4.9.0 release

Merge pull request #1436 from ritschwumm/patch-1
fix typo in log message
2025-11-05 21:15:49 +01:00 · 2017-01-29 02:02:17 +09:00 · 2017-01-29 01:46:02 +09:00 · 2017-01-28 11:49:49 +01:00 · 2017-01-26 09:59:32 +09:00 · 2017-01-26 00:31:39 +09:00
292 changed files with 10076 additions and 17684 deletions
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -4,4 +4,3 @@
 - If you can't find same question and report, send it to [gitter room](https://gitter.im/gitbucket/gitbucket) before raising an issue.
 - We can also support in Japaneses other than English at [gitter room for Japanese](https://gitter.im/gitbucket/gitbucket_ja).
 - Write an issue in English. At least, write subject in English.
 - First priority of GitBucket is easy installation and reproduce GitHub behavior, so we might reject if your request is against it.
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -5,4 +5,4 @@
 - [] verified that project is compiling
 - [] verified that tests are passing
 - [] squashed my commits as appropriate *(keep several commits if it is relevant to understand the PR)*
- [] [marked as closed](https://help.github.com/articles/closing-issues-via-commit-messages/) all issue ID that this PR should correct
+- [] [marked as closed using commit message](https://help.github.com/articles/closing-issues-via-commit-messages/) all issue ID that this PR should correct
--- a/.travis.yml
+++ b/.travis.yml
@@ -8,4 +8,11 @@ before_script:
  - sudo apt-get install libaio1
  - sudo /etc/init.d/mysql stop
  - sudo /etc/init.d/postgresql stop
-
+cache:
  directories:
    - $HOME/.ivy2/cache
    - $HOME/.sbt/boot
    - $HOME/.sbt/launchers
    - $HOME/.coursier
    - $HOME/.embedmysql
    - $HOME/.embedpostgresql
--- a/2
+++ b/2
@@ -187,7 +187,7 @@
      same "printed page" as the copyright notice for easier
      identification within third-party archives.
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2013-2016 GitBucket Team
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/README.md
+++ b/README.md
@@ -2,83 +2,155 @@ GitBucket [![Gitter chat](https://badges.gitter.im/gitbucket/gitbucket.png)](htt
 =========
 GitBucket is a Git platform powered by Scala offering:
- easy installation
+- Easy installation
- high extensibility by plugins
+- High extensibility by plugins
- API compatibility with Github
+- API compatibility with GitHub
 Features
 --------
 The current version of GitBucket provides a basic features below:
 - Public / Private Git repository (http and ssh access)
- Repository viewer and online file editing
+- Repository viewer and online file editor
- Wiki
+- Issues, Pull request and Wiki for repositories
 - Issues / Pull request
 - Email notification
- Simple user and group management with LDAP integration
+- Account and group management with LDAP integration
 - Plug-in system
-If you want to try the development version of GitBucket, see [Developer's Guide](https://github.com/gitbucket/gitbucket/blob/master/doc/how_to_run.md).
+If you want to try the development version of GitBucket, see the [Developer's Guide](https://github.com/gitbucket/gitbucket/blob/master/doc/how_to_run.md).
 Installation
 --------
-GitBucket requires **Java8**. You have to install beforehand when it's not installed.
+GitBucket requires **Java8**. You have to install it if it is not already installed.
-1. Download latest **gitbucket.war** from [the release page](https://github.com/gitbucket/gitbucket/releases).
+1. Download the latest **gitbucket.war** from [the releases page](https://github.com/gitbucket/gitbucket/releases) and run it by `java -jar gitbucket.war`.
-2. Deploy it to the Servlet 3.0 container such as Tomcat 7.x, Jetty 8.x, GlassFish 3.x or higher.
+2. Go to `http://[hostname]:8080/` and log in with **root** / **root**.
 3. Access **http://[hostname]:[port]/gitbucket/** using your web browser and logged-in with **root** / **root**.
-or you can start GitBucket by `java -jar gitbucket.war` without servlet container. In this case, GitBucket URL is **http://[hostname]:8080/**. You can specify following options.
+You can specify following options:
- --port=[NUMBER]
+- `--port=[NUMBER]`
- --prefix=[CONTEXTPATH]
+- `--prefix=[CONTEXTPATH]`
- --host=[HOSTNAME]
+- `--host=[HOSTNAME]`
- --gitbucket.home=[DATA_DIR]
+- `--gitbucket.home=[DATA_DIR]`
 - `--temp_dir=[TEMP_DIR]`
-To upgrade GitBucket, only replace gitbucket.war after stop GitBucket. All GitBucket data is stored in HOME/.gitbucket. So if you want to back up GitBucket data, copy this directory to the other disk.
+`TEMP_DIR` is used as the [temporary directory for the jetty application context](https://www.eclipse.org/jetty/documentation/9.3.x/ref-temporary-directories.html).
 This is the directory into which the gitbucket.war file is unpacked, the source
 files are compiled, etc.  
 If given this parameter **must** match the path of an existing directory
 or the application will quit reporting an error; if not given the path used
 will be a `tmp` directory inside the gitbucket home.
-About installation on Mac or Windows Server (with IIS), configuration of Apache or Nginx and also integration with other tools or services such as Jenkins or Slack, see [Wiki](https://github.com/gitbucket/gitbucket/wiki).
+You can also deploy gitbucket.war to a servlet container which supports Servlet 3.0 (like Jetty, Tomcat, JBoss, etc)
-Plug-ins
+For more information about installation on Mac or Windows Server (with IIS), or configuration of Apache or Nginx and also integration with other tools or services such as Jenkins or Slack, see [Wiki](https://github.com/gitbucket/gitbucket/wiki).
 To upgrade GitBucket, replace `gitbucket.war` with the new version, after stopping GitBucket. All GitBucket data is stored in `HOME/.gitbucket` by default. So if you want to back up GitBucket's data, copy this directory to the backup location.
 Plugins
 --------
-GitBucket has the plug-in system to extend GitBucket from outside of GitBucket. Some plug-ins are available now:
+GitBucket has a plug-in system to allow extensions to GitBucket. We provide some official plug-ins:
 - [gitbucket-gist-plugin](https://github.com/gitbucket/gitbucket-gist-plugin)
- [gitbucket-announce-plugin](https://github.com/gitbucket-plugins/gitbucket-announce-plugin)
+- [gitbucket-emoji-plugin](https://github.com/gitbucket/gitbucket-emoji-plugin)
 - [gitbucket-h2-backup-plugin](https://github.com/gitbucket-plugins/gitbucket-h2-backup-plugin)
 - [gitbucket-desktopnotify-plugin](https://github.com/yoshiyoshifujii/gitbucket-desktopnotify-plugin)
 - [gitbucket-commitgraphs-plugin](https://github.com/yoshiyoshifujii/gitbucket-commitgraphs-plugin)
 - [gitbucket-asciidoctor-plugin](https://github.com/lefou/gitbucket-asciidoctor-plugin)
 - [gitbucket-network-plugin](https://github.com/mrkm4ntr/gitbucket-network-plugin)
-You can find community plugins other than them at [gitbucket community plugins](http://gitbucket-plugins.github.io/).
+You can find more plugins made by the community at [GitBucket community plugins](http://gitbucket-plugins.github.io/).
 Support
 --------
- If you have any question about GitBucket, send it to [gitter room](https://gitter.im/gitbucket/gitbucket) before raise an issue.
+- If you have any questions about GitBucket, send it to the [gitter room](https://gitter.im/gitbucket/gitbucket) before opening an issue.
- Make sure check whether there is a same question or request in the past.
+- Make sure check whether there is the same question or request in the past.
- When raise a new issue, write subject in **English** at least.
+- When raise a new issue, write at least the subject in **English**.
- We can also support in Japaneses other than English at [gitter room for Japanese](https://gitter.im/gitbucket/gitbucket_ja).
+- We can also provide support in Japanese at [gitter room for Japanese](https://gitter.im/gitbucket/gitbucket_ja).
- First priority of GitBucket is easy installation and API compatibility with GitHub, so we might reject if your request is against it.
+- The first priority of GitBucket is easy installation and API compatibility with GitHub, so we might reject if your request is against it.
 Release Notes
 -------------
-### 4.2 - 2 Jul 2016
+## 4.9 - 29 Jan 2017
 - GitLFS support
 - Template for issues and pull requests
 - Manual label color editing
 - Account description
 - `--tmp-dir` option for standalone mode
 - More APIs for issues
  - [List issues for a repository](https://developer.github.com/v3/issues/#list-issues-for-a-repository)
  - [Create an issue](https://developer.github.com/v3/issues/#create-an-issue)
 ## 4.8 - 23 Dec 2016
 - Search for repository names from the global header
 - Filter repositories on the sidebar of the dashboard
 - Search issues and wiki
 - Keep pull request comments after new commits are pushed
 - New web API to get a single issue
 - Performance improvement for the repository viewer
 ### 4.7.1 - 28 Nov 2016
 - Bug fix: group repositories are not shown in the your repositories list on the sidebar
 - Small performance improvement of the dashboard
 ### 4.7 - 26 Nov 2016
 - New permission system
 - Dropdown filter for issue labels, milestones and assignees
 - Keep sidebar folding status
 - Link from milestone label to the issue list
 ### 4.6 - 29 Oct 2016
 - Add disable option for forking
 - Add History button to wiki page
 - Git repository URL redirection for GitHub compatibility
 - Get-Content API improvement
 - Indicate who is group master in Members tab in group view
 ### 4.5 - 29 Sep 2016
 - Attach files by dropping into textarea
 - Issues / Pull requests switcher in dashboard
 - HikariCP could be configured in `GITBUCKET_HOME/database.conf`
 - Improve Cookie security
 - Display commit count on the history button
 - Improve mobile view
 ### 4.4 - 28 Aug 2016
 - Import a SQL dump file to the database
 - `go get` support in private repositories
 - Sort milestones by due date
 - apache-sshd has been updated to 1.2.0
 ### 4.3 - 30 Jul 2016
 - Emoji support by [gitbucket-emoji-plugin](https://github.com/gitbucket/gitbucket-emoji-plugin)
 - User name suggestion
 - Add new web APIs and basic authentication support for API access
 - Root Endpoint
  - [List endpoints](https://developer.github.com/v3/#root-endpoint)
  - [List Branches](https://developer.github.com/v3/repos/branches/#list-branches)
  - [Get contents](https://developer.github.com/v3/repos/contents/#get-contents)
  - [Get a Reference](https://developer.github.com/v3/git/refs/#get-a-reference)
  - [List Collaborators](https://developer.github.com/v3/repos/collaborators/#list-collaborators)
  - [List user repositories](https://developer.github.com/v3/repos/#list-user-repositories)
  - [Get a group](https://developer.github.com/v3/orgs/#get-an-organization)
  - [List group repositories](https://developer.github.com/v3/repos/#list-organization-repositories)
 - Add new extension points
  - `assetsMapping` : Supplies resources in plugin classpath as web assets
  - `suggestionProvider` : Provides suggestion in the Markdown editing textarea
  - `textDecorator` : Decorate text nodes in HTML which is converted from Markdown
 ### 4.2.1 - 3 Jul 2016
 - Fix migration bug
 This is hotfix for a critical bug in migration. If you are new installation, use 4.2.0. But if you have an exisiting installation and it had been updated to 4.0 from 3.x, you must update to 4.2.1.
 ### 4.2 - 2 Jul 2016
 - New UI based on [AdminLTE](https://github.com/almasaeed2010/AdminLTE)
 - git gc
 - Issues and Wiki have been possible to be disabled
 - SMTP configuration test mail
 ### 4.1 - 4 Jun 2016
 - Generic ssh user
 - Improve branch protection UI
 - Default value of pull request title
 ### 4.0 - 30 Apr 2016
 - MySQL and PostgreSQL support
 - Data export and import
 - Migration system has been switched to [solidbase](https://github.com/gitbucket/solidbase)
@@ -86,7 +158,6 @@ Release Notes
 **Note:** You can upgrade to GitBucket 4.0 from 3.14. If your GitBucket is 3.13 or before, you have to upgrade 3.14 at first.
 ### 3.14 - 30 Apr 2016
 - File attachment and search for wiki pages
 - New extension points to add menus
 - Content-Type of webhooks has been choosable
--- a/build.sbt
+++ b/build.sbt
@@ -1,6 +1,6 @@
-val Organization = "gitbucket"
+val Organization = "io.github.gitbucket"
 val Name = "gitbucket"
-val GitBucketVersion = "4.2.0"
+val GitBucketVersion = "4.9.0"
 val ScalatraVersion = "2.4.1"
 val JettyVersion = "9.3.9.v20160517"
@@ -15,25 +15,26 @@ scalaVersion := "2.11.8"
 // dependency settings
 resolvers ++= Seq(
  Classpaths.typesafeReleases,
  Resolver.jcenterRepo,
  "amateras" at "http://amateras.sourceforge.jp/mvn/",
  "sonatype-snapshot" at "https://oss.sonatype.org/content/repositories/snapshots/",
  "amateras-snapshot" at "http://amateras.sourceforge.jp/mvn-snapshot/"
 )
 libraryDependencies ++= Seq(
  "org.scala-lang.modules"   %% "scala-java8-compat"           % "0.7.0",
-  "org.eclipse.jgit"          % "org.eclipse.jgit.http.server" % "4.1.2.201602141800-r",
+  "org.eclipse.jgit"          % "org.eclipse.jgit.http.server" % "4.6.0.201612231935-r",
-  "org.eclipse.jgit"          % "org.eclipse.jgit.archive"     % "4.1.2.201602141800-r",
+  "org.eclipse.jgit"          % "org.eclipse.jgit.archive"     % "4.6.0.201612231935-r",
  "org.scalatra"             %% "scalatra"                     % ScalatraVersion,
  "org.scalatra"             %% "scalatra-json"                % ScalatraVersion,
  "org.json4s"               %% "json4s-jackson"               % "3.3.0",
  "io.github.gitbucket"      %% "scalatra-forms"               % "1.0.0",
  "commons-io"                % "commons-io"                   % "2.4",
  "io.github.gitbucket"       % "solidbase"                    % "1.0.0",
-  "io.github.gitbucket"       % "markedj"                      % "1.0.9-SNAPSHOT",
+  "io.github.gitbucket"       % "markedj"                      % "1.0.9",
  "org.apache.commons"        % "commons-compress"             % "1.11",
  "org.apache.commons"        % "commons-email"                % "1.4",
  "org.apache.httpcomponents" % "httpclient"                   % "4.5.1",
-  "org.apache.sshd"           % "apache-sshd"                  % "1.0.0",
+  "org.apache.sshd"           % "apache-sshd"                  % "1.2.0",
  "org.apache.tika"           % "tika-core"                    % "1.13",
  "com.typesafe.slick"       %% "slick"                        % "2.1.0",
  "com.novell.ldap"           % "jldap"                        % "2009-10-07",
@@ -45,19 +46,18 @@ libraryDependencies ++= Seq(
  "com.typesafe"              % "config"                       % "1.3.0",
  "com.typesafe.akka"        %% "akka-actor"                   % "2.3.15",
  "fr.brouillard.oss.security.xhub" % "xhub4j-core"            % "1.0.0",
  "com.github.bkromhout"      % "java-diff-utils"              % "2.1.1",
  "org.cache2k"               % "cache2k-all"                  % "1.0.0.CR1",
  "com.enragedginger"        %% "akka-quartz-scheduler"        % "1.4.0-akka-2.3.x" exclude("c3p0","c3p0"),
  "net.coobird" % "thumbnailator" % "0.4.8",
  "org.eclipse.jetty"         % "jetty-webapp"                 % JettyVersion     % "provided",
  "javax.servlet"             % "javax.servlet-api"            % "3.1.0"          % "provided",
  "junit"                     % "junit"                        % "4.12"           % "test",
  "org.scalatra"             %% "scalatra-scalatest"           % ScalatraVersion  % "test",
-  "org.scalaz"               %% "scalaz-core"                  % "7.2.4"          % "test",
+  "com.wix"                   % "wix-embedded-mysql"           % "2.1.4"          % "test",
  "com.wix"                   % "wix-embedded-mysql"           % "1.0.3"          % "test",
  "ru.yandex.qatools.embed"   % "postgresql-embedded"          % "1.14"           % "test"
 )
 // Twirl settings
 play.twirl.sbt.Import.TwirlKeys.templateImports += "gitbucket.core._"
 // Compiler settings
 scalacOptions := Seq("-deprecation", "-language:postfixOps", "-Ybackend:GenBCode", "-Ydelambdafy:method", "-target:jvm-1.8")
 javacOptions in compile ++= Seq("-target", "8", "-source", "8")
@@ -109,7 +109,6 @@ libraryDependencies ++= Seq(
 val executableKey = TaskKey[File]("executable")
 executableKey := {
  import org.apache.ivy.util.ChecksumHelper
  import java.util.jar.{ Manifest => JarManifest }
  import java.util.jar.Attributes.{ Name => AttrName }
@@ -167,9 +166,55 @@ executableKey := {
  log info s"built executable webapp ${outputFile}"
  outputFile
 }
-/*
+publishTo := {
-Keys.artifact in (Compile, executableKey) ~= {
+  val nexus = "https://oss.sonatype.org/"
-    _ copy (`type` = "war", extension = "war"))
+  if (version.value.trim.endsWith("SNAPSHOT")) Some("snapshots" at nexus + "content/repositories/snapshots")
  else                             Some("releases"  at nexus + "service/local/staging/deploy/maven2")
 }
-addArtifact(Keys.artifact in (Compile, executableKey), executableKey)
+publishMavenStyle := true
-*/
+pomIncludeRepository := { _ => false }
 pomExtra := (
  <url>https://github.com/gitbucket/gitbucket</url>
  <licenses>
    <license>
      <name>The Apache Software License, Version 2.0</name>
      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
    </license>
  </licenses>
  <scm>
    <url>https://github.com/gitbucket/gitbucket</url>
    <connection>scm:git:https://github.com/gitbucket/gitbucket.git</connection>
  </scm>
  <developers>
    <developer>
      <id>takezoe</id>
      <name>Naoki Takezoe</name>
      <url>https://github.com/takezoe</url>
    </developer>
    <developer>
      <id>shimamoto</id>
      <name>Takako Shimamoto</name>
      <url>https://github.com/shimamoto</url>
    </developer>
    <developer>
      <id>tanacasino</id>
      <name>Tomofumi Tanaka</name>
      <url>https://github.com/tanacasino</url>
    </developer>
    <developer>
      <id>mrkm4ntr</id>
      <name>Shintaro Murakami</name>
      <url>https://github.com/mrkm4ntr</url>
    </developer>
    <developer>
      <id>nazoking</id>
      <name>nazoking</name>
      <url>https://github.com/nazoking</url>
    </developer>
    <developer>
      <id>McFoggy</id>
      <name>Matthieu Brouillard</name>
      <url>https://github.com/McFoggy</url>
    </developer>
  </developers>
 )
--- a/contrib/linux/redhat/README.md
+++ b/contrib/linux/redhat/README.md
@@ -3,6 +3,7 @@
 RPM spec file and init script for Red Hat Enterprise Linux 6.x. 
