GitBucket 4.8 release

Add API to get a single issue

.travis.yml

@@ -1,6 +1,11 @@
 language: scala
-sudo: false
+sudo: true
 script:
   - sbt test
 jdk:
   - oraclejdk8
+before_script:
+  - sudo apt-get install libaio1
+  - sudo /etc/init.d/mysql stop
+  - sudo /etc/init.d/postgresql stop
+

LICENSE

@@ -187,7 +187,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2013-2016 GitBucket Team
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -49,6 +49,8 @@ GitBucket has the plug-in system to extend GitBucket from outside of GitBucket.
 - [gitbucket-desktopnotify-plugin](https://github.com/yoshiyoshifujii/gitbucket-desktopnotify-plugin)
 - [gitbucket-commitgraphs-plugin](https://github.com/yoshiyoshifujii/gitbucket-commitgraphs-plugin)
 - [gitbucket-asciidoctor-plugin](https://github.com/lefou/gitbucket-asciidoctor-plugin)
+- [gitbucket-network-plugin](https://github.com/mrkm4ntr/gitbucket-network-plugin)
+- [gitbucket-emoji-plugin](https://github.com/gitbucket/gitbucket-emoji-plugin)
 
 You can find community plugins other than them at [gitbucket community plugins](http://gitbucket-plugins.github.io/).
 
@@ -62,15 +64,88 @@ Support
 - First priority of GitBucket is easy installation and API compatibility with GitHub, so we might reject if your request is against it.
 
 Release Notes
---------
-### 4.0 - 30 Apr 2016
+-------------
+## 4.8 - 23 Dec 2016
+- Search for repository names from the global header
+- Filter repositories on the sidebar of the dashboard
+- Search issues and wiki
+- Keep pull request comments after new commits are pushed
+- New web API to get a single issue
+- Performance improvement for the repository viewer
 
+### 4.7.1 - 28 Nov 2016
+- Bug fix: group repositories are not shown in the your repositories list on the sidebar
+- Small performance improvement of the dashboard
+
+### 4.7 - 26 Nov 2016
+- New permission system
+- Dropdown filter for issue labels, milestones and assignees
+- Keep sidebar folding status
+- Link from milestone label to the issue list
+
+### 4.6 - 29 Oct 2016
+- Add disable option for forking
+- Add History button to wiki page
+- Git repository URL redirection for GitHub compatibility
+- Get-Content API improvement
+- Indicate who is group master in Members tab in group view
+
+### 4.5 - 29 Sep 2016
+- Attach files by dropping into textarea
+- Issues / Pull requests switcher in dashboard
+- HikariCP could be configured in `GITBUCKET_HOME/database.conf`
+- Improve Cookie security
+- Display commit count on the history button
+- Improve mobile view
+
+### 4.4 - 28 Aug 2016
+- Import a SQL dump file to the database
+- `go get` support in private repositories
+- Sort milestones by due date
+- apache-sshd has been updated to 1.2.0
+
+### 4.3 - 30 Jul 2016
+- Emoji support by [gitbucket-emoji-plugin](https://github.com/gitbucket/gitbucket-emoji-plugin)
+- User name suggestion
+- Add new web APIs and basic authentication support for API access
+- Root Endpoint
+  - [List endpoints](https://developer.github.com/v3/#root-endpoint)
+  - [List Branches](https://developer.github.com/v3/repos/branches/#list-branches)
+  - [Get contents](https://developer.github.com/v3/repos/contents/#get-contents)
+  - [Get a Reference](https://developer.github.com/v3/git/refs/#get-a-reference)
+  - [List Collaborators](https://developer.github.com/v3/repos/collaborators/#list-collaborators)
+  - [List user repositories](https://developer.github.com/v3/repos/#list-user-repositories)
+  - [Get a group](https://developer.github.com/v3/orgs/#get-an-organization)
+  - [List group repositories](https://developer.github.com/v3/repos/#list-organization-repositories)
+- Add new extension points
+  - `assetsMapping` : Supplies resources in plugin classpath as web assets
+  - `suggestionProvider` : Provides suggestion in the Markdown editing textarea 
+  - `textDecorator` : Decorate text nodes in HTML which is converted from Markdown
+
+### 4.2.1 - 3 Jul 2016
+- Fix migration bug
+
+This is hotfix for a critical bug in migration. If you are new installation, use 4.2.0. But if you have an exisiting installation and it had been updated to 4.0 from 3.x, you must update to 4.2.1.
+
+### 4.2 - 2 Jul 2016
+- New UI based on [AdminLTE](https://github.com/almasaeed2010/AdminLTE)
+- git gc
+- Issues and Wiki have been possible to be disabled
+- SMTP configuration test mail
+
+### 4.1 - 4 Jun 2016
+- Generic ssh user
+- Improve branch protection UI
+- Default value of pull request title
+
+### 4.0 - 30 Apr 2016
 - MySQL and PostgreSQL support
 - Data export and import
 - Migration system has been switched to [solidbase](https://github.com/gitbucket/solidbase)
 
-### 3.14 - 30 Apr 2016
+**Note:** You can upgrade to GitBucket 4.0 from 3.14. If your GitBucket is 3.13 or before, you have to upgrade 3.14 at first.
 
+### 3.14 - 30 Apr 2016
 - File attachment and search for wiki pages
 - New extension points to add menus
 - Content-Type of webhooks has been choosable

build.sbt

@@ -1,8 +1,8 @@
-val Organization = "gitbucket"
+val Organization = "io.github.gitbucket"
 val Name = "gitbucket"
-val GitBucketVersion = "4.0.0"
-val ScalatraVersion = "2.4.0"
-val JettyVersion = "9.3.6.v20151106"
+val GitBucketVersion = "4.8"
+val ScalatraVersion = "2.4.1"
+val JettyVersion = "9.3.9.v20160517"
 
 lazy val root = (project in file(".")).enablePlugins(SbtTwirl, JettyPlugin)
 
@@ -15,55 +15,60 @@ scalaVersion := "2.11.8"
 // dependency settings
 resolvers ++= Seq(
   Classpaths.typesafeReleases,
+  Resolver.jcenterRepo,
   "amateras" at "http://amateras.sourceforge.jp/mvn/",
   "sonatype-snapshot" at "https://oss.sonatype.org/content/repositories/snapshots/",
   "amateras-snapshot" at "http://amateras.sourceforge.jp/mvn-snapshot/"
 )
 libraryDependencies ++= Seq(
   "org.scala-lang.modules"   %% "scala-java8-compat"           % "0.7.0",
-  "org.eclipse.jgit"          % "org.eclipse.jgit.http.server" % "4.1.1.201511131810-r",
-  "org.eclipse.jgit"          % "org.eclipse.jgit.archive"     % "4.1.1.201511131810-r",
+  "org.eclipse.jgit"          % "org.eclipse.jgit.http.server" % "4.1.2.201602141800-r",
+  "org.eclipse.jgit"          % "org.eclipse.jgit.archive"     % "4.1.2.201602141800-r",
   "org.scalatra"             %% "scalatra"                     % ScalatraVersion,
   "org.scalatra"             %% "scalatra-json"                % ScalatraVersion,
   "org.json4s"               %% "json4s-jackson"               % "3.3.0",
   "io.github.gitbucket"      %% "scalatra-forms"               % "1.0.0",
   "commons-io"                % "commons-io"                   % "2.4",
   "io.github.gitbucket"       % "solidbase"                    % "1.0.0",
-  "io.github.gitbucket"       % "markedj"                      % "1.0.8",
-  "org.apache.commons"        % "commons-compress"             % "1.10",
+  "io.github.gitbucket"       % "markedj"                      % "1.0.9",
+  "org.apache.commons"        % "commons-compress"             % "1.11",
   "org.apache.commons"        % "commons-email"                % "1.4",
   "org.apache.httpcomponents" % "httpclient"                   % "4.5.1",
-  "org.apache.sshd"           % "apache-sshd"                  % "1.0.0",
-  "org.apache.tika"           % "tika-core"                    % "1.11",
+  "org.apache.sshd"           % "apache-sshd"                  % "1.2.0",
+  "org.apache.tika"           % "tika-core"                    % "1.13",
   "com.typesafe.slick"       %% "slick"                        % "2.1.0",
   "com.novell.ldap"           % "jldap"                        % "2009-10-07",
-  "com.h2database"            % "h2"                           % "1.4.190",
-  "mysql"                     % "mysql-connector-java"         % "5.1.38",
+  "com.h2database"            % "h2"                           % "1.4.192",
+  "mysql"                     % "mysql-connector-java"         % "5.1.39",
   "org.postgresql"            % "postgresql"                   % "9.4.1208",
-  "ch.qos.logback"            % "logback-classic"              % "1.1.1",
-  "com.zaxxer"                % "HikariCP"                     % "2.4.5",
+  "ch.qos.logback"            % "logback-classic"              % "1.1.7",
+  "com.zaxxer"                % "HikariCP"                     % "2.4.6",
   "com.typesafe"              % "config"                       % "1.3.0",
-  "com.typesafe.akka"        %% "akka-actor"                   % "2.3.14",
+  "com.typesafe.akka"        %% "akka-actor"                   % "2.3.15",
   "fr.brouillard.oss.security.xhub" % "xhub4j-core"            % "1.0.0",
+  "com.github.bkromhout"      % "java-diff-utils"              % "2.1.1",
+  "org.cache2k"               % "cache2k-all"                  % "1.0.0.CR1",
   "com.enragedginger"        %% "akka-quartz-scheduler"        % "1.4.0-akka-2.3.x" exclude("c3p0","c3p0"),
   "org.eclipse.jetty"         % "jetty-webapp"                 % JettyVersion     % "provided",
   "javax.servlet"             % "javax.servlet-api"            % "3.1.0"          % "provided",
   "junit"                     % "junit"                        % "4.12"           % "test",
   "org.scalatra"             %% "scalatra-scalatest"           % ScalatraVersion  % "test",
-  "org.scalaz"               %% "scalaz-core"                  % "7.2.0"          % "test"
+  "com.wix"                   % "wix-embedded-mysql"           % "1.0.3"          % "test",
+  "ru.yandex.qatools.embed"   % "postgresql-embedded"          % "1.14"           % "test"
 )
 
-// Twirl settings
-play.twirl.sbt.Import.TwirlKeys.templateImports += "gitbucket.core._"
-
 // Compiler settings
 scalacOptions := Seq("-deprecation", "-language:postfixOps", "-Ybackend:GenBCode", "-Ydelambdafy:method", "-target:jvm-1.8")
 javacOptions in compile ++= Seq("-target", "8", "-source", "8")
 javaOptions in Jetty += "-Dlogback.configurationFile=/logback-dev.xml"
-testOptions in Test += Tests.Argument(TestFrameworks.Specs2, "junitxml", "console")
+
+// Test settings
+//testOptions in Test += Tests.Argument("-l", "ExternalDBTest")
 javaOptions in Test += "-Dgitbucket.home=target/gitbucket_home_for_test"
 testOptions in Test += Tests.Setup( () => new java.io.File("target/gitbucket_home_for_test").mkdir() )
 fork in Test := true
+
+// Packaging options
 packageOptions += Package.MainClass("JettyLauncher")
 
 // Assembly settings
@@ -78,12 +83,13 @@ assemblyMergeStrategy in assembly := {
 }
 
 // JRebel
+Seq(jrebelSettings: _*)
+
 jrebel.webLinks += (target in webappPrepare).value
 jrebel.enabled := System.getenv().get("JREBEL") != null
 javaOptions in Jetty ++= Option(System.getenv().get("JREBEL")).toSeq.flatMap { path =>
   Seq("-noverify", "-XX:+UseConcMarkSweepGC", "-XX:+CMSClassUnloadingEnabled", s"-javaagent:${path}")
 }
-jrebelSettings
 
 // Create executable war file
 val executableConfig = config("executable").hide
@@ -102,7 +108,6 @@ libraryDependencies ++= Seq(
 
 val executableKey = TaskKey[File]("executable")
 executableKey := {
-  import org.apache.ivy.util.ChecksumHelper
   import java.util.jar.{ Manifest => JarManifest }
   import java.util.jar.Attributes.{ Name => AttrName }
 
@@ -160,9 +165,55 @@ executableKey := {
   log info s"built executable webapp ${outputFile}"
   outputFile
 }
-/*
-Keys.artifact in (Compile, executableKey) ~= {
-    _ copy (`type` = "war", extension = "war"))
+publishTo <<= version { (v: String) =>
+  val nexus = "https://oss.sonatype.org/"
+  if (v.trim.endsWith("SNAPSHOT")) Some("snapshots" at nexus + "content/repositories/snapshots")
+  else                             Some("releases"  at nexus + "service/local/staging/deploy/maven2")
 }
-addArtifact(Keys.artifact in (Compile, executableKey), executableKey)
-*/
+publishMavenStyle := true
+pomIncludeRepository := { _ => false }
+pomExtra := (
+  <url>https://github.com/gitbucket/gitbucket</url>
+  <licenses>
+    <license>
+      <name>The Apache Software License, Version 2.0</name>
+      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+    </license>
+  </licenses>
+  <scm>
+    <url>https://github.com/gitbucket/gitbucket</url>
+    <connection>scm:git:https://github.com/gitbucket/gitbucket.git</connection>
+  </scm>
+  <developers>
+    <developer>
+      <id>takezoe</id>
+      <name>Naoki Takezoe</name>
+      <url>https://github.com/takezoe</url>
+    </developer>
+    <developer>
+      <id>shimamoto</id>
+      <name>Takako Shimamoto</name>
+      <url>https://github.com/shimamoto</url>
+    </developer>
+    <developer>
+      <id>tanacasino</id>
+      <name>Tomofumi Tanaka</name>
+      <url>https://github.com/tanacasino</url>
+    </developer>
+    <developer>
+      <id>mrkm4ntr</id>
+      <name>Shintaro Murakami</name>
+      <url>https://github.com/mrkm4ntr</url>
+    </developer>
+    <developer>
+      <id>nazoking</id>
+      <name>nazoking</name>
+      <url>https://github.com/nazoking</url>
+    </developer>
+    <developer>
+      <id>McFoggy</id>
+      <name>Matthieu Brouillard</name>
+      <url>https://github.com/McFoggy</url>
+    </developer>
+  </developers>
+)

doc/auto_update.md

@@ -1,37 +1,54 @@
 Automatic Schema Updating
 ========
-GitBucket uses H2 database to manage project and account data. GitBucket updates database schema automatically in the first run after the upgrading.
+GitBucket updates database schema automatically using [Solidbase](https://github.com/gitbucket/solidbase) in the first run after the upgrading.
 
-To release a new version of GitBucket, add the version definition to the [gitbucket.core.servlet.AutoUpdate](https://github.com/gitbucket/gitbucket/blob/master/src/main/scala/gitbucket/core/servlet/AutoUpdate.scala) at first.
+To release a new version of GitBucket, add the version definition to the [gitbucket.core.GitBucketCoreModule](https://github.com/gitbucket/gitbucket/blob/master/src/main/scala/gitbucket/core/GitBucketCoreModule.scala) at first.
 
 ```scala
-object AutoUpdate {
-  ...
-  /**
-   * The history of versions. A head of this sequence is the current GitBucket version.
-   */
-  val versions = Seq(
-      Version(1, 0)
+object GitBucketCoreModule extends Module("gitbucket-core",
+  new Version("4.0.0",
+    new LiquibaseMigration("update/gitbucket-core_4.0.xml"),
+    new SqlMigration("update/gitbucket-core_4.0.sql")
+  ),
+  new Version("4.1.0"),
+  new Version("4.2.0",
+    new LiquibaseMigration("update/gitbucket-core_4.2.xml")
   )
-  ...
-```
-
-Next, add a SQL file which updates database schema into [/src/main/resources/update/](https://github.com/gitbucket/gitbucket/tree/master/src/main/resources/update) as ```MAJOR_MINOR.sql```.
-
-GitBucket stores the current version to ```GITBUCKET_HOME/version``` and checks it at start-up. If the stored version differs from the actual version, it executes differences of SQL files between the stored version and the actual version. And ```GITBUCKET_HOME/version``` is updated by the actual version.
-
-We can also add any Scala code for upgrade GitBucket which modifies resources other than database. Override ```Version.update``` like below:
-
-```scala
-val versions = Seq(
-  new Version(1, 3){
-    override def update(conn: Connection): Unit = {
-      super.update(conn)
-      // Add any code here!
-    }
-  },
-  Version(1, 2),
-  Version(1, 1),
-  Version(1, 0)
 )
 ```
+
+Next, add a XML file which updates database schema into [/src/main/resources/update/](https://github.com/gitbucket/gitbucket/tree/master/src/main/resources/update) with a filenane defined in `GitBucketCoreModule`.
+
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<changeSet>
+    <addColumn tableName="REPOSITORY">
+        <column name="ENABLE_WIKI" type="boolean" nullable="false" defaultValueBoolean="true"/>
+        <column name="ENABLE_ISSUES" type="boolean" nullable="false" defaultValueBoolean="true"/>
+        <column name="EXTERNAL_WIKI_URL" type="varchar(200)" nullable="true"/>
+        <column name="EXTERNAL_ISSUES_URL" type="varchar(200)" nullable="true"/>
+    </addColumn>
+</changeSet>
+```
+
+Solidbase stores the current version to `VERSIONS` table and checks it at start-up. If the stored version differs from the actual version, it executes differences between the stored version and the actual version.
+
+We can add the SQL file instead of the XML file using `SqlMigration`. It try to load a SQL file from classpath as following order:
+
+1. Specified path (if specified)
+2. `${moduleId}_${version}_${database}.sql`
+3. `${moduleId}_${version}.sql`
+
+Also we can add any code by extending `Migration`:
+
+```scala
+object GitBucketCoreModule extends Module("gitbucket-core",
+  new Version("4.0.0", new Migration(){
+    override def migrate(moduleId: String, version: String, context: java.util.Map[String, String]): Unit = {
+      ...
+    }
+  })
+)
+```
+
+See more details [README of Solidbase](https://github.com/gitbucket/solidbase).

doc/release.md

@@ -20,13 +20,13 @@ val JettyVersion = "9.3.6.v20151106"
 
 ```scala
 object GitBucketCoreModule extends Module("gitbucket-core",
-  // add new version definition
-  new Version("4.1.0",
-    new LiquibaseMigration("update/gitbucket-core_4.1.xml")
-  ),
   new Version("4.0.0",
     new LiquibaseMigration("update/gitbucket-core_4.0.xml"),
     new SqlMigration("update/gitbucket-core_4.0.sql")
+  ),
+  // add new version definition
+  new Version("4.1.0",
+    new LiquibaseMigration("update/gitbucket-core_4.1.xml")
   )
 )
 ```
@@ -41,14 +41,15 @@ Note: Release operation requires [Ant](http://ant.apache.org/) and [Maven](https
 Run `sbt executable`. The release war file and fingerprint are generated into `target/executable/gitbucket.war`.
 
 ```bash
-$sbt executable
+$ sbt executable
 ```
 
 ### Deploy assembly jar file
 
-For plug-in development, we have to publish the assembly jar file to the public Maven repository by `release/deploy-assembly-jar.sh`.
+For plug-in development, we have to publish the GitBucket jar file to the Maven central repository as well. At first, hit following command to publish artifacts to the sonatype OSS repository:
 
 ```bash
-$ cd release/
-$ ./deploy-assembly-jar.sh
+$ sbt publish-signed
 ```
+
+Then operate release sequence at https://oss.sonatype.org/.

project/build.properties

@@ -1 +1 @@
-sbt.version=0.13.9
+sbt.version=0.13.12

project/plugins.sbt

@@ -1,6 +1,7 @@
 scalacOptions ++= Seq("-unchecked", "-deprecation", "-feature")
 
-addSbtPlugin("com.typesafe.sbt" % "sbt-twirl"       % "1.0.4")
-addSbtPlugin("com.eed3si9n"     % "sbt-assembly"    % "0.12.0")
-addSbtPlugin("com.earldouglas"  % "xsbt-web-plugin" % "2.1.0")
+addSbtPlugin("com.typesafe.sbt"     % "sbt-twirl"         % "1.0.4")
+addSbtPlugin("com.eed3si9n"         % "sbt-assembly"      % "0.12.0")
+addSbtPlugin("com.earldouglas"      % "xsbt-web-plugin"   % "2.1.0")
 addSbtPlugin("fi.gekkio.sbtplugins" % "sbt-jrebel-plugin" % "0.10.0")
+addSbtPlugin("com.typesafe.sbt"     % "sbt-pgp"           % "0.8.3")

release/deploy-assembly-jar.sh

@@ -1,24 +0,0 @@
-#!/bin/sh
-. ./env.sh
-
-cd ../
-./sbt.sh clean assembly
-
-cd release
-
-if [[ "$GITBUCKET_VERSION" =~ -SNAPSHOT$ ]]; then
-  MVN_DEPLOY_PATH=mvn-snapshot
-else
-  MVN_DEPLOY_PATH=mvn
-fi
-
-echo $MVN_DEPLOY_PATH
-
-mvn deploy:deploy-file \
-  -DgroupId=gitbucket\
-  -DartifactId=gitbucket-assembly\
-  -Dversion=$GITBUCKET_VERSION\
-  -Dpackaging=jar\
-  -Dfile=../target/scala-2.11/gitbucket-assembly-$GITBUCKET_VERSION.jar\
-  -DrepositoryId=sourceforge.jp\
-  -Durl=scp://shell.sourceforge.jp/home/groups/a/am/amateras/htdocs/$MVN_DEPLOY_PATH/

release/env.sh

@@ -1,3 +0,0 @@
-#!/bin/sh
-export GITBUCKET_VERSION=`cat ../build.sbt | grep 'val GitBucketVersion' | cut -d \" -f 2`
-echo "GITBUCKET_VERSION: $GITBUCKET_VERSION"

release/pom.xml

@@ -1,17 +0,0 @@
-<?xml version="1.0"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <groupId>jp.sf.amateras</groupId>
-    <artifactId>gitbucket-assembly</artifactId>
-    <version>0.0.1</version>
-    <build>
-        <extensions>
-            <extension>
-                <groupId>org.apache.maven.wagon</groupId>
-                <artifactId>wagon-ssh</artifactId>
-                <version>2.10</version>
-            </extension>
-        </extensions>
-    </build>
-</project>

sbt.bat

@@ -1,2 +1,2 @@
 set SCRIPT_DIR=%~dp0
-java %JAVA_OPTS% -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -XX:MaxPermSize=256m -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar "%SCRIPT_DIR%\sbt-launch-0.13.9.jar" %*
+java %JAVA_OPTS% -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar "%SCRIPT_DIR%\sbt-launch-0.13.12.jar" %*

sbt.sh

@@ -1,2 +1,2 @@
 #!/bin/sh
-java $JAVA_OPTS -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -XX:MaxPermSize=256m -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar `dirname $0`/sbt-launch-0.13.9.jar "$@"
+java $JAVA_OPTS -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar `dirname $0`/sbt-launch-0.13.12.jar "$@"

src/main/java/JettyLauncher.java

@@ -3,12 +3,14 @@ import org.eclipse.jetty.webapp.WebAppContext;
 
 import java.io.File;
 import java.net.URL;
+import java.net.InetSocketAddress;
 import java.security.ProtectionDomain;
 
 public class JettyLauncher {
     public static void main(String[] args) throws Exception {
         String host = null;
         int port = 8080;
+        InetSocketAddress address = null;
         String contextPath = "/";
         boolean forceHttps = false;
 
@@ -29,7 +31,13 @@ public class JettyLauncher {
             }
         }
 
-        Server server = new Server(port);
+        if(host != null) {
+            address = new InetSocketAddress(host, port);
+        } else {
+            address = new InetSocketAddress(port);
+        }
+
+        Server server = new Server(address);
 
 //        SelectChannelConnector connector = new SelectChannelConnector();
 //        if(host != null) {
@@ -43,10 +51,9 @@ public class JettyLauncher {
         WebAppContext context = new WebAppContext();
 
         File tmpDir = new File(getGitBucketHome(), "tmp");
-        if(tmpDir.exists()){
-            deleteDirectory(tmpDir);
+        if(!tmpDir.exists()){
+            tmpDir.mkdirs();
         }
-        tmpDir.mkdirs();
         context.setTempDirectory(tmpDir);
 
         ProtectionDomain domain = JettyLauncher.class.getProtectionDomain();
@@ -61,6 +68,8 @@ public class JettyLauncher {
         }
 
         server.setHandler(context);
+        server.setStopAtShutdown(true);
+        server.setStopTimeout(7_000);
         server.start();
         server.join();
     }

src/main/resources/logback-dev.xml

@@ -20,7 +20,7 @@
   <!--
   <logger name="service.WebHookService" level="DEBUG" />
   <logger name="servlet" level="DEBUG" />
-  -->
   <logger name="scala.slick.jdbc.JdbcBackend.statement" level="DEBUG" />
+  -->
 
 </configuration>

src/main/resources/update/gitbucket-core_4.2.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<changeSet>
+    <addColumn tableName="REPOSITORY">
+        <column name="ENABLE_ISSUES" type="boolean" nullable="false" defaultValueBoolean="true"/>
+        <column name="EXTERNAL_ISSUES_URL" type="varchar(200)" nullable="true"/>
+        <column name="ENABLE_WIKI" type="boolean" nullable="false" defaultValueBoolean="true"/>
+        <column name="ALLOW_WIKI_EDITING" type="boolean" nullable="false" defaultValueBoolean="false"/>
+        <column name="EXTERNAL_WIKI_URL" type="varchar(200)" nullable="true"/>
+    </addColumn>
+</changeSet>

src/main/resources/update/gitbucket-core_4.6.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<changeSet>
+    <addColumn tableName="REPOSITORY">
+        <column name="ALLOW_FORK" type="boolean" nullable="false" defaultValueBoolean="true"/>
+    </addColumn>
+</changeSet>

src/main/resources/update/gitbucket-core_4.7.sql

@@ -0,0 +1,2 @@
+-- DELETE COLLABORATORS IN GROUP REPOSITORIES
+DELETE FROM COLLABORATOR WHERE USER_NAME IN (SELECT USER_NAME FROM ACCOUNT WHERE GROUP_ACCOUNT = TRUE)

src/main/resources/update/gitbucket-core_4.7.xml

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<changeSet>
+    <addColumn tableName="COLLABORATOR">
+        <column name="ROLE" type="varchar(10)" nullable="false" defaultValue="ADMIN"/>
+    </addColumn>
+    <addColumn tableName="REPOSITORY">
+        <column name="WIKI_OPTION" type="varchar(10)" nullable="false" defaultValue="DISABLE"/>
+        <column name="ISSUES_OPTION" type="varchar(10)" nullable="false" defaultValue="DISABLE"/>
+    </addColumn>
+    <update tableName="REPOSITORY">
+        <column name="WIKI_OPTION" value="DISABLE"/>
+        <where>ENABLE_WIKI = FALSE</where>
+    </update>
+    <update tableName="REPOSITORY">
+        <column name="WIKI_OPTION" value="PRIVATE"/>
+        <where>ENABLE_WIKI = TRUE AND ALLOW_WIKI_EDITING = FALSE</where>
+    </update>
+    <update tableName="REPOSITORY">
+        <column name="WIKI_OPTION" value="PUBLIC"/>
+        <where>ENABLE_WIKI = TRUE AND ALLOW_WIKI_EDITING = TRUE</where>
+    </update>
+    <update tableName="REPOSITORY">
+        <column name="ISSUES_OPTION" value="DISABLE"/>
+        <where>ENABLE_ISSUES = FALSE</where>
+    </update>
+    <update tableName="REPOSITORY">
+        <column name="ISSUES_OPTION" value="PUBLIC"/>
+        <where>ENABLE_ISSUES = TRUE</where>
+    </update>
+    <dropColumn tableName="REPOSITORY" columnName="ENABLE_WIKI"/>
+    <dropColumn tableName="REPOSITORY" columnName="ALLOW_WIKI_EDITING"/>
+    <dropColumn tableName="REPOSITORY" columnName="ENABLE_ISSUES"/>
+</changeSet>

src/main/scala/ScalatraBootstrap.scala

@@ -1,24 +1,33 @@
 
-import gitbucket.core.controller._
-import gitbucket.core.plugin.PluginRegistry
-import gitbucket.core.servlet.{AccessTokenAuthenticationFilter, BasicAuthenticationFilter, Database, TransactionFilter}
-import gitbucket.core.util.Directory
-
 import java.util.EnumSet
 import javax.servlet._
 
+import gitbucket.core.controller._
+import gitbucket.core.plugin.PluginRegistry
+import gitbucket.core.service.SystemSettingsService
+import gitbucket.core.servlet._
+import gitbucket.core.util.Directory
 import org.scalatra._
 
 
-class ScalatraBootstrap extends LifeCycle {
+class ScalatraBootstrap extends LifeCycle with SystemSettingsService {
   override def init(context: ServletContext) {
+
+    val settings = loadSystemSettings()
+    if(settings.baseUrl.exists(_.startsWith("https://"))) {
+      context.getSessionCookieConfig.setSecure(true)
+    }
+
     // Register TransactionFilter and BasicAuthenticationFilter at first
     context.addFilter("transactionFilter", new TransactionFilter)
     context.getFilterRegistration("transactionFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/*")
-    context.addFilter("basicAuthenticationFilter", new BasicAuthenticationFilter)
-    context.getFilterRegistration("basicAuthenticationFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/git/*")
-    context.addFilter("accessTokenAuthenticationFilter", new AccessTokenAuthenticationFilter)
-    context.getFilterRegistration("accessTokenAuthenticationFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/api/v3/*")
+    context.addFilter("gitAuthenticationFilter", new GitAuthenticationFilter)
+    context.getFilterRegistration("gitAuthenticationFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/git/*")
+    context.addFilter("apiAuthenticationFilter", new ApiAuthenticationFilter)
+    context.getFilterRegistration("apiAuthenticationFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/api/v3/*")
+    context.addFilter("ghCompatRepositoryAccessFilter", new GHCompatRepositoryAccessFilter)
+    context.getFilterRegistration("ghCompatRepositoryAccessFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/*")
+
     // Register controllers
     context.mount(new AnonymousAccessController, "/*")
 

src/main/scala/gitbucket/core/GitBucketCoreModule.scala

@@ -7,5 +7,22 @@ object GitBucketCoreModule extends Module("gitbucket-core",
   new Version("4.0.0",
     new LiquibaseMigration("update/gitbucket-core_4.0.xml"),
     new SqlMigration("update/gitbucket-core_4.0.sql")
-  )
+  ),
+  new Version("4.1.0"),
+  new Version("4.2.0",
+    new LiquibaseMigration("update/gitbucket-core_4.2.xml")
+  ),
+  new Version("4.2.1"),
+  new Version("4.3.0"),
+  new Version("4.4.0"),
+  new Version("4.5.0"),
+  new Version("4.6.0",
+    new LiquibaseMigration("update/gitbucket-core_4.6.xml")
+  ),
+  new Version("4.7.0",
+    new LiquibaseMigration("update/gitbucket-core_4.7.xml"),
+    new SqlMigration("update/gitbucket-core_4.7.sql")
+  ),
+  new Version("4.7.1"),
+  new Version("4.8")
 )

src/main/scala/gitbucket/core/api/ApiBranch.scala

@@ -14,3 +14,10 @@ case class ApiBranch(
    "self" -> ApiPath(s"/api/v3/repos/${repositoryName.fullName}/branches/${name}"),
    "html" -> ApiPath(s"/${repositoryName.fullName}/tree/${name}"))
 }
+
+case class ApiBranchCommit(sha: String)
+
+case class ApiBranchForList(
+  name: String,
+  commit: ApiBranchCommit
+)

src/main/scala/gitbucket/core/api/ApiBranchProtection.scala

@@ -14,7 +14,7 @@ object ApiBranchProtection{
 
   def apply(info: ProtectedBranchService.ProtectedBranchInfo): ApiBranchProtection = ApiBranchProtection(
     enabled = info.enabled,
-    required_status_checks = Some(Status(EnforcementLevel(info.enabled, info.includeAdministrators), info.contexts)))
+    required_status_checks = Some(Status(EnforcementLevel(info.enabled && info.contexts.nonEmpty, info.includeAdministrators), info.contexts)))
   val statusNone = Status(Off, Seq.empty)
   case class Status(enforcement_level: EnforcementLevel, contexts: Seq[String])
   sealed class EnforcementLevel(val name: String)
@@ -44,4 +44,3 @@ object ApiBranchProtection{
    }
  ))
 }
-

src/main/scala/gitbucket/core/api/ApiContents.scala

@@ -0,0 +1,18 @@
+package gitbucket.core.api
+
+import gitbucket.core.util.JGitUtil.FileInfo
+import org.apache.commons.codec.binary.Base64
+
+case class ApiContents(`type`: String, name: String, content: Option[String], encoding: Option[String])
+
+object ApiContents{
+  def apply(fileInfo: FileInfo, content: Option[Array[Byte]]): ApiContents = {
+    if(fileInfo.isDirectory) {
+      ApiContents("dir", fileInfo.name, None, None)
+    } else {
+      content.map(arr =>
+        ApiContents("file", fileInfo.name, Some(Base64.encodeBase64String(arr)), Some("base64"))
+      ).getOrElse(ApiContents("file", fileInfo.name, None, None))
+    }
+  }
+}

src/main/scala/gitbucket/core/api/ApiEndPoint.scala

@@ -0,0 +1,3 @@
+package gitbucket.core.api
+
+case class ApiEndPoint(rate_limit_url: ApiPath = ApiPath("/api/v3/rate_limit"))

src/main/scala/gitbucket/core/api/ApiPullRequest.scala

@@ -1,7 +1,6 @@
 package gitbucket.core.api
 
-import gitbucket.core.model.{Issue, PullRequest}
-
+import gitbucket.core.model.{Account, Issue, IssueComment, PullRequest}
 import java.util.Date
 
 
@@ -15,6 +14,9 @@ case class ApiPullRequest(
   head: ApiPullRequest.Commit,
   base: ApiPullRequest.Commit,
   mergeable: Option[Boolean],
+  merged: Boolean,
+  merged_at: Option[Date],
+  merged_by: Option[ApiUser],
   title: String,
   body: String,
   user: ApiUser) {
@@ -31,7 +33,15 @@ case class ApiPullRequest(
 }
 
 object ApiPullRequest{
-  def apply(issue: Issue, pullRequest: PullRequest, headRepo: ApiRepository, baseRepo: ApiRepository, user: ApiUser): ApiPullRequest = ApiPullRequest(
+  def apply(
+    issue: Issue,
+    pullRequest: PullRequest,
+    headRepo: ApiRepository,
+    baseRepo: ApiRepository,
+    user: ApiUser,
+    mergedComment: Option[(IssueComment, Account)]
+  ): ApiPullRequest =
+    ApiPullRequest(
       number     = issue.issueId,
       updated_at = issue.updatedDate,
       created_at = issue.registeredDate,
@@ -44,6 +54,9 @@ object ApiPullRequest{
                      ref  = pullRequest.branch,
                      repo = baseRepo)(issue.userName),
       mergeable  = None, // TODO: need check mergeable.
+      merged     = mergedComment.isDefined,
+      merged_at  = mergedComment.map { case (comment, _) => comment.registeredDate },
+      merged_by  = mergedComment.map { case (_, account) => ApiUser(account) },
       title      = issue.title,
       body       = issue.content.getOrElse(""),
       user       = user

src/main/scala/gitbucket/core/api/ApiRef.scala

@@ -0,0 +1,5 @@
+package gitbucket.core.api
+
+case class ApiObject(sha: String)
+
+case class ApiRef(ref: String, `object`: ApiObject)

src/main/scala/gitbucket/core/api/ApiRepository.scala

@@ -14,11 +14,11 @@ case class ApiRepository(
   `private`: Boolean,
   default_branch: String,
   owner: ApiUser)(urlIsHtmlUrl: Boolean) {
-  val forks_count   = forks
+  val forks_count = forks
   val watchers_count = watchers
-  val url       = if(urlIsHtmlUrl){
+  val url = if(urlIsHtmlUrl){
     ApiPath(s"/${full_name}")
-  }else{
+  } else {
     ApiPath(s"/api/v3/repos/${full_name}")
   }
   val http_url  = ApiPath(s"/git/${full_name}.git")
@@ -34,14 +34,14 @@ object ApiRepository{
       watchers: Int = 0,
       urlIsHtmlUrl: Boolean = false): ApiRepository =
     ApiRepository(
-      name        = repository.repositoryName,
-      full_name   = s"${repository.userName}/${repository.repositoryName}",
-      description = repository.description.getOrElse(""),
-      watchers    = 0,
-      forks       = forkedCount,
-      `private`   = repository.isPrivate,
+      name           = repository.repositoryName,
+      full_name      = s"${repository.userName}/${repository.repositoryName}",
+      description    = repository.description.getOrElse(""),
+      watchers       = 0,
+      forks          = forkedCount,
+      `private`      = repository.isPrivate,
       default_branch = repository.defaultBranch,
-      owner       = owner
+      owner          = owner
     )(urlIsHtmlUrl)
 
   def apply(repositoryInfo: RepositoryInfo, owner: ApiUser): ApiRepository =

src/main/scala/gitbucket/core/api/ApiUser.scala

@@ -13,6 +13,7 @@ case class ApiUser(
   created_at: Date) {
   val url                 = ApiPath(s"/api/v3/users/${login}")
   val html_url            = ApiPath(s"/${login}")
+  val avatar_url          = ApiPath(s"/${login}/_avatar")
   // val followers_url       = ApiPath(s"/api/v3/users/${login}/followers")
   // val following_url       = ApiPath(s"/api/v3/users/${login}/following{/other_user}")
   // val gists_url           = ApiPath(s"/api/v3/users/${login}/gists{/gist_id}")
@@ -29,7 +30,7 @@ object ApiUser{
   def apply(user: Account): ApiUser = ApiUser(
     login      = user.userName,
     email      = user.mailAddress,
-    `type`     = if(user.isGroupAccount){ "Organization" }else{ "User" },
+    `type`     = if(user.isGroupAccount){ "Organization" } else { "User" },
     site_admin = user.isAdmin,
     created_at = user.registeredDate
   )

src/main/scala/gitbucket/core/api/CreateARepository.scala

@@ -11,7 +11,7 @@ case class CreateARepository(
     auto_init: Boolean = false
 ) {
   def isValid: Boolean = {
-    name.length<=40 &&
+    name.length <= 100 &&
         name.matches("[a-zA-Z0-9\\-\\+_.]+") &&
         !name.startsWith("_") &&
         !name.startsWith("-")

src/main/scala/gitbucket/core/controller/AccountController.scala

@@ -14,6 +14,7 @@ import gitbucket.core.util._
 import io.github.gitbucket.scalatra.forms._
 import org.apache.commons.io.FileUtils
 import org.scalatra.i18n.Messages
+import org.scalatra.BadRequest
 
 
 class AccountController extends AccountControllerBase
@@ -38,7 +39,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   case class PersonalTokenForm(note: String)
 
   val newForm = mapping(
-    "userName"    -> trim(label("User name"    , text(required, maxlength(100), identifier, uniqueUserName))),
+    "userName"    -> trim(label("User name"    , text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
     "password"    -> trim(label("Password"     , text(required, maxlength(20)))),
     "fullName"    -> trim(label("Full Name"    , text(required, maxlength(100)))),
     "mailAddress" -> trim(label("Mail Address" , text(required, maxlength(100), uniqueMailAddress()))),
@@ -68,7 +69,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   case class EditGroupForm(groupName: String, url: Option[String], fileId: Option[String], members: String, clearImage: Boolean)
 
   val newGroupForm = mapping(
-    "groupName" -> trim(label("Group name" ,text(required, maxlength(100), identifier, uniqueUserName))),
+    "groupName" -> trim(label("Group name" ,text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
     "url"       -> trim(label("URL"        ,optional(text(maxlength(200))))),
     "fileId"    -> trim(label("File ID"    ,optional(text()))),
     "members"   -> trim(label("Members"    ,text(required, members)))
@@ -120,7 +121,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
         // Members
         case "members" if(account.isGroupAccount) => {
           val members = getGroupMembers(account.userName)
-          gitbucket.core.account.html.members(account, members.map(_.userName),
+          gitbucket.core.account.html.members(account, members,
             context.loginAccount.exists(x => members.exists { member => member.userName == x.userName && member.isManager }))
         }
 
@@ -133,7 +134,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
             context.loginAccount.exists(x => members.exists { member => member.userName == x.userName && member.isManager }))
         }
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   }
 
   get("/:userName.atom") {
@@ -155,8 +156,8 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   get("/:userName/_edit")(oneselfOnly {
     val userName = params("userName")
     getAccountByUserName(userName).map { x =>
-      html.edit(x, flash.get("info"))
-    } getOrElse NotFound
+      html.edit(x, flash.get("info"), flash.get("error"))
+    } getOrElse NotFound()
   })
 
   post("/:userName/_edit", editForm)(oneselfOnly { form =>
@@ -172,13 +173,17 @@ trait AccountControllerBase extends AccountManagementControllerBase {
       flash += "info" -> "Account information has been updated."
       redirect(s"/${userName}/_edit")
 
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   get("/:userName/_delete")(oneselfOnly {
     val userName = params("userName")
 
-    getAccountByUserName(userName, true).foreach { account =>
+    getAccountByUserName(userName, true).map { account =>
+      if(isLastAdministrator(account)){
+        flash += "error" -> "Account can't be removed because this is last one administrator."
+        redirect(s"/${userName}/_edit")
+      } else {
 //      // Remove repositories
 //      getRepositoryNamesOfUser(userName).foreach { repositoryName =>
 //        deleteRepository(userName, repositoryName)
@@ -187,21 +192,19 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 //        FileUtils.deleteDirectory(getTemporaryDir(userName, repositoryName))
 //      }
 //      // Remove from GROUP_MEMBER, COLLABORATOR and REPOSITORY
-//      removeUserRelatedData(userName)
-
-      removeUserRelatedData(userName)
-      updateAccount(account.copy(isRemoved = true))
-    }
-
-    session.invalidate
-    redirect("/")
+        removeUserRelatedData(userName)
+        updateAccount(account.copy(isRemoved = true))
+        session.invalidate
+        redirect("/")
+      }
+    } getOrElse NotFound()
   })
 
   get("/:userName/_ssh")(oneselfOnly {
     val userName = params("userName")
     getAccountByUserName(userName).map { x =>
       html.ssh(x, getPublicKeys(x.userName))
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   post("/:userName/_ssh", sshKeyForm)(oneselfOnly { form =>
@@ -232,7 +235,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
         case _ => None
       }
       html.application(x, tokens, generatedToken)
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   post("/:userName/_personalToken", personalTokenForm)(oneselfOnly { form =>
@@ -258,7 +261,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
       } else {
         html.register()
       }
-    } else NotFound
+    } else NotFound()
   }
 
   post("/register", newForm){ form =>
@@ -266,7 +269,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
       createAccount(form.userName, sha1(form.password), form.fullName, form.mailAddress, false, form.url)
       updateImage(form.userName, form.fileId, false)
       redirect("/signin")
-    } else NotFound
+    } else NotFound()
   }
 
   get("/groups/new")(usersOnly {
@@ -316,18 +319,18 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 
         // Update GROUP_MEMBER
         updateGroupMembers(form.groupName, members)
-        // Update COLLABORATOR for group repositories
-        getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
-          removeCollaborators(form.groupName, repositoryName)
-          members.foreach { case (userName, isManager) =>
-            addCollaborator(form.groupName, repositoryName, userName)
-          }
-        }
+//        // Update COLLABORATOR for group repositories
+//        getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
+//          removeCollaborators(form.groupName, repositoryName)
+//          members.foreach { case (userName, isManager) =>
+//            addCollaborator(form.groupName, repositoryName, userName)
+//          }
+//        }
 
         updateImage(form.groupName, form.fileId, form.clearImage)
         redirect(s"/${form.groupName}")
 
