- Previously, AccessTokenValidationService was a module, and all its  public
methods accepted a token. It makes sense to convert it to a class which accepts
a token during initialization.

- Also rename the `sufficient_scope?` method to `include_any_scope?`

- Based on feedback from @rymai

- The `scopes_form` partial can be used in the `admin/applications` view
  as well

- Don't allow partials to access instance variables directly. Instead, pass
  in the instance variables as local variables, and use `local_assigns.fetch`
  to assert that the variables are passed in as expected.

- Change a few instances of `render :partial` to `render`

- Remove an instance of `required: false` in a view, since this is the default

- Inline many instances of a local variable (`ip = 'ip'`) in `auth_spec`

Split the existing feature spec into both feature and controller specs.
Feature specs assert on browser DOM, and controller specs assert on database
state.

- Use whitespace to separate the setup, expectation and teardown phases.

- Based on @dbalexandre's review
- Extract token validity conditions into two separate methods, for
  personal access tokens and OAuth tokens.

- The list of scopes that's displayed while creating a personal access
  token is identical to the list that's displayed while creating an OAuth
  application. Extract these into a partial.

- The list of scopes that's displayed while in the show page for an OAuth token
  in the profile settings and admin settings are identical. Extract these into
  a partial.

- Mainly whitespace changes.

- Require the migration adding the `scope` column to the
  `personal_access_tokens` table to have downtime, since API calls will
  fail if the new code is in place, but the migration hasn't run.

- Minor refactoring - load `@scopes` in a `before_action`, since we're
  doing it in three different places.

- This module is used for git-over-http, as well as JWT.

- The only valid scope here is `api`, currently.

- Move the `Oauth2::AccessTokenValidationService` class to
  `AccessTokenValidationService`, since it is now being used for
  personal access token validation as well.

- Each API endpoint declares the scopes it accepts (if any). Currently,
  the top level API module declares the `api` scope, and the `Users` API
  module declares the `read_user` scope (for GET requests).

- Move the `find_user_by_private_token` from the API `Helpers` module to
  the `APIGuard` module, to avoid littering `Helpers` with more
  auth-related methods to support `find_user_by_private_token`

The issue was arising when `#current_user` was called a second time
after a user was impersonated: the `User#is_admin?` check would be
performed on it and it would fail.
Signed-off-by: Rémy Coutable <remy@rymai.me>

Adds hoverstates for collapsed Issue/Merge Request sidebar for Time tracking Icon

This MR is part 2/2 of https://gitlab.com/gitlab-org/gitlab-ce/issues/25011

This adds the hover state for the time tracking icon, which is only in EE.

![2016-11-28_00.09.54](/uploads/a1ae70e10ad847c4980fa9eca3dcfe18/2016-11-28_00.09.54.gif)

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/25011

See merge request !918

Add user activities API

Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/1311

See merge request !962

Include information on updating mirror synchronization times

+ update_all_mirrors_worker_cron
+ update_all_remote_mirrors_worker_cron

See merge request !763

Document a new gotcha when using `prepend`

See merge request !963

[ci skip]
Signed-off-by: Rémy Coutable <remy@rymai.me>

CE upstream

Unmerged paths: (use "git add/rm ..." as appropriate to mark resolution)

```
both modified:   app/models/namespace.rb
both modified:   app/models/project.rb
both modified:   app/views/layouts/nav/_group_settings.html.haml
both modified:   app/views/projects/_merge_request_settings.html.haml
both modified:   app/views/projects/edit.html.haml
both modified:   app/views/shared/milestones/_summary.html.haml
both modified:   db/schema.rb
both modified:   doc/README.md
both modified:   doc/api/merge_requests.md
both modified:   lib/api/merge_requests.rb
both modified:   lib/gitlab/search_results.rb
both modified:   spec/lib/gitlab/import_export/all_models.yml
both modified:   spec/models/project_spec.rb
both modified:   spec/services/merge_requests/refresh_service_spec.rb
```

See merge request !960