 To create RPM:
 1. Edit `../../gitbucket.conf` to suit.
 2. Edit `gitbucket.init` to suit.
 3. Edit `gitbucket.spec` to suit.
--- a/doc/release.md
+++ b/doc/release.md
@@ -46,9 +46,10 @@ $ sbt executable
 ### Deploy assembly jar file
-For plug-in development, we have to publish the assembly jar file to the public Maven repository by `release/deploy-assembly-jar.sh`.
+For plug-in development, we have to publish the GitBucket jar file to the Maven central repository as well. At first, hit following command to publish artifacts to the sonatype OSS repository:
 ```bash
-$ cd release/
+$ sbt publish-signed
 $ ./deploy-assembly-jar.sh
 ```
 Then operate release sequence at https://oss.sonatype.org/.
--- a/project/build.properties
+++ b/project/build.properties
@@ -1 +1 @@
-sbt.version=0.13.11
+sbt.version=0.13.12
--- a/project/plugins.sbt
+++ b/project/plugins.sbt
@@ -4,3 +4,5 @@ addSbtPlugin("com.typesafe.sbt" % "sbt-twirl"       % "1.0.4")
 addSbtPlugin("com.eed3si9n"         % "sbt-assembly"      % "0.12.0")
 addSbtPlugin("com.earldouglas"      % "xsbt-web-plugin"   % "2.1.0")
 addSbtPlugin("fi.gekkio.sbtplugins" % "sbt-jrebel-plugin" % "0.10.0")
 addSbtPlugin("com.typesafe.sbt"     % "sbt-pgp"           % "0.8.3")
 addSbtPlugin("io.get-coursier"      % "sbt-coursier"      % "1.0.0-M15")
--- a/project/project/plugins.sbt
+++ b/project/project/plugins.sbt
@@ -0,0 +1 @@
 addSbtPlugin("io.get-coursier" % "sbt-coursier" % "1.0.0-M15")
--- a/release/deploy-assembly-jar.sh
+++ b/release/deploy-assembly-jar.sh
@@ -1,24 +0,0 @@
 #!/bin/sh
 . ./env.sh
 cd ../
 ./sbt.sh clean assembly
 cd release
 if [[ "$GITBUCKET_VERSION" =~ -SNAPSHOT$ ]]; then
  MVN_DEPLOY_PATH=mvn-snapshot
 else
  MVN_DEPLOY_PATH=mvn
 fi
 echo $MVN_DEPLOY_PATH
 mvn deploy:deploy-file \
  -DgroupId=gitbucket\
  -DartifactId=gitbucket-assembly\
  -Dversion=$GITBUCKET_VERSION\
  -Dpackaging=jar\
  -Dfile=../target/scala-2.11/gitbucket-assembly-$GITBUCKET_VERSION.jar\
  -DrepositoryId=sourceforge.jp\
  -Durl=scp://shell.sourceforge.jp/home/groups/a/am/amateras/htdocs/$MVN_DEPLOY_PATH/
--- a/release/env.sh
+++ b/release/env.sh
@@ -1,3 +0,0 @@
 #!/bin/sh
 export GITBUCKET_VERSION=`cat ../build.sbt | grep 'val GitBucketVersion' | cut -d \" -f 2`
 echo "GITBUCKET_VERSION: $GITBUCKET_VERSION"
--- a/release/pom.xml
+++ b/release/pom.xml
@@ -1,17 +0,0 @@
 <?xml version="1.0"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>jp.sf.amateras</groupId>
    <artifactId>gitbucket-assembly</artifactId>
    <version>0.0.1</version>
    <build>
        <extensions>
            <extension>
                <groupId>org.apache.maven.wagon</groupId>
                <artifactId>wagon-ssh</artifactId>
                <version>2.10</version>
            </extension>
        </extensions>
    </build>
 </project>
--- a/sbt-launch-0.13.12.jar
+++ b/sbt-launch-0.13.12.jar
--- a/sbt.bat
+++ b/sbt.bat
@@ -1,2 +1,2 @@
 set SCRIPT_DIR=%~dp0
-java %JAVA_OPTS% -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar "%SCRIPT_DIR%\sbt-launch-0.13.9.jar" %*
+java %JAVA_OPTS% -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar "%SCRIPT_DIR%\sbt-launch-0.13.12.jar" %*
--- a/sbt.sh
+++ b/sbt.sh
@@ -1,2 +1,2 @@
 #!/bin/sh
-java $JAVA_OPTS -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar `dirname $0`/sbt-launch-0.13.9.jar "$@"
+java $JAVA_OPTS -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar `dirname $0`/sbt-launch-0.13.12.jar "$@"
--- a/src/main/java/JettyLauncher.java
+++ b/src/main/java/JettyLauncher.java
@@ -3,13 +3,16 @@ import org.eclipse.jetty.webapp.WebAppContext;
 import java.io.File;
 import java.net.URL;
 import java.net.InetSocketAddress;
 import java.security.ProtectionDomain;
 public class JettyLauncher {
    public static void main(String[] args) throws Exception {
        String host = null;
        int port = 8080;
        InetSocketAddress address = null;
        String contextPath = "/";
        String tmpDirPath="";
        boolean forceHttps = false;
        for(String arg: args) {
@@ -22,14 +25,25 @@ public class JettyLauncher {
                        port = Integer.parseInt(dim[1]);
                    } else if(dim[0].equals("--prefix")) {
                        contextPath = dim[1];
                        if(!contextPath.startsWith("/")){
                            contextPath = "/" + contextPath;
                        }
                    } else if(dim[0].equals("--gitbucket.home")){
                        System.setProperty("gitbucket.home", dim[1]);
                    } else if(dim[0].equals("--temp_dir")){
                        tmpDirPath = dim[1];
                    }
                }
            }
        }
-        Server server = new Server(port);
+        if(host != null) {
            address = new InetSocketAddress(host, port);
        } else {
            address = new InetSocketAddress(port);
        }
        Server server = new Server(address);
 //        SelectChannelConnector connector = new SelectChannelConnector();
 //        if(host != null) {
@@ -42,10 +56,22 @@ public class JettyLauncher {
        WebAppContext context = new WebAppContext();
-        File tmpDir = new File(getGitBucketHome(), "tmp");
+        File tmpDir;
        if(tmpDirPath.equals("")){
            tmpDir = new File(getGitBucketHome(), "tmp");
            if(!tmpDir.exists()){
                tmpDir.mkdirs();
            }
        } else {
            tmpDir = new File(tmpDirPath);
            if(!tmpDir.exists()){
                throw new java.io.FileNotFoundException(
                    String.format("temp_dir \"%s\" not found", tmpDirPath));
            } else if(!tmpDir.isDirectory()) {
                throw new IllegalArgumentException(
                    String.format("temp_dir \"%s\" is not a directory", tmpDirPath));
            }
        }
        context.setTempDirectory(tmpDir);
        ProtectionDomain domain = JettyLauncher.class.getProtectionDomain();
@@ -60,6 +86,8 @@ public class JettyLauncher {
        }
        server.setHandler(context);
        server.setStopAtShutdown(true);
        server.setStopTimeout(7_000);
        server.start();
        server.join();
    }
--- a/src/main/resources/update/gitbucket-core_4.6.xml
+++ b/src/main/resources/update/gitbucket-core_4.6.xml
@@ -0,0 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <changeSet>
    <addColumn tableName="REPOSITORY">
        <column name="ALLOW_FORK" type="boolean" nullable="false" defaultValueBoolean="true"/>
    </addColumn>
 </changeSet>
--- a/src/main/resources/update/gitbucket-core_4.7.sql
+++ b/src/main/resources/update/gitbucket-core_4.7.sql
@@ -0,0 +1,2 @@
 -- DELETE COLLABORATORS IN GROUP REPOSITORIES
 DELETE FROM COLLABORATOR WHERE USER_NAME IN (SELECT USER_NAME FROM ACCOUNT WHERE GROUP_ACCOUNT = TRUE)
--- a/src/main/resources/update/gitbucket-core_4.7.xml
+++ b/src/main/resources/update/gitbucket-core_4.7.xml
@@ -0,0 +1,33 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <changeSet>
    <addColumn tableName="COLLABORATOR">
        <column name="ROLE" type="varchar(10)" nullable="false" defaultValue="ADMIN"/>
    </addColumn>
    <addColumn tableName="REPOSITORY">
        <column name="WIKI_OPTION" type="varchar(10)" nullable="false" defaultValue="DISABLE"/>
        <column name="ISSUES_OPTION" type="varchar(10)" nullable="false" defaultValue="DISABLE"/>
    </addColumn>
    <update tableName="REPOSITORY">
        <column name="WIKI_OPTION" value="DISABLE"/>
        <where>ENABLE_WIKI = FALSE</where>
    </update>
    <update tableName="REPOSITORY">
        <column name="WIKI_OPTION" value="PRIVATE"/>
        <where>ENABLE_WIKI = TRUE AND ALLOW_WIKI_EDITING = FALSE</where>
    </update>
    <update tableName="REPOSITORY">
        <column name="WIKI_OPTION" value="PUBLIC"/>
        <where>ENABLE_WIKI = TRUE AND ALLOW_WIKI_EDITING = TRUE</where>
    </update>
    <update tableName="REPOSITORY">
        <column name="ISSUES_OPTION" value="DISABLE"/>
        <where>ENABLE_ISSUES = FALSE</where>
    </update>
    <update tableName="REPOSITORY">
        <column name="ISSUES_OPTION" value="PUBLIC"/>
        <where>ENABLE_ISSUES = TRUE</where>
    </update>
    <dropColumn tableName="REPOSITORY" columnName="ENABLE_WIKI"/>
    <dropColumn tableName="REPOSITORY" columnName="ALLOW_WIKI_EDITING"/>
    <dropColumn tableName="REPOSITORY" columnName="ENABLE_ISSUES"/>
 </changeSet>
--- a/src/main/resources/update/gitbucket-core_4.9.xml
+++ b/src/main/resources/update/gitbucket-core_4.9.xml
@@ -0,0 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <changeSet>
  <addColumn tableName="ACCOUNT">
    <column name="DESCRIPTION" type="text" nullable="true" />
  </addColumn>
 </changeSet>
--- a/src/main/scala/ScalatraBootstrap.scala
+++ b/src/main/scala/ScalatraBootstrap.scala
@@ -1,24 +1,33 @@
 import gitbucket.core.controller._
 import gitbucket.core.plugin.PluginRegistry
 import gitbucket.core.servlet.{AccessTokenAuthenticationFilter, BasicAuthenticationFilter, Database, TransactionFilter}
 import gitbucket.core.util.Directory
 import java.util.EnumSet
 import javax.servlet._
 import gitbucket.core.controller._
 import gitbucket.core.plugin.PluginRegistry
 import gitbucket.core.service.SystemSettingsService
 import gitbucket.core.servlet._
 import gitbucket.core.util.Directory
 import org.scalatra._
-class ScalatraBootstrap extends LifeCycle {
+class ScalatraBootstrap extends LifeCycle with SystemSettingsService {
  override def init(context: ServletContext) {
    val settings = loadSystemSettings()
    if(settings.baseUrl.exists(_.startsWith("https://"))) {
      context.getSessionCookieConfig.setSecure(true)
    }
    // Register TransactionFilter and BasicAuthenticationFilter at first
    context.addFilter("transactionFilter", new TransactionFilter)
    context.getFilterRegistration("transactionFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/*")
-    context.addFilter("basicAuthenticationFilter", new BasicAuthenticationFilter)
+    context.addFilter("gitAuthenticationFilter", new GitAuthenticationFilter)
-    context.getFilterRegistration("basicAuthenticationFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/git/*")
+    context.getFilterRegistration("gitAuthenticationFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/git/*")
-    context.addFilter("accessTokenAuthenticationFilter", new AccessTokenAuthenticationFilter)
+    context.addFilter("apiAuthenticationFilter", new ApiAuthenticationFilter)
-    context.getFilterRegistration("accessTokenAuthenticationFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/api/v3/*")
+    context.getFilterRegistration("apiAuthenticationFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/api/v3/*")
    context.addFilter("ghCompatRepositoryAccessFilter", new GHCompatRepositoryAccessFilter)
    context.getFilterRegistration("ghCompatRepositoryAccessFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/*")
    // Register controllers
    context.mount(new AnonymousAccessController, "/*")
--- a/src/main/scala/gitbucket/core/GitBucketCoreModule.scala
+++ b/src/main/scala/gitbucket/core/GitBucketCoreModule.scala
@@ -11,5 +11,21 @@ object GitBucketCoreModule extends Module("gitbucket-core",
  new Version("4.1.0"),
  new Version("4.2.0",
    new LiquibaseMigration("update/gitbucket-core_4.2.xml")
  ),
  new Version("4.2.1"),
  new Version("4.3.0"),
  new Version("4.4.0"),
  new Version("4.5.0"),
  new Version("4.6.0",
    new LiquibaseMigration("update/gitbucket-core_4.6.xml")
  ),
  new Version("4.7.0",
    new LiquibaseMigration("update/gitbucket-core_4.7.xml"),
    new SqlMigration("update/gitbucket-core_4.7.sql")
  ),
  new Version("4.7.1"),
  new Version("4.8"),
  new Version("4.9.0",
    new LiquibaseMigration("update/gitbucket-core_4.9.xml")
  )
 )
--- a/src/main/scala/gitbucket/core/api/ApiBranch.scala
+++ b/src/main/scala/gitbucket/core/api/ApiBranch.scala
@@ -14,3 +14,10 @@ case class ApiBranch(
   "self" -> ApiPath(s"/api/v3/repos/${repositoryName.fullName}/branches/${name}"),
   "html" -> ApiPath(s"/${repositoryName.fullName}/tree/${name}"))
 }
 case class ApiBranchCommit(sha: String)
 case class ApiBranchForList(
  name: String,
  commit: ApiBranchCommit
 )
--- a/src/main/scala/gitbucket/core/api/ApiContents.scala
+++ b/src/main/scala/gitbucket/core/api/ApiContents.scala
@@ -0,0 +1,18 @@
 package gitbucket.core.api
 import gitbucket.core.util.JGitUtil.FileInfo
 import org.apache.commons.codec.binary.Base64
 case class ApiContents(`type`: String, name: String, content: Option[String], encoding: Option[String])
 object ApiContents{
  def apply(fileInfo: FileInfo, content: Option[Array[Byte]]): ApiContents = {
    if(fileInfo.isDirectory) {
      ApiContents("dir", fileInfo.name, None, None)
    } else {
      content.map(arr =>
        ApiContents("file", fileInfo.name, Some(Base64.encodeBase64String(arr)), Some("base64"))
      ).getOrElse(ApiContents("file", fileInfo.name, None, None))
    }
  }
 }
--- a/src/main/scala/gitbucket/core/api/ApiEndPoint.scala
+++ b/src/main/scala/gitbucket/core/api/ApiEndPoint.scala
@@ -0,0 +1,3 @@
 package gitbucket.core.api
 case class ApiEndPoint(rate_limit_url: ApiPath = ApiPath("/api/v3/rate_limit"))
--- a/src/main/scala/gitbucket/core/api/ApiPullRequest.scala
+++ b/src/main/scala/gitbucket/core/api/ApiPullRequest.scala
@@ -1,7 +1,6 @@
 package gitbucket.core.api
-import gitbucket.core.model.{Issue, PullRequest}
+import gitbucket.core.model.{Account, Issue, IssueComment, PullRequest}
 import java.util.Date
@@ -15,6 +14,9 @@ case class ApiPullRequest(
  head: ApiPullRequest.Commit,
  base: ApiPullRequest.Commit,
  mergeable: Option[Boolean],
  merged: Boolean,
  merged_at: Option[Date],
  merged_by: Option[ApiUser],
  title: String,
  body: String,
  user: ApiUser) {
@@ -31,7 +33,14 @@ case class ApiPullRequest(
 }
 object ApiPullRequest{
-  def apply(issue: Issue, pullRequest: PullRequest, headRepo: ApiRepository, baseRepo: ApiRepository, user: ApiUser): ApiPullRequest =
+  def apply(
    issue: Issue,
    pullRequest: PullRequest,
    headRepo: ApiRepository,
    baseRepo: ApiRepository,
    user: ApiUser,
    mergedComment: Option[(IssueComment, Account)]
  ): ApiPullRequest =
    ApiPullRequest(
      number     = issue.issueId,
      updated_at = issue.updatedDate,
@@ -45,6 +54,9 @@ object ApiPullRequest{
                     ref  = pullRequest.branch,
                     repo = baseRepo)(issue.userName),
      mergeable  = None, // TODO: need check mergeable.