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
@@ -353,76 +356,80 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   })
 
   get("/:owner/:repository/fork")(readableUsersOnly { repository =>
-    val loginAccount   = context.loginAccount.get
-    val loginUserName  = loginAccount.userName
-    val groups         = getGroupsByUserName(loginUserName)
-    groups match {
-      case _: List[String] =>
-        val managerPermissions = groups.map { group =>
-          val members = getGroupMembers(group)
-          context.loginAccount.exists(x => members.exists { member => member.userName == x.userName && member.isManager })
-        }
-        helper.html.forkrepository(
-          repository,
-          (groups zip managerPermissions).toMap
-        )
-      case _ => redirect(s"/${loginUserName}")
-    }
+    if(repository.repository.options.allowFork){
+      val loginAccount   = context.loginAccount.get
+      val loginUserName  = loginAccount.userName
+      val groups         = getGroupsByUserName(loginUserName)
+      groups match {
+        case _: List[String] =>
+          val managerPermissions = groups.map { group =>
+            val members = getGroupMembers(group)
+            context.loginAccount.exists(x => members.exists { member => member.userName == x.userName && member.isManager })
+          }
+          helper.html.forkrepository(
+            repository,
+            (groups zip managerPermissions).toMap
+          )
+        case _ => redirect(s"/${loginUserName}")
+      }
+    } else BadRequest()
   })
 
   post("/:owner/:repository/fork", accountForm)(readableUsersOnly { (form, repository) =>
-    val loginAccount  = context.loginAccount.get
-    val loginUserName = loginAccount.userName
-    val accountName   = form.accountName
+    if(repository.repository.options.allowFork){
+      val loginAccount  = context.loginAccount.get
+      val loginUserName = loginAccount.userName
+      val accountName   = form.accountName
 
-    LockUtil.lock(s"${accountName}/${repository.name}"){
-      if(getRepository(accountName, repository.name).isDefined ||
-          (accountName != loginUserName && !getGroupsByUserName(loginUserName).contains(accountName))){
-        // redirect to the repository if repository already exists
-        redirect(s"/${accountName}/${repository.name}")
-      } else {
-        // Insert to the database at first
-        val originUserName = repository.repository.originUserName.getOrElse(repository.owner)
-        val originRepositoryName = repository.repository.originRepositoryName.getOrElse(repository.name)
+      LockUtil.lock(s"${accountName}/${repository.name}"){
+        if(getRepository(accountName, repository.name).isDefined ||
+            (accountName != loginUserName && !getGroupsByUserName(loginUserName).contains(accountName))){
+          // redirect to the repository if repository already exists
+          redirect(s"/${accountName}/${repository.name}")
+        } else {
+          // Insert to the database at first
+          val originUserName = repository.repository.originUserName.getOrElse(repository.owner)
+          val originRepositoryName = repository.repository.originRepositoryName.getOrElse(repository.name)
 
-        insertRepository(
-          repositoryName       = repository.name,
-          userName             = accountName,
-          description          = repository.repository.description,
-          isPrivate            = repository.repository.isPrivate,
-          originRepositoryName = Some(originRepositoryName),
-          originUserName       = Some(originUserName),
-          parentRepositoryName = Some(repository.name),
-          parentUserName       = Some(repository.owner)
-        )
+          insertRepository(
+            repositoryName       = repository.name,
+            userName             = accountName,
+            description          = repository.repository.description,
+            isPrivate            = repository.repository.isPrivate,
+            originRepositoryName = Some(originRepositoryName),
+            originUserName       = Some(originUserName),
+            parentRepositoryName = Some(repository.name),
+            parentUserName       = Some(repository.owner)
+          )
 
-        // Add collaborators for group repository
-        val ownerAccount = getAccountByUserName(accountName).get
-        if(ownerAccount.isGroupAccount){
-          getGroupMembers(accountName).foreach { member =>
-            addCollaborator(accountName, repository.name, member.userName)
-          }
+//          // Add collaborators for group repository
+//          val ownerAccount = getAccountByUserName(accountName).get
+//          if(ownerAccount.isGroupAccount){
+//            getGroupMembers(accountName).foreach { member =>
+//              addCollaborator(accountName, repository.name, member.userName)
+//            }
+//          }
+
+          // Insert default labels
+          insertDefaultLabels(accountName, repository.name)
+
+          // clone repository actually
+          JGitUtil.cloneRepository(
+            getRepositoryDir(repository.owner, repository.name),
+            getRepositoryDir(accountName, repository.name))
+
+          // Create Wiki repository
+          JGitUtil.cloneRepository(
+            getWikiRepositoryDir(repository.owner, repository.name),
+            getWikiRepositoryDir(accountName, repository.name))
+
+          // Record activity
+          recordForkActivity(repository.owner, repository.name, loginUserName, accountName)
+          // redirect to the repository
+          redirect(s"/${accountName}/${repository.name}")
         }
-
-        // Insert default labels
-        insertDefaultLabels(accountName, repository.name)
-
-        // clone repository actually
-        JGitUtil.cloneRepository(
-          getRepositoryDir(repository.owner, repository.name),
-          getRepositoryDir(accountName, repository.name))
-
-        // Create Wiki repository
-        JGitUtil.cloneRepository(
-          getWikiRepositoryDir(repository.owner, repository.name),
-          getWikiRepositoryDir(accountName, repository.name))
-
-        // Record activity
-        recordForkActivity(repository.owner, repository.name, loginUserName, accountName)
-        // redirect to the repository
-        redirect(s"/${accountName}/${repository.name}")
       }
-    }
+    } else BadRequest()
   })
 
   private def existsAccount: Constraint = new Constraint(){
@@ -447,8 +454,8 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 
   private def validPublicKey: Constraint = new Constraint(){
     override def validate(name: String, value: String, messages: Messages): Option[String] = SshUtil.str2PublicKey(value) match {
-     case Some(_) => None
-     case None => Some("Key is invalid.")
+     case Some(_) if !getAllKeys().exists(_.publicKey == value) => None
+     case _ => Some("Key is invalid.")
     }
   }
 

src/main/scala/gitbucket/core/controller/ApiController.scala

@@ -7,9 +7,10 @@ import gitbucket.core.service.PullRequestService._
 import gitbucket.core.service._
 import gitbucket.core.util.ControlUtil._
 import gitbucket.core.util.Directory._
-import gitbucket.core.util.JGitUtil.CommitInfo
+import gitbucket.core.util.JGitUtil._
 import gitbucket.core.util._
 import gitbucket.core.util.Implicits._
+import gitbucket.core.view.helpers.{renderMarkup, isRenderable}
 import org.eclipse.jgit.api.Git
 import org.scalatra.{NoContent, UnprocessableEntity, Created}
 import scala.collection.JavaConverters._
@@ -21,6 +22,7 @@ class ApiController extends ApiControllerBase
   with IssuesService
   with LabelsService
   with PullRequestService
+  with CommitsService
   with CommitStatusService
   with RepositoryCreationService
   with HandleCommentService
@@ -34,7 +36,7 @@ class ApiController extends ApiControllerBase
   with GroupManagerAuthenticator
   with ReferrerAuthenticator
   with ReadableUsersAuthenticator
-  with CollaboratorsAuthenticator
+  with WritableUsersAuthenticator
 
 trait ApiControllerBase extends ControllerBase {
   self: RepositoryService
@@ -51,26 +53,160 @@ trait ApiControllerBase extends ControllerBase {
     with GroupManagerAuthenticator
     with ReferrerAuthenticator
     with ReadableUsersAuthenticator
-    with CollaboratorsAuthenticator =>
+    with WritableUsersAuthenticator =>
+
+  /**
+    * https://developer.github.com/v3/#root-endpoint
+    */
+  get("/api/v3/") {
+    JsonFormat(ApiEndPoint())
+  }
+
+  /**
+    * https://developer.github.com/v3/orgs/#get-an-organization
+    */
+  get("/api/v3/orgs/:groupName") {
+    getAccountByUserName(params("groupName")).filter(account => account.isGroupAccount).map { account =>
+      JsonFormat(ApiUser(account))
+    } getOrElse NotFound()
+  }
 
   /**
    * https://developer.github.com/v3/users/#get-a-single-user
    */
   get("/api/v3/users/:userName") {
-    getAccountByUserName(params("userName")).map { account =>
+    getAccountByUserName(params("userName")).filterNot(account => account.isGroupAccount).map { account =>
       JsonFormat(ApiUser(account))
-    } getOrElse NotFound
+    } getOrElse NotFound()
   }
 
+  /**
+    * https://developer.github.com/v3/repos/#list-organization-repositories
+    */
+  get("/api/v3/orgs/:orgName/repos") {
+    JsonFormat(getVisibleRepositories(context.loginAccount, Some(params("orgName"))).map{ r => ApiRepository(r, getAccountByUserName(r.owner).get)})
+  }
+  /**
+   * https://developer.github.com/v3/repos/#list-user-repositories
+   */
+  get("/api/v3/users/:userName/repos") {
+    JsonFormat(getVisibleRepositories(context.loginAccount, Some(params("userName"))).map{ r => ApiRepository(r, getAccountByUserName(r.owner).get)})
+  }
+
+  /*
+   * https://developer.github.com/v3/repos/branches/#list-branches
+   */
+  get ("/api/v3/repos/:owner/:repo/branches")(referrersOnly { repository =>
+    JsonFormat(JGitUtil.getBranches(
+      owner         = repository.owner,
+      name          = repository.name,
+      defaultBranch = repository.repository.defaultBranch,
+      origin        = repository.repository.originUserName.isEmpty
+    ).map { br =>
+      ApiBranchForList(br.name, ApiBranchCommit(br.commitId))
+    })
+  })
+
+  /*
+   * https://developer.github.com/v3/repos/contents/#get-contents
+   */
+  get("/api/v3/repos/:owner/:repo/contents/*")(referrersOnly { repository =>
+    def getFileInfo(git: Git, revision: String, pathStr: String): Option[FileInfo] = {
+      val path = new java.io.File(pathStr)
+      val dirName = path.getParent match {
+        case null => "."
+        case s => s
+      }
+      getFileList(git, revision, dirName).find(f => f.name.equals(path.getName))
+    }
+
+    val path = multiParams("splat").head match {
+      case s if s.isEmpty => "."
+      case s => s
+    }
+    val refStr = params.getOrElse("ref", repository.repository.defaultBranch)
+
+    using(Git.open(getRepositoryDir(params("owner"), params("repo")))){ git =>
+      val fileList = getFileList(git, refStr, path)
+      if (fileList.isEmpty) { // file or NotFound
+        getFileInfo(git, refStr, path).flatMap(f => {
+          val largeFile = params.get("large_file").exists(s => s.equals("true"))
+          val content = getContentFromId(git, f.id, largeFile)
+          request.getHeader("Accept") match {
+            case "application/vnd.github.v3.raw" => {
+              contentType = "application/vnd.github.v3.raw"
+              content
+            }
+            case "application/vnd.github.v3.html" if isRenderable(f.name) => {
+              contentType = "application/vnd.github.v3.html"
+              content.map(c =>
+                List(
+                  "<div data-path=\"", path, "\" id=\"file\">", "<article>",
+                  renderMarkup(path.split("/").toList, new String(c), refStr, repository, false, false, true).body,
+                  "</article>", "</div>"
+                ).mkString
+              )
+            }
+            case "application/vnd.github.v3.html" => {
+              contentType = "application/vnd.github.v3.html"
+              content.map(c =>
+                List(
+                  "<div data-path=\"", path, "\" id=\"file\">", "<div class=\"plain\">", "<pre>",
+                  play.twirl.api.HtmlFormat.escape(new String(c)).body,
+                  "</pre>", "</div>", "</div>"
+                ).mkString
+              )
+            }
+            case _ =>
+              Some(JsonFormat(ApiContents(f, content)))
+          }
+        }).getOrElse(NotFound())
+      } else { // directory
+        JsonFormat(fileList.map{f => ApiContents(f, None)})
+      }
+    }
+  })
+
+  /*
+   * https://developer.github.com/v3/git/refs/#get-a-reference
+   */
+  get("/api/v3/repos/:owner/:repo/git/*") (referrersOnly { repository =>
+    val revstr = multiParams("splat").head
+    using(Git.open(getRepositoryDir(params("owner"), params("repo")))) { git =>
+      //JsonFormat( (revstr, git.getRepository().resolve(revstr)) )
+      // getRef is deprecated by jgit-4.2. use exactRef() or findRef()
+      val sha = git.getRepository().getRef(revstr).getObjectId().name()
+      JsonFormat(ApiRef(revstr, ApiObject(sha)))
+    }
+  })
+
+  /**
+   * https://developer.github.com/v3/repos/collaborators/#list-collaborators
+   */
+  get("/api/v3/repos/:owner/:repo/collaborators") (referrersOnly { repository =>
+    // TODO Should ApiUser take permission? getCollaboratorUserNames does not return owner group members.
+    JsonFormat(getCollaboratorUserNames(params("owner"), params("repo")).map(u => ApiUser(getAccountByUserName(u).get)))
+  })
+
   /**
    * https://developer.github.com/v3/users/#get-the-authenticated-user
    */
   get("/api/v3/user") {
     context.loginAccount.map { account =>
       JsonFormat(ApiUser(account))
-    } getOrElse Unauthorized
+    } getOrElse Unauthorized()
   }
 
+  /**
+   * List user's own repository
+   * https://developer.github.com/v3/repos/#list-your-repositories
+   */
+  get("/api/v3/user/repos")(usersOnly{
+    JsonFormat(getVisibleRepositories(context.loginAccount, Option(context.loginAccount.get.userName)).map{
+      r => ApiRepository(r, getAccountByUserName(r.owner).get)
+    })
+  })
+
   /**
    * Create user repository
    * https://developer.github.com/v3/repos/#create
@@ -92,7 +228,7 @@ trait ApiControllerBase extends ControllerBase {
           )
         }
       }
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
   /**
@@ -116,14 +252,16 @@ trait ApiControllerBase extends ControllerBase {
           )
         }
       }
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
-  /** https://developer.github.com/v3/repos/#enabling-and-disabling-branch-protection */
+  /**
+   * https://developer.github.com/v3/repos/#enabling-and-disabling-branch-protection
+   */
   patch("/api/v3/repos/:owner/:repo/branches/:branch")(ownerOnly { repository =>
     import gitbucket.core.api._
     (for{
-      branch <- params.get("branch") if repository.branchList.find(_ == branch).isDefined
+      branch     <- params.get("branch") if repository.branchList.find(_ == branch).isDefined
       protection <- extractFromJsonBody[ApiBranchProtection.EnablingAndDisabling].map(_.protection)
     } yield {
       if(protection.enabled){
@@ -132,7 +270,7 @@ trait ApiControllerBase extends ControllerBase {
         disableBranchProtection(repository.owner, repository.name, branch)
       }
       JsonFormat(ApiBranch(branch, protection)(RepositoryName(repository)))
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
   /**
@@ -145,16 +283,29 @@ trait ApiControllerBase extends ControllerBase {
     org.scalatra.NotFound(ApiError("Rate limiting is not enabled."))
   }
 
+  /**
+   * https://developer.github.com/v3/issues/#get-a-single-issue
+   */
+  get("/api/v3/repos/:owner/:repository/issues/:id")(referrersOnly { repository =>
+    (for{
+      issueId  <- params("id").toIntOpt
+      issue <- getIssue(repository.owner, repository.name, issueId.toString)
+      openedUser <- getAccountByUserName(issue.openedUserName)
+    } yield {
+      JsonFormat(ApiIssue(issue, RepositoryName(repository), ApiUser(openedUser)))
+    }) getOrElse NotFound()
+  })
+
   /**
    * https://developer.github.com/v3/issues/comments/#list-comments-on-an-issue
    */
   get("/api/v3/repos/:owner/:repository/issues/:id/comments")(referrersOnly { repository =>
     (for{
-      issueId <- params("id").toIntOpt
-      comments = getCommentsForApi(repository.owner, repository.name, issueId.toInt)
+      issueId  <- params("id").toIntOpt
+      comments =  getCommentsForApi(repository.owner, repository.name, issueId.toInt)
     } yield {
       JsonFormat(comments.map{ case (issueComment, user, issue) => ApiComment(issueComment, RepositoryName(repository), issueId, ApiUser(user), issue.isPullRequest) })
-    }).getOrElse(NotFound)
+    }) getOrElse NotFound()
   })
 
   /**
@@ -170,7 +321,7 @@ trait ApiControllerBase extends ControllerBase {
       issueComment <- getComment(repository.owner, repository.name, id.toString())
     } yield {
       JsonFormat(ApiComment(issueComment, RepositoryName(repository), issueId, ApiUser(context.loginAccount.get), issue.isPullRequest))
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
   /**
@@ -197,7 +348,7 @@ trait ApiControllerBase extends ControllerBase {
    * Create a label
    * https://developer.github.com/v3/issues/labels/#create-a-label
    */
-  post("/api/v3/repos/:owner/:repository/labels")(collaboratorsOnly { repository =>
+  post("/api/v3/repos/:owner/:repository/labels")(writableUsersOnly { repository =>
     (for{
       data <- extractFromJsonBody[CreateALabel] if data.isValid
     } yield {
@@ -222,7 +373,7 @@ trait ApiControllerBase extends ControllerBase {
    * Update a label
    * https://developer.github.com/v3/issues/labels/#update-a-label
    */
-  patch("/api/v3/repos/:owner/:repository/labels/:labelName")(collaboratorsOnly { repository =>
+  patch("/api/v3/repos/:owner/:repository/labels/:labelName")(writableUsersOnly { repository =>
     (for{
       data <- extractFromJsonBody[CreateALabel] if data.isValid
     } yield {
@@ -232,12 +383,14 @@ trait ApiControllerBase extends ControllerBase {
             updateLabel(repository.owner, repository.name, label.labelId, data.name, data.color)
             JsonFormat(ApiLabel(
               getLabel(repository.owner, repository.name, label.labelId).get,
-              RepositoryName(repository)))
+              RepositoryName(repository)
+            ))
           } else {
             // TODO ApiError should support errors field to enhance compatibility of GitHub API
             UnprocessableEntity(ApiError(
               "Validation Failed",
-              Some("https://developer.github.com/v3/issues/labels/#create-a-label")))
+              Some("https://developer.github.com/v3/issues/labels/#create-a-label")
+            ))
           }
         } getOrElse NotFound()
       }
@@ -248,7 +401,7 @@ trait ApiControllerBase extends ControllerBase {
    * Delete a label
    * https://developer.github.com/v3/issues/labels/#delete-a-label
    */
-  delete("/api/v3/repos/:owner/:repository/labels/:labelName")(collaboratorsOnly { repository =>
+  delete("/api/v3/repos/:owner/:repository/labels/:labelName")(writableUsersOnly { repository =>
     LockUtil.lock(RepositoryName(repository).fullName) {
       getLabel(repository.owner, repository.name, params("labelName")).map { label =>
         deleteLabel(repository.owner, repository.name, label.labelId)
@@ -261,18 +414,29 @@ trait ApiControllerBase extends ControllerBase {
    * https://developer.github.com/v3/pulls/#list-pull-requests
    */
   get("/api/v3/repos/:owner/:repository/pulls")(referrersOnly { repository =>
-    val page       = IssueSearchCondition.page(request)
+    val page = IssueSearchCondition.page(request)
     // TODO: more api spec condition
     val condition = IssueSearchCondition(request)
     val baseOwner = getAccountByUserName(repository.owner).get
-    val issues:List[(Issue, Account, Int, PullRequest, Repository, Account)] = searchPullRequestByApi(condition, (page - 1) * PullRequestLimit, PullRequestLimit, repository.owner -> repository.name)
-    JsonFormat(issues.map{case (issue, issueUser, commentCount, pullRequest, headRepo, headOwner) =>
+
+    val issues: List[(Issue, Account, Int, PullRequest, Repository, Account)] =
+      searchPullRequestByApi(
+        condition = condition,
+        offset    = (page - 1) * PullRequestLimit,
+        limit     = PullRequestLimit,
+        repos     = repository.owner -> repository.name
+      )
+
+    JsonFormat(issues.map { case (issue, issueUser, commentCount, pullRequest, headRepo, headOwner) =>
       ApiPullRequest(
-        issue,
-        pullRequest,
-        ApiRepository(headRepo, ApiUser(headOwner)),
-        ApiRepository(repository, ApiUser(baseOwner)),
-        ApiUser(issueUser)) })
+        issue         = issue,
+        pullRequest   = pullRequest,
+        headRepo      = ApiRepository(headRepo, ApiUser(headOwner)),
+        baseRepo      = ApiRepository(repository, ApiUser(baseOwner)),
+        user          = ApiUser(issueUser),
+        mergedComment = getMergedComment(repository.owner, repository.name, issue.issueId)
+      )
+    })
   })
 
   /**
@@ -280,21 +444,23 @@ trait ApiControllerBase extends ControllerBase {
    */
   get("/api/v3/repos/:owner/:repository/pulls/:id")(referrersOnly { repository =>
     (for{
-      issueId <- params("id").toIntOpt
+      issueId   <- params("id").toIntOpt
       (issue, pullRequest) <- getPullRequest(repository.owner, repository.name, issueId)
-      users = getAccountsByUserNames(Set(repository.owner, pullRequest.requestUserName, issue.openedUserName), Set())
+      users     =  getAccountsByUserNames(Set(repository.owner, pullRequest.requestUserName, issue.openedUserName), Set.empty)
       baseOwner <- users.get(repository.owner)
       headOwner <- users.get(pullRequest.requestUserName)
       issueUser <- users.get(issue.openedUserName)
       headRepo  <- getRepository(pullRequest.requestUserName, pullRequest.requestRepositoryName)
     } yield {
       JsonFormat(ApiPullRequest(
-        issue,
-        pullRequest,
-        ApiRepository(headRepo, ApiUser(headOwner)),
-        ApiRepository(repository, ApiUser(baseOwner)),
-        ApiUser(issueUser)))
-    }).getOrElse(NotFound)
+        issue         = issue,
+        pullRequest   = pullRequest,
+        headRepo      = ApiRepository(headRepo, ApiUser(headOwner)),
+        baseRepo      = ApiRepository(repository, ApiUser(baseOwner)),
+        user          = ApiUser(issueUser),
+        mergedComment = getMergedComment(repository.owner, repository.name, issue.issueId)
+      ))
+    }) getOrElse NotFound()
   })
 
   /**
@@ -309,11 +475,11 @@ trait ApiControllerBase extends ControllerBase {
           val oldId = git.getRepository.resolve(pullreq.commitIdFrom)
           val newId = git.getRepository.resolve(pullreq.commitIdTo)
           val repoFullName = RepositoryName(repository)
-          val commits = git.log.addRange(oldId, newId).call.iterator.asScala.map(c => ApiCommitListItem(new CommitInfo(c), repoFullName)).toList
+          val commits = git.log.addRange(oldId, newId).call.iterator.asScala.map { c => ApiCommitListItem(new CommitInfo(c), repoFullName) }.toList
           JsonFormat(commits)
         }
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   /**
@@ -326,19 +492,19 @@ trait ApiControllerBase extends ControllerBase {
   /**
    * https://developer.github.com/v3/repos/statuses/#create-a-status
    */
-  post("/api/v3/repos/:owner/:repo/statuses/:sha")(collaboratorsOnly { repository =>
+  post("/api/v3/repos/:owner/:repo/statuses/:sha")(writableUsersOnly { repository =>
     (for{
-      ref <- params.get("sha")
-      sha <- JGitUtil.getShaByRef(repository.owner, repository.name, ref)
-      data <- extractFromJsonBody[CreateAStatus] if data.isValid
-      creator <- context.loginAccount
-      state <- CommitState.valueOf(data.state)
-      statusId = createCommitStatus(repository.owner, repository.name, sha, data.context.getOrElse("default"),
-        state, data.target_url, data.description, new java.util.Date(), creator)
-      status <- getCommitStatus(repository.owner, repository.name, statusId)
+      ref      <- params.get("sha")
+      sha      <- JGitUtil.getShaByRef(repository.owner, repository.name, ref)
+      data     <- extractFromJsonBody[CreateAStatus] if data.isValid
+      creator  <- context.loginAccount
+      state    <- CommitState.valueOf(data.state)
+      statusId =  createCommitStatus(repository.owner, repository.name, sha, data.context.getOrElse("default"),
+                                     state, data.target_url, data.description, new java.util.Date(), creator)
+      status   <- getCommitStatus(repository.owner, repository.name, statusId)
     } yield {
       JsonFormat(ApiCommitStatus(status, ApiUser(creator)))
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
   /**
@@ -354,7 +520,7 @@ trait ApiControllerBase extends ControllerBase {
       JsonFormat(getCommitStatuesWithCreator(repository.owner, repository.name, sha).map{ case(status, creator) =>
         ApiCommitStatus(status, ApiUser(creator))
       })
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
   /**
@@ -373,17 +539,17 @@ trait ApiControllerBase extends ControllerBase {
    */
   get("/api/v3/repos/:owner/:repo/commits/:ref/status")(referrersOnly { repository =>
     (for{
-      ref <- params.get("ref")
+      ref   <- params.get("ref")
       owner <- getAccountByUserName(repository.owner)
-      sha <- JGitUtil.getShaByRef(repository.owner, repository.name, ref)
+      sha   <- JGitUtil.getShaByRef(repository.owner, repository.name, ref)
     } yield {
       val statuses = getCommitStatuesWithCreator(repository.owner, repository.name, sha)
       JsonFormat(ApiCombinedCommitStatus(sha, statuses, ApiRepository(repository, owner)))
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
   private def isEditable(owner: String, repository: String, author: String)(implicit context: Context): Boolean =
-    hasWritePermission(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
+    hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
 
 }
 

src/main/scala/gitbucket/core/controller/ControllerBase.scala

@@ -191,6 +191,7 @@ case class Context(settings: SystemSettingsService.SystemSettings, loginAccount:
     case agent if agent.contains("Win") => "windows"
     case _ => null
   }
+  val sidebarCollapse = request.getSession.getAttribute("sidebar-collapse") != null
 
   /**
    * Get object from cache.
@@ -244,4 +245,13 @@ trait AccountManagementControllerBase extends ControllerBase {
         .map    { _ => "Mail address is already registered." }
   }
 
+  val allReservedNames = Set("git", "admin", "upload", "api")
+  protected def reservedNames(): Constraint = new Constraint(){
+    override def validate(name: String, value: String, messages: Messages): Option[String] = if(allReservedNames.contains(value)){
+      Some(s"${value} is reserved")
+    } else {
+      None
+    }
+  }
+
 }

src/main/scala/gitbucket/core/controller/DashboardController.scala

@@ -1,13 +1,13 @@
 package gitbucket.core.controller
 
 import gitbucket.core.dashboard.html
-import gitbucket.core.service.{RepositoryService, PullRequestService, AccountService, IssuesService}
-import gitbucket.core.util.{StringUtil, Keys, UsersAuthenticator}
+import gitbucket.core.service._
+import gitbucket.core.util.{Keys, UsersAuthenticator}
 import gitbucket.core.util.Implicits._
 import gitbucket.core.service.IssuesService._
 
 class DashboardController extends DashboardControllerBase
-  with IssuesService with PullRequestService with RepositoryService with AccountService
+  with IssuesService with PullRequestService with RepositoryService with AccountService with CommitsService
   with UsersAuthenticator
 
 trait DashboardControllerBase extends ControllerBase {
@@ -15,20 +15,7 @@ trait DashboardControllerBase extends ControllerBase {
     with UsersAuthenticator =>
 
   get("/dashboard/issues")(usersOnly {
-    val q = request.getParameter("q")
-    val account = context.loginAccount.get
-    Option(q).map { q =>
-      val condition = IssueSearchCondition(q, Map[String, Int]())
-      q match {
-        case q if(q.contains("is:pr")) => redirect(s"/dashboard/pulls?q=${StringUtil.urlEncode(q)}")
-        case q if(q.contains(s"author:${account.userName}")) => redirect(s"/dashboard/issues/created_by${condition.toURL}")
-        case q if(q.contains(s"assignee:${account.userName}")) => redirect(s"/dashboard/issues/assigned${condition.toURL}")
-        case q if(q.contains(s"mentions:${account.userName}")) => redirect(s"/dashboard/issues/mentioned${condition.toURL}")
-        case _ => searchIssues("created_by")
-      }
-    } getOrElse {
-      searchIssues("created_by")
-    }
+    searchIssues("created_by")
   })
 
   get("/dashboard/issues/assigned")(usersOnly {
@@ -44,20 +31,7 @@ trait DashboardControllerBase extends ControllerBase {
   })
 
   get("/dashboard/pulls")(usersOnly {
-    val q = request.getParameter("q")
-    val account = context.loginAccount.get
-    Option(q).map { q =>
-      val condition = IssueSearchCondition(q, Map[String, Int]())
-      q match {
-        case q if(q.contains("is:issue")) => redirect(s"/dashboard/issues?q=${StringUtil.urlEncode(q)}")
-        case q if(q.contains(s"author:${account.userName}")) => redirect(s"/dashboard/pulls/created_by${condition.toURL}")
-        case q if(q.contains(s"assignee:${account.userName}")) => redirect(s"/dashboard/pulls/assigned${condition.toURL}")
-        case q if(q.contains(s"mentions:${account.userName}")) => redirect(s"/dashboard/pulls/mentioned${condition.toURL}")
-        case _ => searchPullRequests("created_by")
-      }
-    } getOrElse {
-      searchPullRequests("created_by")
-    }
+    searchPullRequests("created_by")
   })
 
   get("/dashboard/pulls/created_by")(usersOnly {
@@ -73,19 +47,12 @@ trait DashboardControllerBase extends ControllerBase {
   })
 
   private def getOrCreateCondition(key: String, filter: String, userName: String) = {
-    val condition = session.putAndGet(key, if(request.hasQueryString){
-      val q = request.getParameter("q")
-      if(q == null){
-        IssueSearchCondition(request)
-      } else {
-        IssueSearchCondition(q, Map[String, Int]())
-      }
-    } else session.getAs[IssueSearchCondition](key).getOrElse(IssueSearchCondition()))
+    val condition = IssueSearchCondition(request)
 
     filter match {
-      case "assigned"  => condition.copy(assigned = Some(userName), author = None          , mentioned = None)
-      case "mentioned" => condition.copy(assigned = None          , author = None          , mentioned = Some(userName))
-      case _           => condition.copy(assigned = None          , author = Some(userName), mentioned = None)
+      case "assigned"  => condition.copy(assigned = Some(Some(userName)), author = None, mentioned = None)
+      case "mentioned" => condition.copy(assigned = None, author = None, mentioned = Some(userName))
+      case _           => condition.copy(assigned = None, author = Some(userName), mentioned = None)
     }
   }
 
@@ -103,13 +70,13 @@ trait DashboardControllerBase extends ControllerBase {
       countIssue(condition.copy(state = "open"  ), false, userRepos: _*),
       countIssue(condition.copy(state = "closed"), false, userRepos: _*),
       filter match {
-        case "assigned"  => condition.copy(assigned  = Some(userName))
+        case "assigned"  => condition.copy(assigned  = Some(Some(userName)))
         case "mentioned" => condition.copy(mentioned = Some(userName))
         case _           => condition.copy(author    = Some(userName))
       },
       filter,
       getGroupNames(userName),
-      getVisibleRepositories(context.loginAccount, withoutPhysicalInfo = true),
+      Nil,
       getUserRepositories(userName, withoutPhysicalInfo = true))
   }
 
@@ -128,13 +95,13 @@ trait DashboardControllerBase extends ControllerBase {
       countIssue(condition.copy(state = "open"  ), true, allRepos: _*),
       countIssue(condition.copy(state = "closed"), true, allRepos: _*),
       filter match {
-        case "assigned"  => condition.copy(assigned  = Some(userName))
+        case "assigned"  => condition.copy(assigned  = Some(Some(userName)))
         case "mentioned" => condition.copy(mentioned = Some(userName))
         case _           => condition.copy(author    = Some(userName))
       },
       filter,
       getGroupNames(userName),
-      getVisibleRepositories(context.loginAccount, withoutPhysicalInfo = true),
+      Nil,
       getUserRepositories(userName, withoutPhysicalInfo = true))
   }
 

src/main/scala/gitbucket/core/controller/FileUploadController.scala

@@ -48,7 +48,7 @@ class FileUploadController extends ScalatraServlet with FileUploadSupport with R
       // Check whether logged-in user is collaborator
       collaboratorsOnly(owner, repository, loginAccount){
         execute({ (file, fileId) =>
-          val fileName   = file.getName
+          val fileName = file.getName
           LockUtil.lock(s"${owner}/${repository}/wiki") {
             using(Git.open(Directory.getWikiRepositoryDir(owner, repository))) { git =>
               val builder  = DirCache.newInCore.builder()
@@ -73,21 +73,16 @@ class FileUploadController extends ScalatraServlet with FileUploadSupport with R
               fileName
             }
           }
-        }, FileUtil.isImage)
+        }, FileUtil.isUploadableType)
       }
-    } getOrElse BadRequest
+    } getOrElse BadRequest()
   }
 
   post("/import") {
+    import JDBCUtil._
     session.get(Keys.Session.LoginAccount).collect { case loginAccount: Account if loginAccount.isAdmin =>
       execute({ (file, fileId) =>
-        if(file.getName.endsWith(".xml")){
-          import JDBCUtil._
-          val conn = request2Session(request).conn
-          conn.importAsXML(file.getInputStream)
-        } else {
-          throw new RuntimeException("Import is available for only the XML file.")
-        }
+        request2Session(request).conn.importAsSQL(file.getInputStream)
       }, _ => true)
     }
     redirect("/admin/data")
@@ -98,7 +93,7 @@ class FileUploadController extends ScalatraServlet with FileUploadSupport with R
     loginAccount match {
       case x if(x.isAdmin) => action
       case x if(getCollaborators(owner, repository).contains(x.userName)) => action
-      case _ => BadRequest
+      case _ => BadRequest()
     }
   }
 
@@ -106,10 +101,9 @@ class FileUploadController extends ScalatraServlet with FileUploadSupport with R
     case Some(file) if(mimeTypeChcker(file.name)) =>
       defining(FileUtil.generateFileId){ fileId =>
         f(file, fileId)
-
         Ok(fileId)
       }
-    case _ => BadRequest
+    case _ => BadRequest()
   }
 
 }

src/main/scala/gitbucket/core/controller/IndexController.scala

@@ -5,9 +5,9 @@ import gitbucket.core.model.Account
 import gitbucket.core.service._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.ControlUtil._
-import gitbucket.core.util.{LDAPUtil, Keys, UsersAuthenticator, ReferrerAuthenticator, StringUtil}
-
+import gitbucket.core.util.{Keys, LDAPUtil, ReferrerAuthenticator, StringUtil, UsersAuthenticator}
 import io.github.gitbucket.scalatra.forms._
+import org.scalatra.Ok
 
 
 class IndexController extends IndexControllerBase 
@@ -36,23 +36,11 @@ trait IndexControllerBase extends ControllerBase {
 
 
   get("/"){
-    val loginAccount = context.loginAccount
-    if(loginAccount.isEmpty) {
-        gitbucket.core.html.index(getRecentActivities(),
-            getVisibleRepositories(loginAccount, withoutPhysicalInfo = true),
-            loginAccount.map{ account => getUserRepositories(account.userName, withoutPhysicalInfo = true) }.getOrElse(Nil)
-        )
-    } else {
-        val loginUserName = loginAccount.get.userName
-        val loginUserGroups = getGroupsByUserName(loginUserName)
-        var visibleOwnerSet : Set[String] = Set(loginUserName)
-        
-        visibleOwnerSet ++= loginUserGroups
-
-        gitbucket.core.html.index(getRecentActivitiesByOwners(visibleOwnerSet),
-            getVisibleRepositories(loginAccount, withoutPhysicalInfo = true),
-            loginAccount.map{ account => getUserRepositories(account.userName, withoutPhysicalInfo = true) }.getOrElse(Nil) 
-        )
+    context.loginAccount.map { account =>
+      val visibleOwnerSet: Set[String] = Set(account.userName) ++ getGroupsByUserName(account.userName)
+      gitbucket.core.html.index(getRecentActivitiesByOwners(visibleOwnerSet), Nil, getUserRepositories(account.userName, withoutPhysicalInfo = true))
+    }.getOrElse {
+      gitbucket.core.html.index(getRecentActivities(), getVisibleRepositories(None, withoutPhysicalInfo = true), Nil)
     }
   }
 
@@ -81,6 +69,15 @@ trait IndexControllerBase extends ControllerBase {
     xml.feed(getRecentActivities())
   }
 
+  get("/sidebar-collapse"){
+    if(params("collapse") == "true"){
+      session.setAttribute("sidebar-collapse", "true")
+    }  else {
+      session.setAttribute("sidebar-collapse", null)
+    }
+    Ok()
+  }
+
   /**
    * Set account information into HttpSession and redirect.
    */
@@ -108,27 +105,35 @@ trait IndexControllerBase extends ControllerBase {
    */
   get("/_user/proposals")(usersOnly {
     contentType = formats("json")
+    val user  = params("user").toBoolean
+    val group = params("group").toBoolean
     org.json4s.jackson.Serialization.write(
-      Map("options" -> getAllUsers(false).filter(!_.isGroupAccount).map(_.userName).toArray)
+      Map("options" -> (
+        getAllUsers(false)
+          .withFilter { t => (user, group) match {
+            case (true, true) => true
+            case (true, false) => !t.isGroupAccount
+            case (false, true) => t.isGroupAccount
+            case (false, false) => false
+          }}.map { t => t.userName }
+      ))
     )
   })
 
   /**
-   * JSON API for checking user existence.
+   * JSON API for checking user or group existence.
+   * Returns a single string which is any of "group", "user" or "".
    */
   post("/_user/existence")(usersOnly {
-    getAccountByUserName(params("userName")).isDefined
+    getAccountByUserName(params("userName")).map { account =>
+      if(account.isGroupAccount) "group" else "user"
+    } getOrElse ""
   })
 
-  // TODO Move to RepositoryViwerController?
-  post("/search", searchForm){ form =>
-    redirect(s"/${form.owner}/${form.repository}/search?q=${StringUtil.urlEncode(form.query)}")
-  }
-
   // TODO Move to RepositoryViwerController?
   get("/:owner/:repository/search")(referrersOnly { repository =>
-    defining(params("q").trim, params.getOrElse("type", "code")){ case (query, target) =>
-      val page   = try {
+    defining(params.getOrElse("q", "").trim, params.getOrElse("type", "code")){ case (query, target) =>
+      val page = try {
         val i = params.getOrElse("page", "1").toInt
         if(i <= 0) 1 else i
       } catch {
@@ -137,23 +142,31 @@ trait IndexControllerBase extends ControllerBase {
 
       target.toLowerCase match {
         case "issue" => gitbucket.core.search.html.issues(
-          countFiles(repository.owner, repository.name, query),
-          searchIssues(repository.owner, repository.name, query),
-          countWikiPages(repository.owner, repository.name, query),
+          if(query.nonEmpty) searchIssues(repository.owner, repository.name, query) else Nil,
           query, page, repository)
 
         case "wiki" => gitbucket.core.search.html.wiki(
-          countFiles(repository.owner, repository.name, query),
-          countIssues(repository.owner, repository.name, query),
-          searchWikiPages(repository.owner, repository.name, query),
+          if(query.nonEmpty) searchWikiPages(repository.owner, repository.name, query) else Nil,
           query, page, repository)
 
         case _ => gitbucket.core.search.html.code(
-          searchFiles(repository.owner, repository.name, query),
-          countIssues(repository.owner, repository.name, query),
-          countWikiPages(repository.owner, repository.name, query),
+          if(query.nonEmpty) searchFiles(repository.owner, repository.name, query) else Nil,
           query, page, repository)
       }
     }
   })
+
+  get("/search"){
+    val query = params.getOrElse("query", "").trim.toLowerCase
+    val visibleRepositories = getVisibleRepositories(context.loginAccount, None)
+    val repositories = visibleRepositories.filter { repository =>
+      repository.name.toLowerCase.indexOf(query) >= 0 || repository.owner.toLowerCase.indexOf(query) >= 0
+    }
+    context.loginAccount.map { account =>
+      gitbucket.core.search.html.repositories(query, repositories, Nil, getUserRepositories(account.userName, withoutPhysicalInfo = true))
+    }.getOrElse {
+      gitbucket.core.search.html.repositories(query, repositories, visibleRepositories, Nil)
+    }
+  }
+
 }

src/main/scala/gitbucket/core/controller/IssuesController.scala

@@ -2,24 +2,45 @@ package gitbucket.core.controller
 
 import gitbucket.core.issues.html
 import gitbucket.core.service.IssuesService._
+import gitbucket.core.service.RepositoryService.RepositoryInfo
 import gitbucket.core.service._
 import gitbucket.core.util.ControlUtil._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util._
 import gitbucket.core.view
 import gitbucket.core.view.Markdown
-
 import io.github.gitbucket.scalatra.forms._
 import org.scalatra.Ok
 
 
 class IssuesController extends IssuesControllerBase
-  with IssuesService with RepositoryService with AccountService with LabelsService with MilestonesService with ActivityService with HandleCommentService
-  with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with WebHookIssueCommentService
+  with IssuesService
+  with RepositoryService
+  with AccountService
+  with LabelsService
+  with MilestonesService
+  with ActivityService
+  with HandleCommentService
+  with ReadableUsersAuthenticator
+  with ReferrerAuthenticator
+  with WritableUsersAuthenticator
+  with PullRequestService
+  with WebHookIssueCommentService
+  with CommitsService
 
 trait IssuesControllerBase extends ControllerBase {
-  self: IssuesService with RepositoryService with AccountService with LabelsService with MilestonesService with ActivityService with HandleCommentService
-    with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with WebHookIssueCommentService =>
+  self: IssuesService
+    with RepositoryService
+    with AccountService
+    with LabelsService
+    with MilestonesService
+    with ActivityService
+    with HandleCommentService
+    with ReadableUsersAuthenticator
+    with ReferrerAuthenticator
+    with WritableUsersAuthenticator
+    with PullRequestService
+    with WebHookIssueCommentService =>
 
   case class IssueCreateForm(title: String, content: Option[String],
     assignedUserName: Option[String], milestoneId: Option[Int], labelNames: Option[String])
@@ -67,145 +88,149 @@ trait IssuesControllerBase extends ControllerBase {
           _,
           getComments(owner, name, issueId.toInt),
           getIssueLabels(owner, name, issueId.toInt),
-          (getCollaborators(owner, name) ::: (if(getAccountByUserName(owner).get.isGroupAccount) Nil else List(owner))).sorted,
+          getAssignableUserNames(owner, name),
           getMilestonesWithIssueCount(owner, name),
           getLabels(owner, name),
-          hasWritePermission(owner, name, context.loginAccount),
+          isEditable(repository),
+          isManageable(repository),
           repository)
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
   get("/:owner/:repository/issues/new")(readableUsersOnly { repository =>
-    defining(repository.owner, repository.name){ case (owner, name) =>
-      html.create(
-        (getCollaborators(owner, name) ::: (if(getAccountByUserName(owner).get.isGroupAccount) Nil else List(owner))).sorted,
+    if(isEditable(repository)){ // TODO Should this check is provided by authenticator?
+      defining(repository.owner, repository.name){ case (owner, name) =>
+        html.create(
+          getAssignableUserNames(owner, name),
           getMilestones(owner, name),
           getLabels(owner, name),
-          hasWritePermission(owner, name, context.loginAccount),
+          isManageable(repository),
           repository)
-    }
+      }
+    } else Unauthorized()
   })
 
   post("/:owner/:repository/issues/new", issueCreateForm)(readableUsersOnly { (form, repository) =>
-    defining(repository.owner, repository.name){ case (owner, name) =>
-      val writable = hasWritePermission(owner, name, context.loginAccount)
-      val userName = context.loginAccount.get.userName
+    if(isEditable(repository)){ // TODO Should this check is provided by authenticator?
+      defining(repository.owner, repository.name){ case (owner, name) =>
+        val manageable = isManageable(repository)
+        val userName = context.loginAccount.get.userName
 
