_tags
 
   = render 'layouts/google_analytics' if extra_config.has_key?('google_analytics_id')

app/views/layouts/_page.html.haml

 .page-with-sidebar{ class: nav_sidebar_class }
   = render "layouts/broadcast"
-  .sidebar-wrapper
+  .sidebar-wrapper.nicescroll
     - if defined?(sidebar) && sidebar
       = render "layouts/nav/#{sidebar}"
     - elsif current_user

app/views/layouts/nav/_group.html.haml

 %ul.nav.nav-sidebar
+  = nav_link do
+    = link_to root_path, title: 'Back to dashboard', data: {placement: 'right'}, class: 'back-link' do
+      = icon('caret-square-o-left fw')
+      %span
+        Back to Dashboard
+
+  %li.separate-item
+
   = nav_link(path: 'groups#show', html_options: {class: 'home'}) do
     = link_to group_path(@group), title: 'Home', data: {placement: 'right'} do
       = icon('dashboard fw')
       %span
-        Activity
+        Group
   - if current_user
     = nav_link(controller: [:group, :milestones]) do
       = link_to group_milestones_path(@group), title: 'Milestones', data: {placement: 'right'} do

app/views/layouts/nav/_group_settings.html.haml

 %ul.nav.nav-sidebar
   = nav_link do
-    = link_to group_path(@group), title: 'Back to group', data: {placement: 'right'} do
+    = link_to group_path(@group), title: 'Back to group', data: {placement: 'right'}, class: 'back-link' do
       = icon('caret-square-o-left fw')
       %span
         Back to group

app/views/layouts/nav/_profile.html.haml

 %ul.nav.nav-sidebar
+  = nav_link do
+    = link_to root_path, title: 'Back to dashboard', data: {placement: 'right'}, class: 'back-link' do
+      = icon('caret-square-o-left fw')
+      %span
+        Back to Dashboard
+
+  %li.separate-item
+
   = nav_link(path: 'profiles#show', html_options: {class: 'home'}) do
     = link_to profile_path, title: 'Profile', data: {placement: 'right'} do
       = icon('user fw')
@@ -44,8 +52,8 @@
       = icon('image fw')
       %span
         Preferences
-  = nav_link(path: 'profiles#history') do
-    = link_to history_profile_path, title: 'History', data: {placement: 'right'} do
+  = nav_link(path: 'profiles#audit_log') do
+    = link_to audit_log_profile_path, title: 'Audit Log', data: {placement: 'right'} do
       = icon('history fw')
       %span
-        History
+        Audit Log

app/views/layouts/nav/_project.html.haml

 %ul.nav.nav-sidebar
+  - if @project.group
+    = nav_link do
+      = link_to group_path(@project.group), title: 'Back to group', data: {placement: 'right'}, class: 'back-link' do
+        = icon('caret-square-o-left fw')
+        %span
+          Back to Group
+  - else
+    = nav_link do
+      = link_to root_path, title: 'Back to dashboard', data: {placement: 'right'}, class: 'back-link' do
+        = icon('caret-square-o-left fw')
+        %span
+          Back to Dashboard
+
+  %li.separate-item
+
   = nav_link(path: 'projects#show', html_options: {class: 'home'}) do
     = link_to project_path(@project), title: 'Project', class: 'shortcuts-project', data: {placement: 'right'} do
-      = icon('dashboard fw')
+      = icon('home fw')
       %span
         Project
+  = nav_link(path: 'projects#activity') do
+    = link_to activity_project_path(@project), title: 'Project Activity', class: 'shortcuts-project-activity', data: {placement: 'right'} do
+      = icon('dashboard fw')
+      %span
+        Activity
   - if project_nav_tab? :files
     = nav_link(controller: %w(tree blob blame edit_tree new_tree)) do
       = link_to namespace_project_tree_path(@project.namespace, @project, @ref || @repository.root_ref), title: 'Files',  class: 'shortcuts-tree', data: {placement: 'right'} do

app/views/layouts/nav/_project_settings.html.haml

 %ul.nav.nav-sidebar
   = nav_link do
-    = link_to project_path(@project), title: 'Back to project', data: {placement: 'right'} do
+    = link_to project_path(@project), title: 'Back to project', data: {placement: 'right'}, class: 'back-link' do
       = icon('caret-square-o-left fw')
       %span
         Back to project