      merged     = mergedComment.isDefined,
      merged_at  = mergedComment.map { case (comment, _) => comment.registeredDate },
      merged_by  = mergedComment.map { case (_, account) => ApiUser(account) },
      title      = issue.title,
      body       = issue.content.getOrElse(""),
      user       = user
--- a/src/main/scala/gitbucket/core/api/ApiRef.scala
+++ b/src/main/scala/gitbucket/core/api/ApiRef.scala
@@ -0,0 +1,5 @@
 package gitbucket.core.api
 case class ApiObject(sha: String)
 case class ApiRef(ref: String, `object`: ApiObject)
--- a/src/main/scala/gitbucket/core/api/ApiUser.scala
+++ b/src/main/scala/gitbucket/core/api/ApiUser.scala
@@ -13,6 +13,7 @@ case class ApiUser(
  created_at: Date) {
  val url                 = ApiPath(s"/api/v3/users/${login}")
  val html_url            = ApiPath(s"/${login}")
  val avatar_url          = ApiPath(s"/${login}/_avatar")
  // val followers_url       = ApiPath(s"/api/v3/users/${login}/followers")
  // val following_url       = ApiPath(s"/api/v3/users/${login}/following{/other_user}")
  // val gists_url           = ApiPath(s"/api/v3/users/${login}/gists{/gist_id}")
@@ -29,7 +30,7 @@ object ApiUser{
  def apply(user: Account): ApiUser = ApiUser(
    login      = user.userName,
    email      = user.mailAddress,
-    `type`     = if(user.isGroupAccount){ "Organization" }else{ "User" },
+    `type`     = if(user.isGroupAccount){ "Organization" } else { "User" },
    site_admin = user.isAdmin,
    created_at = user.registeredDate
  )
--- a/src/main/scala/gitbucket/core/api/CreateARepository.scala
+++ b/src/main/scala/gitbucket/core/api/CreateARepository.scala
@@ -11,7 +11,7 @@ case class CreateARepository(
    auto_init: Boolean = false
 ) {
  def isValid: Boolean = {
-    name.length<=40 &&
+    name.length <= 100 &&
        name.matches("[a-zA-Z0-9\\-\\+_.]+") &&
        !name.startsWith("_") &&
        !name.startsWith("-")
--- a/src/main/scala/gitbucket/core/api/CreateAnIssue.scala
+++ b/src/main/scala/gitbucket/core/api/CreateAnIssue.scala
@@ -0,0 +1,11 @@
 package gitbucket.core.api
 /**
  * https://developer.github.com/v3/issues/#create-an-issue
  */
 case class CreateAnIssue(
    title: String,
    body: Option[String],
    assignees: List[String],
    milestone: Option[Int],
    labels: List[String])
--- a/src/main/scala/gitbucket/core/controller/AccountController.scala
+++ b/src/main/scala/gitbucket/core/controller/AccountController.scala
@@ -14,6 +14,7 @@ import gitbucket.core.util._
 import io.github.gitbucket.scalatra.forms._
 import org.apache.commons.io.FileUtils
 import org.scalatra.i18n.Messages
 import org.scalatra.BadRequest
 class AccountController extends AccountControllerBase
@@ -28,20 +29,21 @@ trait AccountControllerBase extends AccountManagementControllerBase {
    with AccessTokenService with WebHookService with RepositoryCreationService =>
  case class AccountNewForm(userName: String, password: String, fullName: String, mailAddress: String,
-                            url: Option[String], fileId: Option[String])
+                            description: Option[String], url: Option[String], fileId: Option[String])
  case class AccountEditForm(password: Option[String], fullName: String, mailAddress: String,
-                             url: Option[String], fileId: Option[String], clearImage: Boolean)
+                             description: Option[String], url: Option[String], fileId: Option[String], clearImage: Boolean)
  case class SshKeyForm(title: String, publicKey: String)
  case class PersonalTokenForm(note: String)
  val newForm = mapping(
-    "userName"    -> trim(label("User name"    , text(required, maxlength(100), identifier, uniqueUserName))),
+    "userName"    -> trim(label("User name"    , text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
    "password"    -> trim(label("Password"     , text(required, maxlength(20)))),
    "fullName"    -> trim(label("Full Name"    , text(required, maxlength(100)))),
    "mailAddress" -> trim(label("Mail Address" , text(required, maxlength(100), uniqueMailAddress()))),
    "description" -> trim(label("bio"          , optional(text()))),
    "url"         -> trim(label("URL"          , optional(text(maxlength(200))))),
    "fileId"      -> trim(label("File ID"      , optional(text())))
  )(AccountNewForm.apply)
@@ -50,6 +52,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
    "password"    -> trim(label("Password"     , optional(text(maxlength(20))))),
    "fullName"    -> trim(label("Full Name"    , text(required, maxlength(100)))),
    "mailAddress" -> trim(label("Mail Address" , text(required, maxlength(100), uniqueMailAddress("userName")))),
    "description" -> trim(label("bio"          , optional(text()))),
    "url"         -> trim(label("URL"          , optional(text(maxlength(200))))),
    "fileId"      -> trim(label("File ID"      , optional(text()))),
    "clearImage"  -> trim(label("Clear image"  , boolean()))
@@ -64,11 +67,12 @@ trait AccountControllerBase extends AccountManagementControllerBase {
    "note"     -> trim(label("Token", text(required, maxlength(100))))
  )(PersonalTokenForm.apply)
-  case class NewGroupForm(groupName: String, url: Option[String], fileId: Option[String], members: String)
+  case class NewGroupForm(groupName: String, description: Option[String], url: Option[String], fileId: Option[String], members: String)
-  case class EditGroupForm(groupName: String, url: Option[String], fileId: Option[String], members: String, clearImage: Boolean)
+  case class EditGroupForm(groupName: String, description: Option[String], url: Option[String], fileId: Option[String], members: String, clearImage: Boolean)
  val newGroupForm = mapping(
-    "groupName" -> trim(label("Group name" ,text(required, maxlength(100), identifier, uniqueUserName))),
+    "groupName" -> trim(label("Group name" ,text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
    "description" -> trim(label("Group description", optional(text()))),
    "url"       -> trim(label("URL"        ,optional(text(maxlength(200))))),
    "fileId"    -> trim(label("File ID"    ,optional(text()))),
    "members"   -> trim(label("Members"    ,text(required, members)))
@@ -76,6 +80,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
  val editGroupForm = mapping(
    "groupName"  -> trim(label("Group name"  ,text(required, maxlength(100), identifier))),
    "description" -> trim(label("Group description", optional(text()))),
    "url"        -> trim(label("URL"         ,optional(text(maxlength(200))))),
    "fileId"     -> trim(label("File ID"     ,optional(text()))),
    "members"    -> trim(label("Members"     ,text(required, members))),
@@ -120,7 +125,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
        // Members
        case "members" if(account.isGroupAccount) => {
          val members = getGroupMembers(account.userName)
-          gitbucket.core.account.html.members(account, members.map(_.userName),
+          gitbucket.core.account.html.members(account, members,
            context.loginAccount.exists(x => members.exists { member => member.userName == x.userName && member.isManager }))
        }
@@ -133,7 +138,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
            context.loginAccount.exists(x => members.exists { member => member.userName == x.userName && member.isManager }))
        }
      }
-    } getOrElse NotFound
+    } getOrElse NotFound()
  }
  get("/:userName.atom") {
@@ -156,7 +161,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
    val userName = params("userName")
    getAccountByUserName(userName).map { x =>
      html.edit(x, flash.get("info"), flash.get("error"))
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
  post("/:userName/_edit", editForm)(oneselfOnly { form =>
@@ -166,13 +171,14 @@ trait AccountControllerBase extends AccountManagementControllerBase {
        password    = form.password.map(sha1).getOrElse(account.password),
        fullName    = form.fullName,
        mailAddress = form.mailAddress,
        description = form.description,
        url         = form.url))
      updateImage(userName, form.fileId, form.clearImage)
      flash += "info" -> "Account information has been updated."
      redirect(s"/${userName}/_edit")
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
  get("/:userName/_delete")(oneselfOnly {
@@ -196,14 +202,14 @@ trait AccountControllerBase extends AccountManagementControllerBase {
        session.invalidate
        redirect("/")
      }
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
  get("/:userName/_ssh")(oneselfOnly {
    val userName = params("userName")
    getAccountByUserName(userName).map { x =>
      html.ssh(x, getPublicKeys(x.userName))
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
  post("/:userName/_ssh", sshKeyForm)(oneselfOnly { form =>
@@ -234,7 +240,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
        case _ => None
      }
      html.application(x, tokens, generatedToken)
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
  post("/:userName/_personalToken", personalTokenForm)(oneselfOnly { form =>
@@ -260,15 +266,15 @@ trait AccountControllerBase extends AccountManagementControllerBase {
      } else {
        html.register()
      }
-    } else NotFound
+    } else NotFound()
  }
  post("/register", newForm){ form =>
    if(context.settings.allowAccountRegistration){
-      createAccount(form.userName, sha1(form.password), form.fullName, form.mailAddress, false, form.url)
+      createAccount(form.userName, sha1(form.password), form.fullName, form.mailAddress, false, form.description, form.url)
      updateImage(form.userName, form.fileId, false)
      redirect("/signin")
-    } else NotFound
+    } else NotFound()
  }
  get("/groups/new")(usersOnly {
@@ -276,7 +282,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
  })
  post("/groups/new", newGroupForm)(usersOnly { form =>
-    createGroup(form.groupName, form.url)
+    createGroup(form.groupName, form.description, form.url)
    updateGroupMembers(form.groupName, form.members.split(",").map {
      _.split(":") match {
        case Array(userName, isManager) => (userName, isManager.toBoolean)
@@ -314,22 +320,22 @@ trait AccountControllerBase extends AccountManagementControllerBase {
      }
    }.toList){ case (groupName, members) =>
      getAccountByUserName(groupName, true).map { account =>
-        updateGroup(groupName, form.url, false)
+        updateGroup(groupName, form.description, form.url, false)
        // Update GROUP_MEMBER
        updateGroupMembers(form.groupName, members)
-        // Update COLLABORATOR for group repositories
+//        // Update COLLABORATOR for group repositories
-        getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
+//        getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
-          removeCollaborators(form.groupName, repositoryName)
+//          removeCollaborators(form.groupName, repositoryName)
-          members.foreach { case (userName, isManager) =>
+//          members.foreach { case (userName, isManager) =>
-            addCollaborator(form.groupName, repositoryName, userName)
+//            addCollaborator(form.groupName, repositoryName, userName)
-          }
+//          }
-        }
+//        }
        updateImage(form.groupName, form.fileId, form.clearImage)
        redirect(s"/${form.groupName}")
-      } getOrElse NotFound
+      } getOrElse NotFound()
    }
  })
@@ -355,6 +361,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
  })
  get("/:owner/:repository/fork")(readableUsersOnly { repository =>
    if(repository.repository.options.allowFork){
      val loginAccount   = context.loginAccount.get
      val loginUserName  = loginAccount.userName
      val groups         = getGroupsByUserName(loginUserName)
@@ -370,9 +377,11 @@ trait AccountControllerBase extends AccountManagementControllerBase {
          )
        case _ => redirect(s"/${loginUserName}")
      }
    } else BadRequest()
  })
  post("/:owner/:repository/fork", accountForm)(readableUsersOnly { (form, repository) =>
    if(repository.repository.options.allowFork){
      val loginAccount  = context.loginAccount.get
      val loginUserName = loginAccount.userName
      val accountName   = form.accountName
@@ -398,13 +407,13 @@ trait AccountControllerBase extends AccountManagementControllerBase {
            parentUserName       = Some(repository.owner)
          )
-        // Add collaborators for group repository
+//          // Add collaborators for group repository
-        val ownerAccount = getAccountByUserName(accountName).get
+//          val ownerAccount = getAccountByUserName(accountName).get
-        if(ownerAccount.isGroupAccount){
+//          if(ownerAccount.isGroupAccount){
-          getGroupMembers(accountName).foreach { member =>
+//            getGroupMembers(accountName).foreach { member =>
-            addCollaborator(accountName, repository.name, member.userName)
+//              addCollaborator(accountName, repository.name, member.userName)
-          }
+//            }
-        }
+//          }
          // Insert default labels
          insertDefaultLabels(accountName, repository.name)
@@ -425,6 +434,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
          redirect(s"/${accountName}/${repository.name}")
        }
      }
    } else BadRequest()
  })
  private def existsAccount: Constraint = new Constraint(){
--- a/src/main/scala/gitbucket/core/controller/ApiController.scala
+++ b/src/main/scala/gitbucket/core/controller/ApiController.scala
@@ -7,9 +7,10 @@ import gitbucket.core.service.PullRequestService._
 import gitbucket.core.service._
 import gitbucket.core.util.ControlUtil._
 import gitbucket.core.util.Directory._
-import gitbucket.core.util.JGitUtil.CommitInfo
+import gitbucket.core.util.JGitUtil._
 import gitbucket.core.util._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.view.helpers.{renderMarkup, isRenderable}
 import org.eclipse.jgit.api.Git
 import org.scalatra.{NoContent, UnprocessableEntity, Created}
 import scala.collection.JavaConverters._
@@ -20,9 +21,12 @@ class ApiController extends ApiControllerBase
  with ProtectedBranchService
  with IssuesService
  with LabelsService
  with MilestonesService
  with PullRequestService
  with CommitsService
  with CommitStatusService
  with RepositoryCreationService
  with IssueCreationService
  with HandleCommentService
  with WebHookService
  with WebHookPullRequestService
@@ -34,7 +38,7 @@ class ApiController extends ApiControllerBase
  with GroupManagerAuthenticator
  with ReferrerAuthenticator
  with ReadableUsersAuthenticator
-  with CollaboratorsAuthenticator
+  with WritableUsersAuthenticator
 trait ApiControllerBase extends ControllerBase {
  self: RepositoryService
@@ -42,35 +46,171 @@ trait ApiControllerBase extends ControllerBase {
    with ProtectedBranchService
    with IssuesService
    with LabelsService
    with MilestonesService
    with PullRequestService
    with CommitStatusService
    with RepositoryCreationService
    with IssueCreationService
    with HandleCommentService
    with OwnerAuthenticator
    with UsersAuthenticator
    with GroupManagerAuthenticator
    with ReferrerAuthenticator
    with ReadableUsersAuthenticator
-    with CollaboratorsAuthenticator =>
+    with WritableUsersAuthenticator =>
  /**
    * https://developer.github.com/v3/#root-endpoint
    */
  get("/api/v3/") {
    JsonFormat(ApiEndPoint())
  }
  /**
    * https://developer.github.com/v3/orgs/#get-an-organization
    */
  get("/api/v3/orgs/:groupName") {
    getAccountByUserName(params("groupName")).filter(account => account.isGroupAccount).map { account =>
      JsonFormat(ApiUser(account))
    } getOrElse NotFound()
  }
  /**
   * https://developer.github.com/v3/users/#get-a-single-user
   */
  get("/api/v3/users/:userName") {
-    getAccountByUserName(params("userName")).map { account =>
+    getAccountByUserName(params("userName")).filterNot(account => account.isGroupAccount).map { account =>
      JsonFormat(ApiUser(account))
-    } getOrElse NotFound
+    } getOrElse NotFound()
  }
  /**
    * https://developer.github.com/v3/repos/#list-organization-repositories
    */
  get("/api/v3/orgs/:orgName/repos") {
    JsonFormat(getVisibleRepositories(context.loginAccount, Some(params("orgName"))).map{ r => ApiRepository(r, getAccountByUserName(r.owner).get)})
  }
  /**
   * https://developer.github.com/v3/repos/#list-user-repositories
   */
  get("/api/v3/users/:userName/repos") {
    JsonFormat(getVisibleRepositories(context.loginAccount, Some(params("userName"))).map{ r => ApiRepository(r, getAccountByUserName(r.owner).get)})
  }
  /*
   * https://developer.github.com/v3/repos/branches/#list-branches
   */
  get ("/api/v3/repos/:owner/:repo/branches")(referrersOnly { repository =>
    JsonFormat(JGitUtil.getBranches(
      owner         = repository.owner,
      name          = repository.name,
      defaultBranch = repository.repository.defaultBranch,
      origin        = repository.repository.originUserName.isEmpty
    ).map { br =>
      ApiBranchForList(br.name, ApiBranchCommit(br.commitId))
    })
  })
  /*
   * https://developer.github.com/v3/repos/contents/#get-contents
   */
  get("/api/v3/repos/:owner/:repo/contents/*")(referrersOnly { repository =>
    def getFileInfo(git: Git, revision: String, pathStr: String): Option[FileInfo] = {
      val path = new java.io.File(pathStr)
      val dirName = path.getParent match {
        case null => "."
        case s => s
      }
      getFileList(git, revision, dirName).find(f => f.name.equals(path.getName))
    }
    val path = multiParams("splat").head match {
      case s if s.isEmpty => "."
      case s => s
    }
    val refStr = params.getOrElse("ref", repository.repository.defaultBranch)
    using(Git.open(getRepositoryDir(params("owner"), params("repo")))){ git =>
      val fileList = getFileList(git, refStr, path)
      if (fileList.isEmpty) { // file or NotFound
        getFileInfo(git, refStr, path).flatMap(f => {
          val largeFile = params.get("large_file").exists(s => s.equals("true"))
          val content = getContentFromId(git, f.id, largeFile)
          request.getHeader("Accept") match {
            case "application/vnd.github.v3.raw" => {
              contentType = "application/vnd.github.v3.raw"
              content
            }
            case "application/vnd.github.v3.html" if isRenderable(f.name) => {
              contentType = "application/vnd.github.v3.html"
              content.map(c =>
                List(
                  "<div data-path=\"", path, "\" id=\"file\">", "<article>",
                  renderMarkup(path.split("/").toList, new String(c), refStr, repository, false, false, true).body,
                  "</article>", "</div>"
                ).mkString
              )
            }
            case "application/vnd.github.v3.html" => {
              contentType = "application/vnd.github.v3.html"
              content.map(c =>
                List(
                  "<div data-path=\"", path, "\" id=\"file\">", "<div class=\"plain\">", "<pre>",
                  play.twirl.api.HtmlFormat.escape(new String(c)).body,
                  "</pre>", "</div>", "</div>"
                ).mkString
              )
            }
            case _ =>
              Some(JsonFormat(ApiContents(f, content)))
          }
        }).getOrElse(NotFound())
      } else { // directory
        JsonFormat(fileList.map{f => ApiContents(f, None)})
      }
    }
  })
  /*
   * https://developer.github.com/v3/git/refs/#get-a-reference
   */
  get("/api/v3/repos/:owner/:repo/git/*") (referrersOnly { repository =>
    val revstr = multiParams("splat").head
    using(Git.open(getRepositoryDir(params("owner"), params("repo")))) { git =>
      //JsonFormat( (revstr, git.getRepository().resolve(revstr)) )
      // getRef is deprecated by jgit-4.2. use exactRef() or findRef()
      val sha = git.getRepository().exactRef(revstr).getObjectId().name()
      JsonFormat(ApiRef(revstr, ApiObject(sha)))
    }
  })
  /**
   * https://developer.github.com/v3/repos/collaborators/#list-collaborators
   */
  get("/api/v3/repos/:owner/:repo/collaborators") (referrersOnly { repository =>
    // TODO Should ApiUser take permission? getCollaboratorUserNames does not return owner group members.