-      // insert issue
-      val issueId = createIssue(owner, name, userName, form.title, form.content,
-        if(writable) form.assignedUserName else None,
-        if(writable) form.milestoneId else None)
+        // insert issue
+        val issueId = createIssue(owner, name, userName, form.title, form.content,
+          if (manageable) form.assignedUserName else None,
+          if (manageable) form.milestoneId else None)
 
-      // insert labels
-      if(writable){
-        form.labelNames.map { value =>
-          val labels = getLabels(owner, name)
-          value.split(",").foreach { labelName =>
-            labels.find(_.labelName == labelName).map { label =>
-              registerIssueLabel(owner, name, issueId, label.labelId)
+        // insert labels
+        if (manageable) {
+          form.labelNames.map { value =>
+            val labels = getLabels(owner, name)
+            value.split(",").foreach { labelName =>
+              labels.find(_.labelName == labelName).map { label =>
+                registerIssueLabel(owner, name, issueId, label.labelId)
+              }
             }
           }
         }
-      }
 
-      // record activity
-      recordCreateIssueActivity(owner, name, userName, issueId, form.title)
+        // record activity
+        recordCreateIssueActivity(owner, name, userName, issueId, form.title)
 
-      getIssue(owner, name, issueId.toString).foreach { issue =>
-        // extract references and create refer comment
-        createReferComment(owner, name, issue, form.title + " " + form.content.getOrElse(""), context.loginAccount.get)
+        getIssue(owner, name, issueId.toString).foreach { issue =>
+          // extract references and create refer comment
+          createReferComment(owner, name, issue, form.title + " " + form.content.getOrElse(""), context.loginAccount.get)
 
-        // call web hooks
-        callIssuesWebHook("opened", repository, issue, context.baseUrl, context.loginAccount.get)
+          // call web hooks
+          callIssuesWebHook("opened", repository, issue, context.baseUrl, context.loginAccount.get)
 
-        // notifications
-        Notifier().toNotify(repository, issue, form.content.getOrElse("")){
-          Notifier.msgIssue(s"${context.baseUrl}/${owner}/${name}/issues/${issueId}")
+          // notifications
+          Notifier().toNotify(repository, issue, form.content.getOrElse("")) {
+            Notifier.msgIssue(s"${context.baseUrl}/${owner}/${name}/issues/${issueId}")
+          }
         }
-      }
 
-      redirect(s"/${owner}/${name}/issues/${issueId}")
-    }
+        redirect(s"/${owner}/${name}/issues/${issueId}")
+      }
+    } else Unauthorized()
   })
 
   ajaxPost("/:owner/:repository/issues/edit_title/:id", issueTitleEditForm)(readableUsersOnly { (title, repository) =>
     defining(repository.owner, repository.name){ case (owner, name) =>
       getIssue(owner, name, params("id")).map { issue =>
-        if(isEditable(owner, name, issue.openedUserName)){
+        if(isEditableContent(owner, name, issue.openedUserName)){
           // update issue
           updateIssue(owner, name, issue.issueId, title, issue.content)
           // extract references and create refer comment
           createReferComment(owner, name, issue.copy(title = title), title, context.loginAccount.get)
 
           redirect(s"/${owner}/${name}/issues/_data/${issue.issueId}")
-        } else Unauthorized
-      } getOrElse NotFound
+        } else Unauthorized()
+      } getOrElse NotFound()
     }
   })
 
   ajaxPost("/:owner/:repository/issues/edit/:id", issueEditForm)(readableUsersOnly { (content, repository) =>
     defining(repository.owner, repository.name){ case (owner, name) =>
       getIssue(owner, name, params("id")).map { issue =>
-        if(isEditable(owner, name, issue.openedUserName)){
+        if(isEditableContent(owner, name, issue.openedUserName)){
           // update issue
           updateIssue(owner, name, issue.issueId, issue.title, content)
           // extract references and create refer comment
           createReferComment(owner, name, issue, content.getOrElse(""), context.loginAccount.get)
 
           redirect(s"/${owner}/${name}/issues/_data/${issue.issueId}")
-        } else Unauthorized
-      } getOrElse NotFound
+        } else Unauthorized()
+      } getOrElse NotFound()
     }
   })
 
   post("/:owner/:repository/issue_comments/new", commentForm)(readableUsersOnly { (form, repository) =>
     getIssue(repository.owner, repository.name, form.issueId.toString).flatMap { issue =>
-      val actionOpt = params.get("action").filter(_ => isEditable(issue.userName, issue.repositoryName, issue.openedUserName))
+      val actionOpt = params.get("action").filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName))
       handleComment(issue, Some(form.content), repository, actionOpt) map { case (issue, id) =>
         redirect(s"/${repository.owner}/${repository.name}/${
           if(issue.isPullRequest) "pull" else "issues"}/${form.issueId}#comment-${id}")
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   post("/:owner/:repository/issue_comments/state", issueStateForm)(readableUsersOnly { (form, repository) =>
     getIssue(repository.owner, repository.name, form.issueId.toString).flatMap { issue =>
-      val actionOpt = params.get("action").filter(_ => isEditable(issue.userName, issue.repositoryName, issue.openedUserName))
+      val actionOpt = params.get("action").filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName))
       handleComment(issue, form.content, repository, actionOpt) map { case (issue, id) =>
         redirect(s"/${repository.owner}/${repository.name}/${
           if(issue.isPullRequest) "pull" else "issues"}/${form.issueId}#comment-${id}")
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   ajaxPost("/:owner/:repository/issue_comments/edit/:id", commentForm)(readableUsersOnly { (form, repository) =>
     defining(repository.owner, repository.name){ case (owner, name) =>
       getComment(owner, name, params("id")).map { comment =>
-        if(isEditable(owner, name, comment.commentedUserName)){
+        if(isEditableContent(owner, name, comment.commentedUserName)){
           updateComment(comment.commentId, form.content)
           redirect(s"/${owner}/${name}/issue_comments/_data/${comment.commentId}")
-        } else Unauthorized
-      } getOrElse NotFound
+        } else Unauthorized()
+      } getOrElse NotFound()
     }
   })
 
   ajaxPost("/:owner/:repository/issue_comments/delete/:id")(readableUsersOnly { repository =>
     defining(repository.owner, repository.name){ case (owner, name) =>
       getComment(owner, name, params("id")).map { comment =>
-        if(isEditable(owner, name, comment.commentedUserName)){
+        if(isEditableContent(owner, name, comment.commentedUserName)){
           Ok(deleteComment(comment.commentId))
-        } else Unauthorized
-      } getOrElse NotFound
+        } else Unauthorized()
+      } getOrElse NotFound()
     }
   })
 
   ajaxGet("/:owner/:repository/issues/_data/:id")(readableUsersOnly { repository =>
     getIssue(repository.owner, repository.name, params("id")) map { x =>
-      if(isEditable(x.userName, x.repositoryName, x.openedUserName)){
+      if(isEditableContent(x.userName, x.repositoryName, x.openedUserName)){
         params.get("dataType") collect {
-          case t if t == "html" => html.editissue(
-              x.content, x.issueId, x.userName, x.repositoryName)
+          case t if t == "html" => html.editissue(x.content, x.issueId, repository)
         } getOrElse {
           contentType = formats("json")
           org.json4s.jackson.Serialization.write(
@@ -219,21 +244,20 @@ trait IssuesControllerBase extends ControllerBase {
                 enableAnchor = true,
                 enableLineBreaks = true,
                 enableTaskList = true,
-                hasWritePermission = isEditable(x.userName, x.repositoryName, x.openedUserName)
+                hasWritePermission = true
               )
             )
           )
         }
-      } else Unauthorized
-    } getOrElse NotFound
+      } else Unauthorized()
+    } getOrElse NotFound()
   })
 
   ajaxGet("/:owner/:repository/issue_comments/_data/:id")(readableUsersOnly { repository =>
     getComment(repository.owner, repository.name, params("id")) map { x =>
-      if(isEditable(x.userName, x.repositoryName, x.commentedUserName)){
+      if(isEditableContent(x.userName, x.repositoryName, x.commentedUserName)){
         params.get("dataType") collect {
-          case t if t == "html" => html.editcomment(
-              x.content, x.commentId, x.userName, x.repositoryName)
+          case t if t == "html" => html.editcomment(x.content, x.commentId, repository)
         } getOrElse {
           contentType = formats("json")
           org.json4s.jackson.Serialization.write(
@@ -246,51 +270,51 @@ trait IssuesControllerBase extends ControllerBase {
                 enableAnchor = true,
                 enableLineBreaks = true,
                 enableTaskList = true,
-                hasWritePermission = isEditable(x.userName, x.repositoryName, x.commentedUserName)
+                hasWritePermission = true
               )
             )
           )
         }
-      } else Unauthorized
-    } getOrElse NotFound
+      } else Unauthorized()
+    } getOrElse NotFound()
   })
 
-  ajaxPost("/:owner/:repository/issues/new/label")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/new/label")(writableUsersOnly { repository =>
     val labelNames = params("labelNames").split(",")
     val labels = getLabels(repository.owner, repository.name).filter(x => labelNames.contains(x.labelName))
     html.labellist(labels)
   })
 
-  ajaxPost("/:owner/:repository/issues/:id/label/new")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/:id/label/new")(writableUsersOnly { repository =>
     defining(params("id").toInt){ issueId =>
       registerIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt)
       html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
     }
   })
 
-  ajaxPost("/:owner/:repository/issues/:id/label/delete")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/:id/label/delete")(writableUsersOnly { repository =>
     defining(params("id").toInt){ issueId =>
       deleteIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt)
       html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
     }
   })
 
-  ajaxPost("/:owner/:repository/issues/:id/assign")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/:id/assign")(writableUsersOnly { repository =>
     updateAssignedUserName(repository.owner, repository.name, params("id").toInt, assignedUserName("assignedUserName"))
     Ok("updated")
   })
 
-  ajaxPost("/:owner/:repository/issues/:id/milestone")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/:id/milestone")(writableUsersOnly { repository =>
     updateMilestoneId(repository.owner, repository.name, params("id").toInt, milestoneId("milestoneId"))
     milestoneId("milestoneId").map { milestoneId =>
       getMilestonesWithIssueCount(repository.owner, repository.name)
           .find(_._1.milestoneId == milestoneId).map { case (_, openCount, closeCount) =>
         gitbucket.core.issues.milestones.html.progress(openCount + closeCount, closeCount)
-      } getOrElse NotFound
+      } getOrElse NotFound()
     } getOrElse Ok()
   })
 
-  post("/:owner/:repository/issues/batchedit/state")(collaboratorsOnly { repository =>
+  post("/:owner/:repository/issues/batchedit/state")(writableUsersOnly { repository =>
     defining(params.get("value")){ action =>
       action match {
         case Some("open")  => executeBatch(repository) { issueId =>
@@ -308,17 +332,17 @@ trait IssuesControllerBase extends ControllerBase {
     }
   })
 
-  post("/:owner/:repository/issues/batchedit/label")(collaboratorsOnly { repository =>
+  post("/:owner/:repository/issues/batchedit/label")(writableUsersOnly { repository =>
     params("value").toIntOpt.map{ labelId =>
       executeBatch(repository) { issueId =>
         getIssueLabel(repository.owner, repository.name, issueId, labelId) getOrElse {
           registerIssueLabel(repository.owner, repository.name, issueId, labelId)
         }
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
-  post("/:owner/:repository/issues/batchedit/assign")(collaboratorsOnly { repository =>
+  post("/:owner/:repository/issues/batchedit/assign")(writableUsersOnly { repository =>
     defining(assignedUserName("value")){ value =>
       executeBatch(repository) {
         updateAssignedUserName(repository.owner, repository.name, _, value)
@@ -326,7 +350,7 @@ trait IssuesControllerBase extends ControllerBase {
     }
   })
 
-  post("/:owner/:repository/issues/batchedit/milestone")(collaboratorsOnly { repository =>
+  post("/:owner/:repository/issues/batchedit/milestone")(writableUsersOnly { repository =>
     defining(milestoneId("value")){ value =>
       executeBatch(repository) {
         updateMilestoneId(repository.owner, repository.name, _, value)
@@ -342,15 +366,12 @@ trait IssuesControllerBase extends ControllerBase {
           RawData(FileUtil.getMimeType(file.getName), file)
         }
       case _ => None
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
   val assignedUserName = (key: String) => params.get(key) filter (_.trim != "")
   val milestoneId: String => Option[Int] = (key: String) => params.get(key).flatMap(_.toIntOpt)
 
-  private def isEditable(owner: String, repository: String, author: String)(implicit context: Context): Boolean =
-    hasWritePermission(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
-
   private def executeBatch(repository: RepositoryService.RepositoryInfo)(execute: Int => Unit) = {
     params("checked").split(',') map(_.toInt) foreach execute
     params("from") match {
@@ -361,37 +382,51 @@ trait IssuesControllerBase extends ControllerBase {
 
   private def searchIssues(repository: RepositoryService.RepositoryInfo) = {
     defining(repository.owner, repository.name){ case (owner, repoName) =>
-      val page       = IssueSearchCondition.page(request)
-      val sessionKey = Keys.Session.Issues(owner, repoName)
+      val page = IssueSearchCondition.page(request)
 
       // retrieve search condition
-      val condition = session.putAndGet(sessionKey,
-        if(request.hasQueryString){
-          val q = request.getParameter("q")
-          if(q == null || q.trim.isEmpty){
-            IssueSearchCondition(request)
-          } else {
-            IssueSearchCondition(q, getMilestones(owner, repoName).map(x => (x.title, x.milestoneId)).toMap)
-          }
-        } else session.getAs[IssueSearchCondition](sessionKey).getOrElse(IssueSearchCondition())
-      )
+      val condition = IssueSearchCondition(request)
 
       html.list(
           "issues",
           searchIssue(condition, false, (page - 1) * IssueLimit, IssueLimit, owner -> repoName),
           page,
-          if(!getAccountByUserName(owner).exists(_.isGroupAccount)){
-            (getCollaborators(owner, repoName) :+ owner).sorted
-          } else {
-            getCollaborators(owner, repoName)
-          },
+          getAssignableUserNames(owner, repoName),
           getMilestones(owner, repoName),
           getLabels(owner, repoName),
           countIssue(condition.copy(state = "open"  ), false, owner -> repoName),
           countIssue(condition.copy(state = "closed"), false, owner -> repoName),
           condition,
           repository,
-          hasWritePermission(owner, repoName, context.loginAccount))
+          isEditable(repository),
+          isManageable(repository))
     }
   }
+
+  /**
+   * Tests whether an logged-in user can manage issues.
+   */
+  private def isManageable(repository: RepositoryInfo)(implicit context: Context): Boolean = {
+    hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+  }
+
+  /**
+   * Tests whether an logged-in user can post issues.
+   */
+  private def isEditable(repository: RepositoryInfo)(implicit context: Context): Boolean = {
+    repository.repository.options.issuesOption match {
+      case "ALL"     => !repository.repository.isPrivate && context.loginAccount.isDefined
+      case "PUBLIC"  => hasGuestRole(repository.owner, repository.name, context.loginAccount)
+      case "PRIVATE" => hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+      case "DISABLE" => false
+    }
+  }
+
+  /**
+   * Tests whether an issue or a comment is editable by a logged-in user.
+   */
+  private def isEditableContent(owner: String, repository: String, author: String)(implicit context: Context): Boolean = {
+    hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
+  }
+
 }

src/main/scala/gitbucket/core/controller/LabelsController.scala

@@ -2,7 +2,7 @@ package gitbucket.core.controller
 
 import gitbucket.core.issues.labels.html
 import gitbucket.core.service.{RepositoryService, AccountService, IssuesService, LabelsService}
-import gitbucket.core.util.{ReferrerAuthenticator, CollaboratorsAuthenticator}
+import gitbucket.core.util.{ReferrerAuthenticator, WritableUsersAuthenticator}
 import gitbucket.core.util.Implicits._
 import io.github.gitbucket.scalatra.forms._
 import org.scalatra.i18n.Messages
@@ -10,11 +10,11 @@ import org.scalatra.Ok
 
 class LabelsController extends LabelsControllerBase
   with LabelsService with IssuesService with RepositoryService with AccountService
-with ReferrerAuthenticator with CollaboratorsAuthenticator
+with ReferrerAuthenticator with WritableUsersAuthenticator
 
 trait LabelsControllerBase extends ControllerBase {
   self: LabelsService with IssuesService with RepositoryService
-    with ReferrerAuthenticator with CollaboratorsAuthenticator =>
+    with ReferrerAuthenticator with WritableUsersAuthenticator =>
 
   case class LabelForm(labelName: String, color: String)
 
@@ -29,40 +29,40 @@ trait LabelsControllerBase extends ControllerBase {
       getLabels(repository.owner, repository.name),
       countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
       repository,
-      hasWritePermission(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
   })
 
-  ajaxGet("/:owner/:repository/issues/labels/new")(collaboratorsOnly { repository =>
+  ajaxGet("/:owner/:repository/issues/labels/new")(writableUsersOnly { repository =>
     html.edit(None, repository)
   })
 
-  ajaxPost("/:owner/:repository/issues/labels/new", labelForm)(collaboratorsOnly { (form, repository) =>
+  ajaxPost("/:owner/:repository/issues/labels/new", labelForm)(writableUsersOnly { (form, repository) =>
     val labelId = createLabel(repository.owner, repository.name, form.labelName, form.color.substring(1))
     html.label(
       getLabel(repository.owner, repository.name, labelId).get,
       // TODO futility
       countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
       repository,
-      hasWritePermission(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
   })
 
-  ajaxGet("/:owner/:repository/issues/labels/:labelId/edit")(collaboratorsOnly { repository =>
+  ajaxGet("/:owner/:repository/issues/labels/:labelId/edit")(writableUsersOnly { repository =>
     getLabel(repository.owner, repository.name, params("labelId").toInt).map { label =>
       html.edit(Some(label), repository)
     } getOrElse NotFound()
   })
 
-  ajaxPost("/:owner/:repository/issues/labels/:labelId/edit", labelForm)(collaboratorsOnly { (form, repository) =>
+  ajaxPost("/:owner/:repository/issues/labels/:labelId/edit", labelForm)(writableUsersOnly { (form, repository) =>
     updateLabel(repository.owner, repository.name, params("labelId").toInt, form.labelName, form.color.substring(1))
     html.label(
       getLabel(repository.owner, repository.name, params("labelId").toInt).get,
       // TODO futility
       countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
       repository,
-      hasWritePermission(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
   })
 
-  ajaxPost("/:owner/:repository/issues/labels/:labelId/delete")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/labels/:labelId/delete")(writableUsersOnly { repository =>
     deleteLabel(repository.owner, repository.name, params("labelId").toInt)
     Ok()
   })

src/main/scala/gitbucket/core/controller/MilestonesController.scala

@@ -2,17 +2,17 @@ package gitbucket.core.controller
 
 import gitbucket.core.issues.milestones.html
 import gitbucket.core.service.{RepositoryService, MilestonesService, AccountService}
-import gitbucket.core.util.{ReferrerAuthenticator, CollaboratorsAuthenticator}
+import gitbucket.core.util.{ReferrerAuthenticator, WritableUsersAuthenticator}
 import gitbucket.core.util.Implicits._
 import io.github.gitbucket.scalatra.forms._
 
 class MilestonesController extends MilestonesControllerBase
   with MilestonesService with RepositoryService with AccountService
-  with ReferrerAuthenticator with CollaboratorsAuthenticator
+  with ReferrerAuthenticator with WritableUsersAuthenticator
 
 trait MilestonesControllerBase extends ControllerBase {
   self: MilestonesService with RepositoryService
-    with ReferrerAuthenticator with CollaboratorsAuthenticator  =>
+    with ReferrerAuthenticator with WritableUsersAuthenticator  =>
 
   case class MilestoneForm(title: String, description: Option[String], dueDate: Option[java.util.Date])
 
@@ -27,58 +27,58 @@ trait MilestonesControllerBase extends ControllerBase {
       params.getOrElse("state", "open"),
       getMilestonesWithIssueCount(repository.owner, repository.name),
       repository,
-      hasWritePermission(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
   })
 
-  get("/:owner/:repository/issues/milestones/new")(collaboratorsOnly {
+  get("/:owner/:repository/issues/milestones/new")(writableUsersOnly {
     html.edit(None, _)
   })
 
-  post("/:owner/:repository/issues/milestones/new", milestoneForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/issues/milestones/new", milestoneForm)(writableUsersOnly { (form, repository) =>
     createMilestone(repository.owner, repository.name, form.title, form.description, form.dueDate)
     redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
   })
 
-  get("/:owner/:repository/issues/milestones/:milestoneId/edit")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/issues/milestones/:milestoneId/edit")(writableUsersOnly { repository =>
     params("milestoneId").toIntOpt.map{ milestoneId =>
       html.edit(getMilestone(repository.owner, repository.name, milestoneId), repository)
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
-  post("/:owner/:repository/issues/milestones/:milestoneId/edit", milestoneForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/issues/milestones/:milestoneId/edit", milestoneForm)(writableUsersOnly { (form, repository) =>
     params("milestoneId").toIntOpt.flatMap{ milestoneId =>
       getMilestone(repository.owner, repository.name, milestoneId).map { milestone =>
         updateMilestone(milestone.copy(title = form.title, description = form.description, dueDate = form.dueDate))
         redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
-  get("/:owner/:repository/issues/milestones/:milestoneId/close")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/issues/milestones/:milestoneId/close")(writableUsersOnly { repository =>
     params("milestoneId").toIntOpt.flatMap{ milestoneId =>
       getMilestone(repository.owner, repository.name, milestoneId).map { milestone =>
         closeMilestone(milestone)
         redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
-  get("/:owner/:repository/issues/milestones/:milestoneId/open")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/issues/milestones/:milestoneId/open")(writableUsersOnly { repository =>
     params("milestoneId").toIntOpt.flatMap{ milestoneId =>
       getMilestone(repository.owner, repository.name, milestoneId).map { milestone =>
         openMilestone(milestone)
         redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
-  get("/:owner/:repository/issues/milestones/:milestoneId/delete")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/issues/milestones/:milestoneId/delete")(writableUsersOnly { repository =>
     params("milestoneId").toIntOpt.flatMap{ milestoneId =>
       getMilestone(repository.owner, repository.name, milestoneId).map { milestone =>
         deleteMilestone(repository.owner, repository.name, milestone.milestoneId)
         redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
 }

src/main/scala/gitbucket/core/controller/PullRequestsController.scala

@@ -6,36 +6,32 @@ import gitbucket.core.service.CommitStatusService
 import gitbucket.core.service.MergeService
 import gitbucket.core.service.IssuesService._
 import gitbucket.core.service.PullRequestService._
+import gitbucket.core.service.RepositoryService.RepositoryInfo
 import gitbucket.core.service._
 import gitbucket.core.util.ControlUtil._
 import gitbucket.core.util.Directory._
 import gitbucket.core.util.Implicits._
-import gitbucket.core.util.JGitUtil._
 import gitbucket.core.util._
-import gitbucket.core.view
-import gitbucket.core.view.helpers
-
 import io.github.gitbucket.scalatra.forms._
 import org.eclipse.jgit.api.Git
 import org.eclipse.jgit.lib.PersonIdent
-import org.slf4j.LoggerFactory
 
 import scala.collection.JavaConverters._
 
 
 class PullRequestsController extends PullRequestsControllerBase
   with RepositoryService with AccountService with IssuesService with PullRequestService with MilestonesService with LabelsService
-  with CommitsService with ActivityService with WebHookPullRequestService with ReferrerAuthenticator with CollaboratorsAuthenticator
+  with CommitsService with ActivityService with WebHookPullRequestService
+  with ReadableUsersAuthenticator with ReferrerAuthenticator with WritableUsersAuthenticator
   with CommitStatusService with MergeService with ProtectedBranchService
 
 
 trait PullRequestsControllerBase extends ControllerBase {
   self: RepositoryService with AccountService with IssuesService with MilestonesService with LabelsService
-    with CommitsService with ActivityService with PullRequestService with WebHookPullRequestService with ReferrerAuthenticator with CollaboratorsAuthenticator
+    with CommitsService with ActivityService with PullRequestService with WebHookPullRequestService
+    with ReadableUsersAuthenticator with ReferrerAuthenticator with WritableUsersAuthenticator
     with CommitStatusService with MergeService with ProtectedBranchService =>
 
-  private val logger = LoggerFactory.getLogger(classOf[PullRequestsControllerBase])
-
   val pullRequestForm = mapping(
     "title"                 -> trim(label("Title"  , text(required, maxlength(100)))),
     "content"               -> trim(label("Content", optional(text()))),
@@ -94,17 +90,18 @@ trait PullRequestsControllerBase extends ControllerBase {
             (commits.flatten.map(commit => getCommitComments(owner, name, commit.id, true)).flatten.toList ::: getComments(owner, name, issueId))
               .sortWith((a, b) => a.registeredDate before b.registeredDate),
             getIssueLabels(owner, name, issueId),
-            (getCollaborators(owner, name) ::: (if(getAccountByUserName(owner).get.isGroupAccount) Nil else List(owner))).sorted,
+            getAssignableUserNames(owner, name),
             getMilestonesWithIssueCount(owner, name),
             getLabels(owner, name),
             commits,
             diffs,
-            hasWritePermission(owner, name, context.loginAccount),
+            isEditable(repository),
+            isManageable(repository),
             repository,
             flash.toMap.map(f => f._1 -> f._2.toString))
         }
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   ajaxGet("/:owner/:repository/pull/:id/mergeguide")(referrersOnly { repository =>
@@ -115,7 +112,7 @@ trait PullRequestsControllerBase extends ControllerBase {
         val hasConflict = LockUtil.lock(s"${owner}/${name}"){
           checkConflict(owner, name, pullreq.branch, issueId)
         }
-        val hasMergePermission = hasWritePermission(owner, name, context.loginAccount)
+        val hasMergePermission = hasDeveloperRole(owner, name, context.loginAccount)
         val branchProtection = getProtectedBranchInfo(owner, name, pullreq.branch)
         val mergeStatus = PullRequestService.MergeStatus(
            hasConflict         = hasConflict,
@@ -125,7 +122,7 @@ trait PullRequestsControllerBase extends ControllerBase {
            needStatusCheck     = context.loginAccount.map{ u =>
                                    branchProtection.needStatusCheck(u.userName)
                                  }.getOrElse(true),
-           hasUpdatePermission = hasWritePermission(pullreq.requestUserName, pullreq.requestRepositoryName, context.loginAccount) &&
+           hasUpdatePermission = hasDeveloperRole(pullreq.requestUserName, pullreq.requestRepositoryName, context.loginAccount) &&
                                    context.loginAccount.map{ u =>
                                      !getProtectedBranchInfo(pullreq.requestUserName, pullreq.requestRepositoryName, pullreq.requestBranch).needStatusCheck(u.userName)
                                    }.getOrElse(false),
@@ -138,10 +135,10 @@ trait PullRequestsControllerBase extends ControllerBase {
           repository,
           getRepository(pullreq.requestUserName, pullreq.requestRepositoryName).get)
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
-  get("/:owner/:repository/pull/:id/delete/*")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/pull/:id/delete/*")(writableUsersOnly { repository =>
     params("id").toIntOpt.map { issueId =>
       val branchName = multiParams("splat").head
       val userName   = context.loginAccount.get.userName
@@ -153,27 +150,27 @@ trait PullRequestsControllerBase extends ControllerBase {
       }
       createComment(repository.owner, repository.name, userName, issueId, branchName, "delete_branch")
       redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
-  post("/:owner/:repository/pull/:id/update_branch")(referrersOnly { baseRepository =>
+  post("/:owner/:repository/pull/:id/update_branch")(writableUsersOnly { baseRepository =>
     (for {
       issueId <- params("id").toIntOpt
       loginAccount <- context.loginAccount
       (issue, pullreq) <- getPullRequest(baseRepository.owner, baseRepository.name, issueId)
       owner = pullreq.requestUserName
       name  = pullreq.requestRepositoryName
-      if hasWritePermission(owner, name, context.loginAccount)
+      if hasDeveloperRole(owner, name, context.loginAccount)
     } yield {
+      val repository = getRepository(owner, name).get
       val branchProtection = getProtectedBranchInfo(owner, name, pullreq.requestBranch)
       if(branchProtection.needStatusCheck(loginAccount.userName)){
         flash += "error" -> s"branch ${pullreq.requestBranch} is protected need status check."
       } else {
-        val repository = getRepository(owner, name).get
         LockUtil.lock(s"${owner}/${name}"){
           val alias = if(pullreq.repositoryName == pullreq.requestRepositoryName && pullreq.userName == pullreq.requestUserName){
             pullreq.branch
-          }else{
+          } else {
             s"${pullreq.userName}:${pullreq.branch}"
           }
           val existIds = using(Git.open(Directory.getRepositoryDir(owner, name))) { git => JGitUtil.getAllCommitIds(git) }.toSet
@@ -187,11 +184,10 @@ trait PullRequestsControllerBase extends ControllerBase {
 
               using(Git.open(Directory.getRepositoryDir(owner, name))) { git =>
                 //  after update branch
-
                 val newCommitId = git.getRepository.resolve(s"refs/heads/${pullreq.requestBranch}")
                 val commits = git.log.addRange(oldId, newCommitId).call.iterator.asScala.map(c => new JGitUtil.CommitInfo(c)).toList
 
-                commits.foreach{ commit =>
+                commits.foreach { commit =>
                   if(!existIds.contains(commit.id)){
                     createIssueComment(owner, name, commit)
                   }
@@ -202,7 +198,7 @@ trait PullRequestsControllerBase extends ControllerBase {
 
                 // close issue by commit message
                 if(pullreq.requestBranch == repository.repository.defaultBranch){
-                  commits.map{ commit =>
+                  commits.map { commit =>
                     closeIssuesFromMessage(commit.fullMessage, loginAccount.userName, owner, name)
                   }
                 }
@@ -220,12 +216,13 @@ trait PullRequestsControllerBase extends ControllerBase {
               flash += "info" -> s"Merge branch '${alias}' into ${pullreq.requestBranch}"
           }
         }
-        redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
       }
-    }) getOrElse NotFound
+      redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
+
+    }) getOrElse NotFound()
   })
 
-  post("/:owner/:repository/pull/:id/merge", mergeForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/pull/:id/merge", mergeForm)(writableUsersOnly { (form, repository) =>
     params("id").toIntOpt.flatMap { issueId =>
       val owner = repository.owner
       val name  = repository.name
@@ -255,10 +252,7 @@ trait PullRequestsControllerBase extends ControllerBase {
               commits.flatten.foreach { commit =>
                 closeIssuesFromMessage(commit.fullMessage, loginAccount.userName, owner, name)
               }
-              issue.content match {
-                case Some(content) => closeIssuesFromMessage(content, loginAccount.userName, owner, name)
-                case _ =>
-              }
+              closeIssuesFromMessage(issue.title + " " + issue.content.getOrElse(""), loginAccount.userName, owner, name)
               closeIssuesFromMessage(form.message, loginAccount.userName, owner, name)
             }
 
@@ -276,7 +270,7 @@ trait PullRequestsControllerBase extends ControllerBase {
           }
         }
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   get("/:owner/:repository/compare")(referrersOnly { forkedRepository =>
@@ -293,7 +287,7 @@ trait PullRequestsControllerBase extends ControllerBase {
 
             redirect(s"/${forkedRepository.owner}/${forkedRepository.name}/compare/${originUserName}:${oldBranch}...${newBranch}")
           }
-        } getOrElse NotFound
+        } getOrElse NotFound()
       }
       case _ => {
         using(Git.open(getRepositoryDir(forkedRepository.owner, forkedRepository.name))){ git =>
@@ -354,7 +348,15 @@ trait PullRequestsControllerBase extends ControllerBase {
               originRepository.owner, originRepository.name, oldId.getName,
               forkedRepository.owner, forkedRepository.name, newId.getName)
 
+            val title = if(commits.flatten.length == 1){
+              commits.flatten.head.shortMessage
+            } else {
+              val text = forkedId.replaceAll("[\\-_]", " ")
+              text.substring(0, 1).toUpperCase + text.substring(1)
+            }
+
             html.compare(
+              title,
               commits,
               diffs,
               (forkedRepository.repository.originUserName, forkedRepository.repository.originRepositoryName) match {
@@ -369,8 +371,8 @@ trait PullRequestsControllerBase extends ControllerBase {
               forkedRepository,
               originRepository,
               forkedRepository,
-              hasWritePermission(originRepository.owner, originRepository.name, context.loginAccount),
-              (getCollaborators(originRepository.owner, originRepository.name) ::: (if(getAccountByUserName(originRepository.owner).get.isGroupAccount) Nil else List(originRepository.owner))).sorted,
+              hasDeveloperRole(originRepository.owner, originRepository.name, context.loginAccount),
+              getAssignableUserNames(originRepository.owner, originRepository.name),
               getMilestones(originRepository.owner, originRepository.name),
               getLabels(originRepository.owner, originRepository.name)
             )
@@ -381,10 +383,10 @@ trait PullRequestsControllerBase extends ControllerBase {
                      s"${forkedOwner}:${newId.map(_ => forkedId).getOrElse(forkedRepository.repository.defaultBranch)}")
         }
       }
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
-  ajaxGet("/:owner/:repository/compare/*...*/mergecheck")(collaboratorsOnly { forkedRepository =>
+  ajaxGet("/:owner/:repository/compare/*...*/mergecheck")(readableUsersOnly { forkedRepository =>
     val Seq(origin, forked) = multiParams("splat")
     val (originOwner, tmpOriginBranch) = parseCompareIdentifie(origin, forkedRepository.owner)
     val (forkedOwner, tmpForkedBranch) = parseCompareIdentifie(forked, forkedRepository.owner)
@@ -411,67 +413,71 @@ trait PullRequestsControllerBase extends ControllerBase {
         }
         html.mergecheck(conflict)
       }
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
-  post("/:owner/:repository/pulls/new", pullRequestForm)(referrersOnly { (form, repository) =>
+  post("/:owner/:repository/pulls/new", pullRequestForm)(readableUsersOnly { (form, repository) =>
     defining(repository.owner, repository.name){ case (owner, name) =>
-      val writable = hasWritePermission(owner, name, context.loginAccount)
-      val loginUserName = context.loginAccount.get.userName
+      val manageable = isManageable(repository)
+      val editable = isEditable(repository)
 
-      val issueId = createIssue(
-        owner            = repository.owner,
-        repository       = repository.name,
-        loginUser        = loginUserName,
-        title            = form.title,
-        content          = form.content,
-        assignedUserName = if(writable) form.assignedUserName else None,
-        milestoneId      = if(writable) form.milestoneId else None,
-        isPullRequest    = true)
+      if(editable) {
+        val loginUserName = context.loginAccount.get.userName
 
-      createPullRequest(
-        originUserName        = repository.owner,
-        originRepositoryName  = repository.name,
-        issueId               = issueId,
-        originBranch          = form.targetBranch,
-        requestUserName       = form.requestUserName,
-        requestRepositoryName = form.requestRepositoryName,
-        requestBranch         = form.requestBranch,
-        commitIdFrom          = form.commitIdFrom,
-        commitIdTo            = form.commitIdTo)
+        val issueId = createIssue(
+          owner = repository.owner,
+          repository = repository.name,
+          loginUser = loginUserName,
+          title = form.title,
+          content = form.content,
+          assignedUserName = if (manageable) form.assignedUserName else None,
+          milestoneId = if (manageable) form.milestoneId else None,
+          isPullRequest = true)
 
-      // insert labels
-      if(writable){
-        form.labelNames.map { value =>
-          val labels = getLabels(owner, name)
-          value.split(",").foreach { labelName =>
-            labels.find(_.labelName == labelName).map { label =>
-              registerIssueLabel(repository.owner, repository.name, issueId, label.labelId)
+        createPullRequest(
+          originUserName = repository.owner,
+          originRepositoryName = repository.name,
+          issueId = issueId,
+          originBranch = form.targetBranch,
+          requestUserName = form.requestUserName,
+          requestRepositoryName = form.requestRepositoryName,
+          requestBranch = form.requestBranch,
+          commitIdFrom = form.commitIdFrom,
+          commitIdTo = form.commitIdTo)
+
+        // insert labels
+        if (manageable) {
+          form.labelNames.map { value =>
+            val labels = getLabels(owner, name)
+            value.split(",").foreach { labelName =>
+              labels.find(_.labelName == labelName).map { label =>
+                registerIssueLabel(repository.owner, repository.name, issueId, label.labelId)
+              }
             }
           }
         }
-      }
 
-      // fetch requested branch
-      fetchAsPullRequest(owner, name, form.requestUserName, form.requestRepositoryName, form.requestBranch, issueId)
+        // fetch requested branch
+        fetchAsPullRequest(owner, name, form.requestUserName, form.requestRepositoryName, form.requestBranch, issueId)
 
-      // record activity
-      recordPullRequestActivity(owner, name, loginUserName, issueId, form.title)
+        // record activity
+        recordPullRequestActivity(owner, name, loginUserName, issueId, form.title)
 
-      // call web hook
-      callPullRequestWebHook("opened", repository, issueId, context.baseUrl, context.loginAccount.get)
+        // call web hook
+        callPullRequestWebHook("opened", repository, issueId, context.baseUrl, context.loginAccount.get)
 
-      getIssue(owner, name, issueId.toString) foreach { issue =>
-        // extract references and create refer comment
-        createReferComment(owner, name, issue, form.title + " " + form.content.getOrElse(""), context.loginAccount.get)
+        getIssue(owner, name, issueId.toString) foreach { issue =>
+          // extract references and create refer comment
+          createReferComment(owner, name, issue, form.title + " " + form.content.getOrElse(""), context.loginAccount.get)
 
-        // notifications
-        Notifier().toNotify(repository, issue, form.content.getOrElse("")){
-          Notifier.msgPullRequest(s"${context.baseUrl}/${owner}/${name}/pull/${issueId}")
+          // notifications
+          Notifier().toNotify(repository, issue, form.content.getOrElse("")) {
+            Notifier.msgPullRequest(s"${context.baseUrl}/${owner}/${name}/pull/${issueId}")
+          }
         }
-      }
 
-      redirect(s"/${owner}/${name}/pull/${issueId}")
+        redirect(s"/${owner}/${name}/pull/${issueId}")
+      } else Unauthorized()
     }
   })
 
@@ -489,53 +495,45 @@ trait PullRequestsControllerBase extends ControllerBase {
       (defaultOwner, value)
     }
 
-  private def getRequestCompareInfo(userName: String, repositoryName: String, branch: String,
-      requestUserName: String, requestRepositoryName: String, requestCommitId: String): (Seq[Seq[CommitInfo]], Seq[DiffInfo]) =
-    using(
-      Git.open(getRepositoryDir(userName, repositoryName)),
-      Git.open(getRepositoryDir(requestUserName, requestRepositoryName))
-    ){ (oldGit, newGit) =>
-      val oldId = oldGit.getRepository.resolve(branch)
-      val newId = newGit.getRepository.resolve(requestCommitId)
-
-      val commits = newGit.log.addRange(oldId, newId).call.iterator.asScala.map { revCommit =>
-        new CommitInfo(revCommit)
-      }.toList.splitWith { (commit1, commit2) =>
-        helpers.date(commit1.commitTime) == view.helpers.date(commit2.commitTime)
-      }
-
-      val diffs = JGitUtil.getDiffs(newGit, oldId.getName, newId.getName, true)
-
-      (commits, diffs)
-    }
-
   private def searchPullRequests(userName: Option[String], repository: RepositoryService.RepositoryInfo) =
     defining(repository.owner, repository.name){ case (owner, repoName) =>
-      val page       = IssueSearchCondition.page(request)
-      val sessionKey = Keys.Session.Pulls(owner, repoName)
+      val page = IssueSearchCondition.page(request)
 
       // retrieve search condition
-      val condition = session.putAndGet(sessionKey,
-        if(request.hasQueryString) IssueSearchCondition(request)
-        else session.getAs[IssueSearchCondition](sessionKey).getOrElse(IssueSearchCondition())
-      )
+      val condition = IssueSearchCondition(request)
 
       gitbucket.core.issues.html.list(
         "pulls",
         searchIssue(condition, true, (page - 1) * PullRequestLimit, PullRequestLimit, owner -> repoName),
         page,
-        if(!getAccountByUserName(owner).exists(_.isGroupAccount)){
-          (getCollaborators(owner, repoName) :+ owner).sorted
-        } else {
-          getCollaborators(owner, repoName)
-        },
+        getAssignableUserNames(owner, repoName),
         getMilestones(owner, repoName),
         getLabels(owner, repoName),
         countIssue(condition.copy(state = "open"  ), true, owner -> repoName),
         countIssue(condition.copy(state = "closed"), true, owner -> repoName),
         condition,
         repository,
-        hasWritePermission(owner, repoName, context.loginAccount))
+        isEditable(repository),
+        isManageable(repository))
     }
 
+  /**
+   * Tests whether an logged-in user can manage pull requests.
+   */
+  private def isManageable(repository: RepositoryInfo)(implicit context: Context): Boolean = {
+    hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+  }
+
+  /**
+   * Tests whether an logged-in user can post pull requests.
+   */
+  private def isEditable(repository: RepositoryInfo)(implicit context: Context): Boolean = {
+    repository.repository.options.issuesOption match {
+      case "ALL"     => !repository.repository.isPrivate && context.loginAccount.isDefined
+      case "PUBLIC"  => hasGuestRole(repository.owner, repository.name, context.loginAccount)
+      case "PRIVATE" => hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+      case "DISABLE" => false
+    }
+  }
+
 }

src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala

@@ -27,12 +27,26 @@ trait RepositorySettingsControllerBase extends ControllerBase {
     with OwnerAuthenticator with UsersAuthenticator =>
 
   // for repository options
-  case class OptionsForm(repositoryName: String, description: Option[String], isPrivate: Boolean)
+  case class OptionsForm(
+    repositoryName: String,
+    description: Option[String],
+    isPrivate: Boolean,
+    issuesOption: String,
+    externalIssuesUrl: Option[String],
+    wikiOption: String,
+    externalWikiUrl: Option[String],
+    allowFork: Boolean
+  )
   
   val optionsForm = mapping(
-    "repositoryName" -> trim(label("Repository Name", text(required, maxlength(40), identifier, renameRepositoryName))),
-    "description"    -> trim(label("Description"    , optional(text()))),
-    "isPrivate"      -> trim(label("Repository Type", boolean()))
+    "repositoryName"    -> trim(label("Repository Name"    , text(required, maxlength(100), identifier, renameRepositoryName))),
+    "description"       -> trim(label("Description"        , optional(text()))),
+    "isPrivate"         -> trim(label("Repository Type"    , boolean())),
+    "issuesOption"      -> trim(label("Issues Option"      , text(required, featureOption))),
+    "externalIssuesUrl" -> trim(label("External Issues URL", optional(text(maxlength(200))))),
+    "wikiOption"        -> trim(label("Wiki Option"        , text(required, featureOption))),
+    "externalWikiUrl"   -> trim(label("External Wiki URL"  , optional(text(maxlength(200))))),
+    "allowFork"         -> trim(label("Allow Forking"      , boolean()))
   )(OptionsForm.apply)
 