app/views/profiles/_event_table.html.haml

+%table.table#audits
+  %thead
+    %tr
+      %th Action
+      %th When
+
+  %tbody
+    - events.each do |event|
+      %tr
+        %td
+          %span
+            Signed in with 
+            %b= event.details[:with]
+            authentication
+        %td #{time_ago_in_words event.created_at} ago
+= paginate events, theme: "gitlab"

app/views/profiles/applications.html.haml

@@ -66,4 +66,4 @@
             %td= token.scopes
             %td= render 'doorkeeper/authorized_applications/delete_form', token: token
   - else
-    %p.light You dont have any authorized applications
+    %p.light You don't have any authorized applications

app/views/profiles/audit_log.html.haml

+- page_title "Audit Log"
+%h3.page-title Audit Log
+%p.light History of authentications
+
+= render 'event_table', events: @events
\ No newline at end of file

app/views/profiles/history.html.haml

-- page_title "History"
-%h3.page-title
-  Your Account History
-%p.light
-  All events created by your account are listed below.
-%hr
-.profile_history
-  = render @events
-%hr
-= paginate @events, theme: "gitlab"
-

app/views/profiles/preferences/show.html.haml

@@ -38,5 +38,13 @@
           = link_to('(?)', help_page_path('profile', 'preferences') + '#default-dashboard', target: '_blank')
         .col-sm-10
           = f.select :dashboard, dashboard_choices, {}, class: 'form-control'
+      .form-group
+        = f.label :project_view, class: 'control-label' do
+          Project view
+          = link_to('(?)', help_page_path('profile', 'preferences') + '#default-project-view', target: '_blank')
+        .col-sm-10
+          = f.select :project_view, project_view_choices, {}, class: 'form-control'
+          .help-block
+            Choose what content you want to see when visit project page
     .panel-footer
       = f.submit 'Save', class: 'btn btn-save'

app/views/projects/_activity.html.haml

+= render 'projects/last_push'
+.hidden-xs
+  - if current_user
+    %ul.nav.nav-pills.event_filter.pull-right
+      %li
+        = link_to namespace_project_path(@project.namespace, @project, format: :atom, private_token: current_user.private_token), title: "Feed", class: 'rss-btn' do
+          %i.fa.fa-rss
+
+  = render 'shared/event_filter'
+  %hr
+.content_list{:"data-href" => activity_project_path(@project)}
+= spinner
+
+:coffeescript
+  new Activities()