    JsonFormat(getCollaboratorUserNames(params("owner"), params("repo")).map(u => ApiUser(getAccountByUserName(u).get)))
  })
  /**
   * https://developer.github.com/v3/users/#get-the-authenticated-user
   */
  get("/api/v3/user") {
    context.loginAccount.map { account =>
      JsonFormat(ApiUser(account))
-    } getOrElse Unauthorized
+    } getOrElse Unauthorized()
  }
  /**
   * List user's own repository
   * https://developer.github.com/v3/repos/#list-your-repositories
   */
  get("/api/v3/user/repos")(usersOnly{
    JsonFormat(getVisibleRepositories(context.loginAccount, Option(context.loginAccount.get.userName)).map{
      r => ApiRepository(r, getAccountByUserName(r.owner).get)
    })
  })
  /**
   * Create user repository
   * https://developer.github.com/v3/repos/#create
@@ -92,7 +232,7 @@ trait ApiControllerBase extends ControllerBase {
          )
        }
      }
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
  })
  /**
@@ -116,7 +256,7 @@ trait ApiControllerBase extends ControllerBase {
          )
        }
      }
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
  })
  /**
@@ -134,7 +274,7 @@ trait ApiControllerBase extends ControllerBase {
        disableBranchProtection(repository.owner, repository.name, branch)
      }
      JsonFormat(ApiBranch(branch, protection)(RepositoryName(repository)))
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
  })
  /**
@@ -147,6 +287,68 @@ trait ApiControllerBase extends ControllerBase {
    org.scalatra.NotFound(ApiError("Rate limiting is not enabled."))
  }
  /**
    * https://developer.github.com/v3/issues/#list-issues-for-a-repository
    */
  get("/api/v3/repos/:owner/:repository/issues")(referrersOnly { repository =>
    val page = IssueSearchCondition.page(request)
    // TODO: more api spec condition
    val condition = IssueSearchCondition(request)
    val baseOwner = getAccountByUserName(repository.owner).get
    val issues: List[(Issue, Account)] =
      searchIssueByApi(
        condition = condition,
        offset    = (page - 1) * PullRequestLimit,
        limit     = PullRequestLimit,
        repos     = repository.owner -> repository.name
      )
    JsonFormat(issues.map { case (issue, issueUser) =>
      ApiIssue(
        issue          = issue,
        repositoryName = RepositoryName(repository),
        user           = ApiUser(issueUser)
      )
    })
  })
  /**
   * https://developer.github.com/v3/issues/#get-a-single-issue
   */
  get("/api/v3/repos/:owner/:repository/issues/:id")(referrersOnly { repository =>
    (for{
      issueId  <- params("id").toIntOpt
      issue <- getIssue(repository.owner, repository.name, issueId.toString)
      openedUser <- getAccountByUserName(issue.openedUserName)
    } yield {
      JsonFormat(ApiIssue(issue, RepositoryName(repository), ApiUser(openedUser)))
    }) getOrElse NotFound()
  })
  /**
    * https://developer.github.com/v3/issues/#create-an-issue
    */
  post("/api/v3/repos/:owner/:repository/issues")(readableUsersOnly { repository =>
    if(isIssueEditable(repository)){ // TODO Should this check is provided by authenticator?
      (for{
        data <- extractFromJsonBody[CreateAnIssue]
        loginAccount <- context.loginAccount
      } yield {
        val milestone = data.milestone.flatMap(getMilestone(repository.owner, repository.name, _))
        val issue = createIssue(
          repository,
          data.title,
          data.body,
          data.assignees.headOption,
          milestone.map(_.milestoneId),
          data.labels,
          loginAccount)
        JsonFormat(ApiIssue(issue, RepositoryName(repository), ApiUser(loginAccount)))
      }) getOrElse NotFound()
    } else Unauthorized()
  })
  /**
   * https://developer.github.com/v3/issues/comments/#list-comments-on-an-issue
   */
@@ -156,7 +358,7 @@ trait ApiControllerBase extends ControllerBase {
      comments =  getCommentsForApi(repository.owner, repository.name, issueId.toInt)
    } yield {
      JsonFormat(comments.map{ case (issueComment, user, issue) => ApiComment(issueComment, RepositoryName(repository), issueId, ApiUser(user), issue.isPullRequest) })
-    }).getOrElse(NotFound)
+    }) getOrElse NotFound()
  })
  /**
@@ -172,7 +374,7 @@ trait ApiControllerBase extends ControllerBase {
      issueComment <- getComment(repository.owner, repository.name, id.toString())
    } yield {
      JsonFormat(ApiComment(issueComment, RepositoryName(repository), issueId, ApiUser(context.loginAccount.get), issue.isPullRequest))
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
  })
  /**
@@ -199,7 +401,7 @@ trait ApiControllerBase extends ControllerBase {
   * Create a label
   * https://developer.github.com/v3/issues/labels/#create-a-label
   */
-  post("/api/v3/repos/:owner/:repository/labels")(collaboratorsOnly { repository =>
+  post("/api/v3/repos/:owner/:repository/labels")(writableUsersOnly { repository =>
    (for{
      data <- extractFromJsonBody[CreateALabel] if data.isValid
    } yield {
@@ -224,7 +426,7 @@ trait ApiControllerBase extends ControllerBase {
   * Update a label
   * https://developer.github.com/v3/issues/labels/#update-a-label
   */
-  patch("/api/v3/repos/:owner/:repository/labels/:labelName")(collaboratorsOnly { repository =>
+  patch("/api/v3/repos/:owner/:repository/labels/:labelName")(writableUsersOnly { repository =>
    (for{
      data <- extractFromJsonBody[CreateALabel] if data.isValid
    } yield {
@@ -234,12 +436,14 @@ trait ApiControllerBase extends ControllerBase {
            updateLabel(repository.owner, repository.name, label.labelId, data.name, data.color)
            JsonFormat(ApiLabel(
              getLabel(repository.owner, repository.name, label.labelId).get,
-              RepositoryName(repository)))
+              RepositoryName(repository)
            ))
          } else {
            // TODO ApiError should support errors field to enhance compatibility of GitHub API
            UnprocessableEntity(ApiError(
              "Validation Failed",
-              Some("https://developer.github.com/v3/issues/labels/#create-a-label")))
+              Some("https://developer.github.com/v3/issues/labels/#create-a-label")
            ))
          }
        } getOrElse NotFound()
      }
@@ -250,7 +454,7 @@ trait ApiControllerBase extends ControllerBase {
   * Delete a label
   * https://developer.github.com/v3/issues/labels/#delete-a-label
   */
-  delete("/api/v3/repos/:owner/:repository/labels/:labelName")(collaboratorsOnly { repository =>
+  delete("/api/v3/repos/:owner/:repository/labels/:labelName")(writableUsersOnly { repository =>
    LockUtil.lock(RepositoryName(repository).fullName) {
      getLabel(repository.owner, repository.name, params("labelName")).map { label =>
        deleteLabel(repository.owner, repository.name, label.labelId)
@@ -278,11 +482,12 @@ trait ApiControllerBase extends ControllerBase {
    JsonFormat(issues.map { case (issue, issueUser, commentCount, pullRequest, headRepo, headOwner) =>
      ApiPullRequest(
-        issue,
+        issue         = issue,
-        pullRequest,
+        pullRequest   = pullRequest,
-        ApiRepository(headRepo, ApiUser(headOwner)),
+        headRepo      = ApiRepository(headRepo, ApiUser(headOwner)),
-        ApiRepository(repository, ApiUser(baseOwner)),
+        baseRepo      = ApiRepository(repository, ApiUser(baseOwner)),
-        ApiUser(issueUser)
+        user          = ApiUser(issueUser),
        mergedComment = getMergedComment(repository.owner, repository.name, issue.issueId)
      )
    })
  })
@@ -294,19 +499,21 @@ trait ApiControllerBase extends ControllerBase {
    (for{
      issueId   <- params("id").toIntOpt
      (issue, pullRequest) <- getPullRequest(repository.owner, repository.name, issueId)
-      users = getAccountsByUserNames(Set(repository.owner, pullRequest.requestUserName, issue.openedUserName), Set())
+      users     =  getAccountsByUserNames(Set(repository.owner, pullRequest.requestUserName, issue.openedUserName), Set.empty)
      baseOwner <- users.get(repository.owner)
      headOwner <- users.get(pullRequest.requestUserName)
      issueUser <- users.get(issue.openedUserName)
      headRepo  <- getRepository(pullRequest.requestUserName, pullRequest.requestRepositoryName)
    } yield {
      JsonFormat(ApiPullRequest(
-        issue,
+        issue         = issue,
-        pullRequest,
+        pullRequest   = pullRequest,
-        ApiRepository(headRepo, ApiUser(headOwner)),
+        headRepo      = ApiRepository(headRepo, ApiUser(headOwner)),
-        ApiRepository(repository, ApiUser(baseOwner)),
+        baseRepo      = ApiRepository(repository, ApiUser(baseOwner)),
-        ApiUser(issueUser)))
+        user          = ApiUser(issueUser),
-    }).getOrElse(NotFound)
+        mergedComment = getMergedComment(repository.owner, repository.name, issue.issueId)
      ))
    }) getOrElse NotFound()
  })
  /**
@@ -321,11 +528,11 @@ trait ApiControllerBase extends ControllerBase {
          val oldId = git.getRepository.resolve(pullreq.commitIdFrom)
          val newId = git.getRepository.resolve(pullreq.commitIdTo)
          val repoFullName = RepositoryName(repository)
-          val commits = git.log.addRange(oldId, newId).call.iterator.asScala.map(c => ApiCommitListItem(new CommitInfo(c), repoFullName)).toList
+          val commits = git.log.addRange(oldId, newId).call.iterator.asScala.map { c => ApiCommitListItem(new CommitInfo(c), repoFullName) }.toList
          JsonFormat(commits)
        }
      }
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
  /**
@@ -338,7 +545,7 @@ trait ApiControllerBase extends ControllerBase {
  /**
   * https://developer.github.com/v3/repos/statuses/#create-a-status
   */
-  post("/api/v3/repos/:owner/:repo/statuses/:sha")(collaboratorsOnly { repository =>
+  post("/api/v3/repos/:owner/:repo/statuses/:sha")(writableUsersOnly { repository =>
    (for{
      ref      <- params.get("sha")
      sha      <- JGitUtil.getShaByRef(repository.owner, repository.name, ref)
@@ -350,7 +557,7 @@ trait ApiControllerBase extends ControllerBase {
      status   <- getCommitStatus(repository.owner, repository.name, statusId)
    } yield {
      JsonFormat(ApiCommitStatus(status, ApiUser(creator)))
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
  })
  /**
@@ -366,7 +573,7 @@ trait ApiControllerBase extends ControllerBase {
      JsonFormat(getCommitStatuesWithCreator(repository.owner, repository.name, sha).map{ case(status, creator) =>
        ApiCommitStatus(status, ApiUser(creator))
      })
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
  })
  /**
@@ -391,11 +598,11 @@ trait ApiControllerBase extends ControllerBase {
    } yield {
      val statuses = getCommitStatuesWithCreator(repository.owner, repository.name, sha)
      JsonFormat(ApiCombinedCommitStatus(sha, statuses, ApiRepository(repository, owner)))
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
  })
  private def isEditable(owner: String, repository: String, author: String)(implicit context: Context): Boolean =
-    hasWritePermission(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
+    hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
 }
--- a/src/main/scala/gitbucket/core/controller/ControllerBase.scala
+++ b/src/main/scala/gitbucket/core/controller/ControllerBase.scala
@@ -9,7 +9,6 @@ import gitbucket.core.util.Implicits._
 import gitbucket.core.util._
 import io.github.gitbucket.scalatra.forms._
 import org.apache.commons.io.FileUtils
 import org.json4s._
 import org.scalatra._
 import org.scalatra.i18n._
@@ -20,6 +19,8 @@ import javax.servlet.{FilterChain, ServletResponse, ServletRequest}
 import scala.util.Try
 import net.coobird.thumbnailator.Thumbnails
 /**
 * Provides generic features for controller implementations.
@@ -57,7 +58,7 @@ abstract class ControllerBase extends ScalatraFilter
        // Redirect to dashboard
        httpResponse.sendRedirect(baseUrl + "/")
      }
-    } else if(path.startsWith("/git/")){
+    } else if(path.startsWith("/git/") || path.startsWith("/git-lfs/")){
      // Git repository
      chain.doFilter(request, response)
    } else {
@@ -191,6 +192,7 @@ case class Context(settings: SystemSettingsService.SystemSettings, loginAccount:
    case agent if agent.contains("Win") => "windows"
    case _ => null
  }
  val sidebarCollapse = request.getSession.getAttribute("sidebar-collapse") != null
  /**
   * Get object from cache.
@@ -224,10 +226,13 @@ trait AccountManagementControllerBase extends ControllerBase {
    } else {
      fileId.map { fileId =>
        val filename = "avatar." + FileUtil.getExtension(session.getAndRemove(Keys.Session.Upload(fileId)).get)
-        FileUtils.moveFile(
+        val uploadDir = getUserUploadDir(userName)
-          new java.io.File(getTemporaryDir(session.getId), fileId),
+        if(!uploadDir.exists){
-          new java.io.File(getUserUploadDir(userName), filename)
+          uploadDir.mkdirs()
-        )
+        }
        Thumbnails.of(new java.io.File(getTemporaryDir(session.getId), fileId))
          .size(324, 324)
          .toFile(new java.io.File(uploadDir, filename))
        updateAvatarImage(userName, Some(filename))
      }
    }
@@ -244,4 +249,13 @@ trait AccountManagementControllerBase extends ControllerBase {
        .map    { _ => "Mail address is already registered." }
  }
  val allReservedNames = Set("git", "admin", "upload", "api")
  protected def reservedNames(): Constraint = new Constraint(){
    override def validate(name: String, value: String, messages: Messages): Option[String] = if(allReservedNames.contains(value)){
      Some(s"${value} is reserved")
    } else {
      None
    }
  }
 }
--- a/src/main/scala/gitbucket/core/controller/DashboardController.scala
+++ b/src/main/scala/gitbucket/core/controller/DashboardController.scala
@@ -1,13 +1,13 @@
 package gitbucket.core.controller
 import gitbucket.core.dashboard.html
-import gitbucket.core.service.{RepositoryService, PullRequestService, AccountService, IssuesService}
+import gitbucket.core.service._
-import gitbucket.core.util.{StringUtil, Keys, UsersAuthenticator}
+import gitbucket.core.util.{Keys, UsersAuthenticator}
 import gitbucket.core.util.Implicits._
 import gitbucket.core.service.IssuesService._
 class DashboardController extends DashboardControllerBase
-  with IssuesService with PullRequestService with RepositoryService with AccountService
+  with IssuesService with PullRequestService with RepositoryService with AccountService with CommitsService
  with UsersAuthenticator
 trait DashboardControllerBase extends ControllerBase {
@@ -15,20 +15,7 @@ trait DashboardControllerBase extends ControllerBase {
    with UsersAuthenticator =>
  get("/dashboard/issues")(usersOnly {
    val q = request.getParameter("q")
    val account = context.loginAccount.get
    Option(q).map { q =>
      val condition = IssueSearchCondition(q, Map[String, Int]())
      q match {
        case q if(q.contains("is:pr")) => redirect(s"/dashboard/pulls?q=${StringUtil.urlEncode(q)}")
        case q if(q.contains(s"author:${account.userName}")) => redirect(s"/dashboard/issues/created_by${condition.toURL}")
        case q if(q.contains(s"assignee:${account.userName}")) => redirect(s"/dashboard/issues/assigned${condition.toURL}")
        case q if(q.contains(s"mentions:${account.userName}")) => redirect(s"/dashboard/issues/mentioned${condition.toURL}")
        case _ => searchIssues("created_by")
      }
    } getOrElse {
    searchIssues("created_by")
    }
  })
  get("/dashboard/issues/assigned")(usersOnly {
@@ -44,20 +31,7 @@ trait DashboardControllerBase extends ControllerBase {
  })
  get("/dashboard/pulls")(usersOnly {
    val q = request.getParameter("q")
    val account = context.loginAccount.get
    Option(q).map { q =>
      val condition = IssueSearchCondition(q, Map[String, Int]())
      q match {
        case q if(q.contains("is:issue")) => redirect(s"/dashboard/issues?q=${StringUtil.urlEncode(q)}")
        case q if(q.contains(s"author:${account.userName}")) => redirect(s"/dashboard/pulls/created_by${condition.toURL}")
        case q if(q.contains(s"assignee:${account.userName}")) => redirect(s"/dashboard/pulls/assigned${condition.toURL}")
        case q if(q.contains(s"mentions:${account.userName}")) => redirect(s"/dashboard/pulls/mentioned${condition.toURL}")
        case _ => searchPullRequests("created_by")
      }
    } getOrElse {
    searchPullRequests("created_by")
    }
  })
  get("/dashboard/pulls/created_by")(usersOnly {
@@ -73,14 +47,7 @@ trait DashboardControllerBase extends ControllerBase {
  })
  private def getOrCreateCondition(key: String, filter: String, userName: String) = {
-    val condition = session.putAndGet(key, if(request.hasQueryString){
+    val condition = IssueSearchCondition(request)
      val q = request.getParameter("q")
      if(q == null){
        IssueSearchCondition(request)
      } else {
        IssueSearchCondition(q, Map[String, Int]())
      }
    } else session.getAs[IssueSearchCondition](key).getOrElse(IssueSearchCondition()))
    filter match {
      case "assigned"  => condition.copy(assigned = Some(Some(userName)), author = None, mentioned = None)
@@ -109,7 +76,7 @@ trait DashboardControllerBase extends ControllerBase {
      },
      filter,
      getGroupNames(userName),
-      getVisibleRepositories(context.loginAccount, withoutPhysicalInfo = true),
+      Nil,
      getUserRepositories(userName, withoutPhysicalInfo = true))
  }
@@ -134,7 +101,7 @@ trait DashboardControllerBase extends ControllerBase {
      },
      filter,
      getGroupNames(userName),
-      getVisibleRepositories(context.loginAccount, withoutPhysicalInfo = true),
+      Nil,
      getUserRepositories(userName, withoutPhysicalInfo = true))
  }
--- a/src/main/scala/gitbucket/core/controller/FileUploadController.scala
+++ b/src/main/scala/gitbucket/core/controller/FileUploadController.scala
@@ -10,7 +10,6 @@ import gitbucket.core.util.Implicits._
 import org.eclipse.jgit.api.Git
 import org.eclipse.jgit.dircache.DirCache
 import org.eclipse.jgit.lib.{FileMode, Constants}
 import org.scalatra
 import org.scalatra._
 import org.scalatra.servlet.{MultipartConfig, FileUploadSupport, FileItem}
 import org.apache.commons.io.{IOUtils, FileUtils}
@@ -75,19 +74,14 @@ class FileUploadController extends ScalatraServlet with FileUploadSupport with R
          }
        }, FileUtil.isUploadableType)
      }
-    } getOrElse BadRequest
+    } getOrElse BadRequest()
  }
  post("/import") {
    import JDBCUtil._
    session.get(Keys.Session.LoginAccount).collect { case loginAccount: Account if loginAccount.isAdmin =>
      execute({ (file, fileId) =>
-        if(file.getName.endsWith(".xml")){
+        request2Session(request).conn.importAsSQL(file.getInputStream)
          import JDBCUtil._
          val conn = request2Session(request).conn
          conn.importAsXML(file.getInputStream)
        } else {
          throw new RuntimeException("Import is available for only the XML file.")