   // for default branch
@@ -42,12 +56,12 @@ trait RepositorySettingsControllerBase extends ControllerBase {
     "defaultBranch"  -> trim(label("Default Branch" , text(required, maxlength(100))))
   )(DefaultBranchForm.apply)
 
-  // for collaborator addition
-  case class CollaboratorForm(userName: String)
-
-  val collaboratorForm = mapping(
-    "userName" -> trim(label("Username", text(required, collaborator)))
-  )(CollaboratorForm.apply)
+//  // for collaborator addition
+//  case class CollaboratorForm(userName: String)
+//
+//  val collaboratorForm = mapping(
+//    "userName" -> trim(label("Username", text(required, collaborator)))
+//  )(CollaboratorForm.apply)
 
   // for web hook url addition
   case class WebHookForm(url: String, events: Set[WebHook.Event], ctype: WebHookContentType, token: Option[String])
@@ -92,7 +106,12 @@ trait RepositorySettingsControllerBase extends ControllerBase {
       form.description,
       repository.repository.parentUserName.map { _ =>
         repository.repository.isPrivate
-      } getOrElse form.isPrivate
+      } getOrElse form.isPrivate,
+      form.issuesOption,
+      form.externalIssuesUrl,
+      form.wikiOption,
+      form.externalWikiUrl,
+      form.allowFork
     )
     // Change repository name
     if(repository.name != form.repositoryName){
@@ -156,22 +175,12 @@ trait RepositorySettingsControllerBase extends ControllerBase {
       repository)
   })
 
-  /**
-   * Add the collaborator.
-   */
-  post("/:owner/:repository/settings/collaborators/add", collaboratorForm)(ownerOnly { (form, repository) =>
-    if(!getAccountByUserName(repository.owner).get.isGroupAccount){
-      addCollaborator(repository.owner, repository.name, form.userName)
-    }
-    redirect(s"/${repository.owner}/${repository.name}/settings/collaborators")
-  })
-
-  /**
-   * Add the collaborator.
-   */
-  get("/:owner/:repository/settings/collaborators/remove")(ownerOnly { repository =>
-    if(!getAccountByUserName(repository.owner).get.isGroupAccount){
-      removeCollaborator(repository.owner, repository.name, params("name"))
+  post("/:owner/:repository/settings/collaborators")(ownerOnly { repository =>
+    val collaborators = params("collaborators")
+    removeCollaborators(repository.owner, repository.name)
+    collaborators.split(",").withFilter(_.nonEmpty).map { collaborator =>
+      val userName :: role :: Nil = collaborator.split(":").toList
+      addCollaborator(repository.owner, repository.name, userName, role)
     }
     redirect(s"/${repository.owner}/${repository.name}/settings/collaborators")
   })
@@ -229,7 +238,7 @@ trait RepositorySettingsControllerBase extends ControllerBase {
       val dummyWebHookInfo = WebHook(repository.owner, repository.name, url, ctype, token)
       val dummyPayload = {
         val ownerAccount = getAccountByUserName(repository.owner).get
-        val commits = if(repository.commitCount == 0) List.empty else git.log
+        val commits = if(JGitUtil.isEmpty(git)) List.empty else git.log
           .add(git.getRepository.resolve(repository.repository.defaultBranch))
           .setMaxCount(4)
           .call.iterator.asScala.map(new CommitInfo(_)).toList
@@ -278,7 +287,7 @@ trait RepositorySettingsControllerBase extends ControllerBase {
   get("/:owner/:repository/settings/hooks/edit")(ownerOnly { repository =>
     getWebHook(repository.owner, repository.name, params("url")).map{ case (webhook, events) =>
       html.edithooks(webhook, events, repository, flash.get("info"), false)
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   /**
@@ -294,7 +303,7 @@ trait RepositorySettingsControllerBase extends ControllerBase {
    * Display the danger zone.
    */
   get("/:owner/:repository/settings/danger")(ownerOnly {
-    html.danger(_)
+    html.danger(_, flash.get("info"))
   })
 
   /**
@@ -333,6 +342,19 @@ trait RepositorySettingsControllerBase extends ControllerBase {
     redirect(s"/${repository.owner}")
   })
 
+  /**
+   * Run GC
+   */
+  post("/:owner/:repository/settings/gc")(ownerOnly { repository =>
+    LockUtil.lock(s"${repository.owner}/${repository.name}") {
+      using(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
+        git.gc();
+      }
+    }
+    flash += "info" -> "Garbage collection has been executed."
+    redirect(s"/${repository.owner}/${repository.name}/settings/danger")
+  })
+
   /**
    * Provides duplication check for web hook url.
    */
@@ -362,20 +384,20 @@ trait RepositorySettingsControllerBase extends ControllerBase {
     }
   }
 
-  /**
-   * Provides Constraint to validate the collaborator name.
-   */
-  private def collaborator: Constraint = new Constraint(){
-    override def validate(name: String, value: String, messages: Messages): Option[String] =
-      getAccountByUserName(value) match {
-        case None => Some("User does not exist.")
-        case Some(x) if(x.isGroupAccount)
-                  => Some("User does not exist.")
-        case Some(x) if(x.userName == params("owner") || getCollaborators(params("owner"), params("repository")).contains(x.userName))
-                  => Some("User can access this repository already.")
-        case _    => None
-      }
-  }
+//  /**
+//   * Provides Constraint to validate the collaborator name.
+//   */
+//  private def collaborator: Constraint = new Constraint(){
+//    override def validate(name: String, value: String, messages: Messages): Option[String] =
+//      getAccountByUserName(value) match {
+//        case None => Some("User does not exist.")
+////        case Some(x) if(x.isGroupAccount)
+////                  => Some("User does not exist.")
+//        case Some(x) if(x.userName == params("owner") || getCollaborators(params("owner"), params("repository")).contains(x.userName))
+//                  => Some(value + " is repository owner.") // TODO also group members?
+//        case _    => None
+//      }
+//  }
 
   /**
    * Duplicate check for the rename repository name.
@@ -389,6 +411,15 @@ trait RepositorySettingsControllerBase extends ControllerBase {
       }
   }
 
+  /**
+   *
+   */
+  private def featureOption: Constraint = new Constraint(){
+    override def validate(name: String, value: String, params: Map[String, String], messages: Messages): Option[String] =
+      if(Seq("DISABLE", "PRIVATE", "PUBLIC", "ALL").contains(value)) None else Some("Option is invalid.")
+  }
+
+
   /**
    * Provides Constraint to validate the repository transfer user.
    */

src/main/scala/gitbucket/core/controller/RepositoryViewerController.scala

@@ -31,7 +31,7 @@ import org.scalatra._
 
 class RepositoryViewerController extends RepositoryViewerControllerBase
   with RepositoryService with AccountService with ActivityService with IssuesService with WebHookService with CommitsService
-  with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with CommitStatusService
+  with ReadableUsersAuthenticator with ReferrerAuthenticator with WritableUsersAuthenticator with PullRequestService with CommitStatusService
   with WebHookPullRequestService with WebHookPullRequestReviewCommentService with ProtectedBranchService
 
 /**
@@ -39,7 +39,7 @@ class RepositoryViewerController extends RepositoryViewerControllerBase
  */
 trait RepositoryViewerControllerBase extends ControllerBase {
   self: RepositoryService with AccountService with ActivityService with IssuesService with WebHookService with CommitsService
-    with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with CommitStatusService
+    with ReadableUsersAuthenticator with ReferrerAuthenticator with WritableUsersAuthenticator with PullRequestService with CommitStatusService
     with WebHookPullRequestService with WebHookPullRequestReviewCommentService with ProtectedBranchService =>
 
   ArchiveCommand.registerFormat("zip", new ZipFormat)
@@ -110,22 +110,27 @@ trait RepositoryViewerControllerBase extends ControllerBase {
       enableLineBreaks = params("enableLineBreaks").toBoolean,
       enableTaskList = params("enableTaskList").toBoolean,
       enableAnchor = false,
-      hasWritePermission = hasWritePermission(repository.owner, repository.name, context.loginAccount)
+      hasWritePermission = hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
     )
   })
 
   /**
    * Displays the file list of the repository root and the default branch.
    */
-  get("/:owner/:repository")(referrersOnly {
-    fileList(_)
-  })
+  get("/:owner/:repository") {
+    params.get("go-get") match {
+      case Some("1") => defining(request.paths){ paths =>
+        getRepository(paths(0), paths(1)).map(gitbucket.core.html.goget(_))getOrElse NotFound()
+      }
+      case _ => referrersOnly(fileList(_))
+    }
+  }
 
   /**
    * Displays the file list of the specified path and branch.
    */
   get("/:owner/:repository/tree/*")(referrersOnly { repository =>
-    val (id, path) = splitPath(repository, multiParams("splat").head)
+    val (id, path) = repository.splitPath(multiParams("splat").head)
     if(path.isEmpty){
       fileList(repository, id)
     } else {
@@ -137,7 +142,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
    * Displays the commit list of the specified resource.
    */
   get("/:owner/:repository/commits/*")(referrersOnly { repository =>
-    val (branchName, path) = splitPath(repository, multiParams("splat").head)
+    val (branchName, path) = repository.splitPath(multiParams("splat").head)
     val page = params.get("page").flatMap(_.toIntOpt).getOrElse(1)
 
     using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
@@ -146,22 +151,22 @@ trait RepositoryViewerControllerBase extends ControllerBase {
           html.commits(if(path.isEmpty) Nil else path.split("/").toList, branchName, repository,
             logs.splitWith{ (commit1, commit2) =>
               view.helpers.date(commit1.commitTime) == view.helpers.date(commit2.commitTime)
-            }, page, hasNext, hasWritePermission(repository.owner, repository.name, context.loginAccount))
-        case Left(_) => NotFound
+            }, page, hasNext, hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
+        case Left(_) => NotFound()
       }
     }
   })
 
-  get("/:owner/:repository/new/*")(collaboratorsOnly { repository =>
-    val (branch, path) = splitPath(repository, multiParams("splat").head)
+  get("/:owner/:repository/new/*")(writableUsersOnly { repository =>
+    val (branch, path) = repository.splitPath(multiParams("splat").head)
     val protectedBranch = getProtectedBranchInfo(repository.owner, repository.name, branch).needStatusCheck(context.loginAccount.get.userName)
     html.editor(branch, repository, if(path.length == 0) Nil else path.split("/").toList,
       None, JGitUtil.ContentInfo("text", None, Some("UTF-8")),
       protectedBranch)
   })
 
-  get("/:owner/:repository/edit/*")(collaboratorsOnly { repository =>
-    val (branch, path) = splitPath(repository, multiParams("splat").head)
+  get("/:owner/:repository/edit/*")(writableUsersOnly { repository =>
+    val (branch, path) = repository.splitPath(multiParams("splat").head)
     val protectedBranch = getProtectedBranchInfo(repository.owner, repository.name, branch).needStatusCheck(context.loginAccount.get.userName)
 
     using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
@@ -172,12 +177,12 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         html.editor(branch, repository, paths.take(paths.size - 1).toList, Some(paths.last),
           JGitUtil.getContentInfo(git, path, objectId),
           protectedBranch)
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
-  get("/:owner/:repository/remove/*")(collaboratorsOnly { repository =>
-    val (branch, path) = splitPath(repository, multiParams("splat").head)
+  get("/:owner/:repository/remove/*")(writableUsersOnly { repository =>
+    val (branch, path) = repository.splitPath(multiParams("splat").head)
     using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
       val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(branch))
 
@@ -185,11 +190,11 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         val paths = path.split("/")
         html.delete(branch, repository, paths.take(paths.size - 1).toList, paths.last,
           JGitUtil.getContentInfo(git, path, objectId))
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
-  post("/:owner/:repository/create", editorForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/create", editorForm)(writableUsersOnly { (form, repository) =>
     commitFile(
       repository  = repository,
       branch      = form.branch,
@@ -206,7 +211,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     }")
   })
 
-  post("/:owner/:repository/update", editorForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/update", editorForm)(writableUsersOnly { (form, repository) =>
     commitFile(
       repository  = repository,
       branch      = form.branch,
@@ -227,7 +232,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     }")
   })
 
-  post("/:owner/:repository/remove", deleteForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/remove", deleteForm)(writableUsersOnly { (form, repository) =>
     commitFile(repository, form.branch, form.path, None, Some(form.fileName), "", "",
       form.message.getOrElse(s"Delete ${form.fileName}"))
 
@@ -235,7 +240,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/raw/*")(referrersOnly { repository =>
-    val (id, path) = splitPath(repository, multiParams("splat").head)
+    val (id, path) = repository.splitPath(multiParams("splat").head)
     using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
       val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(id))
       getPathObjectId(git, path, revCommit).flatMap { objectId =>
@@ -245,7 +250,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
           loader.copyTo(response.outputStream)
           ()
         }
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
@@ -253,7 +258,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
    * Displays the file content of the specified branch or commit.
    */
   val blobRoute = get("/:owner/:repository/blob/*")(referrersOnly { repository =>
-    val (id, path) = splitPath(repository, multiParams("splat").head)
+    val (id, path) = repository.splitPath(multiParams("splat").head)
     val raw = params.get("raw").getOrElse("false").toBoolean
     using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
       val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(id))
@@ -265,15 +270,15 @@ trait RepositoryViewerControllerBase extends ControllerBase {
             response.setContentLength(loader.getSize.toInt)
             loader.copyTo(response.outputStream)
             ()
-          } getOrElse NotFound
+          } getOrElse NotFound()
         } else {
           html.blob(id, repository, path.split("/").toList,
             JGitUtil.getContentInfo(git, path, objectId),
             new JGitUtil.CommitInfo(JGitUtil.getLastModifiedCommit(git, revCommit, path)),
-            hasWritePermission(repository.owner, repository.name, context.loginAccount),
+            hasDeveloperRole(repository.owner, repository.name, context.loginAccount),
             request.paths(2) == "blame")
         }
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
@@ -285,7 +290,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
    * Blame data.
    */
   ajaxGet("/:owner/:repository/get-blame/*")(referrersOnly { repository =>
-    val (id, path) = splitPath(repository, multiParams("splat").head)
+    val (id, path) = repository.splitPath(multiParams("splat").head)
     contentType = formats("json")
     using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
       val last = git.log.add(git.getRepository.resolve(id)).addPath(path).setMaxCount(1).call.iterator.next.name
@@ -323,13 +328,13 @@ trait RepositoryViewerControllerBase extends ControllerBase {
               html.commit(id, new JGitUtil.CommitInfo(revCommit),
                 JGitUtil.getBranchesOfCommit(git, revCommit.getName),
                 JGitUtil.getTagsOfCommit(git, revCommit.getName),
-                getCommitComments(repository.owner, repository.name, id, false),
-                repository, diffs, oldCommitId, hasWritePermission(repository.owner, repository.name, context.loginAccount))
+                getCommitComments(repository.owner, repository.name, id, true),
+                repository, diffs, oldCommitId, hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
           }
         }
       }
     } catch {
-      case e:MissingObjectException => NotFound
+      case e:MissingObjectException => NotFound()
     }
   })
 
@@ -353,7 +358,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     html.commentform(
       commitId = id,
       fileName, oldLineNumber, newLineNumber, issueId,
-      hasWritePermission = hasWritePermission(repository.owner, repository.name, context.loginAccount),
+      hasWritePermission = hasDeveloperRole(repository.owner, repository.name, context.loginAccount),
       repository = repository
     )
   })
@@ -369,15 +374,14 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         callPullRequestReviewCommentWebHook("create", comment, repository, issueId, context.baseUrl, context.loginAccount.get)
       case None => recordCommentCommitActivity(repository.owner, repository.name, context.loginAccount.get.userName, id, form.content)
     }
-    helper.html.commitcomment(comment, hasWritePermission(repository.owner, repository.name, context.loginAccount), repository)
+    helper.html.commitcomment(comment, hasDeveloperRole(repository.owner, repository.name, context.loginAccount), repository)
   })
 
   ajaxGet("/:owner/:repository/commit_comments/_data/:id")(readableUsersOnly { repository =>
     getCommitComment(repository.owner, repository.name, params("id")) map { x =>
       if(isEditable(x.userName, x.repositoryName, x.commentedUserName)){
         params.get("dataType") collect {
-          case t if t == "html" => html.editcomment(
-            x.content, x.commentId, x.userName, x.repositoryName)
+          case t if t == "html" => html.editcomment(x.content, x.commentId, repository)
         } getOrElse {
           contentType = formats("json")
           org.json4s.jackson.Serialization.write(
@@ -389,12 +393,12 @@ trait RepositoryViewerControllerBase extends ControllerBase {
                 enableRefsLink = true,
                 enableAnchor = true,
                 enableLineBreaks = true,
-                hasWritePermission = isEditable(x.userName, x.repositoryName, x.commentedUserName)
+                hasWritePermission = true
               )
             ))
         }
-      } else Unauthorized
-    } getOrElse NotFound
+      } else Unauthorized()
+    } getOrElse NotFound()
   })
 
   ajaxPost("/:owner/:repository/commit_comments/edit/:id", commentForm)(readableUsersOnly { (form, repository) =>
@@ -403,8 +407,8 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         if(isEditable(owner, name, comment.commentedUserName)){
           updateCommitComment(comment.commentId, form.content)
           redirect(s"/${owner}/${name}/commit_comments/_data/${comment.commentId}")
-        } else Unauthorized
-      } getOrElse NotFound
+        } else Unauthorized()
+      } getOrElse NotFound()
     }
   })
 
@@ -413,8 +417,8 @@ trait RepositoryViewerControllerBase extends ControllerBase {
       getCommitComment(owner, name, params("id")).map { comment =>
         if(isEditable(owner, name, comment.commentedUserName)){
           Ok(deleteCommitComment(comment.commentId))
-        } else Unauthorized
-      } getOrElse NotFound
+        } else Unauthorized()
+      } getOrElse NotFound()
     }
   })
 
@@ -433,13 +437,13 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     .map(br => (br, getPullRequestByRequestCommit(repository.owner, repository.name, repository.repository.defaultBranch, br.name, br.commitId), protectedBranches.contains(br.name)))
     .reverse
 
-    html.branches(branches, hasWritePermission(repository.owner, repository.name, context.loginAccount), repository)
+    html.branches(branches, hasDeveloperRole(repository.owner, repository.name, context.loginAccount), repository)
   })
 
   /**
    * Creates a branch.
    */
-  post("/:owner/:repository/branches")(collaboratorsOnly { repository =>
+  post("/:owner/:repository/branches")(writableUsersOnly { repository =>
     val newBranchName = params.getOrElse("new", halt(400))
     val fromBranchName = params.getOrElse("from", halt(400))
     using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
@@ -457,7 +461,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   /**
    * Deletes branch.
    */
-  get("/:owner/:repository/delete/*")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/delete/*")(writableUsersOnly { repository =>
     val branchName = multiParams("splat").head
     val userName   = context.loginAccount.get.userName
     if(repository.repository.defaultBranch != branchName){
@@ -485,23 +489,25 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         archiveRepository(name, ".zip", repository)
       case name if name.endsWith(".tar.gz") =>
         archiveRepository(name, ".tar.gz", repository)
-      case _ => BadRequest
+      case _ => BadRequest()
     }
   })
 
   get("/:owner/:repository/network/members")(referrersOnly { repository =>
-    html.forked(
-      getRepository(
-        repository.repository.originUserName.getOrElse(repository.owner),
-        repository.repository.originRepositoryName.getOrElse(repository.name)),
-      getForkedRepositories(
-        repository.repository.originUserName.getOrElse(repository.owner),
-        repository.repository.originRepositoryName.getOrElse(repository.name)),
-      context.loginAccount match {
-        case None => List()
-        case account: Option[Account] => getGroupsByUserName(account.get.userName)
-      }, // groups of current user
-      repository)
+    if(repository.repository.options.allowFork) {
+      html.forked(
+        getRepository(
+          repository.repository.originUserName.getOrElse(repository.owner),
+          repository.repository.originRepositoryName.getOrElse(repository.name)),
+        getForkedRepositories(
+          repository.repository.originUserName.getOrElse(repository.owner),
+          repository.repository.originRepositoryName.getOrElse(repository.name)),
+        context.loginAccount match {
+          case None => List()
+          case account: Option[Account] => getGroupsByUserName(account.get.userName)
+        }, // groups of current user
+        repository)
+    } else BadRequest()
   })
 
   /**
@@ -512,7 +518,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
       val ref = multiParams("splat").head
       JGitUtil.getTreeId(git, ref).map{ treeId =>
         html.find(ref, treeId, repository)
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
@@ -527,17 +533,6 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     }
   })
 
-  private def splitPath(repository: RepositoryService.RepositoryInfo, path: String): (String, String) = {
-    val id = repository.branchList.collectFirst {
-      case branch if(path == branch || path.startsWith(branch + "/")) => branch
-    } orElse repository.tags.collectFirst {
-      case tag if(path == tag.name || path.startsWith(tag.name + "/")) => tag.name
-    } getOrElse path.split("/")(0)
-
-    (id, path.substring(id.length).stripPrefix("/"))
-  }
-
-
   private val readmeFiles = PluginRegistry().renderableExtensions.map { extension =>
     s"readme.${extension}"
   } ++ Seq("readme.txt", "readme")
@@ -551,10 +546,10 @@ trait RepositoryViewerControllerBase extends ControllerBase {
    * @return HTML of the file list
    */
   private def fileList(repository: RepositoryService.RepositoryInfo, revstr: String = "", path: String = ".") = {
-    if(repository.commitCount == 0){
-      html.guide(repository, hasWritePermission(repository.owner, repository.name, context.loginAccount))
-    } else {
-      using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
+    using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
+      if(JGitUtil.isEmpty(git)){
+        html.guide(repository, hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
+      } else {
         // get specified commit
         JGitUtil.getDefaultBranch(git, repository, revstr).map { case (objectId, revision) =>
           defining(JGitUtil.getRevCommitFromId(git, objectId)) { revCommit =>
@@ -574,11 +569,16 @@ trait RepositoryViewerControllerBase extends ControllerBase {
             html.files(revision, repository,
               if(path == ".") Nil else path.split("/").toList, // current path
               new JGitUtil.CommitInfo(lastModifiedCommit), // last modified commit
-              files, readme, hasWritePermission(repository.owner, repository.name, context.loginAccount),
+              JGitUtil.getCommitCount(repository.owner, repository.name, revision),
+              files,
+              readme,
+              hasDeveloperRole(repository.owner, repository.name, context.loginAccount),
               getPullRequestFromBranch(repository.owner, repository.name, revstr, repository.repository.defaultBranch),
-              flash.get("info"), flash.get("error"))
+              flash.get("info"),
+              flash.get("error")
+            )
           }
-        } getOrElse NotFound
+        } getOrElse NotFound()
       }
     }
   }
@@ -598,14 +598,18 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         val headName = s"refs/heads/${branch}"
         val headTip  = git.getRepository.resolve(headName)
 
-        JGitUtil.processTree(git, headTip){ (path, tree) =>
+        val permission = JGitUtil.processTree(git, headTip){ (path, tree) =>
+          // Add all entries except the editing file
           if(!newPath.exists(_ == path) && !oldPath.exists(_ == path)){
             builder.add(JGitUtil.createDirCacheEntry(path, tree.getEntryFileMode, tree.getEntryObjectId))
           }
-        }
+          // Retrieve permission if file exists to keep it
+          oldPath.collect { case x if x == path => tree.getEntryFileMode.getBits }
+        }.flatten.headOption
 
         newPath.foreach { newPath =>
-          builder.add(JGitUtil.createDirCacheEntry(newPath, FileMode.REGULAR_FILE,
+          builder.add(JGitUtil.createDirCacheEntry(newPath,
+            permission.map { bits => FileMode.fromBits(bits) } getOrElse FileMode.REGULAR_FILE,
             inserter.insert(Constants.OBJ_BLOB, content.getBytes(charset))))
         }
         builder.finish()
@@ -628,8 +632,11 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         updatePullRequests(repository.owner, repository.name, branch)
 
         // record activity
-        recordPushActivity(repository.owner, repository.name, loginAccount.userName, branch,
-          List(new CommitInfo(JGitUtil.getRevCommitFromId(git, commitId))))
+        val commitInfo = new CommitInfo(JGitUtil.getRevCommitFromId(git, commitId))
+        recordPushActivity(repository.owner, repository.name, loginAccount.userName, branch, List(commitInfo))
+
+        // create issue comment by commit message
+        createIssueComment(repository.owner, repository.name, commitInfo)
 
         // close issue by commit message
         closeIssuesFromMessage(message, loginAccount.userName, repository.owner, repository.name)
@@ -689,9 +696,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   }
 
   private def isEditable(owner: String, repository: String, author: String)(implicit context: Context): Boolean =
-    hasWritePermission(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
-
-
+    hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
 
   override protected def renderUncaughtException(e: Throwable)(implicit request: HttpServletRequest, response: HttpServletResponse): Unit = {
     e.printStackTrace()

src/main/scala/gitbucket/core/controller/SystemSettingsController.scala

@@ -3,8 +3,8 @@ package gitbucket.core.controller
 import java.io.FileInputStream
 
 import gitbucket.core.admin.html
-import gitbucket.core.service.{AccountService, SystemSettingsService, RepositoryService}
-import gitbucket.core.util.AdminAuthenticator
+import gitbucket.core.service.{AccountService, RepositoryService, SystemSettingsService}
+import gitbucket.core.util.{AdminAuthenticator, Mailer}
 import gitbucket.core.ssh.SshServer
 import gitbucket.core.plugin.PluginRegistry
 import SystemSettingsService._
@@ -13,7 +13,7 @@ import gitbucket.core.util.ControlUtil._
 import gitbucket.core.util.Directory._
 import gitbucket.core.util.StringUtil._
 import io.github.gitbucket.scalatra.forms._
-import org.apache.commons.io.{IOUtils, FileUtils}
+import org.apache.commons.io.{FileUtils, IOUtils}
 import org.scalatra.i18n.Messages
 
 class SystemSettingsController extends SystemSettingsControllerBase
@@ -70,11 +70,20 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
     ).flatten
   }
 
-  private val pluginForm = mapping(
-    "pluginId" -> list(trim(label("", text())))
-  )(PluginForm.apply)
+  private val sendMailForm = mapping(
+    "smtp"        -> mapping(
+      "host"        -> trim(label("SMTP Host", text(required))),
+      "port"        -> trim(label("SMTP Port", optional(number()))),
+      "user"        -> trim(label("SMTP User", optional(text()))),
+      "password"    -> trim(label("SMTP Password", optional(text()))),
+      "ssl"         -> trim(label("Enable SSL", optional(boolean()))),
+      "fromAddress" -> trim(label("FROM Address", optional(text()))),
+      "fromName"    -> trim(label("FROM Name", optional(text())))
+    )(Smtp.apply),
+    "testAddress" -> trim(label("", text(required)))
+  )(SendMailForm.apply)
 
-  case class PluginForm(pluginIds: List[String])
+  case class SendMailForm(smtp: Smtp, testAddress: String)
 
   case class DataExportForm(tableNames: List[String])
 
@@ -94,7 +103,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 
 
   val newUserForm = mapping(
-    "userName"    -> trim(label("Username"     ,text(required, maxlength(100), identifier, uniqueUserName))),
+    "userName"    -> trim(label("Username"     ,text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
     "password"    -> trim(label("Password"     ,text(required, maxlength(20)))),
     "fullName"    -> trim(label("Full Name"    ,text(required, maxlength(100)))),
     "mailAddress" -> trim(label("Mail Address" ,text(required, maxlength(100), uniqueMailAddress()))),
@@ -116,7 +125,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
   )(EditUserForm.apply)
 
   val newGroupForm = mapping(
-    "groupName" -> trim(label("Group name" ,text(required, maxlength(100), identifier, uniqueUserName))),
+    "groupName" -> trim(label("Group name" ,text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
     "url"       -> trim(label("URL"        ,optional(text(maxlength(200))))),
     "fileId"    -> trim(label("File ID"    ,optional(text()))),
     "members"   -> trim(label("Members"    ,text(required, members)))
@@ -152,6 +161,18 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
     redirect("/admin/system")
   })
 
+  post("/admin/system/sendmail", sendMailForm)(adminOnly { form =>
+    try {
+      new Mailer(form.smtp).send(form.testAddress,
+        "Test message from GitBucket", "This is a test message from GitBucket.")
+
+      "Test mail has been sent to: " + form.testAddress
+
+    } catch {
+      case e: Exception => "[Error] " + e.toString
+    }
+  })
+
   get("/admin/plugins")(adminOnly {
     html.plugins(PluginRegistry().getPlugins())
   })
@@ -179,37 +200,40 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 
   get("/admin/users/:userName/_edituser")(adminOnly {
     val userName = params("userName")
-    html.user(getAccountByUserName(userName, true))
+    html.user(getAccountByUserName(userName, true), flash.get("error"))
   })
 
   post("/admin/users/:name/_edituser", editUserForm)(adminOnly { form =>
     val userName = params("userName")
     getAccountByUserName(userName, true).map { account =>
+      if(account.isAdmin && (form.isRemoved || !form.isAdmin) && isLastAdministrator(account)){
+        flash += "error" -> "Account can't be turned off because this is last one administrator."
+        redirect(s"/admin/users/${userName}/_edituser")
+      } else {
+        if(form.isRemoved){
+          // Remove repositories
+          //        getRepositoryNamesOfUser(userName).foreach { repositoryName =>
+          //          deleteRepository(userName, repositoryName)
+          //          FileUtils.deleteDirectory(getRepositoryDir(userName, repositoryName))
+          //          FileUtils.deleteDirectory(getWikiRepositoryDir(userName, repositoryName))
+          //          FileUtils.deleteDirectory(getTemporaryDir(userName, repositoryName))
+          //        }
+          // Remove from GROUP_MEMBER, COLLABORATOR and REPOSITORY
+          removeUserRelatedData(userName)
+        }
 
-      if(form.isRemoved){
-        // Remove repositories
-        //        getRepositoryNamesOfUser(userName).foreach { repositoryName =>
-        //          deleteRepository(userName, repositoryName)
-        //          FileUtils.deleteDirectory(getRepositoryDir(userName, repositoryName))
-        //          FileUtils.deleteDirectory(getWikiRepositoryDir(userName, repositoryName))
-        //          FileUtils.deleteDirectory(getTemporaryDir(userName, repositoryName))
-        //        }
-        // Remove from GROUP_MEMBER, COLLABORATOR and REPOSITORY
-        removeUserRelatedData(userName)
+        updateAccount(account.copy(
+          password     = form.password.map(sha1).getOrElse(account.password),
+          fullName     = form.fullName,
+          mailAddress  = form.mailAddress,
+          isAdmin      = form.isAdmin,
+          url          = form.url,
+          isRemoved    = form.isRemoved))
+
+        updateImage(userName, form.fileId, form.clearImage)
+        redirect("/admin/users")
       }
-
-      updateAccount(account.copy(
-        password     = form.password.map(sha1).getOrElse(account.password),
-        fullName     = form.fullName,
-        mailAddress  = form.mailAddress,
-        isAdmin      = form.isAdmin,
-        url          = form.url,
-        isRemoved    = form.isRemoved))
-
-      updateImage(userName, form.fileId, form.clearImage)
-      redirect("/admin/users")
-
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   get("/admin/users/_newgroup")(adminOnly {
@@ -255,19 +279,19 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
         } else {
           // Update GROUP_MEMBER
           updateGroupMembers(form.groupName, members)
-          // Update COLLABORATOR for group repositories
-          getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
-            removeCollaborators(form.groupName, repositoryName)
-            members.foreach { case (userName, isManager) =>
-              addCollaborator(form.groupName, repositoryName, userName)
-            }
-          }
+//          // Update COLLABORATOR for group repositories
+//          getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
+//            removeCollaborators(form.groupName, repositoryName)
+//            members.foreach { case (userName, isManager) =>
+//              addCollaborator(form.groupName, repositoryName, userName)
+//            }
+//          }
         }
 
         updateImage(form.groupName, form.fileId, form.clearImage)
         redirect("/admin/users")
 
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
@@ -279,12 +303,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 
   post("/admin/export")(adminOnly {
     import gitbucket.core.util.JDBCUtil._
-    val session = request2Session(request)
-    val file = if(params("type") == "sql"){
-      session.conn.exportAsSQL(request.getParameterValues("tableNames").toSeq)
-    } else {
-      session.conn.exportAsXML(request.getParameterValues("tableNames").toSeq)
-    }
+    val file = request2Session(request).conn.exportAsSQL(request.getParameterValues("tableNames").toSeq)
 
     contentType = "application/octet-stream"
     response.setHeader("Content-Disposition", "attachment; filename=" + file.getName)

src/main/scala/gitbucket/core/controller/WikiController.scala

@@ -1,7 +1,8 @@
 package gitbucket.core.controller
 
+import gitbucket.core.service.RepositoryService.RepositoryInfo
 import gitbucket.core.wiki.html
-import gitbucket.core.service.{RepositoryService, WikiService, ActivityService, AccountService}
+import gitbucket.core.service.{AccountService, ActivityService, RepositoryService, WikiService}
 import gitbucket.core.util._
 import gitbucket.core.util.StringUtil._
 import gitbucket.core.util.ControlUtil._
@@ -13,10 +14,10 @@ import org.scalatra.i18n.Messages
 
 class WikiController extends WikiControllerBase 
   with WikiService with RepositoryService with AccountService with ActivityService
-  with CollaboratorsAuthenticator with ReferrerAuthenticator
+  with ReadableUsersAuthenticator with ReferrerAuthenticator
 
 trait WikiControllerBase extends ControllerBase {
-  self: WikiService with RepositoryService with ActivityService with CollaboratorsAuthenticator with ReferrerAuthenticator =>
+  self: WikiService with RepositoryService with ActivityService with ReadableUsersAuthenticator with ReferrerAuthenticator =>
 
   case class WikiPageEditForm(pageName: String, content: String, message: Option[String], currentPageName: String, id: String)
   
@@ -39,7 +40,7 @@ trait WikiControllerBase extends ControllerBase {
   get("/:owner/:repository/wiki")(referrersOnly { repository =>
     getWikiPage(repository.owner, repository.name, "Home").map { page =>
       html.page("Home", page, getWikiPageList(repository.owner, repository.name),
-        repository, hasWritePermission(repository.owner, repository.name, context.loginAccount),
+        repository, isEditable(repository),
         getWikiPage(repository.owner, repository.name, "_Sidebar"),
         getWikiPage(repository.owner, repository.name, "_Footer"))
     } getOrElse redirect(s"/${repository.owner}/${repository.name}/wiki/Home/_edit")
@@ -50,7 +51,7 @@ trait WikiControllerBase extends ControllerBase {
 
     getWikiPage(repository.owner, repository.name, pageName).map { page =>
       html.page(pageName, page, getWikiPageList(repository.owner, repository.name),
-        repository, hasWritePermission(repository.owner, repository.name, context.loginAccount),
+        repository, isEditable(repository),
         getWikiPage(repository.owner, repository.name, "_Sidebar"),
         getWikiPage(repository.owner, repository.name, "_Footer"))
     } getOrElse redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(pageName)}/_edit")
@@ -61,8 +62,8 @@ trait WikiControllerBase extends ControllerBase {
 
     using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))){ git =>
       JGitUtil.getCommitLog(git, "master", path = pageName + ".md") match {
-        case Right((logs, hasNext)) => html.history(Some(pageName), logs, repository)
-        case Left(_) => NotFound
+        case Right((logs, hasNext)) => html.history(Some(pageName), logs, repository, isEditable(repository))
+        case Left(_) => NotFound()
       }
     }
   })
@@ -73,7 +74,7 @@ trait WikiControllerBase extends ControllerBase {
 
     using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))){ git =>
       html.compare(Some(pageName), from, to, JGitUtil.getDiffs(git, from, to, true).filter(_.newPath == pageName + ".md"), repository,
-        hasWritePermission(repository.owner, repository.name, context.loginAccount), flash.get("info"))
+        isEditable(repository), flash.get("info"))
     }
   })
   
@@ -82,102 +83,115 @@ trait WikiControllerBase extends ControllerBase {
 
     using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))){ git =>
       html.compare(None, from, to, JGitUtil.getDiffs(git, from, to, true), repository,
-        hasWritePermission(repository.owner, repository.name, context.loginAccount), flash.get("info"))
+        isEditable(repository), flash.get("info"))
     }
   })
 
-  get("/:owner/:repository/wiki/:page/_revert/:commitId")(collaboratorsOnly { repository =>
-    val pageName = StringUtil.urlDecode(params("page"))
-    val Array(from, to) = params("commitId").split("\\.\\.\\.")
+  get("/:owner/:repository/wiki/:page/_revert/:commitId")(readableUsersOnly { repository =>
+    if(isEditable(repository)){
+      val pageName = StringUtil.urlDecode(params("page"))
+      val Array(from, to) = params("commitId").split("\\.\\.\\.")
 
-    if(revertWikiPage(repository.owner, repository.name, from, to, context.loginAccount.get, Some(pageName))){
-      redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(pageName)}")
-    } else {
-      flash += "info" -> "This patch was not able to be reversed."
-      redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(pageName)}/_compare/${from}...${to}")
-    }
-  })
-
-  get("/:owner/:repository/wiki/_revert/:commitId")(collaboratorsOnly { repository =>
-    val Array(from, to) = params("commitId").split("\\.\\.\\.")
-
-    if(revertWikiPage(repository.owner, repository.name, from, to, context.loginAccount.get, None)){
-      redirect(s"/${repository.owner}/${repository.name}/wiki/")
-    } else {
-      flash += "info" -> "This patch was not able to be reversed."
-      redirect(s"/${repository.owner}/${repository.name}/wiki/_compare/${from}...${to}")
-    }
-  })
-
-  get("/:owner/:repository/wiki/:page/_edit")(collaboratorsOnly { repository =>
-    val pageName = StringUtil.urlDecode(params("page"))
-    html.edit(pageName, getWikiPage(repository.owner, repository.name, pageName), repository)
-  })
-  
-  post("/:owner/:repository/wiki/_edit", editForm)(collaboratorsOnly { (form, repository) =>
-    defining(context.loginAccount.get){ loginAccount =>
-      saveWikiPage(
-        repository.owner,
-        repository.name,
-        form.currentPageName,
-        form.pageName,
-        appendNewLine(convertLineSeparator(form.content, "LF"), "LF"),
-        loginAccount,
-        form.message.getOrElse(""),
-        Some(form.id)
-      ).map { commitId =>
-        updateLastActivityDate(repository.owner, repository.name)
-        recordEditWikiPageActivity(repository.owner, repository.name, loginAccount.userName, form.pageName, commitId)
-      }
-      if(notReservedPageName(form.pageName)) {
-        redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(form.pageName)}")
+      if(revertWikiPage(repository.owner, repository.name, from, to, context.loginAccount.get, Some(pageName))){
+        redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(pageName)}")
       } else {
-        redirect(s"/${repository.owner}/${repository.name}/wiki")
+        flash += "info" -> "This patch was not able to be reversed."
+        redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(pageName)}/_compare/${from}...${to}")
       }
-    }
+    } else Unauthorized()
+  })
+
+  get("/:owner/:repository/wiki/_revert/:commitId")(readableUsersOnly { repository =>
+    if(isEditable(repository)){
+      val Array(from, to) = params("commitId").split("\\.\\.\\.")
+
+      if(revertWikiPage(repository.owner, repository.name, from, to, context.loginAccount.get, None)){
+        redirect(s"/${repository.owner}/${repository.name}/wiki/")
+      } else {
+        flash += "info" -> "This patch was not able to be reversed."
+        redirect(s"/${repository.owner}/${repository.name}/wiki/_compare/${from}...${to}")
+      }
+    } else Unauthorized()
+  })
+
+  get("/:owner/:repository/wiki/:page/_edit")(readableUsersOnly { repository =>
+    if(isEditable(repository)){
+      val pageName = StringUtil.urlDecode(params("page"))
+      html.edit(pageName, getWikiPage(repository.owner, repository.name, pageName), repository)
+    } else Unauthorized()
   })
   
-  get("/:owner/:repository/wiki/_new")(collaboratorsOnly {
-    html.edit("", None, _)
+  post("/:owner/:repository/wiki/_edit", editForm)(readableUsersOnly { (form, repository) =>
+    if(isEditable(repository)){
+      defining(context.loginAccount.get){ loginAccount =>
+        saveWikiPage(
+          repository.owner,
+          repository.name,
+          form.currentPageName,
+          form.pageName,
+          appendNewLine(convertLineSeparator(form.content, "LF"), "LF"),
+          loginAccount,
+          form.message.getOrElse(""),
+          Some(form.id)
+        ).map { commitId =>
+          updateLastActivityDate(repository.owner, repository.name)
+          recordEditWikiPageActivity(repository.owner, repository.name, loginAccount.userName, form.pageName, commitId)
+        }
+        if(notReservedPageName(form.pageName)) {
+          redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(form.pageName)}")
+        } else {
+          redirect(s"/${repository.owner}/${repository.name}/wiki")
+        }
+      }
+    } else Unauthorized()
   })
   
-  post("/:owner/:repository/wiki/_new", newForm)(collaboratorsOnly { (form, repository) =>
-    defining(context.loginAccount.get){ loginAccount =>
-      saveWikiPage(repository.owner, repository.name, form.currentPageName, form.pageName,
+  get("/:owner/:repository/wiki/_new")(readableUsersOnly { repository =>
+    if(isEditable(repository)){
+      html.edit("", None, repository)
+    } else Unauthorized()
+  })
+  
+  post("/:owner/:repository/wiki/_new", newForm)(readableUsersOnly { (form, repository) =>
+    if(isEditable(repository)){
+      defining(context.loginAccount.get){ loginAccount =>
+        saveWikiPage(repository.owner, repository.name, form.currentPageName, form.pageName,
           form.content, loginAccount, form.message.getOrElse(""), None)
 
-      updateLastActivityDate(repository.owner, repository.name)
-      recordCreateWikiPageActivity(repository.owner, repository.name, loginAccount.userName, form.pageName)
+        updateLastActivityDate(repository.owner, repository.name)
+        recordCreateWikiPageActivity(repository.owner, repository.name, loginAccount.userName, form.pageName)
+
+        if(notReservedPageName(form.pageName)) {
+          redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(form.pageName)}")
+        } else {
+          redirect(s"/${repository.owner}/${repository.name}/wiki")
+        }
+      }
+    } else Unauthorized()
+  })
+  
+  get("/:owner/:repository/wiki/:page/_delete")(readableUsersOnly { repository =>
+    if(isEditable(repository)){
+      val pageName = StringUtil.urlDecode(params("page"))
+
+      defining(context.loginAccount.get){ loginAccount =>
+        deleteWikiPage(repository.owner, repository.name, pageName, loginAccount.fullName, loginAccount.mailAddress, s"Destroyed ${pageName}")
+        updateLastActivityDate(repository.owner, repository.name)
 
-      if(notReservedPageName(form.pageName)) {
-        redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(form.pageName)}")
-      } else {
         redirect(s"/${repository.owner}/${repository.name}/wiki")
       }
-    }
+    } else Unauthorized()
   })
-  
-  get("/:owner/:repository/wiki/:page/_delete")(collaboratorsOnly { repository =>
-    val pageName = StringUtil.urlDecode(params("page"))
 