app/views/projects/_aside.html.haml

-.clearfix
-  - unless @project.empty_repo?
-    .panel.panel-default
-      .panel-heading
-        = visibility_level_icon(@project.visibility_level)
-        = "#{visibility_level_label(@project.visibility_level).capitalize} project"
-
-      .panel-body
-        - if @repository.changelog || @repository.license || @repository.contribution_guide
-          %ul.nav.nav-pills
-            - if @repository.changelog
-              %li.hidden-xs
-                = link_to changelog_url(@project) do
-                  Changelog
-            - if @repository.license
-              %li
-                = link_to license_url(@project) do
-                  License
-            - if @repository.contribution_guide
-              %li
-                = link_to contribution_guide_url(@project) do
-                  Contribution guide
-
-        .actions
-          - if can? current_user, :create_issue, @project
-            = link_to url_for_new_issue(@project, only_path: true), title: "New Issue", class: 'btn btn-sm append-right-10' do
-              New Issue
-
-          - if can? current_user, :create_merge_request, @project
-            = link_to new_namespace_project_merge_request_path(@project.namespace, @project), class: "btn btn-sm", title: "New Merge Request" do
-              New Merge Request
-
-      - if forked_from_project = @project.forked_from_project
-        .panel-footer
-          = icon("code-fork fw")
-          Forked from
-          .pull-right
-            = link_to forked_from_project.namespace.try(:name), project_path(forked_from_project)
-
-
-      - @project.ci_services.each do |ci_service|
-        - if ci_service.active? && ci_service.respond_to?(:builds_path)
-          .panel-footer
-            = icon("check fw")
-            = ci_service.title
-            .pull-right
-              - if ci_service.respond_to?(:status_img_path)
-                = link_to ci_service.builds_path, :'data-no-turbolink' => 'data-no-turbolink' do
-                  = image_tag ci_service.status_img_path, alt: "build status", class: 'ci-status-image'
-              - else
-                = link_to 'view builds', ci_service.builds_path, :'data-no-turbolink' => 'data-no-turbolink'
-
-
-  - unless @project.empty_repo?
-    .panel.panel-default
-      .panel-heading
-        = icon("folder-o fw")
-        Repository
-      .panel-body
-        %ul.nav.nav-pills
-          %li
-            = link_to namespace_project_commits_path(@project.namespace, @project, @ref || @repository.root_ref) do
-              = pluralize(number_with_delimiter(@repository.commit_count), 'commit')
-          %li
-            = link_to namespace_project_branches_path(@project.namespace, @project) do
-              = pluralize(number_with_delimiter(@repository.branch_names.count), 'branch')
-          %li
-            = link_to namespace_project_tags_path(@project.namespace, @project) do
-              = pluralize(number_with_delimiter(@repository.tag_names.count), 'tag')
-
-        .actions
-          = link_to namespace_project_compare_index_path(@project.namespace, @project, from: @repository.root_ref, to: @ref || @repository.root_ref), class: 'btn btn-sm append-right-10' do
-            %i.fa.fa-exchange
-            Compare code
-
-          - if can?(current_user, :download_code, @project)
-            = render 'projects/repositories/download_archive', split_button: true, btn_class: 'btn-group-sm'
-      - if version = @repository.version
-        .panel-footer
-          = icon("clock-o fw")
-          Version
-          .pull-right
-            = link_to version_url(@project) do
-              = @repository.blob_by_oid(version.id).data
-
-    = render "shared/clone_panel"
-
-  - if @project.archived?
-    %br
-    .alert.alert-warning
-      %h4
-        = icon("exclamation-triangle fw")
-        Archived project!
-      %p Repository is read-only
-
-  - if current_user
-    - access = user_max_access_in_project(current_user, @project)
-    - if access
-      .light-well.light.prepend-top-20
-        %small
-          You have #{access} access to this project.
-          - if @project.project_member_by_id(current_user)
-            %br
-            = link_to leave_namespace_project_project_members_path(@project.namespace, @project),
-              data: { confirm: leave_project_message(@project) }, method: :delete, title: 'Leave project' do
-              Leave this project

app/views/projects/_home_panel.html.haml

 - empty_repo = @project.empty_repo?
 .project-home-panel.clearfix{:class => ("empty-project" if empty_repo)}
   .project-identicon-holder
-    = project_icon(@project, alt: '', class: 'avatar project-avatar')
-  .project-home-row.project-home-row-top
-    .project-home-desc
+    = project_icon(@project, alt: '', class: 'project-avatar avatar s90')
+  .project-home-desc.lead
     - if @project.description.present?
       = markdown(@project.description, pipeline: :description)
-      - if can?(current_user, :admin_project, @project)
-        –
-        = link_to 'Edit', edit_namespace_project_path
-      - elsif !empty_repo && @repository.readme
-        - readme = @repository.readme
-        –
-        = link_to namespace_project_blob_path(@project.namespace, @project, tree_join(@repository.root_ref, readme.name)) do
-          = readme.name
+
+
   .project-repo-buttons
-      .inline.star.js-toggler-container{class: @show_star ? 'on' : ''}
-        - if current_user
-          = link_to_toggle_star('Star this project.', false)
-          = link_to_toggle_star('Unstar this project.', true)
-        - else
-          = link_to new_user_session_path, class: 'btn star-btn has_tooltip', title: 'You must sign in to star a project' do
-            %span
-              = icon('star')
-              Star
-            %span.count
-              = @project.star_count
+    = render 'projects/buttons/star'
+
     - unless empty_repo
-        - if current_user && can?(current_user, :fork_project, @project) && @project.namespace != current_user.namespace
-          .inline.fork-buttons.prepend-left-10
-            - if current_user.already_forked?(@project) && current_user.manageable_namespaces.size < 2
-              = link_to namespace_project_path(current_user, current_user.fork_of(@project)), title: 'Go to your fork', class: 'btn btn-sm btn-default' do
-                = link_to_toggle_fork
-            - else
-              = link_to new_namespace_project_fork_path(@project.namespace, @project), title: "Fork project", class: 'btn btn-sm btn-default' do
-                = link_to_toggle_fork
+      = render 'projects/buttons/fork'
+
+      - if forked_from_project = @project.forked_from_project
+        = link_to project_path(forked_from_project), class: 'btn' do
+          = icon("code-fork fw")
+          Forked from
+          = forked_from_project.namespace.try(:name)
+
+      - if can? current_user, :download_code, @project
+        = link_to archive_namespace_project_repository_path(@project.namespace, @project, ref: @ref, format: 'zip'), class: 'btn', rel: 'nofollow' do
+          %i.fa.fa-download
+
+    = render 'projects/buttons/dropdown'
+
+  = render "shared/clone_panel"