        }
      }, _ => true)
    }
    redirect("/admin/data")
@@ -98,7 +92,7 @@ class FileUploadController extends ScalatraServlet with FileUploadSupport with R
    loginAccount match {
      case x if(x.isAdmin) => action
      case x if(getCollaborators(owner, repository).contains(x.userName)) => action
-      case _ => BadRequest
+      case _ => BadRequest()
    }
  }
@@ -106,10 +100,9 @@ class FileUploadController extends ScalatraServlet with FileUploadSupport with R
    case Some(file) if(mimeTypeChcker(file.name)) =>
      defining(FileUtil.generateFileId){ fileId =>
        f(file, fileId)
        Ok(fileId)
      }
-    case _ => BadRequest
+    case _ => BadRequest()
  }
 }
--- a/src/main/scala/gitbucket/core/controller/IndexController.scala
+++ b/src/main/scala/gitbucket/core/controller/IndexController.scala
@@ -5,9 +5,9 @@ import gitbucket.core.model.Account
 import gitbucket.core.service._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.ControlUtil._
-import gitbucket.core.util.{LDAPUtil, Keys, UsersAuthenticator, ReferrerAuthenticator, StringUtil}
+import gitbucket.core.util.{Keys, LDAPUtil, ReferrerAuthenticator, UsersAuthenticator}
 import io.github.gitbucket.scalatra.forms._
 import org.scalatra.Ok
 class IndexController extends IndexControllerBase 
@@ -36,23 +36,11 @@ trait IndexControllerBase extends ControllerBase {
  get("/"){
-    val loginAccount = context.loginAccount
+    context.loginAccount.map { account =>
-    if(loginAccount.isEmpty) {
+      val visibleOwnerSet: Set[String] = Set(account.userName) ++ getGroupsByUserName(account.userName)
-        gitbucket.core.html.index(getRecentActivities(),
+      gitbucket.core.html.index(getRecentActivitiesByOwners(visibleOwnerSet), Nil, getUserRepositories(account.userName, withoutPhysicalInfo = true))
-            getVisibleRepositories(loginAccount, withoutPhysicalInfo = true),
+    }.getOrElse {
-            loginAccount.map{ account => getUserRepositories(account.userName, withoutPhysicalInfo = true) }.getOrElse(Nil)
+      gitbucket.core.html.index(getRecentActivities(), getVisibleRepositories(None, withoutPhysicalInfo = true), Nil)
        )
    } else {
        val loginUserName = loginAccount.get.userName
        val loginUserGroups = getGroupsByUserName(loginUserName)
        var visibleOwnerSet : Set[String] = Set(loginUserName)
        visibleOwnerSet ++= loginUserGroups
        gitbucket.core.html.index(getRecentActivitiesByOwners(visibleOwnerSet),
            getVisibleRepositories(loginAccount, withoutPhysicalInfo = true),
            loginAccount.map{ account => getUserRepositories(account.userName, withoutPhysicalInfo = true) }.getOrElse(Nil) 
        )
    }
  }
@@ -61,13 +49,18 @@ trait IndexControllerBase extends ControllerBase {
    if(redirect.isDefined && redirect.get.startsWith("/")){
      flash += Keys.Flash.Redirect -> redirect.get
    }
-    gitbucket.core.html.signin()
+    gitbucket.core.html.signin(flash.get("userName"), flash.get("password"), flash.get("error"))
  }
  post("/signin", signinForm){ form =>
    authenticate(context.settings, form.userName, form.password) match {
      case Some(account) => signin(account)
-      case None          => redirect("/signin")
+      case None          => {
        flash += "userName" -> form.userName
        flash += "password" -> form.password
        flash += "error" -> "Sorry, your Username and/or Password is incorrect. Please try again."
        redirect("/signin")
      }
    }
  }
@@ -81,6 +74,15 @@ trait IndexControllerBase extends ControllerBase {
    xml.feed(getRecentActivities())
  }
  get("/sidebar-collapse"){
    if(params("collapse") == "true"){
      session.setAttribute("sidebar-collapse", "true")
    }  else {
      session.setAttribute("sidebar-collapse", null)
    }
    Ok()
  }
  /**
   * Set account information into HttpSession and redirect.
   */
@@ -108,28 +110,34 @@ trait IndexControllerBase extends ControllerBase {
   */
  get("/_user/proposals")(usersOnly {
    contentType = formats("json")
    val user  = params("user").toBoolean
    val group = params("group").toBoolean
    org.json4s.jackson.Serialization.write(
-      Map("options" -> getAllUsers(false).filter(!_.isGroupAccount).map(_.userName).toArray)
+      Map("options" -> (
        getAllUsers(false)
          .withFilter { t => (user, group) match {
            case (true, true) => true
            case (true, false) => !t.isGroupAccount
            case (false, true) => t.isGroupAccount
            case (false, false) => false
          }}.map { t => t.userName }
      ))
    )
  })
  /**
-   * JSON API for checking user existence.
+   * JSON API for checking user or group existence.
   * Returns a single string which is any of "group", "user" or "".
   */
  post("/_user/existence")(usersOnly {
    getAccountByUserName(params("userName")).map { account =>
-      if(params.get("userOnly").isDefined) !account.isGroupAccount else true
+      if(account.isGroupAccount) "group" else "user"
-    } getOrElse false
+    } getOrElse ""
  })
  // TODO Move to RepositoryViwerController?
  post("/search", searchForm){ form =>
    redirect(s"/${form.owner}/${form.repository}/search?q=${StringUtil.urlEncode(form.query)}")
  }
  // TODO Move to RepositoryViwerController?
  get("/:owner/:repository/search")(referrersOnly { repository =>
-    defining(params("q").trim, params.getOrElse("type", "code")){ case (query, target) =>
+    defining(params.getOrElse("q", "").trim, params.getOrElse("type", "code")){ case (query, target) =>
      val page = try {
        val i = params.getOrElse("page", "1").toInt
        if(i <= 0) 1 else i
@@ -139,23 +147,31 @@ trait IndexControllerBase extends ControllerBase {
      target.toLowerCase match {
        case "issue" => gitbucket.core.search.html.issues(
-          countFiles(repository.owner, repository.name, query),
+          if(query.nonEmpty) searchIssues(repository.owner, repository.name, query) else Nil,
          searchIssues(repository.owner, repository.name, query),
          countWikiPages(repository.owner, repository.name, query),
          query, page, repository)
        case "wiki" => gitbucket.core.search.html.wiki(
-          countFiles(repository.owner, repository.name, query),
+          if(query.nonEmpty) searchWikiPages(repository.owner, repository.name, query) else Nil,
          countIssues(repository.owner, repository.name, query),
          searchWikiPages(repository.owner, repository.name, query),
          query, page, repository)
        case _ => gitbucket.core.search.html.code(
-          searchFiles(repository.owner, repository.name, query),
+          if(query.nonEmpty) searchFiles(repository.owner, repository.name, query) else Nil,
          countIssues(repository.owner, repository.name, query),
          countWikiPages(repository.owner, repository.name, query),
          query, page, repository)
      }
    }
  })
  get("/search"){
    val query = params.getOrElse("query", "").trim.toLowerCase
    val visibleRepositories = getVisibleRepositories(context.loginAccount, None)
    val repositories = visibleRepositories.filter { repository =>
      repository.name.toLowerCase.indexOf(query) >= 0 || repository.owner.toLowerCase.indexOf(query) >= 0
    }
    context.loginAccount.map { account =>
      gitbucket.core.search.html.repositories(query, repositories, Nil, getUserRepositories(account.userName, withoutPhysicalInfo = true))
    }.getOrElse {
      gitbucket.core.search.html.repositories(query, repositories, visibleRepositories, Nil)
    }
  }
 }
--- a/src/main/scala/gitbucket/core/controller/IssuesController.scala
+++ b/src/main/scala/gitbucket/core/controller/IssuesController.scala
@@ -8,18 +8,40 @@ import gitbucket.core.util.Implicits._
 import gitbucket.core.util._
 import gitbucket.core.view
 import gitbucket.core.view.Markdown
 import io.github.gitbucket.scalatra.forms._
-import org.scalatra.Ok
+import org.scalatra.{BadRequest, Ok}
 class IssuesController extends IssuesControllerBase
-  with IssuesService with RepositoryService with AccountService with LabelsService with MilestonesService with ActivityService with HandleCommentService
+  with IssuesService
-  with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with WebHookIssueCommentService
+  with RepositoryService
  with AccountService
  with LabelsService
  with MilestonesService
  with ActivityService
  with HandleCommentService
  with IssueCreationService
  with ReadableUsersAuthenticator
  with ReferrerAuthenticator
  with WritableUsersAuthenticator
  with PullRequestService
  with WebHookIssueCommentService
  with CommitsService
 trait IssuesControllerBase extends ControllerBase {
-  self: IssuesService with RepositoryService with AccountService with LabelsService with MilestonesService with ActivityService with HandleCommentService
+  self: IssuesService
-    with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with WebHookIssueCommentService =>
+    with RepositoryService
    with AccountService
    with LabelsService
    with MilestonesService
    with ActivityService
    with HandleCommentService
    with IssueCreationService
    with ReadableUsersAuthenticator
    with ReferrerAuthenticator
    with WritableUsersAuthenticator
    with PullRequestService
    with WebHookIssueCommentService =>
  case class IssueCreateForm(title: String, content: Option[String],
    assignedUserName: Option[String], milestoneId: Option[Int], labelNames: Option[String])
@@ -67,145 +89,121 @@ trait IssuesControllerBase extends ControllerBase {
          _,
          getComments(owner, name, issueId.toInt),
          getIssueLabels(owner, name, issueId.toInt),
-          (getCollaborators(owner, name) ::: (if(getAccountByUserName(owner).get.isGroupAccount) Nil else List(owner))).sorted,
+          getAssignableUserNames(owner, name),
          getMilestonesWithIssueCount(owner, name),
          getLabels(owner, name),
-          hasWritePermission(owner, name, context.loginAccount),
+          isIssueEditable(repository),
          isIssueManageable(repository),
          repository)
-      } getOrElse NotFound
+      } getOrElse NotFound()
    }
  })
  get("/:owner/:repository/issues/new")(readableUsersOnly { repository =>
    if(isIssueEditable(repository)){ // TODO Should this check is provided by authenticator?
      defining(repository.owner, repository.name){ case (owner, name) =>
        html.create(
-        (getCollaborators(owner, name) ::: (if(getAccountByUserName(owner).get.isGroupAccount) Nil else List(owner))).sorted,
+          getAssignableUserNames(owner, name),
          getMilestones(owner, name),
          getLabels(owner, name),
-          hasWritePermission(owner, name, context.loginAccount),
+          isIssueManageable(repository),
          getContentTemplate(repository, "ISSUE_TEMPLATE"),
          repository)
      }
    } else Unauthorized()
  })
  post("/:owner/:repository/issues/new", issueCreateForm)(readableUsersOnly { (form, repository) =>
-    defining(repository.owner, repository.name){ case (owner, name) =>
+    if(isIssueEditable(repository)){ // TODO Should this check is provided by authenticator?