-    defining(context.loginAccount.get){ loginAccount =>
-      deleteWikiPage(repository.owner, repository.name, pageName, loginAccount.fullName, loginAccount.mailAddress, s"Destroyed ${pageName}")
-      updateLastActivityDate(repository.owner, repository.name)
-
-      redirect(s"/${repository.owner}/${repository.name}/wiki")
-    }
-  })
-  
   get("/:owner/:repository/wiki/_pages")(referrersOnly { repository =>
-    html.pages(getWikiPageList(repository.owner, repository.name), repository,
-      hasWritePermission(repository.owner, repository.name, context.loginAccount))
+    html.pages(getWikiPageList(repository.owner, repository.name), repository, isEditable(repository))
   })
   
   get("/:owner/:repository/wiki/_history")(referrersOnly { repository =>
     using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))){ git =>
       JGitUtil.getCommitLog(git, "master") match {
-        case Right((logs, hasNext)) => html.history(None, logs, repository)
-        case Left(_) => NotFound
+        case Right((logs, hasNext)) => html.history(None, logs, repository, isEditable(repository))
+        case Left(_) => NotFound()
       }
     }
   })
@@ -187,7 +201,7 @@ trait WikiControllerBase extends ControllerBase {
 
     getFileContent(repository.owner, repository.name, path).map { bytes =>
       RawData(FileUtil.getContentType(path, bytes), bytes)
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   private def unique: Constraint = new Constraint(){
@@ -226,4 +240,13 @@ trait WikiControllerBase extends ControllerBase {
 
   private def targetWikiPage = getWikiPage(params("owner"), params("repository"), params("pageName"))
 
+  private def isEditable(repository: RepositoryInfo)(implicit context: Context): Boolean = {
+    repository.repository.options.wikiOption match {
+      case "ALL"     => !repository.repository.isPrivate && context.loginAccount.isDefined
+      case "PUBLIC"  => hasGuestRole(repository.owner, repository.name, context.loginAccount)
+      case "PRIVATE" => hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+      case "DISABLE" => false
+    }
+  }
+
 }

src/main/scala/gitbucket/core/model/Collaborator.scala

@@ -7,7 +7,8 @@ trait CollaboratorComponent extends TemplateComponent { self: Profile =>
 
   class Collaborators(tag: Tag) extends Table[Collaborator](tag, "COLLABORATOR") with BasicTemplate {
     val collaboratorName = column[String]("COLLABORATOR_NAME")
-    def * = (userName, repositoryName, collaboratorName) <> (Collaborator.tupled, Collaborator.unapply)
+    val role = column[String]("ROLE")
+    def * = (userName, repositoryName, collaboratorName, role) <> (Collaborator.tupled, Collaborator.unapply)
 
     def byPrimaryKey(owner: String, repository: String, collaborator: String) =
       byRepository(owner, repository) && (collaboratorName === collaborator.bind)
@@ -17,5 +18,23 @@ trait CollaboratorComponent extends TemplateComponent { self: Profile =>
 case class Collaborator(
   userName: String,
   repositoryName: String,
-  collaboratorName: String
+  collaboratorName: String,
+  role: String
 )
+
+sealed abstract class Role(val name: String)
+
+object Role {
+  object ADMIN extends Role("ADMIN")
+  object DEVELOPER extends Role("DEVELOPER")
+  object GUEST extends Role("GUEST")
+
+//  val values: Vector[Permission] = Vector(ADMIN, WRITE, READ)
+//
+//  private val map: Map[String, Permission] = values.map(enum => enum.name -> enum).toMap
+//
+//  def apply(name: String): Permission = map(name)
+//
+//  def valueOf(name: String): Option[Permission] = map.get(name)
+
+}

src/main/scala/gitbucket/core/model/Repository.scala

@@ -7,17 +7,61 @@ trait RepositoryComponent extends TemplateComponent { self: Profile =>
   lazy val Repositories = TableQuery[Repositories]
 
   class Repositories(tag: Tag) extends Table[Repository](tag, "REPOSITORY") with BasicTemplate {
-    val isPrivate = column[Boolean]("PRIVATE")
-    val description = column[String]("DESCRIPTION")
-    val defaultBranch = column[String]("DEFAULT_BRANCH")
-    val registeredDate = column[java.util.Date]("REGISTERED_DATE")
-    val updatedDate = column[java.util.Date]("UPDATED_DATE")
-    val lastActivityDate = column[java.util.Date]("LAST_ACTIVITY_DATE")
-    val originUserName = column[String]("ORIGIN_USER_NAME")
+    val isPrivate            = column[Boolean]("PRIVATE")
+    val description          = column[String]("DESCRIPTION")
+    val defaultBranch        = column[String]("DEFAULT_BRANCH")
+    val registeredDate       = column[java.util.Date]("REGISTERED_DATE")
+    val updatedDate          = column[java.util.Date]("UPDATED_DATE")
+    val lastActivityDate     = column[java.util.Date]("LAST_ACTIVITY_DATE")
+    val originUserName       = column[String]("ORIGIN_USER_NAME")
     val originRepositoryName = column[String]("ORIGIN_REPOSITORY_NAME")
-    val parentUserName = column[String]("PARENT_USER_NAME")
+    val parentUserName       = column[String]("PARENT_USER_NAME")
     val parentRepositoryName = column[String]("PARENT_REPOSITORY_NAME")
-    def * = (userName, repositoryName, isPrivate, description.?, defaultBranch, registeredDate, updatedDate, lastActivityDate, originUserName.?, originRepositoryName.?, parentUserName.?, parentRepositoryName.?) <> (Repository.tupled, Repository.unapply)
+    val issuesOption         = column[String]("ISSUES_OPTION")
+    val externalIssuesUrl    = column[String]("EXTERNAL_ISSUES_URL")
+    val wikiOption           = column[String]("WIKI_OPTION")
+    val externalWikiUrl      = column[String]("EXTERNAL_WIKI_URL")
+    val allowFork            = column[Boolean]("ALLOW_FORK")
+
+    def * = (
+      (userName, repositoryName, isPrivate, description.?, defaultBranch,
+      registeredDate, updatedDate, lastActivityDate, originUserName.?, originRepositoryName.?, parentUserName.?, parentRepositoryName.?),
+      (issuesOption, externalIssuesUrl.?, wikiOption, externalWikiUrl.?, allowFork)
+    ).shaped <> (
+      { case (repository, options) =>
+        Repository(
+          repository._1,
+          repository._2,
+          repository._3,
+          repository._4,
+          repository._5,
+          repository._6,
+          repository._7,
+          repository._8,
+          repository._9,
+          repository._10,
+          repository._11,
+          repository._12,
+          RepositoryOptions.tupled.apply(options)
+        )
+      }, { (r: Repository) =>
+        Some(((
+          r.userName,
+          r.repositoryName,
+          r.isPrivate,
+          r.description,
+          r.defaultBranch,
+          r.registeredDate,
+          r.updatedDate,
+          r.lastActivityDate,
+          r.originUserName,
+          r.originRepositoryName,
+          r.parentUserName,
+          r.parentRepositoryName
+        ),(
+          RepositoryOptions.unapply(r.options).get
+        )))
+      })
 
     def byPrimaryKey(owner: String, repository: String) = byRepository(owner, repository)
   }
@@ -35,5 +79,14 @@ case class Repository(
   originUserName: Option[String],
   originRepositoryName: Option[String],
   parentUserName: Option[String],
-  parentRepositoryName: Option[String]
+  parentRepositoryName: Option[String],
+  options: RepositoryOptions
+)
+
+case class RepositoryOptions(
+  issuesOption: String,
+  externalIssuesUrl: Option[String],
+  wikiOption: String,
+  externalWikiUrl: Option[String],
+  allowFork: Boolean
 )

src/main/scala/gitbucket/core/plugin/Plugin.scala

@@ -149,6 +149,36 @@ abstract class Plugin {
    */
   def dashboardTabs(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(Context) => Option[Link]] = Nil
 
+  /**
+   * Override to add assets mappings.
+   */
+  val assetsMappings: Seq[(String, String)] = Nil
+
+  /**
+   * Override to add assets mappings.
+   */
+  def assetsMappings(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(String, String)] = Nil
+
+  /**
+   * Override to add text decorators.
+   */
+  val textDecorators: Seq[TextDecorator] = Nil
+
+  /**
+   * Override to add text decorators.
+   */
+  def textDecorators(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[TextDecorator] = Nil
+
+  /**
+   * Override to add suggestion provider.
+   */
+  val suggestionProviders: Seq[SuggestionProvider] = Nil
+
+  /**
+   * Override to add suggestion provider.
+   */
+  def suggestionProviders(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[SuggestionProvider] = Nil
+
   /**
    * This method is invoked in initialization of plugin system.
    * Register plugin functionality to PluginRegistry.
@@ -193,6 +223,15 @@ abstract class Plugin {
     (dashboardTabs ++ dashboardTabs(registry, context, settings)).foreach { dashboardTab =>
       registry.addDashboardTab(dashboardTab)
     }
+    (assetsMappings ++ assetsMappings(registry, context, settings)).foreach { assetMapping =>
+      registry.addAssetsMapping((assetMapping._1, assetMapping._2, getClass.getClassLoader))
+    }
+    (textDecorators ++ textDecorators(registry, context, settings)).foreach { textDecorator =>
+      registry.addTextDecorator(textDecorator)
+    }
+    (suggestionProviders ++ suggestionProviders(registry, context, settings)).foreach { suggestionProvider =>
+      registry.addSuggestionProvider(suggestionProvider)
+    }
   }
 
   /**

src/main/scala/gitbucket/core/plugin/PluginRegistory.scala

@@ -13,8 +13,8 @@ import gitbucket.core.util.ControlUtil._
 import gitbucket.core.util.DatabaseConfig
 import gitbucket.core.util.Directory._
 import io.github.gitbucket.solidbase.Solidbase
+import io.github.gitbucket.solidbase.manager.JDBCVersionManager
 import io.github.gitbucket.solidbase.model.Module
-import liquibase.database.core.H2Database
 import org.apache.commons.codec.binary.{Base64, StringUtils}
 import org.slf4j.LoggerFactory
 
@@ -42,10 +42,13 @@ class PluginRegistry {
   private val systemSettingMenus = new ListBuffer[(Context) => Option[Link]]
   private val accountSettingMenus = new ListBuffer[(Context) => Option[Link]]
   private val dashboardTabs = new ListBuffer[(Context) => Option[Link]]
+  private val assetsMappings = new ListBuffer[(String, String, ClassLoader)]
+  private val textDecorators = new ListBuffer[TextDecorator]
 
-  def addPlugin(pluginInfo: PluginInfo): Unit = {
-    plugins += pluginInfo
-  }
+  private val suggestionProviders = new ListBuffer[SuggestionProvider]
+  suggestionProviders += new UserNameSuggestionProvider()
+
+  def addPlugin(pluginInfo: PluginInfo): Unit = plugins += pluginInfo
 
   def getPlugins(): List[PluginInfo] = plugins.toList
 
@@ -66,42 +69,26 @@ class PluginRegistry {
 
   def getImage(id: String): String = images(id)
 
-  def addController(path: String, controller: ControllerBase): Unit = {
-    controllers += ((controller, path))
-  }
+  def addController(path: String, controller: ControllerBase): Unit = controllers += ((controller, path))
 
   @deprecated("Use addController(path: String, controller: ControllerBase) instead", "3.4.0")
-  def addController(controller: ControllerBase, path: String): Unit = {
-    addController(path, controller)
-  }
+  def addController(controller: ControllerBase, path: String): Unit = addController(path, controller)
 
   def getControllers(): Seq[(ControllerBase, String)] = controllers.toSeq
 
-  def addJavaScript(path: String, script: String): Unit = {
-    javaScripts += ((path, script))
-  }
+  def addJavaScript(path: String, script: String): Unit = javaScripts += ((path, script))
 
-  def getJavaScript(currentPath: String): List[String] = {
-    javaScripts.filter(x => currentPath.matches(x._1)).toList.map(_._2)
-  }
+  def getJavaScript(currentPath: String): List[String] = javaScripts.filter(x => currentPath.matches(x._1)).toList.map(_._2)
 
-  def addRenderer(extension: String, renderer: Renderer): Unit = {
-    renderers += ((extension, renderer))
-  }
+  def addRenderer(extension: String, renderer: Renderer): Unit = renderers += ((extension, renderer))
 
-  def getRenderer(extension: String): Renderer = {
-    renderers.get(extension).getOrElse(DefaultRenderer)
-  }
+  def getRenderer(extension: String): Renderer = renderers.get(extension).getOrElse(DefaultRenderer)
 
   def renderableExtensions: Seq[String] = renderers.keys.toSeq
 
-  def addRepositoryRouting(routing: GitRepositoryRouting): Unit = {
-    repositoryRoutings += routing
-  }
+  def addRepositoryRouting(routing: GitRepositoryRouting): Unit = repositoryRoutings += routing
 
-  def getRepositoryRoutings(): Seq[GitRepositoryRouting] = {
-    repositoryRoutings.toSeq
-  }
+  def getRepositoryRoutings(): Seq[GitRepositoryRouting] = repositoryRoutings.toSeq
 
   def getRepositoryRouting(repositoryPath: String): Option[GitRepositoryRouting] = {
     PluginRegistry().getRepositoryRoutings().find {
@@ -111,54 +98,49 @@ class PluginRegistry {
     }
   }
 
-  def addReceiveHook(commitHook: ReceiveHook): Unit = {
-    receiveHooks += commitHook
-  }
+  def addReceiveHook(commitHook: ReceiveHook): Unit = receiveHooks += commitHook
 
   def getReceiveHooks: Seq[ReceiveHook] = receiveHooks.toSeq
 
-  def addGlobalMenu(globalMenu: (Context) => Option[Link]): Unit = {
-    globalMenus += globalMenu
-  }
+  def addGlobalMenu(globalMenu: (Context) => Option[Link]): Unit = globalMenus += globalMenu
 
   def getGlobalMenus: Seq[(Context) => Option[Link]] = globalMenus.toSeq
 
-  def addRepositoryMenu(repositoryMenu: (RepositoryInfo, Context) => Option[Link]): Unit = {
-    repositoryMenus += repositoryMenu
-  }
+  def addRepositoryMenu(repositoryMenu: (RepositoryInfo, Context) => Option[Link]): Unit = repositoryMenus += repositoryMenu
 
   def getRepositoryMenus: Seq[(RepositoryInfo, Context) => Option[Link]] = repositoryMenus.toSeq
 
-  def addRepositorySettingTab(repositorySettingTab: (RepositoryInfo, Context) => Option[Link]): Unit = {
-    repositorySettingTabs += repositorySettingTab
-  }
+  def addRepositorySettingTab(repositorySettingTab: (RepositoryInfo, Context) => Option[Link]): Unit = repositorySettingTabs += repositorySettingTab
 
   def getRepositorySettingTabs: Seq[(RepositoryInfo, Context) => Option[Link]] = repositorySettingTabs.toSeq
 
-  def addProfileTab(profileTab: (Account, Context) => Option[Link]): Unit = {
-    profileTabs += profileTab
-  }
+  def addProfileTab(profileTab: (Account, Context) => Option[Link]): Unit = profileTabs += profileTab
 
   def getProfileTabs: Seq[(Account, Context) => Option[Link]] = profileTabs.toSeq
 
-  def addSystemSettingMenu(systemSettingMenu: (Context) => Option[Link]): Unit = {
-    systemSettingMenus += systemSettingMenu
-  }
+  def addSystemSettingMenu(systemSettingMenu: (Context) => Option[Link]): Unit = systemSettingMenus += systemSettingMenu
 
   def getSystemSettingMenus: Seq[(Context) => Option[Link]] = systemSettingMenus.toSeq
 
-  def addAccountSettingMenu(accountSettingMenu: (Context) => Option[Link]): Unit = {
-    accountSettingMenus += accountSettingMenu
-  }
+  def addAccountSettingMenu(accountSettingMenu: (Context) => Option[Link]): Unit = accountSettingMenus += accountSettingMenu
 
   def getAccountSettingMenus: Seq[(Context) => Option[Link]] = accountSettingMenus.toSeq
 
-  def addDashboardTab(dashboardTab: (Context) => Option[Link]): Unit = {
-    dashboardTabs += dashboardTab
-  }
+  def addDashboardTab(dashboardTab: (Context) => Option[Link]): Unit = dashboardTabs += dashboardTab
 
   def getDashboardTabs: Seq[(Context) => Option[Link]] = dashboardTabs.toSeq
 
+  def addAssetsMapping(assetsMapping: (String, String, ClassLoader)): Unit = assetsMappings += assetsMapping
+
+  def getAssetsMappings: Seq[(String, String, ClassLoader)] = assetsMappings.toSeq
+
+  def addTextDecorator(textDecorator: TextDecorator): Unit = textDecorators += textDecorator
+
+  def getTextDecorators: Seq[TextDecorator] = textDecorators.toSeq
+
+  def addSuggestionProvider(suggestionProvider: SuggestionProvider): Unit = suggestionProviders += suggestionProvider
+
+  def getSuggestionProviders: Seq[SuggestionProvider] = suggestionProviders.toSeq
 }
 
 /**
@@ -180,6 +162,8 @@ object PluginRegistry {
    */
   def initialize(context: ServletContext, settings: SystemSettings, conn: java.sql.Connection): Unit = {
     val pluginDir = new File(PluginHome)
+    val manager = new JDBCVersionManager(conn)
+
     if(pluginDir.exists && pluginDir.isDirectory){
       pluginDir.listFiles(new FilenameFilter {
         override def accept(dir: File, name: String): Boolean = name.endsWith(".jar")
@@ -192,19 +176,26 @@ object PluginRegistry {
           val solidbase = new Solidbase()
           solidbase.migrate(conn, classLoader, DatabaseConfig.liquiDriver, new Module(plugin.pluginId, plugin.versions: _*))
 
+          // Check version
+          val databaseVersion = manager.getCurrentVersion(plugin.pluginId)
+          val pluginVersion = plugin.versions.last.getVersion
+          if(databaseVersion != pluginVersion){
+            throw new IllegalStateException(s"Plugin version is ${pluginVersion}, but database version is ${databaseVersion}")
+          }
+
           // Initialize
           plugin.initialize(instance, context, settings)
           instance.addPlugin(PluginInfo(
-            pluginId    = plugin.pluginId,
-            pluginName  = plugin.pluginName,
-            version     = plugin.versions.head.getVersion,
-            description = plugin.description,
-            pluginClass = plugin
+            pluginId      = plugin.pluginId,
+            pluginName    = plugin.pluginName,
+            pluginVersion = plugin.versions.last.getVersion,
+            description   = plugin.description,
+            pluginClass   = plugin
           ))
 
         } catch {
           case e: Throwable => {
-            logger.error(s"Error during plugin initialization", e)
+            logger.error(s"Error during plugin initialization: ${pluginJar.getAbsolutePath}", e)
           }
         }
       }
@@ -231,7 +222,7 @@ case class Link(id: String, label: String, path: String, icon: Option[String] =
 case class PluginInfo(
   pluginId: String,
   pluginName: String,
-  version: String,
+  pluginVersion: String,
   description: String,
   pluginClass: Plugin
 )

src/main/scala/gitbucket/core/plugin/SuggestionProvider.scala

@@ -0,0 +1,27 @@
+package gitbucket.core.plugin
+
+import gitbucket.core.controller.Context
+import gitbucket.core.service.RepositoryService.RepositoryInfo
+
+trait SuggestionProvider {
+
+  val id: String
+  val prefix: String
+  val suffix: String = " "
+  val context: Seq[String]
+
+  def values(repository: RepositoryInfo): Seq[String]
+  def template(implicit context: Context): String = "value"
+  def additionalScript(implicit context: Context): String = ""
+
+}
+
+class UserNameSuggestionProvider extends SuggestionProvider {
+  override val id: String = "user"
+  override val prefix: String = "@"
+  override val context: Seq[String] = Seq("issues")
+  override def values(repository: RepositoryInfo): Seq[String] = Nil
+  override def template(implicit context: Context): String = "'@' + value"
+  override def additionalScript(implicit context: Context): String =
+    s"""$$.get('${context.path}/_user/proposals', { query: '', user: true, group: false }, function (data) { user = data.options; });"""
+}

src/main/scala/gitbucket/core/plugin/TextDecorator.scala

@@ -0,0 +1,10 @@
+package gitbucket.core.plugin
+
+import gitbucket.core.controller.Context
+import gitbucket.core.service.RepositoryService.RepositoryInfo
+
+trait TextDecorator {
+
+  def decorate(text: String, repository: RepositoryInfo)(implicit context: Context): String
+
+}

src/main/scala/gitbucket/core/service/AccountService.scala

@@ -97,6 +97,12 @@ trait AccountService {
       Accounts filter (_.removed === false.bind) sortBy(_.userName) list
     }
 
+  def isLastAdministrator(account: Account)(implicit s: Session): Boolean = {
+    if(account.isAdmin){
+      (Accounts filter (_.removed === false.bind) filter (_.isAdmin === true.bind) map (_.userName.length)).first == 1
+    } else false
+  }
+
   def createAccount(userName: String, password: String, fullName: String, mailAddress: String, isAdmin: Boolean, url: Option[String])
                    (implicit s: Session): Unit =
     Accounts insert Account(
@@ -175,12 +181,11 @@ trait AccountService {
   def removeUserRelatedData(userName: String)(implicit s: Session): Unit = {
     GroupMembers.filter(_.userName === userName.bind).delete
     Collaborators.filter(_.collaboratorName === userName.bind).delete
-    Repositories.filter(_.userName === userName.bind).delete
   }
 
   def getGroupNames(userName: String)(implicit s: Session): List[String] = {
     List(userName) ++
-      Collaborators.filter(_.collaboratorName === userName.bind).sortBy(_.userName).map(_.userName).list
+      Collaborators.filter(_.collaboratorName === userName.bind).sortBy(_.userName).map(_.userName).list.distinct
   }
 
 }

src/main/scala/gitbucket/core/service/CommitsService.scala

@@ -42,12 +42,18 @@ trait CommitsService {
       updatedDate       = currentDate,
       issueId           = issueId)
 
+  def updateCommitCommentPosition(commentId: Int, commitId: String, oldLine: Option[Int], newLine: Option[Int])(implicit s: Session): Unit =
+    CommitComments.filter(_.byPrimaryKey(commentId))
+      .map { t =>
+        (t.commitId, t.oldLine, t.newLine)
+      }.update(commitId, oldLine, newLine)
+
   def updateCommitComment(commentId: Int, content: String)(implicit s: Session) =
     CommitComments
       .filter (_.byPrimaryKey(commentId))
       .map { t =>
-      t.content -> t.updatedDate
-    }.update (content, currentDate)
+        t.content -> t.updatedDate
+      }.update (content, currentDate)
 
   def deleteCommitComment(commentId: Int)(implicit s: Session) =
     CommitComments filter (_.byPrimaryKey(commentId)) delete

src/main/scala/gitbucket/core/service/HandleCommentService.scala

@@ -13,7 +13,7 @@ trait HandleCommentService {
     with WebHookService with WebHookIssueCommentService with WebHookPullRequestService =>
 
   /**
-   * @see [[https://github.com/takezoe/gitbucket/wiki/CommentAction]]
+   * @see [[https://github.com/gitbucket/gitbucket/wiki/CommentAction]]
    */
   def handleComment(issue: Issue, content: Option[String], repository: RepositoryService.RepositoryInfo, actionOpt: Option[String])
                    (implicit context: Context, s: Session) = {
@@ -54,18 +54,20 @@ trait HandleCommentService {
 
       // call web hooks
       action match {
-        case None => commentId.map{ commentIdSome => callIssueCommentWebHook(repository, issue, commentIdSome, context.loginAccount.get) }
-        case Some(act) => val webHookAction = act match {
-          case "open"   => "opened"
-          case "reopen" => "reopened"
-          case "close"  => "closed"
-          case _ => act
-        }
-          if(issue.isPullRequest){
+        case None => commentId.map { commentIdSome => callIssueCommentWebHook(repository, issue, commentIdSome, context.loginAccount.get) }
+        case Some(act) => {
+          val webHookAction = act match {
+            case "open"   => "opened"
+            case "reopen" => "reopened"
+            case "close"  => "closed"
+            case _ => act
+          }
+          if (issue.isPullRequest) {
             callPullRequestWebHook(webHookAction, repository, issue.issueId, context.baseUrl, context.loginAccount.get)
           } else {
             callIssuesWebHook(webHookAction, repository, issue, context.baseUrl, context.loginAccount.get)
           }
+        }
       }
 
       // notifications

src/main/scala/gitbucket/core/service/IssuesService.scala

@@ -13,12 +13,13 @@ import scala.slick.jdbc.{StaticQuery => Q}
 import Q.interpolation
 
 
+
 trait IssuesService {
-  self: AccountService =>
+  self: AccountService with RepositoryService =>
   import IssuesService._
 
   def getIssue(owner: String, repository: String, issueId: String)(implicit s: Session) =
-    if (issueId forall (_.isDigit))
+    if (isInteger(issueId))
       Issues filter (_.byPrimaryKey(owner, repository, issueId.toInt)) firstOption
     else None
 
@@ -34,6 +35,10 @@ trait IssuesService {
     .map{ case ((t1, t2), t3) => (t1, t2, t3) }
     .list
 
+  def getMergedComment(owner: String, repository: String, issueId: Int)(implicit s: Session): Option[(IssueComment, Account)] = {
+    getCommentsForApi(owner, repository, issueId).collectFirst { case (comment, account, _) if comment.action == "merged" => (comment, account) }
+  }
+
   def getComment(owner: String, repository: String, commentId: String)(implicit s: Session) =
     if (commentId forall (_.isDigit))
       IssueComments filter { t =>
@@ -163,66 +168,62 @@ trait IssuesService {
                  (implicit s: Session): List[IssueInfo] = {
     // get issues and comment count and labels
     val result = searchIssueQueryBase(condition, pullRequest, offset, limit, repos)
-        .leftJoin (IssueLabels) .on { case ((t1, t2), t3) => t1.byIssue(t3.userName, t3.repositoryName, t3.issueId) }
-        .leftJoin (Labels)      .on { case (((t1, t2), t3), t4) => t3.byLabel(t4.userName, t4.repositoryName, t4.labelId) }
-        .leftJoin (Milestones)  .on { case ((((t1, t2), t3), t4), t5) => t1.byMilestone(t5.userName, t5.repositoryName, t5.milestoneId) }
-        .map { case ((((t1, t2), t3), t4), t5) =>
-          (t1, t2.commentCount, t4.labelId.?, t4.labelName.?, t4.color.?, t5.title.?)
-        }
-        .list
-        .splitWith { (c1, c2) =>
-          c1._1.userName       == c2._1.userName &&
-          c1._1.repositoryName == c2._1.repositoryName &&
-          c1._1.issueId        == c2._1.issueId
-        }
+      .leftJoin (IssueLabels) .on { case (((t1, t2), i), t3) => t1.byIssue(t3.userName, t3.repositoryName, t3.issueId) }
+      .leftJoin (Labels)      .on { case ((((t1, t2), i), t3), t4) => t3.byLabel(t4.userName, t4.repositoryName, t4.labelId) }
+      .leftJoin (Milestones)  .on { case (((((t1, t2), i), t3), t4), t5) => t1.byMilestone(t5.userName, t5.repositoryName, t5.milestoneId) }
+      .sortBy { case (((((t1, t2), i), t3), t4), t5) => i asc }
+      .map { case (((((t1, t2), i), t3), t4), t5) => (t1, t2.commentCount, t4.labelId.?, t4.labelName.?, t4.color.?, t5.title.?) }
+      .list
+      .splitWith { (c1, c2) => c1._1.userName == c2._1.userName && c1._1.repositoryName == c2._1.repositoryName && c1._1.issueId == c2._1.issueId }
+
     val status = getCommitStatues(result.map(_.head._1).map(is => (is.userName, is.repositoryName, is.issueId)))
 
     result.map { issues => issues.head match {
-          case (issue, commentCount, _, _, _, milestone) =>
-            IssueInfo(issue,
-             issues.flatMap { t => t._3.map (
-                 Label(issue.userName, issue.repositoryName, _, t._4.get, t._5.get)
-             )} toList,
-             milestone,
-             commentCount,
-             status.get(issue.userName, issue.repositoryName, issue.issueId))
-        }} toList
+      case (issue, commentCount, _, _, _, milestone) =>
+        IssueInfo(issue,
+          issues.flatMap { t => t._3.map (
+            Label(issue.userName, issue.repositoryName, _, t._4.get, t._5.get)
+          )} toList,
+          milestone,
+          commentCount,
+          status.get(issue.userName, issue.repositoryName, issue.issueId))
+    }} toList
   }
 
   /** for api
    * @return (issue, issueUser, commentCount, pullRequest, headRepo, headOwner)
    */
   def searchPullRequestByApi(condition: IssueSearchCondition, offset: Int, limit: Int, repos: (String, String)*)
-                 (implicit s: Session): List[(Issue, Account, Int, PullRequest, Repository, Account)] = {
+                            (implicit s: Session): List[(Issue, Account, Int, PullRequest, Repository, Account)] = {
     // get issues and comment count and labels
     searchIssueQueryBase(condition, true, offset, limit, repos)
-      .innerJoin(PullRequests).on { case ((t1, t2), t3) => t3.byPrimaryKey(t1.userName, t1.repositoryName, t1.issueId) }
-      .innerJoin(Repositories).on { case (((t1, t2), t3), t4) => t4.byRepository(t1.userName, t1.repositoryName) }
-      .innerJoin(Accounts).on { case ((((t1, t2), t3), t4), t5) => t5.userName === t1.openedUserName }
-      .innerJoin(Accounts).on { case (((((t1, t2), t3), t4), t5), t6) => t6.userName === t4.userName }
-      .map { case (((((t1, t2), t3), t4), t5), t6) =>
-          (t1, t5, t2.commentCount, t3, t4, t6)
-      }
+      .innerJoin(PullRequests).on { case (((t1, t2), i), t3) => t3.byPrimaryKey(t1.userName, t1.repositoryName, t1.issueId) }
+      .innerJoin(Repositories).on { case ((((t1, t2), i), t3), t4) => t4.byRepository(t1.userName, t1.repositoryName) }
+      .innerJoin(Accounts).on { case (((((t1, t2), i), t3), t4), t5) => t5.userName === t1.openedUserName }
+      .innerJoin(Accounts).on { case ((((((t1, t2), i), t3), t4), t5), t6) => t6.userName === t4.userName }
+      .sortBy { case ((((((t1, t2), i), t3), t4), t5), t6) => i asc }
+      .map { case ((((((t1, t2), i), t3), t4), t5), t6) => (t1, t5, t2.commentCount, t3, t4, t6) }
       .list
   }
 
   private def searchIssueQueryBase(condition: IssueSearchCondition, pullRequest: Boolean, offset: Int, limit: Int, repos: Seq[(String, String)])
-                 (implicit s: Session) =
+                                  (implicit s: Session) =
     searchIssueQuery(repos, condition, pullRequest)
-        .innerJoin(IssueOutline).on { (t1, t2) => t1.byIssue(t2.userName, t2.repositoryName, t2.issueId) }
-        .sortBy { case (t1, t2) =>
-          (condition.sort match {
-            case "created"  => t1.registeredDate
-            case "comments" => t2.commentCount
-            case "updated"  => t1.updatedDate
-          }) match {
-            case sort => condition.direction match {
-              case "asc"  => sort asc
-              case "desc" => sort desc
-            }
+      .innerJoin(IssueOutline).on { (t1, t2) => t1.byIssue(t2.userName, t2.repositoryName, t2.issueId) }
+      .sortBy { case (t1, t2) => t1.issueId desc }
+      .sortBy { case (t1, t2) =>
+        (condition.sort match {
+          case "created"  => t1.registeredDate
+          case "comments" => t2.commentCount
+          case "updated"  => t1.updatedDate
+        }) match {
+          case sort => condition.direction match {
+            case "asc"  => sort asc
+            case "desc" => sort desc
           }
         }
-        .drop(offset).take(limit)
+      }
+      .drop(offset).take(limit).zipWithIndex
 
 
   /**
@@ -234,9 +235,8 @@ trait IssuesService {
         .map { case (owner, repository) => t1.byRepository(owner, repository) }
         .foldLeft[Column[Boolean]](false) ( _ || _ ) &&
       (t1.closed           === (condition.state == "closed").bind) &&
-      //(t1.milestoneId      === condition.milestoneId.get.get.bind, condition.milestoneId.flatten.isDefined) &&
-      (t1.milestoneId.?    isEmpty, condition.milestone == Some(None)) &&
-      (t1.assignedUserName === condition.assigned.get.bind, condition.assigned.isDefined) &&
+      (t1.milestoneId.?      isEmpty, condition.milestone == Some(None)) &&
+      (t1.assignedUserName.? isEmpty, condition.assigned  == Some(None)) &&
       (t1.openedUserName   === condition.author.get.bind, condition.author.isDefined) &&
       (t1.pullRequest      === pullRequest.bind) &&
       // Milestone filter
@@ -244,6 +244,8 @@ trait IssuesService {
         (t2.byPrimaryKey(t1.userName, t1.repositoryName, t1.milestoneId)) &&
         (t2.title === condition.milestone.get.get.bind)
       } exists, condition.milestone.flatten.isDefined) &&
+      // Assignee filter
+      (t1.assignedUserName === condition.assigned.get.get.bind, condition.assigned.flatten.isDefined) &&
       // Label filter
       (IssueLabels filter { t2 =>
         (t2.byIssue(t1.userName, t1.repositoryName, t1.issueId)) &&
@@ -436,6 +438,11 @@ trait IssuesService {
     }
   }
 
+  def getAssignableUserNames(owner: String, repository: String)(implicit s: Session): List[String] = {
+    (getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN, Role.DEVELOPER)) :::
+      (if (getAccountByUserName(owner).get.isGroupAccount) getGroupMembers(owner).map(_.userName) else List(owner))).distinct.sorted
+  }
+
 }
 
 object IssuesService {
@@ -447,7 +454,7 @@ object IssuesService {
       labels: Set[String] = Set.empty,
       milestone: Option[Option[String]] = None,
       author: Option[String] = None,
-      assigned: Option[String] = None,
+      assigned: Option[Option[String]] = None,
       mentioned: Option[String] = None,
       state: String = "open",
       sort: String = "created",
@@ -491,12 +498,15 @@ object IssuesService {
     def toURL: String =
       "?" + List(
         if(labels.isEmpty) None else Some("labels=" + urlEncode(labels.mkString(","))),
-        milestone.map { _ match {
+        milestone.map {
           case Some(x) => "milestone=" + urlEncode(x)
           case None    => "milestone=none"
-        }},
+        },
         author   .map(x => "author="    + urlEncode(x)),
-        assigned .map(x => "assigned="  + urlEncode(x)),
+        assigned.map {
+          case Some(x) => "assigned="  + urlEncode(x)
+          case None    => "assigned=none"
+        },
         mentioned.map(x => "mentioned=" + urlEncode(x)),
         Some("state="     + urlEncode(state)),
         Some("sort="      + urlEncode(sort)),
@@ -514,46 +524,6 @@ object IssuesService {
       if(value == null || value.isEmpty || (allow.nonEmpty && !allow.contains(value))) None else Some(value)
     }
 
-    /**
-     * Restores IssueSearchCondition instance from filter query.
-     */
-    def apply(filter: String, milestones: Map[String, Int]): IssueSearchCondition = {
-      val conditions = filter.split("[ 　\t]+").flatMap { x =>
-        x.split(":") match {
-           case Array(key, value) => Some((key, value))
-           case _ => None
-        }
-      }.groupBy(_._1).map { case (key, values) =>
-        key -> values.map(_._2).toSeq
-      }
-
-      val (sort, direction) = conditions.get("sort").flatMap(_.headOption).getOrElse("created-desc") match {
-        case "created-asc"   => ("created" , "asc" )
-        case "comments-desc" => ("comments", "desc")
-        case "comments-asc"  => ("comments", "asc" )
-        case "updated-desc"  => ("comments", "desc")
-        case "updated-asc"   => ("comments", "asc" )
-        case _               => ("created" , "desc")
-      }
-
-      IssueSearchCondition(
-        conditions.get("label").map(_.toSet).getOrElse(Set.empty),
-        conditions.get("milestone").flatMap(_.headOption) match {
-          case None         => None
-          case Some("none") => Some(None)
-          case Some(x)      => Some(Some(x)) //milestones.get(x).map(x => Some(x))
-        },
-        conditions.get("author").flatMap(_.headOption),
-        conditions.get("assignee").flatMap(_.headOption),
-        conditions.get("mentions").flatMap(_.headOption),
-        conditions.get("is").getOrElse(Seq.empty).find(x => x == "open" || x == "closed").getOrElse("open"),
-        sort,
-        direction,
-        conditions.get("visibility").flatMap(_.headOption),
-        conditions.get("group").map(_.toSet).getOrElse(Set.empty)
-      )
-    }
-
     /**
      * Restores IssueSearchCondition instance from request parameters.
      */
@@ -565,7 +535,10 @@ object IssuesService {
           case x      => Some(x)
         },
         param(request, "author"),
-        param(request, "assigned"),
+        param(request, "assigned").map {
+          case "none" => None
+          case x      => Some(x)
+        },
         param(request, "mentioned"),
         param(request, "state",     Seq("open", "closed")).getOrElse("open"),
         param(request, "sort",      Seq("created", "comments", "updated")).getOrElse("created"),

src/main/scala/gitbucket/core/service/MilestonesService.scala

@@ -41,7 +41,7 @@ trait MilestonesService {
 
   def getMilestonesWithIssueCount(owner: String, repository: String)(implicit s: Session): List[(Milestone, Int, Int)] = {
     val counts = Issues
-      .filter  { t => (t.byRepository(owner, repository)) && (t.milestoneId.? isDefined) }
+      .filter  { t => t.byRepository(owner, repository) && (t.milestoneId.? isDefined) }
       .groupBy { t => t.milestoneId -> t.closed }
       .map     { case (t1, t2) => t1._1 -> t1._2 -> t2.length }
       .toMap
@@ -52,6 +52,6 @@ trait MilestonesService {
   }
 
   def getMilestones(owner: String, repository: String)(implicit s: Session): List[Milestone] =
-    Milestones.filter(_.byRepository(owner, repository)).sortBy(_.milestoneId asc).list
+    Milestones.filter(_.byRepository(owner, repository)).sortBy(t => (t.dueDate.asc, t.closedDate.desc, t.milestoneId.desc)).list
 
 }

src/main/scala/gitbucket/core/service/ProtectedBranchService.scala

@@ -86,7 +86,7 @@ object ProtectedBranchService {
     def getStopReason(isAllowNonFastForwards: Boolean, command: ReceiveCommand, pusher: String)(implicit session: Session): Option[String] = {
       if(enabled){
         command.getType() match {
-          case ReceiveCommand.Type.UPDATE|ReceiveCommand.Type.UPDATE_NONFASTFORWARD if isAllowNonFastForwards =>
+          case ReceiveCommand.Type.UPDATE_NONFASTFORWARD if isAllowNonFastForwards =>
             Some("Cannot force-push to a protected branch")
           case ReceiveCommand.Type.UPDATE|ReceiveCommand.Type.UPDATE_NONFASTFORWARD if needStatusCheck(pusher) =>
             unSuccessedContexts(command.getNewId.name) match {
@@ -98,7 +98,7 @@ object ProtectedBranchService {
             Some("Cannot delete a protected branch")
           case _ => None
         }
-      }else{
+      } else {
         None
       }
     }

src/main/scala/gitbucket/core/service/PullRequestService.scala

@@ -1,12 +1,22 @@
 package gitbucket.core.service
 
-import gitbucket.core.model.{Account, Issue, PullRequest, WebHook, CommitStatus, CommitState}
+import difflib.{Delta, DiffUtils}
+import gitbucket.core.model.{Session => _, _}
 import gitbucket.core.model.Profile._
+import gitbucket.core.util.ControlUtil._
+import gitbucket.core.util.Directory._
+import gitbucket.core.util.Implicits._
 import gitbucket.core.util.JGitUtil
+import gitbucket.core.util.JGitUtil.{CommitInfo, DiffInfo}
+import gitbucket.core.view
+import gitbucket.core.view.helpers
+import org.eclipse.jgit.api.Git
 import profile.simple._
 
+import scala.collection.JavaConverters._
 
-trait PullRequestService { self: IssuesService =>
+
+trait PullRequestService { self: IssuesService with CommitsService =>
   import PullRequestService._
 
   def getPullRequest(owner: String, repository: String, issueId: Int)
@@ -111,9 +121,26 @@ trait PullRequestService { self: IssuesService =>
   def updatePullRequests(owner: String, repository: String, branch: String)(implicit s: Session): Unit =
     getPullRequestsByRequest(owner, repository, branch, false).foreach { pullreq =>
       if(Repositories.filter(_.byRepository(pullreq.userName, pullreq.repositoryName)).exists.run){
+        // Update the git repository
         val (commitIdTo, commitIdFrom) = JGitUtil.updatePullRequest(
           pullreq.userName, pullreq.repositoryName, pullreq.branch, pullreq.issueId,
           pullreq.requestUserName, pullreq.requestRepositoryName, pullreq.requestBranch)
+
+        // Collect comment positions
+        val positions = getCommitComments(pullreq.userName, pullreq.repositoryName, pullreq.commitIdTo, true)
+          .collect {
+            case CommitComment(_, _, _, commentId, _, _, Some(file), None, Some(newLine), _, _, _) => (file, commentId, Right(newLine))
+            case CommitComment(_, _, _, commentId, _, _, Some(file), Some(oldLine), None, _, _, _) => (file, commentId, Left(oldLine))
+          }
+          .groupBy { case (file, _, _) => file }
+          .map { case (file, comments) => file ->
+            comments.map { case (_, commentId, lineNumber) => (commentId, lineNumber) }
+          }
+
+        // Update comments position
+        updatePullRequestCommentPositions(positions, pullreq.requestUserName, pullreq.requestRepositoryName, pullreq.commitIdTo, commitIdTo)
+
+        // Update commit id in the PULL_REQUEST table
         updateCommitId(pullreq.userName, pullreq.repositoryName, pullreq.issueId, commitIdTo, commitIdFrom)
       }
     }
@@ -137,6 +164,78 @@ trait PullRequestService { self: IssuesService =>
         .firstOption
     }
   }
+
+  private def updatePullRequestCommentPositions(positions: Map[String, Seq[(Int, Either[Int, Int])]], userName: String, repositoryName: String,
+                                                oldCommitId: String, newCommitId: String)(implicit s: Session): Unit = {
+
+    val (_, diffs) = getRequestCompareInfo(userName, repositoryName, oldCommitId, userName, repositoryName, newCommitId)
+
+    val patchs = positions.map { case (file, _) =>
+      diffs.find(x => x.oldPath == file).map { diff =>
+        (diff.oldContent, diff.newContent) match {
+          case (Some(oldContent), Some(newContent)) => {
+            val oldLines = oldContent.replace("\r\n", "\n").split("\n")
+            val newLines = newContent.replace("\r\n", "\n").split("\n")
+            file -> Option(DiffUtils.diff(oldLines.toList.asJava, newLines.toList.asJava))
+          }
+          case _ =>
+            file -> None
+        }
+      }.getOrElse {
+        file -> None
+      }
+    }
+
+    positions.foreach { case (file, comments) =>
+      patchs(file) match {
+        case Some(patch) => file -> comments.foreach { case (commentId, lineNumber) => lineNumber match {
+          case Left(oldLine)  => updateCommitCommentPosition(commentId, newCommitId, Some(oldLine), None)
+          case Right(newLine) =>
+            var counter = newLine
+            patch.getDeltas.asScala.filter(_.getOriginal.getPosition < newLine).foreach { delta =>
+              delta.getType match {
+                case Delta.TYPE.CHANGE =>
+                  if(delta.getOriginal.getPosition <= newLine - 1 && newLine <= delta.getOriginal.getPosition + delta.getRevised.getLines.size){
+                    counter = -1
+                  } else {
+                    counter = counter + (delta.getRevised.getLines.size - delta.getOriginal.getLines.size)
+                  }
+                case Delta.TYPE.INSERT => counter = counter + delta.getRevised.getLines.size
+                case Delta.TYPE.DELETE => counter = counter - delta.getOriginal.getLines.size
+              }
+            }
+            if(counter >= 0){
+              updateCommitCommentPosition(commentId, newCommitId, None, Some(counter))
+            }
+        }}
+        case _ => comments.foreach { case (commentId, lineNumber) => lineNumber match {
+          case Right(oldLine) => updateCommitCommentPosition(commentId, newCommitId, Some(oldLine), None)
+          case Left(newLine)  => updateCommitCommentPosition(commentId, newCommitId, None, Some(newLine))
+        }}
+      }
+    }
+  }
+
+  def getRequestCompareInfo(userName: String, repositoryName: String, branch: String,
+                            requestUserName: String, requestRepositoryName: String, requestCommitId: String): (Seq[Seq[CommitInfo]], Seq[DiffInfo]) =
+    using(
+      Git.open(getRepositoryDir(userName, repositoryName)),
+      Git.open(getRepositoryDir(requestUserName, requestRepositoryName))
+    ){ (oldGit, newGit) =>
+      val oldId = oldGit.getRepository.resolve(branch)
+      val newId = newGit.getRepository.resolve(requestCommitId)
+
+      val commits = newGit.log.addRange(oldId, newId).call.iterator.asScala.map { revCommit =>
+        new CommitInfo(revCommit)
+      }.toList.splitWith { (commit1, commit2) =>
+        helpers.date(commit1.commitTime) == view.helpers.date(commit2.commitTime)
+      }
+
+      val diffs = JGitUtil.getDiffs(newGit, oldId.getName, newId.getName, true)
+
+      (commits, diffs)
+    }
+
 }
 
 object PullRequestService {

src/main/scala/gitbucket/core/service/RepositoryCreationService.scala

@@ -21,12 +21,12 @@ trait RepositoryCreationService {
     // Insert to the database at first
     insertRepository(name, owner, description, isPrivate)
 