app/views/projects/_last_push.html.haml

+- if event = last_push_event
+  - if show_last_push_widget?(event)
+    .hidden-xs.center
+      .slead
+        %span You pushed to
+        = link_to namespace_project_commits_path(event.project.namespace, event.project, event.ref_name) do
+          %strong= event.ref_name
+        branch
+        #{time_ago_with_tooltip(event.created_at)}
+
+      %div
+        = link_to new_mr_path_from_push_event(event), title: "New Merge Request", class: "btn btn-info btn-sm" do
+          Create Merge Request
+      %hr

app/views/projects/_readme.html.haml

+- if readme = @repository.readme
+  %article.readme-holder#README
+    .clearfix
+      .pull-right
+         
+        - if can?(current_user, :push_code, @project)
+          = link_to namespace_project_edit_blob_path(@project.namespace, @project, tree_join(@repository.root_ref, readme.name)), class: 'light' do
+            %i.fa.fa-pencil
+    .wiki
+      = cache(readme_cache_key) do
+        = render_readme(readme)
+- else
+  %h3.page-title
+    This project does not have README yet
+  - if can?(current_user, :push_code, @project)
+    %p.slead
+      A
+      %code README
+      file contains information about other files in a repository and is commonly
+      distributed with computer software, forming part of its documentation.
+      %br
+      We recommend you to
+      = link_to "add README", new_readme_path, class: 'underlined-link'
+      file to the repository and GitLab will render it here instead of this message.

app/views/projects/_section.html.haml

-%ul.nav.nav-tabs
-  %li.active
-    = link_to '#tab-activity', 'data-toggle' => 'tab' do
-      = icon("tachometer")
-      Activity
-  - if @repository.readme
-    %li
-      = link_to '#tab-readme', 'data-toggle' => 'tab' do
-        = icon("file-text-o")
-        Readme
-.tab-content
-  .tab-pane.active#tab-activity
-    .hidden-xs
-      = render "events/event_last_push", event: @last_push
-
-      - if current_user
-        %ul.nav.nav-pills.event_filter.pull-right
-          %li
-            = link_to namespace_project_path(@project.namespace, @project, format: :atom, private_token: current_user.private_token), title: "Feed", class: 'rss-btn' do
-              %i.fa.fa-rss
-
-      = render 'shared/event_filter'
-      %hr
-    .content_list
-    = spinner
-
-  - if readme = @repository.readme
-    .tab-pane#tab-readme
-      %article.readme-holder#README
-        .clearfix
-          %small.pull-right
-            = link_to namespace_project_blob_path(@project.namespace, @project, tree_join(@repository.root_ref, readme.name)), class: 'light' do
-              %i.fa.fa-file
-              = readme.name
-        .wiki
-          = render_readme(readme)

app/views/projects/_zen.html.haml

@@ -2,7 +2,7 @@
   %input#zen-toggle-comment.zen-toggle-comment{ tabindex: '-1', type: 'checkbox' }
   .zen-backdrop
     - classes << ' js-gfm-input markdown-area'
-    = f.text_area attr, class: classes, placeholder: random_markdown_tip
+    = f.text_area attr, class: classes, placeholder: ''
     = link_to nil, class: 'zen-enter-link', tabindex: '-1' do
       %i.fa.fa-expand
       Edit in fullscreen

app/views/projects/activity.html.haml

+= render 'projects/activity'

app/views/projects/blob/show.html.haml

 - page_title @blob.path, @ref
+
+= render 'projects/last_push'
+
 %div.tree-ref-holder
   = render 'shared/ref_switcher', destination: 'blob', path: @path
 