-      val writable = hasWritePermission(owner, name, context.loginAccount)
+      val issue = createIssue(
-      val userName = context.loginAccount.get.userName
+        repository,
        form.title,
        form.content,
        form.assignedUserName,
        form.milestoneId,
        form.labelNames.toArray.flatMap(_.split(",")),
        context.loginAccount.get)
-      // insert issue
+      redirect(s"/${issue.userName}/${issue.repositoryName}/issues/${issue.issueId}")
-      val issueId = createIssue(owner, name, userName, form.title, form.content,
+    } else Unauthorized()
        if(writable) form.assignedUserName else None,
        if(writable) form.milestoneId else None)
      // insert labels
      if(writable){
        form.labelNames.map { value =>
          val labels = getLabels(owner, name)
          value.split(",").foreach { labelName =>
            labels.find(_.labelName == labelName).map { label =>
              registerIssueLabel(owner, name, issueId, label.labelId)
            }
          }
        }
      }
      // record activity
      recordCreateIssueActivity(owner, name, userName, issueId, form.title)
      getIssue(owner, name, issueId.toString).foreach { issue =>
        // extract references and create refer comment
        createReferComment(owner, name, issue, form.title + " " + form.content.getOrElse(""), context.loginAccount.get)
        // call web hooks
        callIssuesWebHook("opened", repository, issue, context.baseUrl, context.loginAccount.get)
        // notifications
        Notifier().toNotify(repository, issue, form.content.getOrElse("")){
          Notifier.msgIssue(s"${context.baseUrl}/${owner}/${name}/issues/${issueId}")
        }
      }
      redirect(s"/${owner}/${name}/issues/${issueId}")
    }
  })
  ajaxPost("/:owner/:repository/issues/edit_title/:id", issueTitleEditForm)(readableUsersOnly { (title, repository) =>
    defining(repository.owner, repository.name){ case (owner, name) =>
      getIssue(owner, name, params("id")).map { issue =>
-        if(isEditable(owner, name, issue.openedUserName)){
+        if(isEditableContent(owner, name, issue.openedUserName)){
          // update issue
          updateIssue(owner, name, issue.issueId, title, issue.content)
          // extract references and create refer comment
          createReferComment(owner, name, issue.copy(title = title), title, context.loginAccount.get)
          redirect(s"/${owner}/${name}/issues/_data/${issue.issueId}")
-        } else Unauthorized
+        } else Unauthorized()
-      } getOrElse NotFound
+      } getOrElse NotFound()
    }
  })
  ajaxPost("/:owner/:repository/issues/edit/:id", issueEditForm)(readableUsersOnly { (content, repository) =>
    defining(repository.owner, repository.name){ case (owner, name) =>
      getIssue(owner, name, params("id")).map { issue =>
-        if(isEditable(owner, name, issue.openedUserName)){
+        if(isEditableContent(owner, name, issue.openedUserName)){
          // update issue
          updateIssue(owner, name, issue.issueId, issue.title, content)
          // extract references and create refer comment
          createReferComment(owner, name, issue, content.getOrElse(""), context.loginAccount.get)
          redirect(s"/${owner}/${name}/issues/_data/${issue.issueId}")
-        } else Unauthorized
+        } else Unauthorized()
-      } getOrElse NotFound
+      } getOrElse NotFound()
    }
  })
  post("/:owner/:repository/issue_comments/new", commentForm)(readableUsersOnly { (form, repository) =>
    getIssue(repository.owner, repository.name, form.issueId.toString).flatMap { issue =>
-      val actionOpt = params.get("action").filter(_ => isEditable(issue.userName, issue.repositoryName, issue.openedUserName))
+      val actionOpt = params.get("action").filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName))
      handleComment(issue, Some(form.content), repository, actionOpt) map { case (issue, id) =>
        redirect(s"/${repository.owner}/${repository.name}/${
          if(issue.isPullRequest) "pull" else "issues"}/${form.issueId}#comment-${id}")
      }
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
  post("/:owner/:repository/issue_comments/state", issueStateForm)(readableUsersOnly { (form, repository) =>
    getIssue(repository.owner, repository.name, form.issueId.toString).flatMap { issue =>
-      val actionOpt = params.get("action").filter(_ => isEditable(issue.userName, issue.repositoryName, issue.openedUserName))
+      val actionOpt = params.get("action").filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName))
      handleComment(issue, form.content, repository, actionOpt) map { case (issue, id) =>
        redirect(s"/${repository.owner}/${repository.name}/${
          if(issue.isPullRequest) "pull" else "issues"}/${form.issueId}#comment-${id}")
      }
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
  ajaxPost("/:owner/:repository/issue_comments/edit/:id", commentForm)(readableUsersOnly { (form, repository) =>
    defining(repository.owner, repository.name){ case (owner, name) =>
      getComment(owner, name, params("id")).map { comment =>
-        if(isEditable(owner, name, comment.commentedUserName)){
+        if(isEditableContent(owner, name, comment.commentedUserName)){
          updateComment(comment.commentId, form.content)
          redirect(s"/${owner}/${name}/issue_comments/_data/${comment.commentId}")
-        } else Unauthorized
+        } else Unauthorized()
-      } getOrElse NotFound
+      } getOrElse NotFound()
    }
  })
  ajaxPost("/:owner/:repository/issue_comments/delete/:id")(readableUsersOnly { repository =>
    defining(repository.owner, repository.name){ case (owner, name) =>
      getComment(owner, name, params("id")).map { comment =>
-        if(isEditable(owner, name, comment.commentedUserName)){
+        if(isEditableContent(owner, name, comment.commentedUserName)){
          Ok(deleteComment(comment.commentId))
-        } else Unauthorized
+        } else Unauthorized()
-      } getOrElse NotFound
+      } getOrElse NotFound()
    }
  })
  ajaxGet("/:owner/:repository/issues/_data/:id")(readableUsersOnly { repository =>
    getIssue(repository.owner, repository.name, params("id")) map { x =>
-      if(isEditable(x.userName, x.repositoryName, x.openedUserName)){
+      if(isEditableContent(x.userName, x.repositoryName, x.openedUserName)){
        params.get("dataType") collect {
-          case t if t == "html" => html.editissue(
+          case t if t == "html" => html.editissue(x.content, x.issueId, repository)
              x.content, x.issueId, x.userName, x.repositoryName)
        } getOrElse {
          contentType = formats("json")
          org.json4s.jackson.Serialization.write(
@@ -219,21 +217,20 @@ trait IssuesControllerBase extends ControllerBase {
                enableAnchor = true,
                enableLineBreaks = true,
                enableTaskList = true,
-                hasWritePermission = isEditable(x.userName, x.repositoryName, x.openedUserName)
+                hasWritePermission = true
              )
            )
          )
        }
-      } else Unauthorized
+      } else Unauthorized()
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
  ajaxGet("/:owner/:repository/issue_comments/_data/:id")(readableUsersOnly { repository =>
    getComment(repository.owner, repository.name, params("id")) map { x =>
-      if(isEditable(x.userName, x.repositoryName, x.commentedUserName)){
+      if(isEditableContent(x.userName, x.repositoryName, x.commentedUserName)){
        params.get("dataType") collect {
-          case t if t == "html" => html.editcomment(
+          case t if t == "html" => html.editcomment(x.content, x.commentId, repository)
              x.content, x.commentId, x.userName, x.repositoryName)
        } getOrElse {
          contentType = formats("json")
          org.json4s.jackson.Serialization.write(
@@ -246,51 +243,51 @@ trait IssuesControllerBase extends ControllerBase {
                enableAnchor = true,
                enableLineBreaks = true,
                enableTaskList = true,
-                hasWritePermission = isEditable(x.userName, x.repositoryName, x.commentedUserName)
+                hasWritePermission = true
              )
            )
          )
        }
-      } else Unauthorized
+      } else Unauthorized()
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
-  ajaxPost("/:owner/:repository/issues/new/label")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/new/label")(writableUsersOnly { repository =>
    val labelNames = params("labelNames").split(",")
    val labels = getLabels(repository.owner, repository.name).filter(x => labelNames.contains(x.labelName))
    html.labellist(labels)
  })
-  ajaxPost("/:owner/:repository/issues/:id/label/new")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/:id/label/new")(writableUsersOnly { repository =>
    defining(params("id").toInt){ issueId =>
      registerIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt)
      html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
    }
  })
-  ajaxPost("/:owner/:repository/issues/:id/label/delete")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/:id/label/delete")(writableUsersOnly { repository =>
    defining(params("id").toInt){ issueId =>
      deleteIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt)
      html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
    }
  })
-  ajaxPost("/:owner/:repository/issues/:id/assign")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/:id/assign")(writableUsersOnly { repository =>
    updateAssignedUserName(repository.owner, repository.name, params("id").toInt, assignedUserName("assignedUserName"))
    Ok("updated")
  })
-  ajaxPost("/:owner/:repository/issues/:id/milestone")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/:id/milestone")(writableUsersOnly { repository =>
    updateMilestoneId(repository.owner, repository.name, params("id").toInt, milestoneId("milestoneId"))
    milestoneId("milestoneId").map { milestoneId =>
      getMilestonesWithIssueCount(repository.owner, repository.name)
          .find(_._1.milestoneId == milestoneId).map { case (_, openCount, closeCount) =>
        gitbucket.core.issues.milestones.html.progress(openCount + closeCount, closeCount)
-      } getOrElse NotFound
+      } getOrElse NotFound()
    } getOrElse Ok()
  })
-  post("/:owner/:repository/issues/batchedit/state")(collaboratorsOnly { repository =>
+  post("/:owner/:repository/issues/batchedit/state")(writableUsersOnly { repository =>
    defining(params.get("value")){ action =>
      action match {
        case Some("open")  => executeBatch(repository) { issueId =>
@@ -303,22 +300,22 @@ trait IssuesControllerBase extends ControllerBase {
            handleComment(issue, None, repository, Some("close"))
          }
        }
-        case _ => // TODO BadRequest
+        case _ => BadRequest()
      }
    }
  })
-  post("/:owner/:repository/issues/batchedit/label")(collaboratorsOnly { repository =>
+  post("/:owner/:repository/issues/batchedit/label")(writableUsersOnly { repository =>
    params("value").toIntOpt.map{ labelId =>
      executeBatch(repository) { issueId =>
        getIssueLabel(repository.owner, repository.name, issueId, labelId) getOrElse {
          registerIssueLabel(repository.owner, repository.name, issueId, labelId)
        }
      }
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
-  post("/:owner/:repository/issues/batchedit/assign")(collaboratorsOnly { repository =>
+  post("/:owner/:repository/issues/batchedit/assign")(writableUsersOnly { repository =>
    defining(assignedUserName("value")){ value =>
      executeBatch(repository) {
        updateAssignedUserName(repository.owner, repository.name, _, value)
@@ -326,7 +323,7 @@ trait IssuesControllerBase extends ControllerBase {
    }
  })
-  post("/:owner/:repository/issues/batchedit/milestone")(collaboratorsOnly { repository =>
+  post("/:owner/:repository/issues/batchedit/milestone")(writableUsersOnly { repository =>
    defining(milestoneId("value")){ value =>
      executeBatch(repository) {
        updateMilestoneId(repository.owner, repository.name, _, value)
@@ -342,15 +339,12 @@ trait IssuesControllerBase extends ControllerBase {
          RawData(FileUtil.getMimeType(file.getName), file)
        }
      case _ => None
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
  })
  val assignedUserName = (key: String) => params.get(key) filter (_.trim != "")
  val milestoneId: String => Option[Int] = (key: String) => params.get(key).flatMap(_.toIntOpt)
  private def isEditable(owner: String, repository: String, author: String)(implicit context: Context): Boolean =
    hasWritePermission(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
  private def executeBatch(repository: RepositoryService.RepositoryInfo)(execute: Int => Unit) = {
    params("checked").split(',') map(_.toInt) foreach execute
    params("from") match {
@@ -362,36 +356,30 @@ trait IssuesControllerBase extends ControllerBase {
  private def searchIssues(repository: RepositoryService.RepositoryInfo) = {
    defining(repository.owner, repository.name){ case (owner, repoName) =>
      val page = IssueSearchCondition.page(request)
      val sessionKey = Keys.Session.Issues(owner, repoName)
      // retrieve search condition
-      val condition = session.putAndGet(sessionKey,
+      val condition = IssueSearchCondition(request)
        if(request.hasQueryString){
          val q = request.getParameter("q")
          if(q == null || q.trim.isEmpty){
            IssueSearchCondition(request)
          } else {
            IssueSearchCondition(q, getMilestones(owner, repoName).map(x => (x.title, x.milestoneId)).toMap)
          }
        } else session.getAs[IssueSearchCondition](sessionKey).getOrElse(IssueSearchCondition())
      )
      html.list(
          "issues",
          searchIssue(condition, false, (page - 1) * IssueLimit, IssueLimit, owner -> repoName),
          page,
-          if(!getAccountByUserName(owner).exists(_.isGroupAccount)){
+          getAssignableUserNames(owner, repoName),
            (getCollaborators(owner, repoName) :+ owner).sorted
          } else {
            getCollaborators(owner, repoName)
          },
          getMilestones(owner, repoName),
          getLabels(owner, repoName),
          countIssue(condition.copy(state = "open"  ), false, owner -> repoName),
          countIssue(condition.copy(state = "closed"), false, owner -> repoName),
          condition,
          repository,
-          hasWritePermission(owner, repoName, context.loginAccount))
+          isIssueEditable(repository),
          isIssueManageable(repository))
    }
  }
  /**
   * Tests whether an issue or a comment is editable by a logged-in user.
   */
  private def isEditableContent(owner: String, repository: String, author: String)(implicit context: Context): Boolean = {
    hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
  }
 }
--- a/src/main/scala/gitbucket/core/controller/LabelsController.scala
+++ b/src/main/scala/gitbucket/core/controller/LabelsController.scala
@@ -2,7 +2,7 @@ package gitbucket.core.controller
 import gitbucket.core.issues.labels.html
 import gitbucket.core.service.{RepositoryService, AccountService, IssuesService, LabelsService}
-import gitbucket.core.util.{ReferrerAuthenticator, CollaboratorsAuthenticator}
+import gitbucket.core.util.{ReferrerAuthenticator, WritableUsersAuthenticator}
 import gitbucket.core.util.Implicits._
 import io.github.gitbucket.scalatra.forms._
 import org.scalatra.i18n.Messages
@@ -10,11 +10,11 @@ import org.scalatra.Ok
 class LabelsController extends LabelsControllerBase
  with LabelsService with IssuesService with RepositoryService with AccountService
-with ReferrerAuthenticator with CollaboratorsAuthenticator
+with ReferrerAuthenticator with WritableUsersAuthenticator
 trait LabelsControllerBase extends ControllerBase {
  self: LabelsService with IssuesService with RepositoryService
-    with ReferrerAuthenticator with CollaboratorsAuthenticator =>
+    with ReferrerAuthenticator with WritableUsersAuthenticator =>
  case class LabelForm(labelName: String, color: String)
@@ -29,40 +29,40 @@ trait LabelsControllerBase extends ControllerBase {
      getLabels(repository.owner, repository.name),
      countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
      repository,
-      hasWritePermission(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
  })
-  ajaxGet("/:owner/:repository/issues/labels/new")(collaboratorsOnly { repository =>
+  ajaxGet("/:owner/:repository/issues/labels/new")(writableUsersOnly { repository =>
    html.edit(None, repository)
  })
-  ajaxPost("/:owner/:repository/issues/labels/new", labelForm)(collaboratorsOnly { (form, repository) =>
+  ajaxPost("/:owner/:repository/issues/labels/new", labelForm)(writableUsersOnly { (form, repository) =>
    val labelId = createLabel(repository.owner, repository.name, form.labelName, form.color.substring(1))
    html.label(
      getLabel(repository.owner, repository.name, labelId).get,
      // TODO futility
      countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
      repository,
-      hasWritePermission(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
  })
-  ajaxGet("/:owner/:repository/issues/labels/:labelId/edit")(collaboratorsOnly { repository =>
+  ajaxGet("/:owner/:repository/issues/labels/:labelId/edit")(writableUsersOnly { repository =>
    getLabel(repository.owner, repository.name, params("labelId").toInt).map { label =>
      html.edit(Some(label), repository)
    } getOrElse NotFound()
  })
-  ajaxPost("/:owner/:repository/issues/labels/:labelId/edit", labelForm)(collaboratorsOnly { (form, repository) =>
+  ajaxPost("/:owner/:repository/issues/labels/:labelId/edit", labelForm)(writableUsersOnly { (form, repository) =>
    updateLabel(repository.owner, repository.name, params("labelId").toInt, form.labelName, form.color.substring(1))
    html.label(
      getLabel(repository.owner, repository.name, params("labelId").toInt).get,
      // TODO futility
      countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
      repository,
-      hasWritePermission(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
  })
-  ajaxPost("/:owner/:repository/issues/labels/:labelId/delete")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/labels/:labelId/delete")(writableUsersOnly { repository =>
    deleteLabel(repository.owner, repository.name, params("labelId").toInt)
    Ok()
  })
--- a/src/main/scala/gitbucket/core/controller/MilestonesController.scala
+++ b/src/main/scala/gitbucket/core/controller/MilestonesController.scala
@@ -2,17 +2,17 @@ package gitbucket.core.controller
 import gitbucket.core.issues.milestones.html
 import gitbucket.core.service.{RepositoryService, MilestonesService, AccountService}
-import gitbucket.core.util.{ReferrerAuthenticator, CollaboratorsAuthenticator}
+import gitbucket.core.util.{ReferrerAuthenticator, WritableUsersAuthenticator}
 import gitbucket.core.util.Implicits._
 import io.github.gitbucket.scalatra.forms._
 class MilestonesController extends MilestonesControllerBase
  with MilestonesService with RepositoryService with AccountService
-  with ReferrerAuthenticator with CollaboratorsAuthenticator
+  with ReferrerAuthenticator with WritableUsersAuthenticator
 trait MilestonesControllerBase extends ControllerBase {
  self: MilestonesService with RepositoryService
-    with ReferrerAuthenticator with CollaboratorsAuthenticator  =>
+    with ReferrerAuthenticator with WritableUsersAuthenticator  =>
  case class MilestoneForm(title: String, description: Option[String], dueDate: Option[java.util.Date])
@@ -27,58 +27,58 @@ trait MilestonesControllerBase extends ControllerBase {
      params.getOrElse("state", "open"),
      getMilestonesWithIssueCount(repository.owner, repository.name),
      repository,
-      hasWritePermission(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
  })
-  get("/:owner/:repository/issues/milestones/new")(collaboratorsOnly {
+  get("/:owner/:repository/issues/milestones/new")(writableUsersOnly {
    html.edit(None, _)
  })
-  post("/:owner/:repository/issues/milestones/new", milestoneForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/issues/milestones/new", milestoneForm)(writableUsersOnly { (form, repository) =>
    createMilestone(repository.owner, repository.name, form.title, form.description, form.dueDate)
    redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
  })
-  get("/:owner/:repository/issues/milestones/:milestoneId/edit")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/issues/milestones/:milestoneId/edit")(writableUsersOnly { repository =>
    params("milestoneId").toIntOpt.map{ milestoneId =>
      html.edit(getMilestone(repository.owner, repository.name, milestoneId), repository)
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
-  post("/:owner/:repository/issues/milestones/:milestoneId/edit", milestoneForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/issues/milestones/:milestoneId/edit", milestoneForm)(writableUsersOnly { (form, repository) =>
    params("milestoneId").toIntOpt.flatMap{ milestoneId =>
      getMilestone(repository.owner, repository.name, milestoneId).map { milestone =>
        updateMilestone(milestone.copy(title = form.title, description = form.description, dueDate = form.dueDate))
        redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
      }
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
-  get("/:owner/:repository/issues/milestones/:milestoneId/close")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/issues/milestones/:milestoneId/close")(writableUsersOnly { repository =>
    params("milestoneId").toIntOpt.flatMap{ milestoneId =>
      getMilestone(repository.owner, repository.name, milestoneId).map { milestone =>
        closeMilestone(milestone)
        redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
      }
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
-  get("/:owner/:repository/issues/milestones/:milestoneId/open")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/issues/milestones/:milestoneId/open")(writableUsersOnly { repository =>
    params("milestoneId").toIntOpt.flatMap{ milestoneId =>
      getMilestone(repository.owner, repository.name, milestoneId).map { milestone =>
        openMilestone(milestone)
        redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
      }
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
-  get("/:owner/:repository/issues/milestones/:milestoneId/delete")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/issues/milestones/:milestoneId/delete")(writableUsersOnly { repository =>
    params("milestoneId").toIntOpt.flatMap{ milestoneId =>
      getMilestone(repository.owner, repository.name, milestoneId).map { milestone =>
        deleteMilestone(repository.owner, repository.name, milestone.milestoneId)
        redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
      }
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
 }
--- a/src/main/scala/gitbucket/core/controller/PullRequestsController.scala
+++ b/src/main/scala/gitbucket/core/controller/PullRequestsController.scala
@@ -6,36 +6,32 @@ import gitbucket.core.service.CommitStatusService
 import gitbucket.core.service.MergeService
 import gitbucket.core.service.IssuesService._
 import gitbucket.core.service.PullRequestService._
 import gitbucket.core.service.RepositoryService.RepositoryInfo
 import gitbucket.core.service._
 import gitbucket.core.util.ControlUtil._
 import gitbucket.core.util.Directory._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.JGitUtil._
 import gitbucket.core.util._
 import gitbucket.core.view
 import gitbucket.core.view.helpers
 import io.github.gitbucket.scalatra.forms._
 import org.eclipse.jgit.api.Git
 import org.eclipse.jgit.lib.PersonIdent
 import org.slf4j.LoggerFactory
 import scala.collection.JavaConverters._
 class PullRequestsController extends PullRequestsControllerBase
  with RepositoryService with AccountService with IssuesService with PullRequestService with MilestonesService with LabelsService
-  with CommitsService with ActivityService with WebHookPullRequestService with ReferrerAuthenticator with CollaboratorsAuthenticator
+  with CommitsService with ActivityService with WebHookPullRequestService
  with ReadableUsersAuthenticator with ReferrerAuthenticator with WritableUsersAuthenticator
  with CommitStatusService with MergeService with ProtectedBranchService
 trait PullRequestsControllerBase extends ControllerBase {
  self: RepositoryService with AccountService with IssuesService with MilestonesService with LabelsService
-    with CommitsService with ActivityService with PullRequestService with WebHookPullRequestService with ReferrerAuthenticator with CollaboratorsAuthenticator
+    with CommitsService with ActivityService with PullRequestService with WebHookPullRequestService
    with ReadableUsersAuthenticator with ReferrerAuthenticator with WritableUsersAuthenticator
    with CommitStatusService with MergeService with ProtectedBranchService =>
  private val logger = LoggerFactory.getLogger(classOf[PullRequestsControllerBase])
  val pullRequestForm = mapping(
    "title"                 -> trim(label("Title"  , text(required, maxlength(100)))),
    "content"               -> trim(label("Content", optional(text()))),
@@ -94,17 +90,18 @@ trait PullRequestsControllerBase extends ControllerBase {
            (commits.flatten.map(commit => getCommitComments(owner, name, commit.id, true)).flatten.toList ::: getComments(owner, name, issueId))
              .sortWith((a, b) => a.registeredDate before b.registeredDate),
            getIssueLabels(owner, name, issueId),
-            (getCollaborators(owner, name) ::: (if(getAccountByUserName(owner).get.isGroupAccount) Nil else List(owner))).sorted,
+            getAssignableUserNames(owner, name),
            getMilestonesWithIssueCount(owner, name),
            getLabels(owner, name),
            commits,
            diffs,
-            hasWritePermission(owner, name, context.loginAccount),
+            isEditable(repository),
            isManageable(repository),
            repository,
            flash.toMap.map(f => f._1 -> f._2.toString))
        }
      }
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
  ajaxGet("/:owner/:repository/pull/:id/mergeguide")(referrersOnly { repository =>
@@ -115,7 +112,7 @@ trait PullRequestsControllerBase extends ControllerBase {
        val hasConflict = LockUtil.lock(s"${owner}/${name}"){
          checkConflict(owner, name, pullreq.branch, issueId)
        }
-        val hasMergePermission = hasWritePermission(owner, name, context.loginAccount)
+        val hasMergePermission = hasDeveloperRole(owner, name, context.loginAccount)
        val branchProtection = getProtectedBranchInfo(owner, name, pullreq.branch)
        val mergeStatus = PullRequestService.MergeStatus(
           hasConflict         = hasConflict,
@@ -125,7 +122,7 @@ trait PullRequestsControllerBase extends ControllerBase {
           needStatusCheck     = context.loginAccount.map{ u =>
                                   branchProtection.needStatusCheck(u.userName)
                                 }.getOrElse(true),
-           hasUpdatePermission = hasWritePermission(pullreq.requestUserName, pullreq.requestRepositoryName, context.loginAccount) &&
+           hasUpdatePermission = hasDeveloperRole(pullreq.requestUserName, pullreq.requestRepositoryName, context.loginAccount) &&
                                   context.loginAccount.map{ u =>
                                     !getProtectedBranchInfo(pullreq.requestUserName, pullreq.requestRepositoryName, pullreq.requestBranch).needStatusCheck(u.userName)
                                   }.getOrElse(false),
@@ -138,10 +135,10 @@ trait PullRequestsControllerBase extends ControllerBase {
          repository,
          getRepository(pullreq.requestUserName, pullreq.requestRepositoryName).get)
      }
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
-  get("/:owner/:repository/pull/:id/delete/*")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/pull/:id/delete/*")(writableUsersOnly { repository =>
    params("id").toIntOpt.map { issueId =>
      val branchName = multiParams("splat").head
      val userName   = context.loginAccount.get.userName
@@ -153,27 +150,27 @@ trait PullRequestsControllerBase extends ControllerBase {
      }
      createComment(repository.owner, repository.name, userName, issueId, branchName, "delete_branch")
      redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
-  post("/:owner/:repository/pull/:id/update_branch")(referrersOnly { baseRepository =>
+  post("/:owner/:repository/pull/:id/update_branch")(writableUsersOnly { baseRepository =>
    (for {
      issueId <- params("id").toIntOpt
      loginAccount <- context.loginAccount
      (issue, pullreq) <- getPullRequest(baseRepository.owner, baseRepository.name, issueId)
      owner = pullreq.requestUserName
      name  = pullreq.requestRepositoryName
-      if hasWritePermission(owner, name, context.loginAccount)
+      if hasDeveloperRole(owner, name, context.loginAccount)
    } yield {
      val repository = getRepository(owner, name).get
      val branchProtection = getProtectedBranchInfo(owner, name, pullreq.requestBranch)
      if(branchProtection.needStatusCheck(loginAccount.userName)){
        flash += "error" -> s"branch ${pullreq.requestBranch} is protected need status check."