-    // Add collaborators for group repository
-    if(ownerAccount.isGroupAccount){
-      getGroupMembers(owner).foreach { member =>
-        addCollaborator(owner, name, member.userName)
-      }
-    }
+//    // Add collaborators for group repository
+//    if(ownerAccount.isGroupAccount){
+//      getGroupMembers(owner).foreach { member =>
+//        addCollaborator(owner, name, member.userName)
+//      }
+//    }
 
     // Insert default labels
     insertDefaultLabels(owner, name)

src/main/scala/gitbucket/core/service/RepositoryService.scala

@@ -1,7 +1,7 @@
 package gitbucket.core.service
 
 import gitbucket.core.controller.Context
-import gitbucket.core.model.{Collaborator, Repository, Account}
+import gitbucket.core.model.{Collaborator, Repository, RepositoryOptions, Account, Role}
 import gitbucket.core.model.Profile._
 import gitbucket.core.util.JGitUtil
 import profile.simple._
@@ -36,7 +36,15 @@ trait RepositoryService { self: AccountService =>
         originUserName       = originUserName,
         originRepositoryName = originRepositoryName,
         parentUserName       = parentUserName,
-        parentRepositoryName = parentRepositoryName)
+        parentRepositoryName = parentRepositoryName,
+        options              = RepositoryOptions(
+          issuesOption         = "PUBLIC", // TODO DISABLE for the forked repository?
+          externalIssuesUrl    = None,
+          wikiOption           = "PUBLIC", // TODO DISABLE for the forked repository?
+          externalWikiUrl      = None,
+          allowFork            = true
+        )
+      )
 
     IssueId insert (userName, repositoryName, 0)
   }
@@ -115,11 +123,8 @@ trait RepositoryService { self: AccountService =>
           repositoryName = newRepositoryName
         )) :_*)
 
-        if(account.isGroupAccount){
-          Collaborators.insertAll(getGroupMembers(newUserName).map(m => Collaborator(newUserName, newRepositoryName, m.userName)) :_*)
-        } else {
-          Collaborators.insertAll(collaborators.map(_.copy(userName = newUserName, repositoryName = newRepositoryName)) :_*)
-        }
+        // TODO Drop transfered owner from collaborators?
+        Collaborators.insertAll(collaborators.map(_.copy(userName = newUserName, repositoryName = newRepositoryName)) :_*)
 
         // Update activity messages
         Activities.filter { t =>
@@ -218,17 +223,19 @@ trait RepositoryService { self: AccountService =>
   }
 
   /**
-   * Returns the repositories without private repository that user does not have access right.
+   * Returns the repositories except private repository that user does not have access right.
    * Include public repository, private own repository and private but collaborator repository.
    *
    * @param userName the user name of collaborator
-   * @return the repository infomation list
+   * @return the repository information list
    */
   def getAllRepositories(userName: String)(implicit s: Session): List[(String, String)] = {
     Repositories.filter { t1 =>
       (t1.isPrivate === false.bind) ||
-      (t1.userName  === userName.bind) ||
-      (Collaborators.filter { t2 => t2.byRepository(t1.userName, t1.repositoryName) && (t2.collaboratorName === userName.bind)} exists)
+      (t1.userName  === userName.bind) || (t1.userName in (GroupMembers.filter(_.userName === userName.bind).map(_.groupName))) ||
+      (Collaborators.filter { t2 => t2.byRepository(t1.userName, t1.repositoryName) &&
+        ((t2.collaboratorName === userName.bind) || (t2.collaboratorName in GroupMembers.filter(_.userName === userName.bind).map(_.groupName)))
+      } exists)
     }.sortBy(_.lastActivityDate desc).map{ t =>
       (t.userName, t.repositoryName)
     }.list
@@ -237,8 +244,10 @@ trait RepositoryService { self: AccountService =>
   def getUserRepositories(userName: String, withoutPhysicalInfo: Boolean = false)
                          (implicit s: Session): List[RepositoryInfo] = {
     Repositories.filter { t1 =>
-      (t1.userName === userName.bind) ||
-        (Collaborators.filter { t2 => t2.byRepository(t1.userName, t1.repositoryName) && (t2.collaboratorName === userName.bind)} exists)
+      (t1.userName === userName.bind) || (t1.userName in (GroupMembers.filter(_.userName === userName.bind).map(_.groupName))) ||
+      (Collaborators.filter { t2 => t2.byRepository(t1.userName, t1.repositoryName) &&
+        ((t2.collaboratorName === userName.bind) || (t2.collaboratorName in GroupMembers.filter(_.userName === userName.bind).map(_.groupName)))
+      } exists)
     }.sortBy(_.lastActivityDate desc).list.map{ repository =>
       new RepositoryInfo(
         if(withoutPhysicalInfo){
@@ -273,8 +282,13 @@ trait RepositoryService { self: AccountService =>
       case Some(x) if(x.isAdmin) => Repositories
       // for Normal Users
       case Some(x) if(!x.isAdmin) =>
-        Repositories filter { t => (t.isPrivate === false.bind) || (t.userName === x.userName) ||
-          (Collaborators.filter { t2 => t2.byRepository(t.userName, t.repositoryName) && (t2.collaboratorName === x.userName.bind)} exists)
+        Repositories filter { t =>
+          (t.isPrivate === false.bind) || (t.userName === x.userName) ||
+          (t.userName in GroupMembers.filter(_.userName === x.userName.bind).map(_.groupName)) ||
+          (Collaborators.filter { t2 =>
+            t2.byRepository(t.userName, t.repositoryName) &&
+              ((t2.collaboratorName === x.userName.bind) || (t2.collaboratorName in GroupMembers.filter(_.userName === x.userName.bind).map(_.groupName)))
+          } exists)
         }
       // for Guests
       case None => Repositories filter(_.isPrivate === false.bind)
@@ -313,10 +327,13 @@ trait RepositoryService { self: AccountService =>
    * Save repository options.
    */
   def saveRepositoryOptions(userName: String, repositoryName: String,
-      description: Option[String], isPrivate: Boolean)(implicit s: Session): Unit =
+      description: Option[String], isPrivate: Boolean,
+      issuesOption: String, externalIssuesUrl: Option[String],
+      wikiOption: String, externalWikiUrl: Option[String],
+      allowFork: Boolean)(implicit s: Session): Unit =
     Repositories.filter(_.byRepository(userName, repositoryName))
-      .map { r => (r.description.?, r.isPrivate, r.updatedDate) }
-      .update (description, isPrivate, currentDate)
+      .map { r => (r.description.?, r.isPrivate, r.issuesOption, r.externalIssuesUrl.?, r.wikiOption, r.externalWikiUrl.?, r.allowFork, r.updatedDate) }
+      .update (description, isPrivate, issuesOption, externalIssuesUrl, wikiOption, externalWikiUrl, allowFork, currentDate)
 
   def saveRepositoryDefaultBranch(userName: String, repositoryName: String,
       defaultBranch: String)(implicit s: Session): Unit =
@@ -325,49 +342,64 @@ trait RepositoryService { self: AccountService =>
       .update (defaultBranch)
 
   /**
-   * Add collaborator to the repository.
-   *
-   * @param userName the user name of the repository owner
-   * @param repositoryName the repository name
-   * @param collaboratorName the collaborator name
+   * Add collaborator (user or group) to the repository.
    */
-  def addCollaborator(userName: String, repositoryName: String, collaboratorName: String)(implicit s: Session): Unit =
-    Collaborators insert Collaborator(userName, repositoryName, collaboratorName)
-
-  /**
-   * Remove collaborator from the repository.
-   * 
-   * @param userName the user name of the repository owner
-   * @param repositoryName the repository name
-   * @param collaboratorName the collaborator name
-   */
-  def removeCollaborator(userName: String, repositoryName: String, collaboratorName: String)(implicit s: Session): Unit =
-    Collaborators.filter(_.byPrimaryKey(userName, repositoryName, collaboratorName)).delete
+  def addCollaborator(userName: String, repositoryName: String, collaboratorName: String, role: String)(implicit s: Session): Unit =
+    Collaborators insert Collaborator(userName, repositoryName, collaboratorName, role)
 
   /**
    * Remove all collaborators from the repository.
-   *
-   * @param userName the user name of the repository owner
-   * @param repositoryName the repository name
    */
   def removeCollaborators(userName: String, repositoryName: String)(implicit s: Session): Unit =
     Collaborators.filter(_.byRepository(userName, repositoryName)).delete
 
   /**
-   * Returns the list of collaborators name which is sorted with ascending order.
-   * 
-   * @param userName the user name of the repository owner
-   * @param repositoryName the repository name
-   * @return the list of collaborators name
+   * Returns the list of collaborators name (user name or group name) which is sorted with ascending order.
    */
-  def getCollaborators(userName: String, repositoryName: String)(implicit s: Session): List[String] =
-    Collaborators.filter(_.byRepository(userName, repositoryName)).sortBy(_.collaboratorName).map(_.collaboratorName).list
+  def getCollaborators(userName: String, repositoryName: String)(implicit s: Session): List[(Collaborator, Boolean)] =
+    Collaborators
+      .innerJoin(Accounts).on(_.collaboratorName === _.userName)
+      .filter { case (t1, t2) => t1.byRepository(userName, repositoryName) }
+      .map { case (t1, t2) => (t1, t2.groupAccount) }
+      .sortBy { case (t1, t2) => t1.collaboratorName }
+      .list
 
-  def hasWritePermission(owner: String, repository: String, loginAccount: Option[Account])(implicit s: Session): Boolean = {
+  /**
+   * Returns the list of all collaborator name and permission which is sorted with ascending order.
+   * If a group is added as a collaborator, this method returns users who are belong to that group.
+   */
+  def getCollaboratorUserNames(userName: String, repositoryName: String, filter: Seq[Role] = Nil)(implicit s: Session): List[String] = {
+    val q1 = Collaborators
+      .innerJoin(Accounts).on { case (t1, t2) => (t1.collaboratorName === t2.userName) && (t2.groupAccount === false.bind) }
+      .filter { case (t1, t2) => t1.byRepository(userName, repositoryName) }
+      .map { case (t1, t2) => (t1.collaboratorName, t1.role) }
+
+    val q2 = Collaborators
+      .innerJoin(Accounts).on { case (t1, t2) => (t1.collaboratorName === t2.userName) && (t2.groupAccount === true.bind) }
+      .innerJoin(GroupMembers).on { case ((t1, t2), t3) => t2.userName === t3.groupName }
+      .filter { case ((t1, t2), t3) => t1.byRepository(userName, repositoryName) }
+      .map { case ((t1, t2), t3) => (t3.userName, t1.role) }
+
+    q1.union(q2).list.filter { x => filter.isEmpty || filter.exists(_.name == x._2) }.map(_._1)
+  }
+
+
+  def hasDeveloperRole(owner: String, repository: String, loginAccount: Option[Account])(implicit s: Session): Boolean = {
     loginAccount match {
       case Some(a) if(a.isAdmin) => true
       case Some(a) if(a.userName == owner) => true
-      case Some(a) if(getCollaborators(owner, repository).contains(a.userName)) => true
+      case Some(a) if(getGroupMembers(owner).exists(_.userName == a.userName)) => true
+      case Some(a) if(getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN, Role.DEVELOPER)).contains(a.userName)) => true
+      case _ => false
+    }
+  }
+
+  def hasGuestRole(owner: String, repository: String, loginAccount: Option[Account])(implicit s: Session): Boolean = {
+    loginAccount match {
+      case Some(a) if(a.isAdmin) => true
+      case Some(a) if(a.userName == owner) => true
+      case Some(a) if(getGroupMembers(owner).exists(_.userName == a.userName)) => true
+      case Some(a) if(getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN, Role.DEVELOPER, Role.GUEST)).contains(a.userName)) => true
       case _ => false
     }
   }
@@ -389,37 +421,39 @@ trait RepositoryService { self: AccountService =>
 object RepositoryService {
 
   case class RepositoryInfo(owner: String, name: String, repository: Repository,
-    issueCount: Int, pullCount: Int, commitCount: Int, forkedCount: Int,
+    issueCount: Int, pullCount: Int, forkedCount: Int,
     branchList: Seq[String], tags: Seq[JGitUtil.TagInfo], managers: Seq[String]) {
 
     /**
      * Creates instance with issue count and pull request count.
      */
     def this(repo: JGitUtil.RepositoryInfo, model: Repository, issueCount: Int, pullCount: Int, forkedCount: Int, managers: Seq[String]) =
-      this(
-        repo.owner, repo.name, model,
-        issueCount, pullCount, repo.commitCount, forkedCount,
-        repo.branchList, repo.tags, managers)
+      this(repo.owner, repo.name, model, issueCount, pullCount, forkedCount, repo.branchList, repo.tags, managers)
 
     /**
      * Creates instance without issue count and pull request count.
      */
     def this(repo: JGitUtil.RepositoryInfo, model: Repository, 	forkedCount: Int, managers: Seq[String]) =
-      this(
-        repo.owner, repo.name, model,
-        0, 0, repo.commitCount, forkedCount,
-        repo.branchList, repo.tags, managers)
+      this(repo.owner, repo.name, model, 0, 0, forkedCount, repo.branchList, repo.tags, managers)
 
     def httpUrl(implicit context: Context): String = RepositoryService.httpUrl(owner, name)
     def sshUrl(implicit context: Context): Option[String] = RepositoryService.sshUrl(owner, name)
+
+    def splitPath(path: String): (String, String) = {
+      val id = branchList.collectFirst {
+        case branch if(path == branch || path.startsWith(branch + "/")) => branch
+      } orElse tags.collectFirst {
+        case tag if(path == tag.name || path.startsWith(tag.name + "/")) => tag.name
+      } getOrElse path.split("/")(0)
+
+      (id, path.substring(id.length).stripPrefix("/"))
+    }
   }
 
   def httpUrl(owner: String, name: String)(implicit context: Context): String = s"${context.baseUrl}/git/${owner}/${name}.git"
   def sshUrl(owner: String, name: String)(implicit context: Context): Option[String] =
     if(context.settings.ssh){
-      context.loginAccount.flatMap { loginAccount =>
-        context.settings.sshAddress.map { x => s"ssh://${loginAccount.userName}@${x.host}:${x.port}/${owner}/${name}.git" }
-      }
+      context.settings.sshAddress.map { x => s"ssh://${x.genericUser}@${x.host}:${x.port}/${owner}/${name}.git" }
     } else None
   def openRepoUrl(openUrl: String)(implicit context: Context): String = s"github-${context.platform}://openRepo/${openUrl}"
 

src/main/scala/gitbucket/core/service/RequestCache.scala

@@ -11,7 +11,7 @@ import Implicits.request2Session
  * It may be called many times in one request, so each method stores
  * its result into the cache which available during a request.
  */
-trait RequestCache extends SystemSettingsService with AccountService with IssuesService {
+trait RequestCache extends SystemSettingsService with AccountService with IssuesService with RepositoryService {
 
   private implicit def context2Session(implicit context: Context): Session =
     request2Session(context.request)

src/main/scala/gitbucket/core/service/SshKeyService.scala

@@ -12,6 +12,9 @@ trait SshKeyService {
   def getPublicKeys(userName: String)(implicit s: Session): List[SshKey] =
     SshKeys.filter(_.userName === userName.bind).sortBy(_.sshKeyId).list
 
+  def getAllKeys()(implicit s: Session): List[SshKey] =
+    SshKeys.filter(_.publicKey.trim =!= "").list
+
   def deletePublicKey(userName: String, sshKeyId: Int)(implicit s: Session): Unit =
     SshKeys filter (_.byPrimaryKey(userName, sshKeyId)) delete
 

src/main/scala/gitbucket/core/service/SystemSettingsService.scala

@@ -73,7 +73,7 @@ trait SystemSettingsService {
         getValue(props, AllowAccountRegistration, false),
         getValue(props, AllowAnonymousAccess, true),
         getValue(props, IsCreateRepoOptionPublic, true),
-        getValue(props, Gravatar, true),
+        getValue(props, Gravatar, false),
         getValue(props, Notification, false),
         getOptionValue[Int](props, ActivityLogLimit, None),
         getValue(props, Ssh, false),
@@ -141,7 +141,11 @@ object SystemSettingsService {
       for {
         host <- sshHost if ssh
       }
-      yield SshAddress(host, sshPort.getOrElse(DefaultSshPort))
+      yield SshAddress(
+        host,
+        sshPort.getOrElse(DefaultSshPort),
+        "git"
+      )
   }
 
   case class Ldap(
@@ -169,7 +173,8 @@ object SystemSettingsService {
 
   case class SshAddress(
     host:String,
-    port:Int)
+    port:Int,
+    genericUser:String)
 
   val DefaultSshPort = 29418
   val DefaultSmtpPort = 25

src/main/scala/gitbucket/core/service/WebHookService.scala

@@ -1,10 +1,11 @@
 package gitbucket.core.service
 
-import java.io.ByteArrayInputStream
+import java.util.Date
+
 import fr.brouillard.oss.security.xhub.XHub
-import fr.brouillard.oss.security.xhub.XHub.{XHubDigest, XHubConverter}
+import fr.brouillard.oss.security.xhub.XHub.{XHubConverter, XHubDigest}
 import gitbucket.core.api._
-import gitbucket.core.model.{WebHook, Account, Issue, PullRequest, IssueComment, WebHookEvent, CommitComment}
+import gitbucket.core.model.{Account, CommitComment, Issue, IssueComment, PullRequest, WebHook, WebHookEvent}
 import gitbucket.core.model.Profile._
 import org.apache.http.client.utils.URLEncodedUtils
 import profile.simple._
@@ -17,11 +18,13 @@ import org.apache.http.message.BasicNameValuePair
 import org.eclipse.jgit.api.Git
 import org.eclipse.jgit.lib.ObjectId
 import org.slf4j.LoggerFactory
+
 import scala.concurrent._
 import org.apache.http.HttpRequest
 import org.apache.http.HttpResponse
 import gitbucket.core.model.WebHookContentType
 import org.apache.http.client.entity.EntityBuilder
+import org.apache.http.entity.ContentType
 
 
 trait WebHookService {
@@ -33,15 +36,15 @@ trait WebHookService {
   def getWebHooks(owner: String, repository: String)(implicit s: Session): List[(WebHook, Set[WebHook.Event])] =
     WebHooks.filter(_.byRepository(owner, repository))
       .innerJoin(WebHookEvents).on { (w, t) => t.byWebHook(w) }
-      .map{ case (w,t) => w -> t.event }
+      .map { case (w,t) => w -> t.event }
       .list.groupBy(_._1).mapValues(_.map(_._2).toSet).toList.sortBy(_._1.url)
 
   /** get All WebHook informations of repository event */
   def getWebHooksByEvent(owner: String, repository: String, event: WebHook.Event)(implicit s: Session): List[WebHook] =
      WebHooks.filter(_.byRepository(owner, repository))
        .innerJoin(WebHookEvents).on { (wh, whe) => whe.byWebHook(wh) }
-       .filter{ case (wh, whe) => whe.event === event.bind}
-       .map{ case (wh, whe) => wh }
+       .filter { case (wh, whe) => whe.event === event.bind}
+       .map { case (wh, whe) => wh }
        .list.distinct
 
   /** get All WebHook information from repository to url */
@@ -49,12 +52,12 @@ trait WebHookService {
     WebHooks
       .filter(_.byPrimaryKey(owner, repository, url))
       .innerJoin(WebHookEvents).on { (w, t) => t.byWebHook(w) }
-      .map{ case (w,t) => w -> t.event }
+      .map { case (w,t) => w -> t.event }
       .list.groupBy(_._1).mapValues(_.map(_._2).toSet).headOption
 
-  def addWebHook(owner: String, repository: String, url :String, events: Set[WebHook.Event], ctype: WebHookContentType,  token: Option[String])(implicit s: Session): Unit = {
+  def addWebHook(owner: String, repository: String, url :String, events: Set[WebHook.Event], ctype: WebHookContentType, token: Option[String])(implicit s: Session): Unit = {
     WebHooks insert WebHook(owner, repository, url, ctype, token)
-    events.toSet.map{ event: WebHook.Event =>
+    events.map { event: WebHook.Event =>
       WebHookEvents insert WebHookEvent(owner, repository, url, event)
     }
   }
@@ -62,7 +65,7 @@ trait WebHookService {
   def updateWebHook(owner: String, repository: String, url :String, events: Set[WebHook.Event], ctype: WebHookContentType, token: Option[String])(implicit s: Session): Unit = {
     WebHooks.filter(_.byPrimaryKey(owner, repository, url)).map(w => (w.ctype, w.token)).update((ctype, token))
     WebHookEvents.filter(_.byWebHook(owner, repository, url)).delete
-    events.toSet.map{ event: WebHook.Event =>
+    events.map { event: WebHook.Event =>
       WebHookEvents insert WebHookEvent(owner, repository, url, event)
     }
   }
@@ -81,7 +84,7 @@ trait WebHookService {
   def callWebHook(event: WebHook.Event, webHooks: List[WebHook], payload: WebHookPayload)
                  (implicit c: JsonFormat.Context): List[(WebHook, String, Future[HttpRequest], Future[HttpResponse])] = {
     import org.apache.http.impl.client.HttpClientBuilder
-    import ExecutionContext.Implicits.global
+    import ExecutionContext.Implicits.global // TODO Shouldn't use the default execution context
     import org.apache.http.protocol.HttpContext
     import org.apache.http.client.methods.HttpPost
 
@@ -91,13 +94,13 @@ trait WebHookService {
       webHooks.map { webHook =>
         val reqPromise = Promise[HttpRequest]
         val f = Future {
-          val itcp = new org.apache.http.HttpRequestInterceptor{
+          val itcp = new org.apache.http.HttpRequestInterceptor {
             def process(res: HttpRequest, ctx: HttpContext): Unit = {
               reqPromise.success(res)
             }
           }
           try{
-            val httpClient = HttpClientBuilder.create.addInterceptorLast(itcp).build
+            val httpClient = HttpClientBuilder.create.useSystemProperties.addInterceptorLast(itcp).build
             logger.debug(s"start web hook invocation for ${webHook.url}")
             val httpPost = new HttpPost(webHook.url)
             logger.info(s"Content-Type: ${webHook.ctype.ctype}")
@@ -118,8 +121,8 @@ trait WebHookService {
                 }
               }
               case WebHookContentType.JSON => {
-            	  httpPost.setEntity(EntityBuilder.create().setText(json).build())
-                if (!webHook.token.isEmpty) {
+            	  httpPost.setEntity(EntityBuilder.create().setContentType(ContentType.APPLICATION_JSON).setText(json).build())
+                if (webHook.token.exists(_.trim.nonEmpty)) {
                   httpPost.addHeader("X-Hub-Signature", XHub.generateHeaderXHubToken(XHubConverter.HEXA_LOWERCASE, XHubDigest.SHA1, webHook.token.orNull, json.getBytes("UTF-8")))
                 }
               }
@@ -129,8 +132,8 @@ trait WebHookService {
             httpPost.releaseConnection()
             logger.debug(s"end web hook invocation for ${webHook}")
             res
-          }catch{
-            case e:Throwable => {
+          } catch {
+            case e: Throwable => {
               if(!reqPromise.isCompleted){
                 reqPromise.failure(e)
               }
@@ -168,11 +171,11 @@ trait WebHookPullRequestService extends WebHookService {
         issueUser <- users.get(issue.openedUserName)
       } yield {
         WebHookIssuesPayload(
-          action       = action,
-          number       = issue.issueId,
-          repository   = ApiRepository(repository, ApiUser(repoOwner)),
-          issue        = ApiIssue(issue, RepositoryName(repository), ApiUser(issueUser)),
-          sender       = ApiUser(sender))
+          action     = action,
+          number     = issue.issueId,
+          repository = ApiRepository(repository, ApiUser(repoOwner)),
+          issue      = ApiIssue(issue, RepositoryName(repository), ApiUser(issueUser)),
+          sender     = ApiUser(sender))
       }
     }
   }
@@ -198,7 +201,9 @@ trait WebHookPullRequestService extends WebHookService {
           headOwner      = headOwner,
           baseRepository = repository,
           baseOwner      = baseOwner,
-          sender         = sender)
+          sender         = sender,
+          mergedComment  = getMergedComment(repository.owner, repository.name, issueId)
+        )
       }
     }
   }
@@ -237,7 +242,10 @@ trait WebHookPullRequestService extends WebHookService {
         headOwner      = headOwner,
         baseRepository = baseRepo,
         baseOwner      = baseOwner,
-        sender         = sender)
+        sender         = sender,
+        mergedComment  = getMergedComment(baseRepo.owner, baseRepo.name, issue.issueId)
+      )
+
       callWebHook(WebHook.PullRequest, webHooks, payload)
     }
   }
@@ -267,7 +275,9 @@ trait WebHookPullRequestReviewCommentService extends WebHookService {
           headOwner      = headOwner,
           baseRepository = repository,
           baseOwner      = baseOwner,
-          sender         = sender)
+          sender         = sender,
+          mergedComment  = getMergedComment(repository.owner, repository.name, issue.issueId)
+        )
       }
     }
   }
@@ -365,11 +375,21 @@ object WebHookService {
         headOwner: Account,
         baseRepository: RepositoryInfo,
         baseOwner: Account,
-        sender: Account): WebHookPullRequestPayload = {
+        sender: Account,
+        mergedComment: Option[(IssueComment, Account)]): WebHookPullRequestPayload = {
+
       val headRepoPayload = ApiRepository(headRepository, headOwner)
       val baseRepoPayload = ApiRepository(baseRepository, baseOwner)
       val senderPayload = ApiUser(sender)
-      val pr = ApiPullRequest(issue, pullRequest, headRepoPayload, baseRepoPayload, ApiUser(issueUser))
+      val pr = ApiPullRequest(
+        issue         = issue,
+        pullRequest   = pullRequest,
+        headRepo      = headRepoPayload,
+        baseRepo      = baseRepoPayload,
+        user          = ApiUser(issueUser),
+        mergedComment = mergedComment
+      )
+
       WebHookPullRequestPayload(
         action       = action,
         number       = issue.issueId,
@@ -389,7 +409,7 @@ object WebHookService {
     sender: ApiUser
   ) extends WebHookPayload
 
-  object WebHookIssueCommentPayload{
+  object WebHookIssueCommentPayload {
     def apply(
         issue: Issue,
         issueUser: Account,
@@ -415,28 +435,42 @@ object WebHookService {
     sender: ApiUser
   ) extends WebHookPayload
 
-  object WebHookPullRequestReviewCommentPayload{
+  object WebHookPullRequestReviewCommentPayload {
     def apply(
-        action: String,
-        comment: CommitComment,
-        issue: Issue,
-        issueUser: Account,
-        pullRequest: PullRequest,
-        headRepository: RepositoryInfo,
-        headOwner: Account,
-        baseRepository: RepositoryInfo,
-        baseOwner: Account,
-        sender: Account
-      ) : WebHookPullRequestReviewCommentPayload = {
+      action: String,
+      comment: CommitComment,
+      issue: Issue,
+      issueUser: Account,
+      pullRequest: PullRequest,
+      headRepository: RepositoryInfo,
+      headOwner: Account,
+      baseRepository: RepositoryInfo,
+      baseOwner: Account,
+      sender: Account,
+      mergedComment: Option[(IssueComment, Account)]
+    ) : WebHookPullRequestReviewCommentPayload = {
       val headRepoPayload = ApiRepository(headRepository, headOwner)
       val baseRepoPayload = ApiRepository(baseRepository, baseOwner)
       val senderPayload = ApiUser(sender)
+
       WebHookPullRequestReviewCommentPayload(
-        action = action,
-        comment = ApiPullRequestReviewComment(comment, senderPayload, RepositoryName(baseRepository), issue.issueId),
-        pull_request = ApiPullRequest(issue, pullRequest, headRepoPayload, baseRepoPayload, ApiUser(issueUser)),
-        repository = baseRepoPayload,
-        sender = senderPayload)
+        action       = action,
+        comment      = ApiPullRequestReviewComment(
+          comment        = comment,
+          commentedUser  = senderPayload,
+          repositoryName = RepositoryName(baseRepository),
+          issueId        = issue.issueId
+        ),
+        pull_request = ApiPullRequest(
+          issue         = issue,
+          pullRequest   = pullRequest,
+          headRepo      = headRepoPayload,
+          baseRepo      = baseRepoPayload,
+          user          = ApiUser(issueUser),
+          mergedComment = mergedComment
+        ),
+        repository   = baseRepoPayload,
+        sender       = senderPayload)
     }
   }
 }

src/main/scala/gitbucket/core/servlet/ApiAuthenticationFilter.scala

@@ -4,15 +4,14 @@ import javax.servlet._
 import javax.servlet.http.{HttpServletRequest, HttpServletResponse}
 
 import gitbucket.core.model.Account
-import gitbucket.core.service.AccessTokenService
-import gitbucket.core.util.Keys
-
+import gitbucket.core.service.SystemSettingsService.SystemSettings
+import gitbucket.core.service.{AccessTokenService, AccountService, SystemSettingsService}
+import gitbucket.core.util.{AuthUtil, Keys}
 import org.scalatra.servlet.ServletApiImplicits._
 import org.scalatra._
 
 
-class AccessTokenAuthenticationFilter extends Filter with AccessTokenService {
-  private val tokenHeaderPrefix = "token "
+class ApiAuthenticationFilter extends Filter with AccessTokenService with AccountService with SystemSettingsService {
 
   override def init(filterConfig: FilterConfig): Unit = {}
 
@@ -23,9 +22,9 @@ class AccessTokenAuthenticationFilter extends Filter with AccessTokenService {
     implicit val session = req.getAttribute(Keys.Request.DBSession).asInstanceOf[slick.jdbc.JdbcBackend#Session]
     val response = res.asInstanceOf[HttpServletResponse]
     Option(request.getHeader("Authorization")).map{
-      case auth if auth.startsWith("token ") => AccessTokenService.getAccountByAccessToken(auth.substring(6).trim).toRight(Unit)
-      // TODO Basic Authentication Support
-      case _ => Left(Unit)
+      case auth if auth.startsWith("token ") => AccessTokenService.getAccountByAccessToken(auth.substring(6).trim).toRight(())
+      case auth if auth.startsWith("Basic ") => doBasicAuth(auth, loadSystemSettings(), request).toRight(())
+      case _ => Left(())
     }.orElse{
       Option(request.getSession.getAttribute(Keys.Session.LoginAccount).asInstanceOf[Account]).map(Right(_))
     } match {
@@ -40,4 +39,10 @@ class AccessTokenAuthenticationFilter extends Filter with AccessTokenService {
       }
     }
   }
+
+  def doBasicAuth(auth: String, settings: SystemSettings, request: HttpServletRequest): Option[Account] = {
+    implicit val session = request.getAttribute(Keys.Request.DBSession).asInstanceOf[slick.jdbc.JdbcBackend#Session]
+    val Array(username, password) = AuthUtil.decodeAuthHeader(auth).split(":", 2)
+    authenticate(settings, username, password)
+  }
 }

src/main/scala/gitbucket/core/servlet/GHCompatRepositoryAccessFilter.scala

@@ -0,0 +1,36 @@
+package gitbucket.core.servlet
+
+import javax.servlet._
+import javax.servlet.http.{HttpServletRequest, HttpServletResponse}
+
+import gitbucket.core.service.SystemSettingsService
+
+/**
+  * A controller to provide GitHub compatible URL for Git clients.
+  */
+class GHCompatRepositoryAccessFilter extends Filter with SystemSettingsService {
+
+  /**
+    * Pattern of GitHub compatible repository URL.
+    * <code>/:user/:repo.git/</code>
+    */
+  private val githubRepositoryPattern = """^/[^/]+/[^/]+\.git/.*""".r
+
+  override def init(filterConfig: FilterConfig) = {}
+
+  override def doFilter(req: ServletRequest, res: ServletResponse, chain: FilterChain) = {
+    implicit val request  = req.asInstanceOf[HttpServletRequest]
+    val response = res.asInstanceOf[HttpServletResponse]
+    val requestPath = request.getRequestURI.substring(request.getContextPath.length)
+    requestPath match {
+      case githubRepositoryPattern() =>
+        response.sendRedirect(baseUrl + "/git" + requestPath)
+
+      case _ =>
+        chain.doFilter(req, res)
+    }
+  }
+
+  override def destroy() = {}
+
+}

src/main/scala/gitbucket/core/servlet/GitAuthenticationFilter.scala

@@ -5,16 +5,16 @@ import javax.servlet.http._
 import gitbucket.core.plugin.{GitRepositoryFilter, GitRepositoryRouting, PluginRegistry}
 import gitbucket.core.service.SystemSettingsService.SystemSettings
 import gitbucket.core.service.{RepositoryService, AccountService, SystemSettingsService}
-import gitbucket.core.util.{Keys, Implicits}
+import gitbucket.core.util.{Keys, Implicits, AuthUtil}
 import org.slf4j.LoggerFactory
 import Implicits._
 
 /**
  * Provides BASIC Authentication for [[GitRepositoryServlet]].
  */
-class BasicAuthenticationFilter extends Filter with RepositoryService with AccountService with SystemSettingsService {
+class GitAuthenticationFilter extends Filter with RepositoryService with AccountService with SystemSettingsService {
 
-  private val logger = LoggerFactory.getLogger(classOf[BasicAuthenticationFilter])
+  private val logger = LoggerFactory.getLogger(classOf[GitAuthenticationFilter])
 
   def init(config: FilterConfig) = {}
   
@@ -43,7 +43,7 @@ class BasicAuthenticationFilter extends Filter with RepositoryService with Accou
     } catch {
       case ex: Exception => {
         logger.error("error", ex)
-        requireAuth(response)
+        AuthUtil.requireAuth(response)
       }
     }
   }
@@ -54,7 +54,7 @@ class BasicAuthenticationFilter extends Filter with RepositoryService with Accou
 
     val account = for {
       auth <- Option(request.getHeader("Authorization"))
-      Array(username, password) = decodeAuthHeader(auth).split(":", 2)
+      Array(username, password) = AuthUtil.decodeAuthHeader(auth).split(":", 2)
       account <- authenticate(settings, username, password)
     } yield {
       request.setAttribute(Keys.Request.UserName, account.userName)
@@ -64,7 +64,7 @@ class BasicAuthenticationFilter extends Filter with RepositoryService with Accou
     if(filter.filter(request.gitRepositoryPath, account.map(_.userName), settings, isUpdating)){
       chain.doFilter(request, response)
     } else {
-      requireAuth(response)
+      AuthUtil.requireAuth(response)
     }
   }
 
@@ -81,10 +81,10 @@ class BasicAuthenticationFilter extends Filter with RepositoryService with Accou
             } else {
               val passed = for {
                 auth <- Option(request.getHeader("Authorization"))
-                Array(username, password) = decodeAuthHeader(auth).split(":", 2)
+                Array(username, password) = AuthUtil.decodeAuthHeader(auth).split(":", 2)
                 account <- authenticate(settings, username, password)
               } yield if(isUpdating || repository.repository.isPrivate){
-                  if(hasWritePermission(repository.owner, repository.name, Some(account))){
+                  if(hasDeveloperRole(repository.owner, repository.name, Some(account))){
                     request.setAttribute(Keys.Request.UserName, account.userName)
                     true
                   } else false
@@ -93,7 +93,7 @@ class BasicAuthenticationFilter extends Filter with RepositoryService with Accou
               if(passed.getOrElse(false)){
                 chain.doFilter(request, response)
               } else {
-                requireAuth(response)
+                AuthUtil.requireAuth(response)
               }
             }
           }
@@ -108,17 +108,4 @@ class BasicAuthenticationFilter extends Filter with RepositoryService with Accou
       }
     }
   }
-
-  private def requireAuth(response: HttpServletResponse): Unit = {
-    response.setHeader("WWW-Authenticate", "BASIC realm=\"GitBucket\"")
-    response.sendError(HttpServletResponse.SC_UNAUTHORIZED)
-  }
-  
-  private def decodeAuthHeader(header: String): String = {
-    try {
-      new String(new sun.misc.BASE64Decoder().decodeBuffer(header.substring(6)))
-    } catch {
-      case _: Throwable => ""
-    }
-  }
 }

src/main/scala/gitbucket/core/servlet/GitRepositoryServlet.scala

@@ -27,7 +27,7 @@ import javax.servlet.http.{HttpServletResponse, HttpServletRequest}
  * Provides Git repository via HTTP.
  * 
  * This servlet provides only Git repository functionality.
- * Authentication is provided by [[BasicAuthenticationFilter]].
+ * Authentication is provided by [[GitAuthenticationFilter]].
  */
 class GitRepositoryServlet extends GitServlet with SystemSettingsService {
 
@@ -110,7 +110,7 @@ import scala.collection.JavaConverters._
 class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl: String)(implicit session: Session)
   extends PostReceiveHook with PreReceiveHook
   with RepositoryService with AccountService with IssuesService with ActivityService with PullRequestService with WebHookService
-  with WebHookPullRequestService with ProtectedBranchService {
+  with WebHookPullRequestService with CommitsService {
   
   private val logger = LoggerFactory.getLogger(classOf[CommitLogHook])
   private var existIds: Seq[String] = Nil
@@ -139,6 +139,8 @@ class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl:
   def onPostReceive(receivePack: ReceivePack, commands: java.util.Collection[ReceiveCommand]): Unit = {
     try {
       using(Git.open(Directory.getRepositoryDir(owner, repository))) { git =>
+        JGitUtil.removeCache(git)
+
         val pushedIds = scala.collection.mutable.Set[String]()
         commands.asScala.foreach { command =>
           logger.debug(s"commandType: ${command.getType}, refName: ${command.getRefName}")

src/main/scala/gitbucket/core/servlet/InitializeListener.scala

@@ -17,6 +17,7 @@ import org.apache.commons.io.FileUtils
 import org.slf4j.LoggerFactory
 import akka.actor.{Actor, Props, ActorSystem}
 import com.typesafe.akka.extension.quartz.QuartzSchedulerExtension
+import scala.collection.JavaConverters._
 
 /**
  * Initialize GitBucket system.
@@ -35,6 +36,7 @@ class InitializeListener extends ServletContextListener with SystemSettingsServi
 
     Database() withTransaction { session =>
       val conn = session.conn
+      val manager = new JDBCVersionManager(conn)
 
       // Check version
       val versionFile = new File(GitBucketHome, "version")
@@ -56,9 +58,8 @@ class InitializeListener extends ServletContextListener with SystemSettingsServi
           }
 
           // Change form
-          val manager = new JDBCVersionManager(conn)
           manager.initialize()
-          manager.updateVersion(GitBucketCoreModule.getModuleId, "4.0")
+          manager.updateVersion(GitBucketCoreModule.getModuleId, "4.0.0")
           conn.select("SELECT PLUGIN_ID, VERSION FROM PLUGIN"){ rs =>
             manager.updateVersion(rs.getString("PLUGIN_ID"), rs.getString("VERSION"))
           }
@@ -77,6 +78,19 @@ class InitializeListener extends ServletContextListener with SystemSettingsServi
       val solidbase = new Solidbase()
       solidbase.migrate(conn, Thread.currentThread.getContextClassLoader, DatabaseConfig.liquiDriver, GitBucketCoreModule)
 
+      // Rescue code for users who updated from 3.14 to 4.0.0
+      // https://github.com/gitbucket/gitbucket/issues/1227
+      val currentVersion = manager.getCurrentVersion(GitBucketCoreModule.getModuleId)
+      val databaseVersion = if(currentVersion == "4.0"){
+        manager.updateVersion(GitBucketCoreModule.getModuleId, "4.0.0")
+        "4.0.0"
+      } else currentVersion
+
+      val gitbucketVersion = GitBucketCoreModule.getVersions.asScala.last.getVersion
+      if(databaseVersion != gitbucketVersion){
+        throw new IllegalStateException(s"Initialization failed. GitBucket version is ${gitbucketVersion}, but database version is ${databaseVersion}.")
+      }
+
       // Load plugins
       logger.info("Initialize plugins")
       PluginRegistry.initialize(event.getServletContext, loadSystemSettings(), conn)

src/main/scala/gitbucket/core/servlet/PluginAssetsServlet.scala

@@ -0,0 +1,39 @@
+package gitbucket.core.servlet
+
+import javax.servlet.http.{HttpServlet, HttpServletRequest, HttpServletResponse}
+
+import gitbucket.core.plugin.PluginRegistry
+import gitbucket.core.util.FileUtil
+import org.apache.commons.io.IOUtils
+
+/**
+ * Supply assets which are provided by plugins.
+ */
+class PluginAssetsServlet extends HttpServlet {
+
+  override def doGet(req: HttpServletRequest, resp: HttpServletResponse): Unit = {
+    val assetsMappings = PluginRegistry().getAssetsMappings
+    val path = req.getRequestURI.substring(req.getContextPath.length)
+
+    assetsMappings
+      .find    { case (prefix, _, _) => path.startsWith("/plugin-assets" + prefix) }
+      .flatMap { case (prefix, resourcePath, classLoader) =>
+        val resourceName = path.substring(("/plugin-assets" + prefix).length)
+        Option(classLoader.getResourceAsStream(resourcePath.replaceFirst("^/", "") + resourceName))
+      }
+      .map { in =>
+        try {
+          val bytes = IOUtils.toByteArray(in)
+          resp.setContentLength(bytes.length)
+          resp.setContentType(FileUtil.getContentType(path, bytes))
+          resp.getOutputStream.write(bytes)
+        } finally {
+          in.close()
+        }
+      }
+      .getOrElse {
+        resp.setStatus(404)
+      }
+  }
+
+}

src/main/scala/gitbucket/core/servlet/TransactionFilter.scala

@@ -52,6 +52,13 @@ object Database {
     config.setJdbcUrl(DatabaseConfig.url)
     config.setUsername(DatabaseConfig.user)
     config.setPassword(DatabaseConfig.password)
+    config.setAutoCommit(false)
+    DatabaseConfig.connectionTimeout.foreach(config.setConnectionTimeout)
+    DatabaseConfig.idleTimeout.foreach(config.setIdleTimeout)
+    DatabaseConfig.maxLifetime.foreach(config.setMaxLifetime)
+    DatabaseConfig.minimumIdle.foreach(config.setMinimumIdle)
+    DatabaseConfig.maximumPoolSize.foreach(config.setMaximumPoolSize)
+
     logger.debug("load database connection pool")
     new HikariDataSource(config)
   }

src/main/scala/gitbucket/core/ssh/GitCommand.scala

@@ -5,14 +5,15 @@ import gitbucket.core.plugin.{GitRepositoryRouting, PluginRegistry}
 import gitbucket.core.service.{RepositoryService, AccountService, SystemSettingsService}
 import gitbucket.core.servlet.{Database, CommitLogHook}
 import gitbucket.core.util.{Directory, ControlUtil}
-import org.apache.sshd.server.{CommandFactory, Environment, ExitCallback, Command}
+import org.apache.sshd.server.{CommandFactory, Environment, ExitCallback, Command, SessionAware}
+import org.apache.sshd.server.session.ServerSession
 import org.slf4j.LoggerFactory
 import java.io.{File, InputStream, OutputStream}
 import ControlUtil._
 import org.eclipse.jgit.api.Git
 import Directory._
 import org.eclipse.jgit.transport.{ReceivePack, UploadPack}
-import org.apache.sshd.server.command.UnknownCommand
+import org.apache.sshd.server.scp.UnknownCommand
 import org.eclipse.jgit.errors.RepositoryNotFoundException
 
 object GitCommand {
@@ -20,37 +21,44 @@ object GitCommand {
   val SimpleCommandRegex  = """\Agit-(upload|receive)-pack '/(.+\.git)'\Z""".r
 }
 