app/views/projects/buttons/_dropdown.html.haml

+- if current_user
+  %span.dropdown
+    %a.dropdown-toggle.btn.btn-new{href: '#', "data-toggle" => "dropdown"}
+      %i.fa.fa-plus
+    %ul.dropdown-menu
+      - if @project.issues_enabled && can?(current_user, :create_issue, @project)
+        %li
+          = link_to url_for_new_issue, title: "New Issue" do
+            New issue
+      - if @project.merge_requests_enabled && can?(current_user, :create_merge_request, @project)
+        %li
+          = link_to new_namespace_project_merge_request_path(@project.namespace, @project), title: "New Merge Request" do
+            New merge request
+      - if @project.snippets_enabled && can?(current_user, :create_snippet, @project)
+        %li
+          = link_to new_namespace_project_snippet_path(@project.namespace, @project), title: "New Snippet" do
+            New snippet
+      - if can?(current_user, :admin_project_member, @project)
+        %li
+          = link_to namespace_project_project_members_path(@project.namespace, @project), title: "New project member" do
+            New project member
+      - if can? current_user, :push_code, @project
+        %li.divider
+        %li
+          = link_to new_namespace_project_branch_path(@project.namespace, @project) do
+            New git branch
+        %li
+          = link_to new_namespace_project_tag_path(@project.namespace, @project) do
+            New git tag
+
+

app/views/projects/buttons/_fork.html.haml

+- if current_user && can?(current_user, :fork_project, @project)
+  - if current_user.already_forked?(@project) && current_user.manageable_namespaces.size < 2
+    = link_to namespace_project_path(current_user, current_user.fork_of(@project)), title: 'Go to your fork', class: 'btn' do
+      = icon('code-fork')
+      Fork
+      %span.count
+        = @project.forks_count
+  - else
+    = link_to new_namespace_project_fork_path(@project.namespace, @project), title: "Fork project", class: 'btn' do
+      = icon('code-fork')
+      Fork
+      %span.count
+        = @project.forks_count

app/views/projects/buttons/_star.html.haml

+- if current_user
+  = link_to toggle_star_namespace_project_path(@project.namespace, @project), class: 'btn star-btn toggle-star', method: :post, remote: true do
+    = icon('star')
+    - if current_user.starred?(@project)
+      Unstar
+    - else
+      Star
+    %span.count
+      = @project.star_count
+
+  :coffeescript
+    $('.project-home-panel .toggle-star').on 'ajax:success', (e, data, status, xhr) ->
+      $(@).replaceWith(data.html)
+    .on 'ajax:error', (e, xhr, status, error) ->
+      new Flash('Star toggle failed. Try again later.', 'alert')
+
+- else
+  = link_to new_user_session_path, class: 'btn has_tooltip star-btn', title: 'You must sign in to star a project' do
+    = icon('star')
+    Star
+    %span.count
+      = @project.star_count

app/views/projects/diffs/_diffs.html.haml

@@ -20,6 +20,3 @@
       Failed to collect changes
     %p
       Maybe diff is really big and operation failed with timeout. Try to get diff locally
-
-:coffeescript
-  $('.files .diff-header').stick_in_parent(offset_top: $('.navbar').height())

app/views/projects/diffs/_warning.html.haml

 .alert.alert-warning
   %h4
-    Too many changes.
+    Too many changes to show.
     .pull-right
       - unless diff_hard_limit_enabled?
         = link_to "Reload with full diff", url_for(params.merge(force_show_diff: true)), class: "btn btn-sm btn-warning"

app/views/projects/edit.html.haml

@@ -29,7 +29,7 @@
                 .col-sm-10= f.select(:default_branch, @repository.branch_names, {}, {class: 'select2 select-wide'})
 
 
-          = render 'shared/visibility_level', f: f, visibility_level: @project.visibility_level, can_change_visibility_level: can?(current_user, :change_visibility_level, @project), form_model: @project
+          = render 'shared/visibility_level', f: f, visibility_level: @project.visibility_level, can_change_visibility_level: can_change_visibility_level?(@project, current_user), form_model: @project
 
           .form-group
             = f.label :tag_list, "Tags", class: 'control-label'
@@ -178,7 +178,7 @@
               .form-group
                 = label_tag :new_namespace_id, nil, class: 'control-label' do
                   %span Namespace
-                .col-sm-10
+                .col-sm-9
                   .form-group
                     = select_tag :new_namespace_id, namespaces_options(@project.namespace_id), { prompt: 'Choose a project namespace', class: 'select2' }
                   %ul

app/views/projects/empty.html.haml

@@ -4,30 +4,30 @@
 
 = render "home_panel"
 
-.center.well
-  %h3
+.center.light-well
+  %h3.page-title
     The repository for this project is empty
-  %h4
-    You can
-    = link_to namespace_project_new_blob_path(@project.namespace, @project, 'master'), class: 'btn btn-new btn-lg' do
-      add a file
-     or do a push via the command line.
+  %p
+    If you already have files you can push them using command line instructions below.
+    %br
+    Otherwise you can start with
+    = link_to "adding README", new_readme_path, class: 'underlined-link'
+    file to this project.
 