      } else {
        val repository = getRepository(owner, name).get
        LockUtil.lock(s"${owner}/${name}"){
          val alias = if(pullreq.repositoryName == pullreq.requestRepositoryName && pullreq.userName == pullreq.requestUserName){
            pullreq.branch
-          }else{
+          } else {
            s"${pullreq.userName}:${pullreq.branch}"
          }
          val existIds = using(Git.open(Directory.getRepositoryDir(owner, name))) { git => JGitUtil.getAllCommitIds(git) }.toSet
@@ -187,11 +184,10 @@ trait PullRequestsControllerBase extends ControllerBase {
              using(Git.open(Directory.getRepositoryDir(owner, name))) { git =>
                //  after update branch
                val newCommitId = git.getRepository.resolve(s"refs/heads/${pullreq.requestBranch}")
                val commits = git.log.addRange(oldId, newCommitId).call.iterator.asScala.map(c => new JGitUtil.CommitInfo(c)).toList
-                commits.foreach{ commit =>
+                commits.foreach { commit =>
                  if(!existIds.contains(commit.id)){
                    createIssueComment(owner, name, commit)
                  }
@@ -220,12 +216,13 @@ trait PullRequestsControllerBase extends ControllerBase {
              flash += "info" -> s"Merge branch '${alias}' into ${pullreq.requestBranch}"
          }
        }
        redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
      }
-    }) getOrElse NotFound
+      redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
    }) getOrElse NotFound()
  })
-  post("/:owner/:repository/pull/:id/merge", mergeForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/pull/:id/merge", mergeForm)(writableUsersOnly { (form, repository) =>
    params("id").toIntOpt.flatMap { issueId =>
      val owner = repository.owner
      val name  = repository.name
@@ -273,7 +270,7 @@ trait PullRequestsControllerBase extends ControllerBase {
          }
        }
      }
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
  get("/:owner/:repository/compare")(referrersOnly { forkedRepository =>
@@ -290,7 +287,7 @@ trait PullRequestsControllerBase extends ControllerBase {
            redirect(s"/${forkedRepository.owner}/${forkedRepository.name}/compare/${originUserName}:${oldBranch}...${newBranch}")
          }
-        } getOrElse NotFound
+        } getOrElse NotFound()
      }
      case _ => {
        using(Git.open(getRepositoryDir(forkedRepository.owner, forkedRepository.name))){ git =>
@@ -371,11 +368,12 @@ trait PullRequestsControllerBase extends ControllerBase {
              forkedId,
              oldId.getName,
              newId.getName,
              getContentTemplate(originRepository, "PULL_REQUEST_TEMPLATE"),
              forkedRepository,
              originRepository,
              forkedRepository,
-              hasWritePermission(originRepository.owner, originRepository.name, context.loginAccount),
+              hasDeveloperRole(originRepository.owner, originRepository.name, context.loginAccount),
-              (getCollaborators(originRepository.owner, originRepository.name) ::: (if(getAccountByUserName(originRepository.owner).get.isGroupAccount) Nil else List(originRepository.owner))).sorted,
+              getAssignableUserNames(originRepository.owner, originRepository.name),
              getMilestones(originRepository.owner, originRepository.name),
              getLabels(originRepository.owner, originRepository.name)
            )
@@ -386,10 +384,10 @@ trait PullRequestsControllerBase extends ControllerBase {
                     s"${forkedOwner}:${newId.map(_ => forkedId).getOrElse(forkedRepository.repository.defaultBranch)}")
        }
      }
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
  })
-  ajaxGet("/:owner/:repository/compare/*...*/mergecheck")(collaboratorsOnly { forkedRepository =>
+  ajaxGet("/:owner/:repository/compare/*...*/mergecheck")(readableUsersOnly { forkedRepository =>
    val Seq(origin, forked) = multiParams("splat")
    val (originOwner, tmpOriginBranch) = parseCompareIdentifie(origin, forkedRepository.owner)
    val (forkedOwner, tmpForkedBranch) = parseCompareIdentifie(forked, forkedRepository.owner)
@@ -416,22 +414,25 @@ trait PullRequestsControllerBase extends ControllerBase {
        }
        html.mergecheck(conflict)
      }
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
  })
-  post("/:owner/:repository/pulls/new", pullRequestForm)(referrersOnly { (form, repository) =>
+  post("/:owner/:repository/pulls/new", pullRequestForm)(readableUsersOnly { (form, repository) =>
    defining(repository.owner, repository.name){ case (owner, name) =>
-      val writable = hasWritePermission(owner, name, context.loginAccount)
+      val manageable = isManageable(repository)
      val editable = isEditable(repository)
      if(editable) {
        val loginUserName = context.loginAccount.get.userName
-      val issueId = createIssue(
+        val issueId = insertIssue(
          owner = repository.owner,
          repository = repository.name,
          loginUser = loginUserName,
          title = form.title,
          content = form.content,
-        assignedUserName = if(writable) form.assignedUserName else None,
+          assignedUserName = if (manageable) form.assignedUserName else None,
-        milestoneId      = if(writable) form.milestoneId else None,
+          milestoneId = if (manageable) form.milestoneId else None,
          isPullRequest = true)
        createPullRequest(
@@ -446,7 +447,7 @@ trait PullRequestsControllerBase extends ControllerBase {
          commitIdTo = form.commitIdTo)
        // insert labels
-      if(writable){
+        if (manageable) {
          form.labelNames.map { value =>
            val labels = getLabels(owner, name)
            value.split(",").foreach { labelName =>
@@ -471,12 +472,13 @@ trait PullRequestsControllerBase extends ControllerBase {
          createReferComment(owner, name, issue, form.title + " " + form.content.getOrElse(""), context.loginAccount.get)
          // notifications
-        Notifier().toNotify(repository, issue, form.content.getOrElse("")){
+          Notifier().toNotify(repository, issue, form.content.getOrElse("")) {
            Notifier.msgPullRequest(s"${context.baseUrl}/${owner}/${name}/pull/${issueId}")
          }
        }
        redirect(s"/${owner}/${name}/pull/${issueId}")
      } else Unauthorized()
    }
  })
@@ -494,53 +496,45 @@ trait PullRequestsControllerBase extends ControllerBase {
      (defaultOwner, value)
    }
  private def getRequestCompareInfo(userName: String, repositoryName: String, branch: String,
      requestUserName: String, requestRepositoryName: String, requestCommitId: String): (Seq[Seq[CommitInfo]], Seq[DiffInfo]) =
    using(
      Git.open(getRepositoryDir(userName, repositoryName)),
      Git.open(getRepositoryDir(requestUserName, requestRepositoryName))
    ){ (oldGit, newGit) =>
      val oldId = oldGit.getRepository.resolve(branch)
      val newId = newGit.getRepository.resolve(requestCommitId)
      val commits = newGit.log.addRange(oldId, newId).call.iterator.asScala.map { revCommit =>
        new CommitInfo(revCommit)
      }.toList.splitWith { (commit1, commit2) =>
        helpers.date(commit1.commitTime) == view.helpers.date(commit2.commitTime)
      }
      val diffs = JGitUtil.getDiffs(newGit, oldId.getName, newId.getName, true)
      (commits, diffs)
    }
  private def searchPullRequests(userName: Option[String], repository: RepositoryService.RepositoryInfo) =
    defining(repository.owner, repository.name){ case (owner, repoName) =>
      val page = IssueSearchCondition.page(request)
      val sessionKey = Keys.Session.Pulls(owner, repoName)
      // retrieve search condition
-      val condition = session.putAndGet(sessionKey,
+      val condition = IssueSearchCondition(request)
        if(request.hasQueryString) IssueSearchCondition(request)
        else session.getAs[IssueSearchCondition](sessionKey).getOrElse(IssueSearchCondition())
      )
      gitbucket.core.issues.html.list(
        "pulls",
        searchIssue(condition, true, (page - 1) * PullRequestLimit, PullRequestLimit, owner -> repoName),
        page,
-        if(!getAccountByUserName(owner).exists(_.isGroupAccount)){
+        getAssignableUserNames(owner, repoName),
          (getCollaborators(owner, repoName) :+ owner).sorted
        } else {
          getCollaborators(owner, repoName)
        },
        getMilestones(owner, repoName),
        getLabels(owner, repoName),
        countIssue(condition.copy(state = "open"  ), true, owner -> repoName),
        countIssue(condition.copy(state = "closed"), true, owner -> repoName),
        condition,
        repository,
-        hasWritePermission(owner, repoName, context.loginAccount))
+        isEditable(repository),
        isManageable(repository))
    }
  /**
   * Tests whether an logged-in user can manage pull requests.
   */
  private def isManageable(repository: RepositoryInfo)(implicit context: Context): Boolean = {
    hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
  }
  /**
   * Tests whether an logged-in user can post pull requests.
   */
  private def isEditable(repository: RepositoryInfo)(implicit context: Context): Boolean = {
    repository.repository.options.issuesOption match {
      case "ALL"     => !repository.repository.isPrivate && context.loginAccount.isDefined
      case "PUBLIC"  => hasGuestRole(repository.owner, repository.name, context.loginAccount)
      case "PRIVATE" => hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
      case "DISABLE" => false
    }
  }
 }
--- a/src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala
+++ b/src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala
@@ -31,22 +31,22 @@ trait RepositorySettingsControllerBase extends ControllerBase {
    repositoryName: String,
    description: Option[String],
    isPrivate: Boolean,
-    enableIssues: Boolean,
+    issuesOption: String,
    externalIssuesUrl: Option[String],
-    enableWiki: Boolean,
+    wikiOption: String,
-    allowWikiEditing: Boolean,
+    externalWikiUrl: Option[String],
-    externalWikiUrl: Option[String]
+    allowFork: Boolean
  )
  val optionsForm = mapping(
-    "repositoryName"    -> trim(label("Repository Name"    , text(required, maxlength(40), identifier, renameRepositoryName))),
+    "repositoryName"    -> trim(label("Repository Name"    , text(required, maxlength(100), identifier, renameRepositoryName))),
    "description"       -> trim(label("Description"        , optional(text()))),
    "isPrivate"         -> trim(label("Repository Type"    , boolean())),
-    "enableIssues"      -> trim(label("Enable Issues"      , boolean())),
+    "issuesOption"      -> trim(label("Issues Option"      , text(required, featureOption))),
    "externalIssuesUrl" -> trim(label("External Issues URL", optional(text(maxlength(200))))),
-    "enableWiki"        -> trim(label("Enable Wiki"        , boolean())),
+    "wikiOption"        -> trim(label("Wiki Option"        , text(required, featureOption))),
-    "allowWikiEditing"  -> trim(label("Allow Wiki Editing" , boolean())),
+    "externalWikiUrl"   -> trim(label("External Wiki URL"  , optional(text(maxlength(200))))),
-    "externalWikiUrl"   -> trim(label("External Wiki URL"  , optional(text(maxlength(200)))))
+    "allowFork"         -> trim(label("Allow Forking"      , boolean()))
  )(OptionsForm.apply)
  // for default branch
@@ -56,12 +56,12 @@ trait RepositorySettingsControllerBase extends ControllerBase {
    "defaultBranch"  -> trim(label("Default Branch" , text(required, maxlength(100))))
  )(DefaultBranchForm.apply)
-  // for collaborator addition
+//  // for collaborator addition
-  case class CollaboratorForm(userName: String)
+//  case class CollaboratorForm(userName: String)
-
+//
-  val collaboratorForm = mapping(
+//  val collaboratorForm = mapping(
-    "userName" -> trim(label("Username", text(required, collaborator)))
+//    "userName" -> trim(label("Username", text(required, collaborator)))
-  )(CollaboratorForm.apply)
+//  )(CollaboratorForm.apply)
  // for web hook url addition
  case class WebHookForm(url: String, events: Set[WebHook.Event], ctype: WebHookContentType, token: Option[String])
@@ -107,11 +107,11 @@ trait RepositorySettingsControllerBase extends ControllerBase {
      repository.repository.parentUserName.map { _ =>
        repository.repository.isPrivate
      } getOrElse form.isPrivate,
-      form.enableIssues,
+      form.issuesOption,
      form.externalIssuesUrl,
-      form.enableWiki,
+      form.wikiOption,
-      form.allowWikiEditing,
+      form.externalWikiUrl,
-      form.externalWikiUrl
+      form.allowFork
    )
    // Change repository name
    if(repository.name != form.repositoryName){
@@ -175,22 +175,12 @@ trait RepositorySettingsControllerBase extends ControllerBase {
      repository)
  })
-  /**
+  post("/:owner/:repository/settings/collaborators")(ownerOnly { repository =>
-   * Add the collaborator.
+    val collaborators = params("collaborators")
-   */
+    removeCollaborators(repository.owner, repository.name)
-  post("/:owner/:repository/settings/collaborators/add", collaboratorForm)(ownerOnly { (form, repository) =>
+    collaborators.split(",").withFilter(_.nonEmpty).map { collaborator =>
-    if(!getAccountByUserName(repository.owner).get.isGroupAccount){
+      val userName :: role :: Nil = collaborator.split(":").toList
-      addCollaborator(repository.owner, repository.name, form.userName)
+      addCollaborator(repository.owner, repository.name, userName, role)
    }
    redirect(s"/${repository.owner}/${repository.name}/settings/collaborators")
  })
  /**
   * Add the collaborator.
   */
  get("/:owner/:repository/settings/collaborators/remove")(ownerOnly { repository =>
    if(!getAccountByUserName(repository.owner).get.isGroupAccount){
      removeCollaborator(repository.owner, repository.name, params("name"))
    }
    redirect(s"/${repository.owner}/${repository.name}/settings/collaborators")
  })
@@ -248,7 +238,7 @@ trait RepositorySettingsControllerBase extends ControllerBase {
      val dummyWebHookInfo = WebHook(repository.owner, repository.name, url, ctype, token)
      val dummyPayload = {
        val ownerAccount = getAccountByUserName(repository.owner).get
-        val commits = if(repository.commitCount == 0) List.empty else git.log
+        val commits = if(JGitUtil.isEmpty(git)) List.empty else git.log
          .add(git.getRepository.resolve(repository.repository.defaultBranch))
          .setMaxCount(4)
          .call.iterator.asScala.map(new CommitInfo(_)).toList
@@ -297,7 +287,7 @@ trait RepositorySettingsControllerBase extends ControllerBase {
  get("/:owner/:repository/settings/hooks/edit")(ownerOnly { repository =>
    getWebHook(repository.owner, repository.name, params("url")).map{ case (webhook, events) =>
      html.edithooks(webhook, events, repository, flash.get("info"), false)
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
  /**
@@ -394,20 +384,20 @@ trait RepositorySettingsControllerBase extends ControllerBase {
    }
  }
-  /**
+//  /**
-   * Provides Constraint to validate the collaborator name.