-abstract class GitCommand() extends Command {
+abstract class GitCommand extends Command with SessionAware {
 
   private val logger = LoggerFactory.getLogger(classOf[GitCommand])
   @volatile protected var err: OutputStream = null
   @volatile protected var in: InputStream = null
   @volatile protected var out: OutputStream = null
   @volatile protected var callback: ExitCallback = null
+  @volatile private var authUser:Option[String] = None
 
-  protected def runTask(user: String)(implicit session: Session): Unit
+  protected def runTask(authUser: String)(implicit session: Session): Unit
 
-  private def newTask(user: String): Runnable = new Runnable {
+  private def newTask(): Runnable = new Runnable {
     override def run(): Unit = {
-      Database() withSession { implicit session =>
-        try {
-          runTask(user)
-          callback.onExit(0)
-        } catch {
-          case e: RepositoryNotFoundException =>
-            logger.info(e.getMessage)
-            callback.onExit(1, "Repository Not Found")
-          case e: Throwable =>
-            logger.error(e.getMessage, e)
-            callback.onExit(1)
-        }
+      authUser match {
+        case Some(authUser) =>
+          Database() withTransaction { implicit session =>
+            try {
+              runTask(authUser)
+              callback.onExit(0)
+            } catch {
+              case e: RepositoryNotFoundException =>
+                logger.info(e.getMessage)
+                callback.onExit(1, "Repository Not Found")
+              case e: Throwable =>
+                logger.error(e.getMessage, e)
+                callback.onExit(1)
+            }
+          }
+        case None =>
+          val message = "User not authenticated"
+          logger.error(message)
+          callback.onExit(1, message)
       }
     }
   }
 
-  override def start(env: Environment): Unit = {
-    val user = env.getEnv.get("USER")
-    val thread = new Thread(newTask(user))
+  final override def start(env: Environment): Unit = {
+    val thread = new Thread(newTask())
     thread.start()
   }
 
@@ -72,6 +80,10 @@ abstract class GitCommand() extends Command {
     this.in = in
   }
 
+  override def setSession(serverSession:ServerSession) {
+  	this.authUser = PublicKeyAuthenticator.getUserName(serverSession)
+  }
+
 }
 
 abstract class DefaultGitCommand(val owner: String, val repoName: String) extends GitCommand {
@@ -80,7 +92,7 @@ abstract class DefaultGitCommand(val owner: String, val repoName: String) extend
   protected def isWritableUser(username: String, repositoryInfo: RepositoryService.RepositoryInfo)
                               (implicit session: Session): Boolean =
     getAccountByUserName(username) match {
-      case Some(account) => hasWritePermission(repositoryInfo.owner, repositoryInfo.name, Some(account))
+      case Some(account) => hasDeveloperRole(repositoryInfo.owner, repositoryInfo.name, Some(account))
       case None => false
     }
 

src/main/scala/gitbucket/core/ssh/NoShell.scala

@@ -15,7 +15,6 @@ class NoShell(sshAddress:SshAddress) extends Factory[Command] {
     private var callback: ExitCallback = null
 
     override def start(env: Environment): Unit = {
-      val user = env.getEnv.get("USER")
       val message =
         """
           | Welcome to
@@ -32,7 +31,7 @@ class NoShell(sshAddress:SshAddress) extends Factory[Command] {
           | Please use:
           |
           | git clone ssh://%s@%s:%d/OWNER/REPOSITORY_NAME.git
-        """.stripMargin.format(user, sshAddress.host, sshAddress.port).replace("\n", "\r\n") + "\r\n"
+        """.stripMargin.format(sshAddress.genericUser, sshAddress.host, sshAddress.port).replace("\n", "\r\n") + "\r\n"
       err.write(Constants.encode(message))
       err.flush()
       in.close()

src/main/scala/gitbucket/core/ssh/PublicKeyAuthenticator.scala

@@ -2,22 +2,73 @@ package gitbucket.core.ssh
 
 import java.security.PublicKey
 
+import gitbucket.core.model.SshKey
 import gitbucket.core.service.SshKeyService
 import gitbucket.core.servlet.Database
 import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator
 import org.apache.sshd.server.session.ServerSession
+import org.apache.sshd.common.AttributeStore
+import org.slf4j.LoggerFactory
 
-class PublicKeyAuthenticator extends PublickeyAuthenticator with SshKeyService {
+object PublicKeyAuthenticator {
+  // put in the ServerSession here to be read by GitCommand later
+  private val userNameSessionKey = new AttributeStore.AttributeKey[String]
 
-  override def authenticate(username: String, key: PublicKey, session: ServerSession): Boolean = {
-    Database() withSession { implicit session =>
-      getPublicKeys(username).exists { sshKey =>
-        SshUtil.str2PublicKey(sshKey.publicKey) match {
-          case Some(publicKey) => key.equals(publicKey)
-          case _ => false
-        }
-      }
+  def putUserName(serverSession:ServerSession, userName:String):Unit =
+    serverSession.setAttribute(userNameSessionKey, userName)
+
+  def getUserName(serverSession:ServerSession):Option[String] =
+    Option(serverSession.getAttribute(userNameSessionKey))
+}
+
+class PublicKeyAuthenticator(genericUser:String) extends PublickeyAuthenticator with SshKeyService {
+  private val logger = LoggerFactory.getLogger(classOf[PublicKeyAuthenticator])
+
+  override def authenticate(username: String, key: PublicKey, session: ServerSession): Boolean =
+    if (username == genericUser) authenticateGenericUser(username, key, session, genericUser)
+    else                         authenticateLoginUser(username, key, session)
+
+  private def authenticateLoginUser(username: String, key: PublicKey, session: ServerSession): Boolean = {
+    val authenticated =
+      Database()
+      .withSession { implicit dbSession => getPublicKeys(username) }
+      .map(_.publicKey)
+      .flatMap(SshUtil.str2PublicKey)
+      .contains(key)
+    if (authenticated) {
+      logger.info(s"authentication as ssh user ${username} succeeded")
+      PublicKeyAuthenticator.putUserName(session, username)
     }
+    else {
+      logger.info(s"authentication as ssh user ${username} failed")
+    }
+    authenticated
   }
 
+  private def authenticateGenericUser(username: String, key: PublicKey, session: ServerSession, genericUser:String): Boolean = {
+    // find all users having the key we got from ssh
+    val possibleUserNames =
+      Database()
+      .withSession { implicit dbSession => getAllKeys() }
+      .filter { sshKey =>
+        SshUtil.str2PublicKey(sshKey.publicKey).exists(_ == key)
+      }
+      .map(_.userName)
+      .distinct
+    // determine the user - if different accounts share the same key, tough luck
+    val uniqueUserName =
+      possibleUserNames match {
+        case List()     =>
+          logger.info(s"authentication as generic user ${genericUser} failed, public key not found")
+          None
+        case List(name) =>
+          logger.info(s"authentication as generic user ${genericUser} succeeded, identified ${name}")
+          Some(name)
+        case _          =>
+          logger.info(s"authentication as generic user ${genericUser} failed, public key is ambiguous")
+          None
+      }
+    uniqueUserName.foreach(PublicKeyAuthenticator.putUserName(session, _))
+    uniqueUserName.isDefined
+  }
 }

src/main/scala/gitbucket/core/ssh/SshServerListener.scala

@@ -21,7 +21,7 @@ object SshServer {
     provider.setAlgorithm("RSA")
     provider.setOverwriteAllowed(false)
     server.setKeyPairProvider(provider)
-    server.setPublickeyAuthenticator(new PublicKeyAuthenticator)
+    server.setPublickeyAuthenticator(new PublicKeyAuthenticator(sshAddress.genericUser))
     server.setCommandFactory(new GitCommandFactory(baseUrl))
     server.setShellFactory(new NoShell(sshAddress))
   }

src/main/scala/gitbucket/core/ssh/SshUtil.scala

@@ -31,9 +31,7 @@ object SshUtil {
     }
   }
 
-  def fingerPrint(key: String): Option[String] = str2PublicKey(key) match {
-    case Some(publicKey) => Some(KeyUtils.getFingerPrint(publicKey))
-    case None => None
-  }
+  def fingerPrint(key: String): Option[String] =
+    str2PublicKey(key) map KeyUtils.getFingerPrint
 
 }

src/main/scala/gitbucket/core/util/AuthUtil.scala

@@ -0,0 +1,21 @@
+package gitbucket.core.util
+
+import javax.servlet.http.HttpServletResponse
+
+/**
+ * Provides HTTP (Basic) Authentication related functions.
+ */
+object AuthUtil {
+  def requireAuth(response: HttpServletResponse): Unit = {
+    response.setHeader("WWW-Authenticate", "BASIC realm=\"GitBucket\"")
+    response.sendError(HttpServletResponse.SC_UNAUTHORIZED)
+  }
+
+  def decodeAuthHeader(header: String): String = {
+    try {
+      new String(new sun.misc.BASE64Decoder().decodeBuffer(header.substring(6)))
+    } catch {
+      case _: Throwable => ""
+    }
+  }
+}

src/main/scala/gitbucket/core/util/Authenticator.scala

@@ -1,7 +1,8 @@
 package gitbucket.core.util
 
 import gitbucket.core.controller.ControllerBase
-import gitbucket.core.service.{RepositoryService, AccountService}
+import gitbucket.core.service.{AccountService, RepositoryService}
+import gitbucket.core.model.Role
 import RepositoryService.RepositoryInfo
 import Implicits._
 import ControlUtil._
@@ -40,9 +41,9 @@ trait OwnerAuthenticator { self: ControllerBase with RepositoryService with Acco
           context.loginAccount match {
             case Some(x) if(x.isAdmin) => action(repository)
             case Some(x) if(repository.owner == x.userName) => action(repository)
-            case Some(x) if(getGroupMembers(repository.owner).exists { member =>
-              member.userName == x.userName && member.isManager == true
-            }) => action(repository)
+            // TODO Repository management is allowed for only group managers?
+            case Some(x) if(getGroupMembers(repository.owner).exists { m => m.userName == x.userName && m.isManager == true }) => action(repository)
+            case Some(x) if(getCollaboratorUserNames(paths(0), paths(1), Seq(Role.ADMIN)).contains(x.userName)) => action(repository)
             case _ => Unauthorized()
           }
         } getOrElse NotFound()
@@ -86,32 +87,9 @@ trait AdminAuthenticator { self: ControllerBase =>
 }
 
 /**
- * Allows only collaborators and administrators.
+ * Allows only guests and signed in users who can access the repository.
  */
-trait CollaboratorsAuthenticator { self: ControllerBase with RepositoryService =>
-  protected def collaboratorsOnly(action: (RepositoryInfo) => Any) = { authenticate(action) }
-  protected def collaboratorsOnly[T](action: (T, RepositoryInfo) => Any) = (form: T) => { authenticate(action(form, _)) }
-
-  private def authenticate(action: (RepositoryInfo) => Any) = {
-    {
-      defining(request.paths){ paths =>
-        getRepository(paths(0), paths(1)).map { repository =>
-          context.loginAccount match {
-            case Some(x) if(x.isAdmin) => action(repository)
-            case Some(x) if(paths(0) == x.userName) => action(repository)
-            case Some(x) if(getCollaborators(paths(0), paths(1)).contains(x.userName)) => action(repository)
-            case _ => Unauthorized()
-          }
-        } getOrElse NotFound()
-      }
-    }
-  }
-}
-
-/**
- * Allows only the repository owner (or manager for group repository) and administrators.
- */
-trait ReferrerAuthenticator { self: ControllerBase with RepositoryService =>
+trait ReferrerAuthenticator { self: ControllerBase with RepositoryService with AccountService =>
   protected def referrersOnly(action: (RepositoryInfo) => Any) = { authenticate(action) }
   protected def referrersOnly[T](action: (T, RepositoryInfo) => Any) = (form: T) => { authenticate(action(form, _)) }
 
@@ -125,7 +103,8 @@ trait ReferrerAuthenticator { self: ControllerBase with RepositoryService =>
             context.loginAccount match {
               case Some(x) if(x.isAdmin) => action(repository)
               case Some(x) if(paths(0) == x.userName) => action(repository)
-              case Some(x) if(getCollaborators(paths(0), paths(1)).contains(x.userName)) => action(repository)
+              case Some(x) if(getGroupMembers(repository.owner).exists(_.userName == x.userName)) => action(repository)
+              case Some(x) if(getCollaboratorUserNames(paths(0), paths(1)).contains(x.userName)) => action(repository)
               case _ => Unauthorized()
             }
           }
@@ -136,9 +115,9 @@ trait ReferrerAuthenticator { self: ControllerBase with RepositoryService =>
 }
 
 /**
- * Allows only signed in users which can access the repository.
+ * Allows only signed in users who have read permission for the repository.
  */
-trait ReadableUsersAuthenticator { self: ControllerBase with RepositoryService =>
+trait ReadableUsersAuthenticator { self: ControllerBase with RepositoryService with AccountService =>
   protected def readableUsersOnly(action: (RepositoryInfo) => Any) = { authenticate(action) }
   protected def readableUsersOnly[T](action: (T, RepositoryInfo) => Any) = (form: T) => { authenticate(action(form, _)) }
 
@@ -150,7 +129,32 @@ trait ReadableUsersAuthenticator { self: ControllerBase with RepositoryService =
             case Some(x) if(x.isAdmin) => action(repository)
             case Some(x) if(!repository.repository.isPrivate) => action(repository)
             case Some(x) if(paths(0) == x.userName) => action(repository)
-            case Some(x) if(getCollaborators(paths(0), paths(1)).contains(x.userName)) => action(repository)
+            case Some(x) if(getGroupMembers(repository.owner).exists(_.userName == x.userName)) => action(repository)
+            case Some(x) if(getCollaboratorUserNames(paths(0), paths(1)).contains(x.userName)) => action(repository)
+            case _ => Unauthorized()
+          }
+        } getOrElse NotFound()
+      }
+    }
+  }
+}
+
+/**
+ * Allows only signed in users who have write permission for the repository.
+ */
+trait WritableUsersAuthenticator { self: ControllerBase with RepositoryService with AccountService =>
+  protected def writableUsersOnly(action: (RepositoryInfo) => Any) = { authenticate(action) }
+  protected def writableUsersOnly[T](action: (T, RepositoryInfo) => Any) = (form: T) => { authenticate(action(form, _)) }
+
+  private def authenticate(action: (RepositoryInfo) => Any) = {
+    {
+      defining(request.paths){ paths =>
+        getRepository(paths(0), paths(1)).map { repository =>
+          context.loginAccount match {
+            case Some(x) if(x.isAdmin) => action(repository)
+            case Some(x) if(paths(0) == x.userName) => action(repository)
+            case Some(x) if(getGroupMembers(repository.owner).exists(_.userName == x.userName)) => action(repository)
+            case Some(x) if(getCollaboratorUserNames(paths(0), paths(1), Seq(Role.ADMIN, Role.DEVELOPER)).contains(x.userName)) => action(repository)
             case _ => Unauthorized()
           }
         } getOrElse NotFound()

src/main/scala/gitbucket/core/util/DatabaseConfig.scala

@@ -17,6 +17,11 @@ object DatabaseConfig {
           |  url = "jdbc:h2:${DatabaseHome};MVCC=true"
           |  user = "sa"
           |  password = "sa"
+          |#  connectionTimeout = 30000
+          |#  idleTimeout = 600000
+          |#  maxLifetime = 1800000
+          |#  minimumIdle = 10
+          |#  maximumPoolSize = 10
           |}
           |""".stripMargin, "UTF-8")
     }
@@ -28,12 +33,21 @@ object DatabaseConfig {
   def url(directory: Option[String]): String =
     dbUrl.replace("${DatabaseHome}", directory.getOrElse(DatabaseHome))
 
-  lazy val url: String = url(None)
-  lazy val user: String = config.getString("db.user")
-  lazy val password: String = config.getString("db.password")
-  lazy val jdbcDriver: String = DatabaseType(url).jdbcDriver
-  lazy val slickDriver: slick.driver.JdbcProfile = DatabaseType(url).slickDriver
-  lazy val liquiDriver: AbstractJdbcDatabase = DatabaseType(url).liquiDriver
+  lazy val url                : String = url(None)
+  lazy val user               : String = config.getString("db.user")
+  lazy val password           : String = config.getString("db.password")
+  lazy val jdbcDriver         : String = DatabaseType(url).jdbcDriver
+  lazy val slickDriver        : slick.driver.JdbcProfile = DatabaseType(url).slickDriver
+  lazy val liquiDriver        : AbstractJdbcDatabase     = DatabaseType(url).liquiDriver
+  lazy val connectionTimeout  : Option[Long]   = getOptionValue("db.connectionTimeout", config.getLong)
+  lazy val idleTimeout        : Option[Long]   = getOptionValue("db.idleTimeout"      , config.getLong)
+  lazy val maxLifetime        : Option[Long]   = getOptionValue("db.maxLifetime"      , config.getLong)
+  lazy val minimumIdle        : Option[Int]    = getOptionValue("db.minimumIdle"      , config.getInt)
+  lazy val maximumPoolSize    : Option[Int]    = getOptionValue("db.maximumPoolSize"  , config.getInt)
+
+  private def getOptionValue[T](path: String, f: String => T): Option[T] = {
+    if(config.hasPath(path)) Some(f(path)) else None
+  }
 
 }
 

src/main/scala/gitbucket/core/util/Implicits.scala

@@ -4,6 +4,8 @@ import gitbucket.core.api.JsonFormat
 import gitbucket.core.controller.Context
 import gitbucket.core.servlet.Database
 
+import java.util.regex.Pattern.quote
+
 import javax.servlet.http.{HttpSession, HttpServletRequest}
 
 import scala.util.matching.Regex
@@ -73,7 +75,7 @@ object Implicits {
 
     def hasAttribute(name: String): Boolean = request.getAttribute(name) != null
 
-    def gitRepositoryPath: String = request.getRequestURI.replaceFirst("^/git/", "/")
+    def gitRepositoryPath: String = request.getRequestURI.replaceFirst("^" + quote(request.getContextPath) + "/git/", "/")
 
     def baseUrl:String = {
       val url = request.getRequestURL.toString
@@ -83,12 +85,6 @@ object Implicits {
   }
 
   implicit class RichSession(session: HttpSession){
-
-    def putAndGet[T](key: String, value: T): T = {
-      session.setAttribute(key, value)
-      value
-    }
-
     def getAndRemove[T](key: String): Option[T] = {
       val value = session.getAttribute(key).asInstanceOf[T]
       if(value == null){

src/main/scala/gitbucket/core/util/JDBCUtil.scala

@@ -3,16 +3,16 @@ package gitbucket.core.util
 import java.io._
 import java.sql._
 import java.text.SimpleDateFormat
-import javax.xml.stream.{XMLStreamConstants, XMLInputFactory, XMLOutputFactory}
 import ControlUtil._
-import scala.StringBuilder
 import scala.annotation.tailrec
-import scala.collection.mutable
 import scala.collection.mutable.ListBuffer
 
 /**
  * Provides implicit class which extends java.sql.Connection.
- * This is used in automatic migration in [[servlet.AutoUpdateListener]].
+ * This is used in following points:
+ *
+ * - Automatic migration in [[gitbucket.core.servlet.InitializeListener]]
+ * - Data importing / exporting in [[gitbucket.core.controller.SystemSettingsController]] and [[gitbucket.core.controller.FileUploadController]]
  */
 object JDBCUtil {
 
@@ -64,65 +64,38 @@ object JDBCUtil {
       }
     }
 
-    def importAsXML(in: InputStream): Unit = {
+    def importAsSQL(in: InputStream): Unit = {
       conn.setAutoCommit(false)
       try {
-        val factory = XMLInputFactory.newInstance()
-        using(factory.createXMLStreamReader(in, "UTF-8")){ reader =>
-          // stateful objects
-          var elementName   = ""
-          var insertTable   = ""
-          var insertColumns = Map.empty[String, (String, String)]
+        using(in){ in =>
+          var out = new ByteArrayOutputStream()
 
-          while(reader.hasNext){
-            reader.next()
+          var length = 0
+          val bytes = new scala.Array[Byte](1024 * 8)
+          var stringLiteral = false
 
-            reader.getEventType match {
-              case XMLStreamConstants.START_ELEMENT =>
-                elementName = reader.getName.getLocalPart
-                if(elementName == "insert"){
-                  insertTable = reader.getAttributeValue(null, "table")
-                } else if(elementName == "delete"){
-                  val tableName = reader.getAttributeValue(null, "table")
-                  conn.update(s"DELETE FROM ${tableName}")
-                } else if(elementName == "column"){
-                  val columnName  = reader.getAttributeValue(null, "name")
-                  val columnType  = reader.getAttributeValue(null, "type")
-                  val columnValue = reader.getElementText
-                  insertColumns = insertColumns + (columnName -> (columnType, columnValue))
-                }
-              case XMLStreamConstants.END_ELEMENT =>
-                // Execute insert statement
-                reader.getName.getLocalPart match {
-                  case "insert" => {
-                    val sb = new StringBuilder()
-                    sb.append(s"INSERT INTO ${insertTable} (")
-                    sb.append(insertColumns.map { case (columnName, _) => columnName }.mkString(", "))
-                    sb.append(") VALUES (")
-                    sb.append(insertColumns.map { case (_, (columnType, columnValue)) =>
-                      if(columnType == null || columnValue == null){
-                        "NULL"
-                      } else if(columnType == "string"){
-                        "'" + columnValue.replace("'", "''") + "'"
-                      } else if(columnType == "timestamp"){
-                        "'" + columnValue + "'"
-                      } else {
-                        columnValue.toString
-                      }
-                    }.mkString(", "))
-                    sb.append(")")
-
-                    conn.update(sb.toString)
-
-                    insertColumns = Map.empty[String, (String, String)] // Clear column information
-                  }
-                  case _ => // Nothing to do
-                }
-              case _ => // Nothing to do
+          while({ length = in.read(bytes); length != -1 }){
+            for(i <- 0 to length - 1){
+              val c = bytes(i)
+              if(c == '\''){
+                stringLiteral = !stringLiteral
+              }
+              if(c == ';' && !stringLiteral){
+                val sql = new String(out.toByteArray, "UTF-8")
+                conn.update(sql.trim)
+                out = new ByteArrayOutputStream()
+              } else {
+                out.write(c)
+              }
             }
           }
-        }
 
+          val remain = out.toByteArray
+          if(remain.length != 0){
+            val sql = new String(remain, "UTF-8")
+            conn.update(sql.trim)
+          }
+        }
         conn.commit()
 
       } catch {
@@ -133,68 +106,6 @@ object JDBCUtil {
       }
     }
 
-    def exportAsXML(targetTables: Seq[String]): File = {
-      val dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss")
-      val file = File.createTempFile("gitbucket-export-", ".xml")
-
-      val factory = XMLOutputFactory.newInstance()
-      using(factory.createXMLStreamWriter(new FileOutputStream(file), "UTF-8")){ writer =>
-        val dbMeta = conn.getMetaData
-        val allTablesInDatabase = allTablesOrderByDependencies(dbMeta)
-
-        writer.writeStartDocument("UTF-8", "1.0")
-        writer.writeStartElement("tables")
-
-        println(allTablesInDatabase.mkString(", "))
-
-        allTablesInDatabase.reverse.foreach { tableName =>
-          if (targetTables.contains(tableName)) {
-            writer.writeStartElement("delete")
-            writer.writeAttribute("table", tableName)
-            writer.writeEndElement()
-          }
-        }
-
-        allTablesInDatabase.foreach { tableName =>
-          if (targetTables.contains(tableName)) {
-            select(s"SELECT * FROM ${tableName}") { rs =>
-              writer.writeStartElement("insert")
-              writer.writeAttribute("table", tableName)
-              val rsMeta = rs.getMetaData
-              (1 to rsMeta.getColumnCount).foreach { i =>
-                val columnName = rsMeta.getColumnName(i)
-                val (columnType, columnValue) = if(rs.getObject(columnName) == null){
-                  (null, null)
-                } else {
-                  rsMeta.getColumnType(i) match {
-                    case Types.BOOLEAN | Types.BIT => ("boolean", rs.getBoolean(columnName))
-                    case Types.VARCHAR | Types.CLOB | Types.CHAR | Types.LONGVARCHAR => ("string", rs.getString(columnName))
-                    case Types.INTEGER => ("int", rs.getInt(columnName))
-                    case Types.TIMESTAMP => ("timestamp", dateFormat.format(rs.getTimestamp(columnName)))
-                  }
-                }
-                writer.writeStartElement("column")
-                writer.writeAttribute("name", columnName)
-                if(columnType != null){
-                  writer.writeAttribute("type", columnType)
-                }
-                if(columnValue != null){
-                  writer.writeCharacters(columnValue.toString)
-                }
-                writer.writeEndElement()
-              }
-              writer.writeEndElement()
-            }
-          }
-        }
-
-        writer.writeEndElement()
-        writer.writeEndDocument()
-      }
-
-      file
-    }
-
     def exportAsSQL(targetTables: Seq[String]): File = {
       val dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss")
       val file = File.createTempFile("gitbucket-export-", ".sql")

src/main/scala/gitbucket/core/util/JGitUtil.scala

@@ -5,6 +5,7 @@ import org.eclipse.jgit.api.Git
 import Directory._
 import StringUtil._
 import ControlUtil._
+
 import scala.annotation.tailrec
 import scala.collection.JavaConverters._
 import org.eclipse.jgit.lib._
@@ -16,7 +17,11 @@ import org.eclipse.jgit.diff.DiffEntry.ChangeType
 import org.eclipse.jgit.errors.{ConfigInvalidException, MissingObjectException}
 import org.eclipse.jgit.transport.RefSpec
 import java.util.Date
-import org.eclipse.jgit.api.errors.{JGitInternalException, InvalidRefNameException, RefAlreadyExistsException, NoHeadException}
+import java.util.concurrent.TimeUnit
+import java.util.function.Consumer
+
+import org.cache2k.{Cache2kBuilder, CacheEntry}
+import org.eclipse.jgit.api.errors.{InvalidRefNameException, JGitInternalException, NoHeadException, RefAlreadyExistsException}
 import org.eclipse.jgit.dircache.DirCacheEntry
 import org.slf4j.LoggerFactory
 
@@ -32,14 +37,11 @@ object JGitUtil {
    *
    * @param owner the user name of the repository owner
    * @param name the repository name
-   * @param commitCount the commit count. If the repository has over 1000 commits then this property is 1001.
    * @param branchList the list of branch names
    * @param tags the list of tags
    */
-  case class RepositoryInfo(owner: String, name: String, commitCount: Int, branchList: List[String], tags: List[TagInfo]){
-    def this(owner: String, name: String) = {
-      this(owner, name, 0, Nil, Nil)
-    }
+  case class RepositoryInfo(owner: String, name: String, branchList: List[String], tags: List[TagInfo]){
+    def this(owner: String, name: String) = this(owner, name, Nil, Nil)
   }
 
   /**
@@ -169,20 +171,54 @@ object JGitUtil {
     revWalk.dispose
     revCommit
   }
-  
+
+  private val cache = new Cache2kBuilder[String, Int]() {}
+    .name("commit-count")
+    .expireAfterWrite(24, TimeUnit.HOURS)
+    .entryCapacity(10000)
+    .build()
+
+  def removeCache(git: Git): Unit = {
+    val dir = git.getRepository.getDirectory
+    val keyPrefix = dir.getAbsolutePath + "@"
+
+    cache.forEach(new Consumer[CacheEntry[String, Int]] {
+      override def accept(entry: CacheEntry[String, Int]): Unit = {
+        if(entry.getKey.startsWith(keyPrefix)){
+          cache.remove(entry.getKey)
+        }
+      }
+    })
+  }
+
+  /**
+   * Returns the number of commits in the specified branch or commit.
+   * If the specified branch has over 10000 commits, this method returns 100001.
+   */
+  def getCommitCount(owner: String, repository: String, branch: String): Int = {
+    val dir = getRepositoryDir(owner, repository)
+    val key = dir.getAbsolutePath + "@" + branch
+    val entry = cache.getEntry(key)
+
+    if(entry == null) {
+      using(Git.open(dir)) { git =>
+        val commitId = git.getRepository.resolve(branch)
+        val commitCount = git.log.add(commitId).call.iterator.asScala.take(10001).size
+        cache.put(key, commitCount)
+        commitCount
+      }
+    } else {
+      entry.getValue
+    }
+  }
+
   /**
    * Returns the repository information. It contains branch names and tag names.
    */
   def getRepositoryInfo(owner: String, repository: String): RepositoryInfo = {
     using(Git.open(getRepositoryDir(owner, repository))){ git =>
       try {
-        // get commit count
-        val commitCount = git.log.all.call.iterator.asScala.map(_ => 1).take(10001).sum
-
-        RepositoryInfo(
-          owner, repository,
-          // commit count
-          commitCount,
+        RepositoryInfo(owner, repository,
           // branches
           git.branchList.call.asScala.map { ref =>
             ref.getName.stripPrefix("refs/heads/")
@@ -195,9 +231,7 @@ object JGitUtil {
         )
       } catch {
         // not initialized
-        case e: NoHeadException => RepositoryInfo(
-          owner, repository, 0, Nil, Nil)
-
+        case e: NoHeadException => RepositoryInfo(owner, repository, Nil, Nil)
       }
     }
   }
@@ -212,8 +246,8 @@ object JGitUtil {
    */
   def getFileList(git: Git, revision: String, path: String = "."): List[FileInfo] = {
     using(new RevWalk(git.getRepository)){ revWalk =>
-      val objectId  = git.getRepository.resolve(revision)
-      if(objectId==null) return Nil
+      val objectId = git.getRepository.resolve(revision)
+      if(objectId == null) return Nil
       val revCommit = revWalk.parseCommit(objectId)
 
       def useTreeWalk(rev:RevCommit)(f:TreeWalk => Any): Unit = if (path == ".") {
@@ -255,14 +289,14 @@ object JGitUtil {
                           revIterator:java.util.Iterator[RevCommit]): List[(ObjectId, FileMode, String, Option[String], RevCommit)] ={
         if(restList.isEmpty){
           result
-        }else if(!revIterator.hasNext){ // maybe, revCommit has only 1 log. other case, restList be empty
-          result ++ restList.map{ case (tuple, map) => tupleAdd(tuple, map.values.headOption.getOrElse(revCommit)) }
-        }else{
+        } else if(!revIterator.hasNext){ // maybe, revCommit has only 1 log. other case, restList be empty
+          result ++ restList.map { case (tuple, map) => tupleAdd(tuple, map.values.headOption.getOrElse(revCommit)) }
+        } else {
           val newCommit = revIterator.next
-          val (thisTimeChecks,skips) = restList.partition{ case (tuple, parentsMap) => parentsMap.contains(newCommit) }
+          val (thisTimeChecks,skips) = restList.partition { case (tuple, parentsMap) => parentsMap.contains(newCommit) }
           if(thisTimeChecks.isEmpty){
             findLastCommits(result, restList, revIterator)
-          }else{
+          } else {
             var nextRest = skips
             var nextResult = result
             // Map[(name, oid), (tuple, parentsMap)]
@@ -270,20 +304,20 @@ object JGitUtil {
             lazy val newParentsMap = newCommit.getParents.map(_ -> newCommit).toMap
             useTreeWalk(newCommit){ walk =>
               while(walk.next){
-                rest.remove(walk.getNameString -> walk.getObjectId(0)).map{ case (tuple, _) =>
+                rest.remove(walk.getNameString -> walk.getObjectId(0)).map { case (tuple, _) =>
                   if(newParentsMap.isEmpty){
                     nextResult +:= tupleAdd(tuple, newCommit)
-                  }else{
+                  } else {
                     nextRest +:= tuple -> newParentsMap
                   }
                 }
               }
             }
-            rest.values.map{ case (tuple, parentsMap) =>
+            rest.values.map { case (tuple, parentsMap) =>
               val restParentsMap = parentsMap - newCommit
               if(restParentsMap.isEmpty){
                 nextResult +:= tupleAdd(tuple, parentsMap(newCommit))
-              }else{
+              } else {
                 nextRest +:= tuple -> restParentsMap
               }
             }
@@ -295,7 +329,7 @@ object JGitUtil {
       var fileList: List[(ObjectId, FileMode, String, Option[String])] = Nil
       useTreeWalk(revCommit){ treeWalk =>
         while (treeWalk.next()) {
-          val linkUrl =if (treeWalk.getFileMode(0) == FileMode.GITLINK) {
+          val linkUrl = if (treeWalk.getFileMode(0) == FileMode.GITLINK) {
             getSubmodules(git, revCommit.getTree).find(_.path == treeWalk.getPathString).map(_.url)
           } else None
           fileList +:= (treeWalk.getObjectId(0), treeWalk.getFileMode(0), treeWalk.getNameString, linkUrl)
@@ -345,7 +379,7 @@ object JGitUtil {
   def getTreeId(git: Git, revision: String): Option[String] = {
     using(new RevWalk(git.getRepository)){ revWalk =>
       val objectId  = git.getRepository.resolve(revision)
-      if(objectId==null) return None
+      if(objectId == null) return None
       val revCommit = revWalk.parseCommit(objectId)
       Some(revCommit.getTree.name)
     }
@@ -357,7 +391,7 @@ object JGitUtil {
   def getAllFileListByTreeId(git: Git, treeId: String): List[String] = {
     using(new RevWalk(git.getRepository)){ revWalk =>
       val objectId  = git.getRepository.resolve(treeId+"^{tree}")
-      if(objectId==null) return Nil
+      if(objectId == null) return Nil
       using(new TreeWalk(git.getRepository)){ treeWalk =>
         treeWalk.addTree(objectId)
         treeWalk.setRecursive(true)
@@ -705,6 +739,8 @@ object JGitUtil {
     refUpdate.setNewObjectId(newHeadId)
     refUpdate.update()
 
+    removeCache(git)
+
     newHeadId
   }
 
@@ -830,14 +866,16 @@ object JGitUtil {
     existIds.toSeq
   }
 
-  def processTree(git: Git, id: ObjectId)(f: (String, CanonicalTreeParser) => Unit) = {
+  def processTree[T](git: Git, id: ObjectId)(f: (String, CanonicalTreeParser) => T): Seq[T] = {
     using(new RevWalk(git.getRepository)){ revWalk =>
       using(new TreeWalk(git.getRepository)){ treeWalk =>
         val index = treeWalk.addTree(revWalk.parseTree(id))
         treeWalk.setRecursive(true)
+        val result = new collection.mutable.ListBuffer[T]()
         while(treeWalk.next){
-          f(treeWalk.getPathString, treeWalk.getTree(index, classOf[CanonicalTreeParser]))
+          result += f(treeWalk.getPathString, treeWalk.getTree(index, classOf[CanonicalTreeParser]))
         }
+        result.toSeq
       }
     }
   }
@@ -875,6 +913,7 @@ object JGitUtil {
 
   /**
    * Returns the last modified commit of specified path
+   *
    * @param git the Git object
    * @param startCommit the search base commit id
    * @param path the path of target file or directory
@@ -896,17 +935,13 @@ object JGitUtil {
       git.branchList.call.asScala.map { ref =>
         val walk = new RevWalk(repo)
         try {
-          val defaultCommit = walk.parseCommit(defaultObject)
-          val branchName = ref.getName.stripPrefix("refs/heads/")
-          val branchCommit = if(branchName == defaultBranch){
-            defaultCommit
-          } else {
-            walk.parseCommit(ref.getObjectId)
-          }
-          val when = branchCommit.getCommitterIdent.getWhen
-          val committer = branchCommit.getCommitterIdent.getName
+          val defaultCommit  = walk.parseCommit(defaultObject)
+          val branchName     = ref.getName.stripPrefix("refs/heads/")
+          val branchCommit   = walk.parseCommit(ref.getObjectId)
+          val when           = branchCommit.getCommitterIdent.getWhen
+          val committer      = branchCommit.getCommitterIdent.getName
           val committerEmail = branchCommit.getCommitterIdent.getEmailAddress
-          val mergeInfo = if(origin && branchName == defaultBranch){
+          val mergeInfo      = if(origin && branchName == defaultBranch){
             None
           } else {
             walk.reset()
@@ -961,6 +996,7 @@ object JGitUtil {
 
   /**
    * Returns sha1
+   *
    * @param owner repository owner
    * @param name  repository name
    * @param revstr  A git object references expression

src/main/scala/gitbucket/core/util/Notifier.scala

@@ -22,8 +22,10 @@ trait Notifier extends RepositoryService with AccountService with IssuesService
     (
         // individual repository's owner
         issue.userName ::
+        // group members of group repository
+        getGroupMembers(issue.userName).map(_.userName) :::
         // collaborators
-        getCollaborators(issue.userName, issue.repositoryName) :::
+        getCollaboratorUserNames(issue.userName, issue.repositoryName) :::
         // participants
         issue.openedUserName ::
         getComments(issue.userName, issue.repositoryName, issue.issueId).map(_.commentedUserName)
@@ -84,26 +86,7 @@ class Mailer(private val smtp: Smtp) extends Notifier {
               enableLineBreaks = false
             ))) { case (subject, msg) =>
             recipients(issue) { to =>
-              val email = new HtmlEmail
-              email.setHostName(smtp.host)
-              email.setSmtpPort(smtp.port.get)
-              smtp.user.foreach { user =>
-                email.setAuthenticator(new DefaultAuthenticator(user, smtp.password.getOrElse("")))
-              }
-              smtp.ssl.foreach { ssl =>
-                email.setSSLOnConnect(ssl)
-              }
-              smtp.fromAddress
-                .map (_ -> smtp.fromName.getOrElse(context.loginAccount.get.userName))
-                .orElse (Some("notifications@gitbucket.com" -> context.loginAccount.get.userName))
-                .foreach { case (address, name) =>
-                  email.setFrom(address, name)
-              }
-              email.setCharset("UTF-8")
-              email.setSubject(subject)
-              email.setHtmlMsg(msg)
-
-              email.addTo(to).send
+              send(to, subject, msg)
             }
         }
       }
@@ -116,6 +99,33 @@ class Mailer(private val smtp: Smtp) extends Notifier {
       case t => logger.error("Notifications Failed.", t)
     }
   }
+
+  def send(to: String, subject: String, msg: String)(implicit context: Context): Unit = {
+    val email = new HtmlEmail
+    email.setHostName(smtp.host)
+    email.setSmtpPort(smtp.port.get)
+    smtp.user.foreach { user =>
+      email.setAuthenticator(new DefaultAuthenticator(user, smtp.password.getOrElse("")))
+    }
+    smtp.ssl.foreach { ssl =>
+      email.setSSLOnConnect(ssl)
+      if(ssl == true) {
+        email.setSslSmtpPort(smtp.port.get.toString)
+      }
+    }
+    smtp.fromAddress
+      .map (_ -> smtp.fromName.getOrElse(context.loginAccount.get.userName))
+      .orElse (Some("notifications@gitbucket.com" -> context.loginAccount.get.userName))
+      .foreach { case (address, name) =>
+        email.setFrom(address, name)
+      }
+    email.setCharset("UTF-8")
+    email.setSubject(subject)
+    email.setHtmlMsg(msg)
+
+    email.addTo(to).send
+  }
+
 }
 class MockMailer extends Notifier {
   def toNotify(r: RepositoryService.RepositoryInfo, issue: Issue, content: String)

src/main/scala/gitbucket/core/util/RepositoryName.scala

@@ -1,5 +1,6 @@
 package gitbucket.core.util
 
+// TODO Move to gitbucket.core.api package?
 case class RepositoryName(owner:String, name:String){
   val fullName = s"${owner}/${name}"
 }

src/main/scala/gitbucket/core/util/StringUtil.scala

@@ -5,6 +5,7 @@ import org.mozilla.universalchardet.UniversalDetector
 import ControlUtil._
 import org.apache.commons.io.input.BOMInputStream
 import org.apache.commons.io.IOUtils
+import scala.util.control.Exception._
 
 object StringUtil {
 
@@ -26,6 +27,8 @@ object StringUtil {
 
   def splitWords(value: String): Array[String] = value.split("[ \\t　]+")
 
+  def isInteger(value: String): Boolean = allCatch opt { value.toInt } map(_ => true) getOrElse(false)
+
   def escapeHtml(value: String): String =
     value.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;").replace("\"", "&quot;")
 
@@ -83,8 +86,9 @@ object StringUtil {
    *@param message the message which may contains issue id
    * @return the iterator of issue id
    */
-  def extractIssueId(message: String): Iterator[String] =
-    "(^|\\W)#(\\d+)(\\W|$)".r.findAllIn(message).matchData.map(_.group(2))
+  def extractIssueId(message: String): Seq[String] =
+    "(^|\\W)#(\\d+)(\\W|$)".r
+      .findAllIn(message).matchData.map(_.group(2)).toSeq.distinct
 
   /**
    * Extract close issue id like ```close #issueId ``` from the given message.
@@ -92,7 +96,8 @@ object StringUtil {
    * @param message the message which may contains close command
    * @return the iterator of issue id
    */
-  def extractCloseId(message: String): Iterator[String] =
-    "(?i)(?<!\\w)(?:fix(?:e[sd])?|resolve[sd]?|close[sd]?)\\s+#(\\d+)(?!\\w)".r.findAllIn(message).matchData.map(_.group(1))
+  def extractCloseId(message: String): Seq[String] =
+    "(?i)(?<!\\w)(?:fix(?:e[sd])?|resolve[sd]?|close[sd]?)\\s+#(\\d+)(?!\\w)".r
+      .findAllIn(message).matchData.map(_.group(1)).toSeq.distinct
 