-.well
-  = render "shared/clone_panel"
-%h4
-  %strong Command line instructions
+.prepend-top-20
+%h3.page-title
+  Command line instructions
 %div.git-empty
   %fieldset
-    %legend Git global setup
-    %pre.dark
+    %h5 Git global setup
+    %pre.light-well
       :preserve
         git config --global user.name "#{git_user_name}"
         git config --global user.email "#{git_user_email}"
 
   %fieldset
-    %legend Create a new repository
-    %pre.dark
+    %h5 Create a new repository
+    %pre.light-well
       :preserve
         git clone #{ content_tag(:span, default_url_to_repo, class: 'clone')}
         cd #{@project.path}
@@ -37,8 +37,8 @@
         git push -u origin master
 
   %fieldset
-    %legend Existing folder or Git repository
-    %pre.dark
+    %h5 Existing folder or Git repository
+    %pre.light-well
       :preserve
         cd existing_folder
         git init

app/views/projects/graphs/commits.html.haml

 - page_title "Commit statistics"
+.tree-ref-holder
+  = render 'shared/ref_switcher', destination: 'graphs_commits'
 = render 'head'
 
 %p.lead
   Commit statistics for
-  %strong #{@repository.root_ref}
+  %strong #{@ref}
   #{@commits_graph.start_date.strftime('%b %d')} - #{@commits_graph.end_date.strftime('%b %d')}
 
 .row

app/views/projects/graphs/show.html.haml

 - page_title "Contributor statistics"
+.tree-ref-holder
+  = render 'shared/ref_switcher', destination: 'graphs'
 = render 'head'
+
 .loading-graph
   .center
     %h3.page-title
@@ -11,7 +14,7 @@
   .header.clearfix
     %h3#date_header.page-title
     %p.light
-      Commits to #{@project.default_branch}, excluding merge commits. Limited by 6,000 commits
+      Commits to #{@ref}, excluding merge commits. Limited by 6,000 commits
     %input#brush_change{:type => "hidden"}
   .graphs
     #contributors-master
@@ -35,4 +38,3 @@
       $(".stat-graph").fadeIn();
       $(".loading-graph").hide();
     dataType: "json"
-

app/views/projects/labels/_label.html.haml

@@ -6,5 +6,5 @@
         = pluralize label.open_issues_count, 'open issue'
 
     - if can? current_user, :admin_label, @project
-      = link_to 'Edit', edit_namespace_project_label_path(@project.namespace, @project, label), class: 'btn'
-      = link_to 'Remove', namespace_project_label_path(@project.namespace, @project, label), class: 'btn btn-remove remove-row', method: :delete, remote: true, data: {confirm: "Remove this label? Are you sure?"}
+      = link_to 'Edit', edit_namespace_project_label_path(@project.namespace, @project, label), class: 'btn btn-sm'
+      = link_to 'Remove', namespace_project_label_path(@project.namespace, @project, label), class: 'btn btn-sm btn-remove remove-row', method: :delete, remote: true, data: {confirm: "Remove this label? Are you sure?"}

app/views/projects/merge_requests/index.html.haml

 - page_title "Merge Requests"
+= render 'projects/last_push'
 .append-bottom-10
   .pull-right
     = render 'shared/issuable/search_form', path: namespace_project_merge_requests_path(@project.namespace, @project)

app/views/projects/new.html.haml

@@ -85,7 +85,7 @@
                   %li
                     The import will time out after 4 minutes. For big repositories, use a clone/push combination.
                   %li
-                    To migrate an SVN repository, check out #{link_to "this document", "http://doc.gitlab.com/ce/workflow/migrating_from_svn.html"}.
+                    To migrate an SVN repository, check out #{link_to "this document", "http://doc.gitlab.com/ce/workflow/importing/migrating_from_svn.html"}.
 