 }

src/main/scala/gitbucket/core/view/LinkConverter.scala

@@ -37,7 +37,7 @@ trait LinkConverter { self: RequestCache =>
       // convert username/project@SHA to link
       .replaceBy("(?<=(^|\\W))([a-zA-Z0-9\\-_]+)/([a-zA-Z0-9\\-_\\.]+)@([a-f0-9]{40})(?=(\\W|$))".r){ m =>
         getAccountByUserName(m.group(2)).map { _ =>
-          s"""<a href="${context.path}/${m.group(2)}/${m.group(3)}/commit/${m.group(4)}">${m.group(2)}/${m.group(3)}@${m.group(4).substring(0, 7)}</a>"""
+          s"""<code><a href="${context.path}/${m.group(2)}/${m.group(3)}/commit/${m.group(4)}">${m.group(2)}/${m.group(3)}@${m.group(4).substring(0, 7)}</a></code>"""
         }
       }
 
@@ -56,7 +56,7 @@ trait LinkConverter { self: RequestCache =>
       // convert username@SHA to link
       .replaceBy( ("(?<=(^|\\W))([a-zA-Z0-9\\-_]+)@([a-f0-9]{40})(?=(\\W|$))").r ) { m =>
         getAccountByUserName(m.group(2)).map { _ =>
-          s"""<a href="${context.path}/${m.group(2)}/${repository.name}/commit/${m.group(3)}">${m.group(2)}@${m.group(3).substring(0, 7)}</a>"""
+          s"""<code><a href="${context.path}/${m.group(2)}/${repository.name}/commit/${m.group(3)}">${m.group(2)}@${m.group(3).substring(0, 7)}</a></code>"""
         }
       }
 
@@ -73,7 +73,7 @@ trait LinkConverter { self: RequestCache =>
       }
 
       // convert issue id to link
-      .replaceBy(("(?<=(^|\\W))(GH-|" + issueIdPrefix + ")([0-9]+)(?=(\\W|$))").r){ m =>
+      .replaceBy(("(?<=(^|\\W))(GH-|(?<!&)" + issueIdPrefix + ")([0-9]+)(?=(\\W|$))").r){ m =>
         val prefix = if(m.group(2) == "issue:") "#" else m.group(2)
         getIssue(repository.owner, repository.name, m.group(3)) match {
           case Some(issue) if(issue.isPullRequest) =>
@@ -93,6 +93,8 @@ trait LinkConverter { self: RequestCache =>
       }
 
       // convert commit id to link
-      .replaceAll("(?<=(^|[^\\w/@]))([a-f0-9]{40})(?=(\\W|$))", s"""<a href="${context.path}/${repository.owner}/${repository.name}/commit/$$2">$$2</a>""")
+      .replaceBy("(?<=(^|[^\\w/@]))([a-f0-9]{40})(?=(\\W|$))".r){ m =>
+        Some(s"""<code><a href="${context.path}/${repository.owner}/${repository.name}/commit/${m.group(2)}">${m.group(2).substring(0, 7)}</a></code>""")
+      }
   }
 }

src/main/scala/gitbucket/core/view/Markdown.scala

@@ -44,6 +44,7 @@ object Markdown {
     val renderer = new GitBucketMarkedRenderer(options, repository,
       enableWikiLink, enableRefsLink, enableAnchor, enableTaskList, hasWritePermission, pages)
 
+    //helpers.decorateHtml(Marked.marked(source, options, renderer), repository)
     Marked.marked(source, options, renderer)
   }
 
@@ -109,11 +110,10 @@ object Markdown {
     override def text(text: String): String = {
       // convert commit id and username to link.
       val t1 = if(enableRefsLink) convertRefsLinks(text, repository, "#", false) else text
-
       // convert task list to checkbox.
       val t2 = if(enableTaskList) convertCheckBox(t1, hasWritePermission) else t1
-
-      t2
+      // decorate by TextDecorator plugins
+      helpers.decorateHtml(t2, repository)
     }
 
     override def link(href: String, title: String, text: String): String = {
@@ -147,21 +147,23 @@ object Markdown {
     }
 
     private def fixUrl(url: String, isImage: Boolean = false): String = {
+      lazy val urlWithRawParam: String = url + (if(isImage && !url.endsWith("?raw=true")) "?raw=true" else "")
+
       if(url.startsWith("http://") || url.startsWith("https://") || url.startsWith("/")){
         url
       } else if(url.startsWith("#")){
         ("#" + generateAnchorName(url.substring(1)))
       } else if(!enableWikiLink){
         if(context.currentPath.contains("/blob/")){
-          url + (if(isImage) "?raw=true" else "")
+          urlWithRawParam
         } else if(context.currentPath.contains("/tree/")){
           val paths = context.currentPath.split("/")
           val branch = if(paths.length > 3) paths.drop(4).mkString("/") else repository.repository.defaultBranch
-          repository.httpUrl.replaceFirst("/git/", "/").stripSuffix(".git") + "/blob/" + branch + "/" + url + (if(isImage) "?raw=true" else "")
+          repository.httpUrl.replaceFirst("/git/", "/").stripSuffix(".git") + "/blob/" + branch + "/" + urlWithRawParam
         } else {
           val paths = context.currentPath.split("/")
           val branch = if(paths.length > 3) paths.last else repository.repository.defaultBranch
-          repository.httpUrl.replaceFirst("/git/", "/").stripSuffix(".git") + "/blob/" + branch + "/" + url + (if(isImage) "?raw=true" else "")
+          repository.httpUrl.replaceFirst("/git/", "/").stripSuffix(".git") + "/blob/" + branch + "/" + urlWithRawParam
         }
       } else {
         repository.httpUrl.replaceFirst("/git/", "/").stripSuffix(".git") + "/wiki/_blob/" + url

src/main/scala/gitbucket/core/view/helpers.scala

@@ -5,10 +5,10 @@ import java.util.{Date, Locale, TimeZone}
 
 import gitbucket.core.controller.Context
 import gitbucket.core.model.CommitState
-import gitbucket.core.plugin.{RenderRequest, PluginRegistry}
+import gitbucket.core.plugin.{PluginRegistry, RenderRequest}
+import gitbucket.core.service.RepositoryService.RepositoryInfo
 import gitbucket.core.service.{RepositoryService, RequestCache}
 import gitbucket.core.util.{FileUtil, JGitUtil, StringUtil}
-
 import play.twirl.api.{Html, HtmlFormat}
 
 /**
@@ -151,7 +151,7 @@ object helpers extends AvatarImageProvider with LinkConverter with RequestCache
    * Converts commit id, issue id and username to the link.
    */
   def link(value: String, repository: RepositoryService.RepositoryInfo)(implicit context: Context): Html =
-    Html(convertRefsLinks(value, repository))
+    Html(decorateHtml(convertRefsLinks(value, repository), repository))
 
   def cut(value: String, length: Int): String =
     if(value.length > length){
@@ -222,8 +222,14 @@ object helpers extends AvatarImageProvider with LinkConverter with RequestCache
    * Generates the avatar link to the account page.
    * If user does not exist or disabled, this method returns avatar image without link.
    */
-  def avatarLink(userName: String, size: Int, mailAddress: String = "", tooltip: Boolean = false)(implicit context: Context): Html =
-    userWithContent(userName, mailAddress)(avatar(userName, size, tooltip, mailAddress))
+  def avatarLink(userName: String, size: Int, mailAddress: String = "", tooltip: Boolean = false, label: Boolean = false)
+                (implicit context: Context): Html = {
+
+    val avatarHtml = avatar(userName, size, tooltip, mailAddress)
+    val contentHtml = if(label == true) Html(avatarHtml.body + " " + userName) else avatarHtml
+
+    userWithContent(userName, mailAddress)(contentHtml)
+  }
 
   /**
     * Generates the avatar link to the account page.
@@ -232,7 +238,8 @@ object helpers extends AvatarImageProvider with LinkConverter with RequestCache
   def avatarLink(commit: JGitUtil.CommitInfo, size: Int)(implicit context: Context): Html =
     userWithContent(commit.authorName, commit.authorEmailAddress)(avatar(commit, size))
 
-  private def userWithContent(userName: String, mailAddress: String = "", styleClass: String = "")(content: Html)(implicit context: Context): Html =
+  private def userWithContent(userName: String, mailAddress: String = "", styleClass: String = "")(content: Html)
+                             (implicit context: Context): Html =
     (if(mailAddress.isEmpty){
       getAccountByUserName(userName)
     } else {
@@ -309,10 +316,18 @@ object helpers extends AvatarImageProvider with LinkConverter with RequestCache
     case CommitState.FAILURE => "Failed"
   }
 
+  /**
+   * Render a given object as the JSON string.
+   */
+  def json(obj: AnyRef): String = {
+    implicit val formats = org.json4s.DefaultFormats
+    org.json4s.jackson.Serialization.write(obj)
+  }
+
   // This pattern comes from: http://stackoverflow.com/a/4390768/1771641 (extract-url-from-string)
   private[this] val detectAndRenderLinksRegex = """(?i)\b((?:https?://|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,13}/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:'".,<>?«»“”‘’]))""".r
 
-  def detectAndRenderLinks(text: String): Html = {
+  def detectAndRenderLinks(text: String, repository: RepositoryInfo)(implicit context: Context): String = {
     val matches = detectAndRenderLinksRegex.findAllMatchIn(text).toSeq
 
     val (x, pos) = matches.foldLeft((collection.immutable.Seq.empty[Html], 0)){ case ((x, pos), m) =>
@@ -326,6 +341,43 @@ object helpers extends AvatarImageProvider with LinkConverter with RequestCache
     // append rest fragment
     val out = if (pos < text.length) x :+ HtmlFormat.escape(text.substring(pos)) else x
 
-    HtmlFormat.fill(out)
+    decorateHtml(HtmlFormat.fill(out).toString, repository)
   }
+
+  def decorateHtml(html: String, repository: RepositoryInfo)(implicit context: Context): String = {
+    PluginRegistry().getTextDecorators.foldLeft(html){ case (html, decorator) =>
+      val text = new StringBuilder()
+      val result = new StringBuilder()
+      var tag = false
+
+      html.foreach { c =>
+        c match {
+          case '<' if tag == false => {
+            tag = true
+            if(text.nonEmpty){
+              result.append(decorator.decorate(text.toString, repository))
+              text.setLength(0)
+            }
+            result.append(c)
+          }
+          case '>' if tag == true => {
+            tag = false
+            result.append(c)
+          }
+          case _ if tag == false => {
+            text.append(c)
+          }
+          case _ if tag == true => {
+            result.append(c)
+          }
+        }
+      }
+      if(text.nonEmpty){
+        result.append(decorator.decorate(text.toString, repository))
+      }
+
+      result.toString
+    }
+  }
+
 }

src/main/twirl/gitbucket/core/account/activity.scala.html

@@ -1,11 +1,10 @@
 @(account: gitbucket.core.model.Account,
   groupNames: List[String],
   activities: List[gitbucket.core.model.Activity])(implicit context: gitbucket.core.controller.Context)
-@import context._
-@import gitbucket.core.view.helpers._
-@main(account, groupNames, "activity"){
+@import gitbucket.core.view.helpers
+@gitbucket.core.account.html.main(account, groupNames, "activity"){
   <div class="pull-right">
-    <a href="@path/@{account.userName}.atom"><img src="@assets/common/images/feed.png" alt="activities"></a>
+    <a href="@context.path/@{account.userName}.atom"><img src="@{helpers.assets}/common/images/feed.png" alt="activities"></a>
   </div>
-  @helper.html.activities(activities)
+  @gitbucket.core.helper.html.activities(activities)
 }

src/main/twirl/gitbucket/core/account/application.scala.html

@@ -1,11 +1,9 @@
 @(account: gitbucket.core.model.Account,
   personalTokens: List[gitbucket.core.model.AccessToken],
   gneratedToken: Option[(gitbucket.core.model.AccessToken, String)])(implicit context: gitbucket.core.controller.Context)
-@import context._
-@import gitbucket.core.view.helpers._
-@html.main("Applications"){
+@gitbucket.core.html.main("Applications"){
 <div class="container body">
-  @menu("application", settings.ssh){
+  @gitbucket.core.account.html.menu("application", context.settings.ssh){
     <div class="panel panel-default">
       <div class="panel-heading strong">Personal access tokens</div>
       <div class="panel-body">
@@ -15,14 +13,14 @@
           Tokens you have generated that can be used to access the GitBucket API.
           <hr style="margin-top: 10px;">
         }
-        @gneratedToken.map{ case (token, tokenString) =>
+        @gneratedToken.map { case (token, tokenString) =>
           <div class="alert alert-info">
             Make sure to copy your new personal access token now. You won't be able to see it again!
           </div>
-          <a href="@path/@account.userName/_personalToken/delete/@token.accessTokenId" class="btn btn-sm btn-danger pull-right">Delete</a>
+          <a href="@context.path/@account.userName/_personalToken/delete/@token.accessTokenId" class="btn btn-sm btn-danger pull-right">Delete</a>
           <div style="width: 50%;">
-            @helper.html.copy("generated-token-copy", tokenString){
-              <input type="text" value="@tokenString" class="form-control input-sm" readonly>
+            @gitbucket.core.helper.html.copy("generated-token", "generated-token-copy", tokenString){
+              <input type="text" value="@tokenString" class="form-control input-sm" id="generated-token" readonly>
             }
           </div>
           <hr style="margin-top: 10px;">
@@ -32,11 +30,11 @@
             <hr>
           }
           <strong style="line-height: 30px;">@token.note</strong>
-          <a href="@path/@account.userName/_personalToken/delete/@token.accessTokenId" class="btn btn-sm btn-danger pull-right">Delete</a>
+          <a href="@context.path/@account.userName/_personalToken/delete/@token.accessTokenId" class="btn btn-sm btn-danger pull-right">Delete</a>
         }
       </div>
     </div>
-    <form method="POST" action="@path/@account.userName/_personalToken" validate="true">
+    <form method="POST" action="@context.path/@account.userName/_personalToken" validate="true">
       <div class="panel panel-default">
         <div class="panel-heading strong">Generate new token</div>
         <div class="panel-body">

src/main/twirl/gitbucket/core/account/edit.scala.html

@@ -1,13 +1,13 @@
-@(account: gitbucket.core.model.Account, info: Option[Any])(implicit context: gitbucket.core.controller.Context)
+@(account: gitbucket.core.model.Account, info: Option[Any], error: Option[Any])(implicit context: gitbucket.core.controller.Context)
 @import gitbucket.core.util.LDAPUtil
-@import context._
-@import gitbucket.core.view.helpers._
-@html.main("Edit your profile"){
+@import gitbucket.core.view.helpers
+@gitbucket.core.html.main("Edit your profile"){
 <div class="container body">
-  @menu("profile", settings.ssh){
-    @helper.html.information(info)
+  @gitbucket.core.account.html.menu("profile", context.settings.ssh){
+    @gitbucket.core.helper.html.information(info)
+    @gitbucket.core.helper.html.error(error)
     @if(LDAPUtil.isDummyMailAddress(account)){<div class="alert alert-danger">Please register your mail address.</div>}
-    <form action="@url(account.userName)/_edit" method="POST" validate="true">
+    <form action="@helpers.url(account.userName)/_edit" method="POST" validate="true">
       <div class="panel panel-default">
         <div class="panel-heading strong">Profile</div>
         <div class="panel-body">
@@ -41,7 +41,7 @@
             <div class="col-md-6">
               <fieldset class="form-group">
                 <label for="avatar" class="strong">Image (optional):</label>
-                @helper.html.uploadavatar(Some(account))
+                @gitbucket.core.helper.html.uploadavatar(Some(account))
               </fieldset>
             </div>
           </div>
@@ -49,10 +49,10 @@
       </div>
       <div>
         <div class="pull-right">
-          <a href="@path/@account.userName/_delete" class="btn btn-danger" id="delete">Delete account</a>
+          <a href="@context.path/@account.userName/_delete" class="btn btn-danger" id="delete">Delete account</a>
         </div>
         <input type="submit" class="btn btn-success" value="Save"/>
-        @if(!LDAPUtil.isDummyMailAddress(account)){<a href="@url(account.userName)" class="btn btn-default">Cancel</a>}
+        @if(!LDAPUtil.isDummyMailAddress(account)){<a href="@helpers.url(account.userName)" class="btn btn-default">Cancel</a>}
       </div>
     </form>
   }

src/main/twirl/gitbucket/core/account/group.scala.html

@@ -1,9 +1,10 @@
 @(account: Option[gitbucket.core.model.Account], members: List[gitbucket.core.model.GroupMember])(implicit context: gitbucket.core.controller.Context)
-@import context._
-@import gitbucket.core.view.helpers._
-@html.main(if(account.isEmpty) "Create group" else "Edit group"){
-<div class="body main-center">
-  <form id="form" method="post" action="@if(account.isEmpty){@path/groups/new} else {@path/@account.get.userName/_editgroup}" validate="true">
+@import gitbucket.core.view.helpers
+@gitbucket.core.html.main(if(account.isEmpty) "Create group" else "Edit group"){
+<div class="content-wrapper main-center">
+  <div class="content body">
+    <h2>@{if(account.isEmpty) "Create group" else "Edit group"}</h2>
+    <form id="form" method="post" action="@if(account.isEmpty){@context.path/groups/new} else {@context.path/@account.get.userName/_editgroup}" validate="true">
       <div class="row">
         <div class="col-md-5">
           <fieldset class="form-group">
@@ -22,7 +23,7 @@
           </fieldset>
           <fieldset class="form-group">
             <label for="avatar" class="strong">Image (Optional)</label>
-            @helper.html.uploadavatar(account)
+            @gitbucket.core.helper.html.uploadavatar(account)
           </fieldset>
         </div>
         <div class="col-md-7">
@@ -30,7 +31,7 @@
             <label class="strong">Members</label>
             <ul id="member-list" class="collaborator">
             </ul>
-            @helper.html.account("memberName", 200)
+            @gitbucket.core.helper.html.account("memberName", 200, true, false)
             <input type="button" class="btn btn-default" value="Add" id="addMember"/>
             <input type="hidden" id="members" name="members" value="@members.map(member => member.userName + ":" + member.isManager).mkString(",")"/>
             <div>
@@ -39,18 +40,19 @@
           </fieldset>
         </div>
       </div>
-      <fieldset class="margin">
+      <fieldset class="border-top">
         @if(account.isDefined){
           <div class="pull-right">
-            <a href="@url(account.get.userName)/_deletegroup" id="delete" class="btn btn-danger">Delete Group</a>
+            <a href="@helpers.url(account.get.userName)/_deletegroup" id="delete" class="btn btn-danger">Delete group</a>
           </div>
         }
-        <input type="submit" class="btn btn-success" value="@if(account.isEmpty){Create Group} else {Update Group}"/>
+        <input type="submit" class="btn btn-success" value="@if(account.isEmpty){Create group} else {Update group}"/>
         @if(account.isDefined){
-          <a href="@url(account.get.userName)" class="btn btn-default">Cancel</a>
+          <a href="@helpers.url(account.get.userName)" class="btn btn-default">Cancel</a>
         }
       </fieldset>
-  </form>
+    </form>
+  </div>
 </div>
 }
 <script>
@@ -78,15 +80,14 @@ $(function(){
     }
 
     // check existence
-    $.post('@path/_user/existence', {
-      'userName': userName
-    }, function(data, status){
-      if(data == 'true'){
-        addMemberHTML(userName, false);
-      } else {
-        $('#error-members').text('User does not exist.');
-      }
-    });
+    $.post('@context.path/_user/existence', { 'userName': userName },
+      function(data, status){
+        if(data == 'user'){
+          addMemberHTML(userName, false);
+        } else {
+          $('#error-members').text('User does not exist.');
+        }
+      });
   });
 
   $(document).on('click', '.remove', function(){
@@ -122,7 +123,7 @@ $(function(){
         .append(memberButton)
         .append(managerButton))
       .append(' ')
-      .append($('<a>').attr('href', '@path/' + userName).text(userName))
+      .append($('<a>').attr('href', '@context.path/' + userName).text(userName))
       .append(' ')
       .append($('<a href="#" class="remove pull-right">(remove)</a>')));
   }
@@ -135,4 +136,4 @@ $(function(){
     $('#members').val(members);
   }
 });
-</script>
+</script>

src/main/twirl/gitbucket/core/account/main.scala.html

@@ -1,54 +1,61 @@
 @(account: gitbucket.core.model.Account, groupNames: List[String], active: String,
   isGroupManager: Boolean = false)(body: Html)(implicit context: gitbucket.core.controller.Context)
-@import context._
-@import gitbucket.core.view.helpers._
-@html.main(account.userName){
-  <div class="container body">
-    <div class="main-sidebar">
-      <div class="block">
-        <div class="account-image">@avatar(account.userName, 240)</div>
-        <div class="account-fullname">@account.fullName</div>
-        <div class="account-username">@account.userName</div>
+@import gitbucket.core.view.helpers
+@gitbucket.core.html.main(account.userName){
+  <div class="main-sidebar">
+    <div class="sidebar">
+      <div class="user-panel">
+        <div class="pull-left image">@helpers.avatar(account.userName, 40)</div>
+        <div class="pull-left info">
+          <p>@account.userName</p>
+          @account.fullName
+        </div>
       </div>
-      <div class="block">
+      <div style="padding-left: 10px; padding-right: 10px;">
         @if(account.url.isDefined){
-          <div><i class="octicon octicon-home"></i> <a href="@account.url">@account.url</a></div>
+          <p style="white-space: nowrap; overflow: hidden; text-overflow: ellipsis;">
+            <i class="octicon octicon-home"></i> <a href="@account.url">@account.url</a>
+          </p>
         }
-        <div><i class="octicon octicon-clock"></i> <span class="muted">Joined on</span> @date(account.registeredDate)</div>
+        <p style="color: white;">
+          <i class="octicon octicon-clock"></i> Joined on @helpers.date(account.registeredDate)
+        </p>
       </div>
       @if(groupNames.nonEmpty){
-        <div>
-          <div>Groups</div>
+        <ul class="sidebar-menu">
+          <li class="header">Groups</li>
           @groupNames.map { groupName =>
-            @avatarLink(groupName, 36, tooltip = true)
+            <li>@helpers.avatarLink(groupName, 20, tooltip = true, label = true)</li>
           }
-        </div>
+        </ul>
       }
     </div>
-    <div class="main-content">
+  </div>
+  <div class="content-wrapper">
+    <div class="content body">
       <ul class="nav nav-tabs" style="margin-bottom: 5px;">
-        <li@if(active == "repositories"){ class="active"}><a href="@url(account.userName)?tab=repositories">Repositories</a></li>
+        <li@if(active == "repositories"){ class="active"}><a href="@helpers.url(account.userName)?tab=repositories">Repositories</a></li>
         @if(account.isGroupAccount){
-          <li@if(active == "members"){ class="active"}><a href="@url(account.userName)?tab=members">Members</a></li>
+          <li@if(active == "members"){ class="active"}><a href="@helpers.url(account.userName)?tab=members">Members</a></li>
         } else {
-          <li@if(active == "activity"){ class="active"}><a href="@url(account.userName)?tab=activity">Public Activity</a></li>
+          <li@if(active == "activity"){ class="active"}><a href="@helpers.url(account.userName)?tab=activity">Public activity</a></li>
         }
         @gitbucket.core.plugin.PluginRegistry().getProfileTabs.map { tab =>
           @tab(account, context).map { link =>
-            <li@if(active == link.id){ class="active"}><a href="@path/@link.path">@link.label</a></li>
+            <li@if(active == link.id){ class="active"}><a href="@context.path/@link.path">@link.label</a></li>
           }
         }
-        @if(loginAccount.isDefined && loginAccount.get.userName == account.userName){
+        @if(context.loginAccount.isDefined && context.loginAccount.get.userName == account.userName){
           <li class="pull-right">
             <div class="button-group">
-              <a href="@url(account.userName)/_edit" class="btn btn-default">Edit Your Profile</a>
+              <a href="@helpers.url(account.userName)/_edit" class="btn btn-default">Edit your profile</a>
             </div>
           </li>
         }
-        @if(loginAccount.isDefined && account.isGroupAccount && isGroupManager){
+        @if(context.loginAccount.isDefined && account.isGroupAccount && isGroupManager){
           <li class="pull-right">
             <div class="button-group">
-              <a href="@url(account.userName)/_editgroup" class="btn btn-default">Edit Group</a>
+              <a href="@helpers.url(account.userName)/_editgroup" class="btn btn-default">Edit group</a>
             </div>
           </li>
         }

src/main/twirl/gitbucket/core/account/members.scala.html

@@ -1,14 +1,14 @@
-@(account: gitbucket.core.model.Account, members: List[String], isGroupManager: Boolean)(implicit context: gitbucket.core.controller.Context)
-@import context._
-@import gitbucket.core.view.helpers._
-@main(account, Nil, "members", isGroupManager){
+@(account: gitbucket.core.model.Account, members: List[gitbucket.core.model.GroupMember], isGroupManager: Boolean)(implicit context: gitbucket.core.controller.Context)
+@import gitbucket.core.view.helpers
+@gitbucket.core.account.html.main(account, Nil, "members", isGroupManager){
   @if(members.isEmpty){
     No members
   } else {
-    @members.map { userName =>
+    @members.map { member =>
       <div class="block">
         <div class="block-header">
-          @avatar(userName, 20) <a href="@url(userName)">@userName</a>
+          @helpers.avatar(member.userName, 20) <a href="@helpers.url(member.userName)">@member.userName</a>
+          @if(member.isManager){ (Manager) }
         </div>
       </div>
     }

src/main/twirl/gitbucket/core/account/menu.scala.html

@@ -1,27 +1,30 @@
 @(active: String, ssh: Boolean)(body: Html)(implicit context: gitbucket.core.controller.Context)
-@import context._
 <div class="main-sidebar">
-  <ul class="nav nav-pills nav-stacked">
-    <li@if(active=="profile"){ class="active"}>
-      <a href="@path/@loginAccount.get.userName/_edit">Profile</a>
-    </li>
-    @if(ssh){
-    <li@if(active=="ssh"){ class="active"}>
-      <a href="@path/@loginAccount.get.userName/_ssh">SSH Keys</a>
-    </li>
-    }
-    <li@if(active=="application"){ class="active"}>
-      <a href="@path/@loginAccount.get.userName/_application">Applications</a>
-    </li>
-    @gitbucket.core.plugin.PluginRegistry().getAccountSettingMenus.map { menu =>
-      @menu(context).map { link =>
-        <li@if(active==link.id){ class="active"}>
-          <a href="@path/@link.path">@link.label</a>
-        </li>
+  <div class="sidebar">
+    <ul class="sidebar-menu">
+      <li@if(active=="profile"){ class="active"}>
+        <a href="@context.path/@context.loginAccount.get.userName/_edit">Profile</a>
+      </li>
+      @if(ssh){
+      <li@if(active=="ssh"){ class="active"}>
+        <a href="@context.path/@context.loginAccount.get.userName/_ssh">SSH Keys</a>
+      </li>
       }
-    }
-  </ul>
+      <li@if(active=="application"){ class="active"}>
+        <a href="@context.path/@context.loginAccount.get.userName/_application">Applications</a>
+      </li>
+      @gitbucket.core.plugin.PluginRegistry().getAccountSettingMenus.map { menu =>
+        @menu(context).map { link =>
+          <li@if(active==link.id){ class="active"}>
+            <a href="@context.path/@link.path">@link.label</a>
+          </li>
+        }
+      }
+    </ul>
+  </div>
 </div>
-<div class="main-content">
-  @body
+<div class="content-wrapper">
+  <div class="content body">
+    @body
+  </div>
 </div>

src/main/twirl/gitbucket/core/account/newrepo.scala.html

@@ -1,75 +1,76 @@
 @(groupNames: List[String],
 isCreateRepoOptionPublic: Boolean)(implicit context: gitbucket.core.controller.Context)
-@import context._
-@import gitbucket.core.view.helpers._
-@html.main("Create a New Repository"){
-<div class="body main-center">
-  <h2>Create a new repository</h2>
-  <p class="muted">
-    A repository contains all the files for your project, including the revision history.
-  </p>
-  <form id="form" method="post" action="@path/new" validate="true">
-    <fieldset class="margin form-group">
-      <dl style="float: left;">
-        <dt>Owner</dt>
-        <dd style="margin-left: 0px;">
-          <div class="btn-group" id="owner-dropdown">
-            <button class="btn dropdown-toggle btn-default" data-toggle="dropdown">
-              <span class="strong">@avatar(loginAccount.get.userName, 20) @loginAccount.get.userName</span>
-              <span class="caret"></span>
-            </button>
-            <ul class="dropdown-menu">
-              <li><a href="javascript:void(0);" data-name="@loginAccount.get.userName"><i class="octicon octicon-check"></i> <span>@avatar(loginAccount.get.userName, 20) @loginAccount.get.userName</span></a></li>
-              @groupNames.map { groupName =>
-                <li><a href="javascript:void(0);" data-name="@groupName"><i class="octicon"></i> <span>@avatar(groupName, 20) @groupName</span></a></li>
-              }
-            </ul>
-            <input type="hidden" name="owner" id="owner" value="@loginAccount.get.userName"/>
+@import gitbucket.core.view.helpers
+@gitbucket.core.html.main("Create a New Repository"){
+<div class="content-wrapper main-center">
+  <div class="content body">
+    <h2>Create a new repository</h2>
+    <p class="muted">
+      A repository contains all the files for your project, including the revision history.
+    </p>
+    <form id="form" method="post" action="@context.path/new" validate="true">
+      <fieldset class="border-top form-group">
+        <dl style="float: left;">
+          <dt>Owner</dt>
+          <dd style="margin-left: 0px;">
+            <div class="btn-group" id="owner-dropdown">
+              <button class="btn dropdown-toggle btn-default" data-toggle="dropdown">
+                <span class="strong">@helpers.avatar(context.loginAccount.get.userName, 20) @context.loginAccount.get.userName</span>
+                <span class="caret"></span>
+              </button>
+              <ul class="dropdown-menu">
+                <li><a href="javascript:void(0);" data-name="@context.loginAccount.get.userName"><i class="octicon octicon-check"></i> <span>@helpers.avatar(context.loginAccount.get.userName, 20) @context.loginAccount.get.userName</span></a></li>
+                @groupNames.map { groupName =>
+                  <li><a href="javascript:void(0);" data-name="@groupName"><i class="octicon"></i> <span>@helpers.avatar(groupName, 20) @groupName</span></a></li>
+                }
+              </ul>
+              <input type="hidden" name="owner" id="owner" value="@context.loginAccount.get.userName"/>
+            </div>
+          </dd>
+        </dl>
+        <span class="slash" style="float: left; margin-left: 10px; margin-right: 10px; margin-top: 15px;">/</span>
+        <dl>
+          <dt>Repository name</dt>
+          <dd style="margin-left: 0px;">
+            <input type="text" name="name" id="name" class="form-control" style="width: 200px;" autofocus />
+            <span id="error-name" class="error"></span>
+          </dd>
+        </dl>
+      </fieldset>
+      <fieldset class="form-group">
+        <label for="description" class="strong">Description (optional):</label>
+        <input type="text" name="description" id="description" class="form-control" style="width: 95%;"/>
+      </fieldset>
+      <fieldset class="border-top">
+        <label class="radio">
+          <input type="radio" name="isPrivate" value="false" @if(isCreateRepoOptionPublic){checked}>
+          <span class="strong"><i class="octicon octicon-repo"></i>&nbsp;</i>&nbsp;Public</span>
+          <div class="normal muted">
+            Anyone can see this repository. You choose who can commit.
           </div>
-        </dd>
-      </dl>
-      <span class="slash" style="float: left; margin-left: 10px; margin-right: 10px; margin-top: 15px;">/</span>
-      <dl>
-        <dt>Repository name</dt>
-        <dd style="margin-left: 0px;">
-          <input type="text" name="name" id="name" class="form-control" style="width: 200px;" autofocus />
-          <span id="error-name" class="error"></span>
-        </dd>
-      </dl>
-    </fieldset>
-    <fieldset class="form-group">
-      <label for="description" class="strong">Description (optional):</label>
-      <input type="text" name="description" id="description" class="form-control" style="width: 95%;"/>
-    </fieldset>
-    <fieldset class="margin">
-      <label class="radio">
-        <input type="radio" name="isPrivate" value="false" @if(isCreateRepoOptionPublic){checked}>
-        <span class="strong"><i class="octicon octicon-repo"></i>&nbsp;</i>&nbsp;Public</span>
-        <div class="normal muted">
-          Anyone can see this repository. You choose who can commit.
-        </div>
-      </label>
-      <label class="radio">
-        <input type="radio" name="isPrivate" value="true" @if(!isCreateRepoOptionPublic){checked}>
-        <span class="strong"><i class="octicon octicon-lock"></i>&nbsp;</i>&nbsp;Private</span>
-        <div class="normal muted">
-          You choose who can see and commit to this repository.
-        </div>
-      </label>
-    </fieldset>
-    <fieldset class="margin">
-      <label for="createReadme" class="checkbox">
-        <input type="checkbox" name="createReadme" id="createReadme"/>
-        <span class="strong">Initialize this repository with a README</span>
-        <div class="normal muted">
-          This will let you immediately clone the repository to your computer. Skip this step if you’re importing an existing repository.
-        </div>
-      </label>
-    </fieldset>
-    <fieldset class="margin form-actions">
-      <input type="submit" class="btn btn-success" value="Create repository"/>
-    </fieldset>
-  </form>
+        </label>
+        <label class="radio">
+          <input type="radio" name="isPrivate" value="true" @if(!isCreateRepoOptionPublic){checked}>
+          <span class="strong"><i class="octicon octicon-lock"></i>&nbsp;</i>&nbsp;Private</span>
+          <div class="normal muted">
+            You choose who can see and commit to this repository.
+          </div>
+        </label>
+      </fieldset>
+      <fieldset class="border-top">
+        <label for="createReadme" class="checkbox">
+          <input type="checkbox" name="createReadme" id="createReadme"/>
+          <span class="strong">Initialize this repository with a README</span>
+          <div class="normal muted">
+            This will let you immediately clone the repository to your computer. Skip this step if you’re importing an existing repository.
+          </div>
+        </label>
+      </fieldset>
+      <fieldset class="border-top form-actions">
+        <input type="submit" class="btn btn-success" value="Create repository"/>
+      </fieldset>
+    </form>
+  </div>
 </div>
 }
 <script>

src/main/twirl/gitbucket/core/account/register.scala.html

@@ -1,50 +1,50 @@
 @()(implicit context: gitbucket.core.controller.Context)
-@import context._
-@import gitbucket.core.view.helpers._
-@html.main("Create your account"){
-<div class="container body">
-  <h3>Create your account</h3>
-  <form action="@path/register" method="POST" validate="true">
-    <div class="row">
-      <div class="col-md-6">
-        <fieldset>
-          <label for="userName" class="strong">Username:</label>
-          <input type="text" name="userName" id="userName" value="" autofocus/>
-          <span id="error-userName" class="error"></span>
-        </fieldset>
-        <fieldset>
-          <label for="password" class="strong">
-            Password:
-          </label>
-          <input type="password" name="password" id="password" value=""/>
-          <span id="error-password" class="error"></span>
-        </fieldset>
-        <fieldset>
-          <label for="fullName" class="strong">Full Name:</label>
-          <input type="text" name="fullName" id="fullName" value=""/>
-          <span id="error-fullName" class="error"></span>
-        </fieldset>
-        <fieldset>
-          <label for="mailAddress" class="strong">Mail Address:</label>
-          <input type="text" name="mailAddress" id="mailAddress" value=""/>
-          <span id="error-mailAddress" class="error"></span>
-        </fieldset>
-        <fieldset>
-          <label for="url" class="strong">URL (optional):</label>
-          <input type="text" name="url" id="url" style="width: 400px;" value=""/>
-          <span id="error-url" class="error"></span>
-        </fieldset>
+@gitbucket.core.html.main("Create your account"){
+<div class="content-wrapper main-center">
+  <div class="content body">
+    <h2>Create your account</h2>
+    <form action="@context.path/register" method="POST" validate="true">
+      <div class="row">
+        <div class="col-md-6">
+          <fieldset>
+            <label for="userName" class="strong">Username:</label>
+            <input type="text" name="userName" id="userName" value="" class="form-control" autofocus/>
+            <span id="error-userName" class="error"></span>
+          </fieldset>
+          <fieldset>
+            <label for="password" class="strong">
+              Password:
+            </label>
+            <input type="password" name="password" id="password" class="form-control" value=""/>
+            <span id="error-password" class="error"></span>
+          </fieldset>
+          <fieldset>
+            <label for="fullName" class="strong">Full Name:</label>
+            <input type="text" name="fullName" id="fullName" class="form-control" value=""/>
+            <span id="error-fullName" class="error"></span>
+          </fieldset>
+          <fieldset>
+            <label for="mailAddress" class="strong">Mail Address:</label>
+            <input type="text" name="mailAddress" id="mailAddress" class="form-control" value=""/>
+            <span id="error-mailAddress" class="error"></span>
+          </fieldset>
+          <fieldset>
+            <label for="url" class="strong">URL (optional):</label>
+            <input type="text" name="url" id="url" class="form-control" value=""/>
+            <span id="error-url" class="error"></span>
+          </fieldset>
+        </div>
+        <div class="col-md-6">
+          <fieldset>
+            <label for="avatar" class="strong">Image (optional):</label>
+            @gitbucket.core.helper.html.uploadavatar(None)
+          </fieldset>
+        </div>
       </div>
-      <div class="col-md-6">
-        <fieldset>
-          <label for="avatar" class="strong">Image (optional):</label>
-          @helper.html.uploadavatar(None)
-        </fieldset>
-      </div>
-    </div>
-    <fieldset class="margin">
-      <input type="submit" class="btn btn-success" value="Create account"/>
-    </fieldset>
-  </form>
+      <fieldset class="border-top">
+        <input type="submit" class="btn btn-success" value="Create account"/>
+      </fieldset>
+    </form>
+  </div>
 </div>
 }

src/main/twirl/gitbucket/core/account/repositories.scala.html

@@ -1,31 +1,30 @@
 @(account: gitbucket.core.model.Account, groupNames: List[String],
   repositories: List[gitbucket.core.service.RepositoryService.RepositoryInfo],
   isGroupManager: Boolean)(implicit context: gitbucket.core.controller.Context)
-@import context._
-@import gitbucket.core.view.helpers._
-@main(account, groupNames, "repositories", isGroupManager){
+@import gitbucket.core.view.helpers
+@gitbucket.core.account.html.main(account, groupNames, "repositories", isGroupManager){
   @if(repositories.isEmpty){
     No repositories
   } else {
     @repositories.map { repository =>
       <div class="block">
         <div class="repository-icon">
-          @helper.html.repositoryicon(repository, true)
+          @gitbucket.core.helper.html.repositoryicon(repository, true)
         </div>
         <div class="repository-content">
           <div class="block-header">
-            <a href="@url(repository)">@repository.name</a>
+            <a href="@helpers.url(repository)">@repository.name</a>
             @if(repository.repository.isPrivate){
               <i class="octicon octicon-lock"></i>
             }
           </div>
           @if(repository.repository.originUserName.isDefined){
-            <div class="small muted">forked from <a href="@path/@repository.repository.parentUserName/@repository.repository.parentRepositoryName">@repository.repository.parentUserName/@repository.repository.parentRepositoryName</a></div>
+            <div class="small muted">forked from <a href="@context.path/@repository.repository.parentUserName/@repository.repository.parentRepositoryName">@repository.repository.parentUserName/@repository.repository.parentRepositoryName</a></div>
           }
           @if(repository.repository.description.isDefined){
             <div>@repository.repository.description</div>
           }
-          <div><span class="muted small">Updated @helper.html.datetimeago(repository.repository.lastActivityDate)</span></div>
+          <div><span class="muted small">Updated @gitbucket.core.helper.html.datetimeago(repository.repository.lastActivityDate)</span></div>
         </div>
       </div>
     }

src/main/twirl/gitbucket/core/account/ssh.scala.html

@@ -1,10 +1,8 @@
 @(account: gitbucket.core.model.Account, sshKeys: List[gitbucket.core.model.SshKey])(implicit context: gitbucket.core.controller.Context)
 @import gitbucket.core.ssh.SshUtil
-@import context._
-@import gitbucket.core.view.helpers._
-@html.main("SSH Keys"){
+@gitbucket.core.html.main("SSH Keys"){
 <div class="container body">
-  @menu("ssh", settings.ssh){
+  @gitbucket.core.account.html.menu("ssh", context.settings.ssh){
     <div class="panel panel-default">
       <div class="panel-heading strong">SSH Keys</div>
       <div class="panel-body">
@@ -16,11 +14,11 @@
             <hr>
           }
           <strong style="line-height: 30px;">@key.title</strong> (@SshUtil.fingerPrint(key.publicKey).getOrElse("Key is invalid."))
-          <a href="@path/@account.userName/_ssh/delete/@key.sshKeyId" class="btn btn-sm btn-danger pull-right">Delete</a>
+          <a href="@context.path/@account.userName/_ssh/delete/@key.sshKeyId" class="btn btn-sm btn-danger pull-right">Delete</a>
         }
       </div>
     </div>
-    <form method="POST" action="@path/@account.userName/_ssh" validate="true">
+    <form method="POST" action="@context.path/@account.userName/_ssh" validate="true">
       <div class="panel panel-default">
         <div class="panel-heading strong">Add an SSH Key</div>
         <div class="panel-body">

src/main/twirl/gitbucket/core/admin/data.scala.html

@@ -1,12 +1,10 @@
 @(tableNames: Seq[String])(implicit context: gitbucket.core.controller.Context)
-@import context._
-@import gitbucket.core.view.helpers._
-@html.main("Data export / import"){
-  @admin.html.menu("data") {
+@gitbucket.core.html.main("Data export / import"){
+  @gitbucket.core.admin.html.menu("data") {
     <div class="panel panel-default">
       <div class="panel-heading strong">Export</div>
       <div class="panel-body">
-        <form class="form form-horizontal" action="@path/admin/export" method="POST">
+        <form class="form form-horizontal" action="@context.path/admin/export" method="POST">
           @tableNames.map { tableName =>
             <div class="checkbox">
               <label>
@@ -15,24 +13,14 @@
             </div>
           }
           <input type="submit" class="btn btn-success pull-right" value="Export">
-          <div class="radio pull-right" style="margin-right: 10px;">
-            <label>
-              <input type="radio" name="type" value="sql">SQL
-            </label>
-          </div>
-          <div class="radio pull-right" style="margin-right: 10px;">
-            <label>
-              <input type="radio" name="type" value="xml" checked>XML
-            </label>
-          </div>
         </form>
       </div>
     </div>
 
     <div class="panel panel-default">
-      <div class="panel-heading strong">Import (only XML)</div>
+      <div class="panel-heading strong">Import</div>
       <div class="panel-body">
-        <form class="form form-horizontal" action="@path/upload/import" method="POST" enctype="multipart/form-data" id="import-form">
+        <form class="form form-horizontal" action="@context.path/upload/import" method="POST" enctype="multipart/form-data" id="import-form">
           <input type="file" name="file" id="file">
           <input type="submit" class="btn btn-success pull-right" value="Import" id="import">
         </form>
@@ -44,10 +32,10 @@
 $(function(){
   $('#import-form').submit(function(){
     if($('#file').val() == ''){
-      alert('Choose an import XML file.');
+      alert('Choose an import SQL file.');
       return false;
-    } else if(!$('#file').val().endsWith(".xml")){
-      alert('Import is available for only the XML file.');
+    } else if(!$('#file').val().endsWith(".sql")){
+      alert('Import is available for only the SQL file.');
       return false;
     }
     return confirm('All existing data is deleted before importing.\nAre you sure?');