       %hr.prepend-botton-10
 

app/views/projects/notes/_edit_form.html.haml

@@ -5,8 +5,8 @@
       = render 'projects/zen', f: f, attr: :note, classes: 'note_text js-note-text js-task-list-field'
 
       .comment-hints.clearfix
-        .pull-left Comments are parsed with #{link_to 'GitLab Flavored Markdown', help_page_path('markdown', 'markdown'),{ target: '_blank', tabindex: -1 }}
-        .pull-right Attach files by dragging & dropping or #{link_to 'selecting them', '#', class: 'markdown-selector', tabindex: -1 }.
+        .pull-left #{link_to 'Markdown ', help_page_path('markdown', 'markdown'),{ target: '_blank', tabindex: -1 }}
+        .pull-right #{link_to 'Attach a file', '#', class: 'markdown-selector', tabindex: -1 }
 
     .note-form-actions
       .buttons

app/views/projects/notes/_form.html.haml

@@ -12,8 +12,14 @@
       classes: 'note_text js-note-text'
 
     .comment-hints.clearfix
-      .pull-left Comments are parsed with #{link_to "GitLab Flavored Markdown", help_page_path("markdown", "markdown"),{ target: '_blank', tabindex: -1 }}
-      .pull-right Attach files by dragging & dropping or #{link_to "selecting them", '#', class: 'markdown-selector', tabindex: -1 }.
+      .pull-left
+        = link_to "Markdown ", help_page_path("markdown", "markdown"),{ target: '_blank', tabindex: -1 }
+        tip:
+        = random_markdown_tip
+      .pull-right
+        = link_to '#', class: 'markdown-selector', tabindex: -1 do
+          Attach a file
+          = icon('paperclip')
     .error-alert
 
   .note-form-actions

app/views/projects/show.html.haml

@@ -6,11 +6,54 @@
   = render 'shared/no_ssh'
   = render 'shared/no_password'
 
+= render 'projects/last_push'
 = render "home_panel"
-= render 'shared/show_aside'
 
-.row
-  %section.col-md-8
-    = render 'section'
-  %aside.col-md-4.project-side
-    = render 'aside'
+.project-stats
+  %ul.nav.nav-pills
+    %li
+      = link_to namespace_project_commits_path(@project.namespace, @project, @ref || @repository.root_ref) do
+        = pluralize(number_with_delimiter(@repository.commit_count), 'commit')
+    %li
+      = link_to namespace_project_branches_path(@project.namespace, @project) do
+        = pluralize(number_with_delimiter(@repository.branch_names.count), 'branch')
+    %li
+      = link_to namespace_project_tags_path(@project.namespace, @project) do
+        = pluralize(number_with_delimiter(@repository.tag_names.count), 'tag')
+    - if @repository.changelog
+      %li
+        = link_to changelog_url(@project) do
+          Changelog
+    - if @repository.license
+      %li
+        = link_to license_url(@project) do
+          License
+    - if @repository.contribution_guide
+      %li
+        = link_to contribution_guide_url(@project) do
+          Contribution guide
+
+- if @project.archived?
+  .text-warning.center.prepend-top-20
+    %p
+      = icon("exclamation-triangle fw")
+      Archived project! Repository is read-only
+
+%hr
+%section
+  - if prefer_readme?
+    = render 'projects/readme'
+  - else
+    = render 'projects/activity'
+
+
+- if current_user
+  - access = user_max_access_in_project(current_user, @project)
+  - if access
+    %hr
+    %p.light
+      You have #{access} access to this project.
+      - if @project.project_member_by_id(current_user)
+        = link_to leave_namespace_project_project_members_path(@project.namespace, @project),
+          data: { confirm: leave_project_message(@project) }, method: :delete, title: 'Leave project', class: 'cred' do
+          Leave this project

app/views/projects/tree/show.html.haml

@@ -3,6 +3,8 @@
   - if current_user
     = auto_discovery_link_tag(:atom, namespace_project_commits_url(@project.namespace, @project, @ref, format: :atom, private_token: current_user.private_token), title: "#{@project.name}:#{@ref} commits")
 
+= render 'projects/last_push'
+
 .tree-ref-holder
   = render 'shared/ref_switcher', destination: 'tree', path: @path
 

app/views/search/results/_blob.html.haml

+- blob = @project.repository.parse_search_result(blob)
 .blob-result
   .file-holder
     .file-title

app/views/search/results/_wiki_blob.html.haml

+- wiki_blob = @project.repository.parse_search_result(wiki_blob)
 .blob-result
   .file-holder
     .file-title