+//   * Provides Constraint to validate the collaborator name.
-   */
+//   */
-  private def collaborator: Constraint = new Constraint(){
+//  private def collaborator: Constraint = new Constraint(){
-    override def validate(name: String, value: String, messages: Messages): Option[String] =
+//    override def validate(name: String, value: String, messages: Messages): Option[String] =
-      getAccountByUserName(value) match {
+//      getAccountByUserName(value) match {
-        case None => Some("User does not exist.")
+//        case None => Some("User does not exist.")
-        case Some(x) if(x.isGroupAccount)
+////        case Some(x) if(x.isGroupAccount)
-                  => Some("User does not exist.")
+////                  => Some("User does not exist.")
-        case Some(x) if(x.userName == params("owner") || getCollaborators(params("owner"), params("repository")).contains(x.userName))
+//        case Some(x) if(x.userName == params("owner") || getCollaborators(params("owner"), params("repository")).contains(x.userName))
-                  => Some("User can access this repository already.")
+//                  => Some(value + " is repository owner.") // TODO also group members?
-        case _    => None
+//        case _    => None
-      }
+//      }
-  }
+//  }
  /**
   * Duplicate check for the rename repository name.
@@ -421,6 +411,15 @@ trait RepositorySettingsControllerBase extends ControllerBase {
      }
  }
  /**
   *
   */
  private def featureOption: Constraint = new Constraint(){
    override def validate(name: String, value: String, params: Map[String, String], messages: Messages): Option[String] =
      if(Seq("DISABLE", "PRIVATE", "PUBLIC", "ALL").contains(value)) None else Some("Option is invalid.")
  }
  /**
   * Provides Constraint to validate the repository transfer user.
   */
--- a/src/main/scala/gitbucket/core/controller/RepositoryViewerController.scala
+++ b/src/main/scala/gitbucket/core/controller/RepositoryViewerController.scala
@@ -1,6 +1,7 @@
 package gitbucket.core.controller
-import javax.servlet.http.{HttpServletResponse, HttpServletRequest}
+import java.io.FileInputStream
 import javax.servlet.http.{HttpServletRequest, HttpServletResponse}
 import gitbucket.core.plugin.PluginRegistry
 import gitbucket.core.repo.html
@@ -16,9 +17,8 @@ import gitbucket.core.model.{Account, WebHook}
 import gitbucket.core.service.WebHookService._
 import gitbucket.core.view
 import gitbucket.core.view.helpers
 import io.github.gitbucket.scalatra.forms._
-import org.apache.commons.io.FileUtils
+import org.apache.commons.io.IOUtils
 import org.eclipse.jgit.api.{ArchiveCommand, Git}
 import org.eclipse.jgit.archive.{TgzFormat, ZipFormat}
 import org.eclipse.jgit.dircache.DirCache
@@ -31,7 +31,7 @@ import org.scalatra._
 class RepositoryViewerController extends RepositoryViewerControllerBase
  with RepositoryService with AccountService with ActivityService with IssuesService with WebHookService with CommitsService
-  with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with CommitStatusService
+  with ReadableUsersAuthenticator with ReferrerAuthenticator with WritableUsersAuthenticator with PullRequestService with CommitStatusService
  with WebHookPullRequestService with WebHookPullRequestReviewCommentService with ProtectedBranchService
 /**
@@ -39,7 +39,7 @@ class RepositoryViewerController extends RepositoryViewerControllerBase
 */
 trait RepositoryViewerControllerBase extends ControllerBase {
  self: RepositoryService with AccountService with ActivityService with IssuesService with WebHookService with CommitsService
-    with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with CommitStatusService
+    with ReadableUsersAuthenticator with ReferrerAuthenticator with WritableUsersAuthenticator with PullRequestService with CommitStatusService
    with WebHookPullRequestService with WebHookPullRequestReviewCommentService with ProtectedBranchService =>
  ArchiveCommand.registerFormat("zip", new ZipFormat)
@@ -102,7 +102,18 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   */
  post("/:owner/:repository/_preview")(referrersOnly { repository =>
    contentType = "text/html"
-    helpers.markdown(
+    val filename = params.get("filename")
    filename match {
      case Some(f) => helpers.renderMarkup(
          filePath = List(f),
          fileContent = params("content"),
          branch = "master",
          repository = repository,
          enableWikiLink = params("enableWikiLink").toBoolean,
          enableRefsLink = params("enableRefsLink").toBoolean,
          enableAnchor = false
        )
      case None => helpers.markdown(
          markdown = params("content"),
          repository = repository,
          enableWikiLink = params("enableWikiLink").toBoolean,
@@ -110,22 +121,28 @@ trait RepositoryViewerControllerBase extends ControllerBase {
          enableLineBreaks = params("enableLineBreaks").toBoolean,
          enableTaskList = params("enableTaskList").toBoolean,
          enableAnchor = false,
-      hasWritePermission = hasWritePermission(repository.owner, repository.name, context.loginAccount)
+          hasWritePermission = hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
        )
    }
  })
  /**
   * Displays the file list of the repository root and the default branch.
   */
-  get("/:owner/:repository")(referrersOnly {
+  get("/:owner/:repository") {
-    fileList(_)
+    params.get("go-get") match {
-  })
+      case Some("1") => defining(request.paths){ paths =>
        getRepository(paths(0), paths(1)).map(gitbucket.core.html.goget(_))getOrElse NotFound()
      }
      case _ => referrersOnly(fileList(_))
    }
  }
  /**
   * Displays the file list of the specified path and branch.
   */
  get("/:owner/:repository/tree/*")(referrersOnly { repository =>
-    val (id, path) = splitPath(repository, multiParams("splat").head)
+    val (id, path) = repository.splitPath(multiParams("splat").head)
    if(path.isEmpty){
      fileList(repository, id)
    } else {
@@ -137,7 +154,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   * Displays the commit list of the specified resource.
   */
  get("/:owner/:repository/commits/*")(referrersOnly { repository =>
-    val (branchName, path) = splitPath(repository, multiParams("splat").head)
+    val (branchName, path) = repository.splitPath(multiParams("splat").head)
    val page = params.get("page").flatMap(_.toIntOpt).getOrElse(1)
    using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
@@ -146,22 +163,22 @@ trait RepositoryViewerControllerBase extends ControllerBase {
          html.commits(if(path.isEmpty) Nil else path.split("/").toList, branchName, repository,
            logs.splitWith{ (commit1, commit2) =>
              view.helpers.date(commit1.commitTime) == view.helpers.date(commit2.commitTime)
-            }, page, hasNext, hasWritePermission(repository.owner, repository.name, context.loginAccount))
+            }, page, hasNext, hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
-        case Left(_) => NotFound
+        case Left(_) => NotFound()
      }
    }
  })
-  get("/:owner/:repository/new/*")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/new/*")(writableUsersOnly { repository =>
-    val (branch, path) = splitPath(repository, multiParams("splat").head)
+    val (branch, path) = repository.splitPath(multiParams("splat").head)
    val protectedBranch = getProtectedBranchInfo(repository.owner, repository.name, branch).needStatusCheck(context.loginAccount.get.userName)
    html.editor(branch, repository, if(path.length == 0) Nil else path.split("/").toList,
      None, JGitUtil.ContentInfo("text", None, Some("UTF-8")),
      protectedBranch)
  })
-  get("/:owner/:repository/edit/*")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/edit/*")(writableUsersOnly { repository =>
-    val (branch, path) = splitPath(repository, multiParams("splat").head)
+    val (branch, path) = repository.splitPath(multiParams("splat").head)
    val protectedBranch = getProtectedBranchInfo(repository.owner, repository.name, branch).needStatusCheck(context.loginAccount.get.userName)
    using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
@@ -172,12 +189,12 @@ trait RepositoryViewerControllerBase extends ControllerBase {
        html.editor(branch, repository, paths.take(paths.size - 1).toList, Some(paths.last),
          JGitUtil.getContentInfo(git, path, objectId),
          protectedBranch)
-      } getOrElse NotFound
+      } getOrElse NotFound()
    }
  })
-  get("/:owner/:repository/remove/*")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/remove/*")(writableUsersOnly { repository =>
-    val (branch, path) = splitPath(repository, multiParams("splat").head)
+    val (branch, path) = repository.splitPath(multiParams("splat").head)
    using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
      val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(branch))
@@ -185,11 +202,11 @@ trait RepositoryViewerControllerBase extends ControllerBase {
        val paths = path.split("/")
        html.delete(branch, repository, paths.take(paths.size - 1).toList, paths.last,
          JGitUtil.getContentInfo(git, path, objectId))
-      } getOrElse NotFound
+      } getOrElse NotFound()
    }
  })
-  post("/:owner/:repository/create", editorForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/create", editorForm)(writableUsersOnly { (form, repository) =>
    commitFile(
      repository  = repository,
      branch      = form.branch,
@@ -206,7 +223,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
    }")
  })
-  post("/:owner/:repository/update", editorForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/update", editorForm)(writableUsersOnly { (form, repository) =>
    commitFile(
      repository  = repository,
      branch      = form.branch,
@@ -227,7 +244,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
    }")
  })
-  post("/:owner/:repository/remove", deleteForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/remove", deleteForm)(writableUsersOnly { (form, repository) =>
    commitFile(repository, form.branch, form.path, None, Some(form.fileName), "", "",
      form.message.getOrElse(s"Delete ${form.fileName}"))
@@ -235,17 +252,13 @@ trait RepositoryViewerControllerBase extends ControllerBase {
  })
  get("/:owner/:repository/raw/*")(referrersOnly { repository =>
-    val (id, path) = splitPath(repository, multiParams("splat").head)
+    val (id, path) = repository.splitPath(multiParams("splat").head)
    using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
      val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(id))
-      getPathObjectId(git, path, revCommit).flatMap { objectId =>
+
-        JGitUtil.getObjectLoaderFromId(git, objectId){ loader =>
+      getPathObjectId(git, path, revCommit).map { objectId =>
-          contentType = FileUtil.getMimeType(path)
+        responseRawFile(git, objectId, path, repository)
-          response.setContentLength(loader.getSize.toInt)
+      } getOrElse NotFound()
          loader.copyTo(response.outputStream)
          ()
        }
      } getOrElse NotFound
    }
  })
@@ -253,30 +266,69 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   * Displays the file content of the specified branch or commit.
   */
  val blobRoute = get("/:owner/:repository/blob/*")(referrersOnly { repository =>
-    val (id, path) = splitPath(repository, multiParams("splat").head)
+    val (id, path) = repository.splitPath(multiParams("splat").head)
    val raw = params.get("raw").getOrElse("false").toBoolean
    using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
      val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(id))
      getPathObjectId(git, path, revCommit).map { objectId =>
        if(raw){
          // Download (This route is left for backword compatibility)
-          JGitUtil.getObjectLoaderFromId(git, objectId){ loader =>
+          responseRawFile(git, objectId, path, repository)
            contentType = FileUtil.getMimeType(path)
            response.setContentLength(loader.getSize.toInt)
            loader.copyTo(response.outputStream)
            ()
          } getOrElse NotFound
        } else {
          html.blob(id, repository, path.split("/").toList,
            JGitUtil.getContentInfo(git, path, objectId),
            new JGitUtil.CommitInfo(JGitUtil.getLastModifiedCommit(git, revCommit, path)),
-            hasWritePermission(repository.owner, repository.name, context.loginAccount),
+            hasDeveloperRole(repository.owner, repository.name, context.loginAccount),
-            request.paths(2) == "blame")
+            request.paths(2) == "blame",
            isLfsFile(git, objectId))
        }
-      } getOrElse NotFound
+      } getOrElse NotFound()
    }
  })
  private def isLfsFile(git: Git, objectId: ObjectId): Boolean = {
    JGitUtil.getObjectLoaderFromId(git, objectId){ loader =>
      if(loader.isLarge){
        false
      } else {
        new String(loader.getCachedBytes, "UTF-8").startsWith("version https://git-lfs.github.com/spec/v1")
      }
    }.getOrElse(false)
  }
  private def responseRawFile(git: Git, objectId: ObjectId, path: String,
                              repository: RepositoryService.RepositoryInfo): Unit = {
    JGitUtil.getObjectLoaderFromId(git, objectId){ loader =>
      contentType = FileUtil.getMimeType(path)
      if(loader.isLarge){
        response.setContentLength(loader.getSize.toInt)
        loader.copyTo(response.outputStream)
      } else {
        val bytes = loader.getCachedBytes
        val text = new String(bytes, "UTF-8")
        if(text.startsWith("version https://git-lfs.github.com/spec/v1")){
          // LFS objects
          val attrs = text.split("\n").map { line =>
            val dim = line.split(" ")
            dim(0) -> dim(1)
          }.toMap
          response.setContentLength(attrs("size").toInt)
          val oid = attrs("oid").split(":")(1)
          using(new FileInputStream(FileUtil.getLfsFilePath(repository.owner, repository.name, oid))){ in =>
            IOUtils.copy(in, response.getOutputStream)
          }
        } else {
          response.setContentLength(loader.getSize.toInt)
          response.getOutputStream.write(bytes)
        }
      }
    }
  }
  get("/:owner/:repository/blame/*"){
    blobRoute.action()
  }
@@ -285,7 +337,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   * Blame data.
   */
  ajaxGet("/:owner/:repository/get-blame/*")(referrersOnly { repository =>
-    val (id, path) = splitPath(repository, multiParams("splat").head)
+    val (id, path) = repository.splitPath(multiParams("splat").head)
    contentType = formats("json")
    using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
      val last = git.log.add(git.getRepository.resolve(id)).addPath(path).setMaxCount(1).call.iterator.next.name
@@ -323,13 +375,13 @@ trait RepositoryViewerControllerBase extends ControllerBase {
              html.commit(id, new JGitUtil.CommitInfo(revCommit),
                JGitUtil.getBranchesOfCommit(git, revCommit.getName),
                JGitUtil.getTagsOfCommit(git, revCommit.getName),
-                getCommitComments(repository.owner, repository.name, id, false),
+                getCommitComments(repository.owner, repository.name, id, true),
-                repository, diffs, oldCommitId, hasWritePermission(repository.owner, repository.name, context.loginAccount))
+                repository, diffs, oldCommitId, hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
          }
        }
      }
    } catch {
-      case e:MissingObjectException => NotFound
+      case e:MissingObjectException => NotFound()
    }
  })
@@ -353,7 +405,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
    html.commentform(
      commitId = id,
      fileName, oldLineNumber, newLineNumber, issueId,
-      hasWritePermission = hasWritePermission(repository.owner, repository.name, context.loginAccount),
+      hasWritePermission = hasDeveloperRole(repository.owner, repository.name, context.loginAccount),
      repository = repository
    )
  })
@@ -369,15 +421,14 @@ trait RepositoryViewerControllerBase extends ControllerBase {
        callPullRequestReviewCommentWebHook("create", comment, repository, issueId, context.baseUrl, context.loginAccount.get)
      case None => recordCommentCommitActivity(repository.owner, repository.name, context.loginAccount.get.userName, id, form.content)
    }
-    helper.html.commitcomment(comment, hasWritePermission(repository.owner, repository.name, context.loginAccount), repository)
+    helper.html.commitcomment(comment, hasDeveloperRole(repository.owner, repository.name, context.loginAccount), repository)
  })
  ajaxGet("/:owner/:repository/commit_comments/_data/:id")(readableUsersOnly { repository =>
    getCommitComment(repository.owner, repository.name, params("id")) map { x =>
      if(isEditable(x.userName, x.repositoryName, x.commentedUserName)){
        params.get("dataType") collect {
-          case t if t == "html" => html.editcomment(
+          case t if t == "html" => html.editcomment(x.content, x.commentId, repository)
            x.content, x.commentId, x.userName, x.repositoryName)
        } getOrElse {
          contentType = formats("json")
          org.json4s.jackson.Serialization.write(
@@ -389,12 +440,12 @@ trait RepositoryViewerControllerBase extends ControllerBase {
                enableRefsLink = true,
                enableAnchor = true,
                enableLineBreaks = true,
-                hasWritePermission = isEditable(x.userName, x.repositoryName, x.commentedUserName)
+                hasWritePermission = true
              )
            ))
        }
-      } else Unauthorized
+      } else Unauthorized()
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
  ajaxPost("/:owner/:repository/commit_comments/edit/:id", commentForm)(readableUsersOnly { (form, repository) =>
@@ -403,8 +454,8 @@ trait RepositoryViewerControllerBase extends ControllerBase {
        if(isEditable(owner, name, comment.commentedUserName)){
          updateCommitComment(comment.commentId, form.content)
          redirect(s"/${owner}/${name}/commit_comments/_data/${comment.commentId}")
-        } else Unauthorized
+        } else Unauthorized()
-      } getOrElse NotFound
+      } getOrElse NotFound()
    }
  })
@@ -413,8 +464,8 @@ trait RepositoryViewerControllerBase extends ControllerBase {
      getCommitComment(owner, name, params("id")).map { comment =>
        if(isEditable(owner, name, comment.commentedUserName)){
          Ok(deleteCommitComment(comment.commentId))
-        } else Unauthorized
+        } else Unauthorized()
-      } getOrElse NotFound
+      } getOrElse NotFound()
    }
  })
@@ -433,13 +484,13 @@ trait RepositoryViewerControllerBase extends ControllerBase {
    .map(br => (br, getPullRequestByRequestCommit(repository.owner, repository.name, repository.repository.defaultBranch, br.name, br.commitId), protectedBranches.contains(br.name)))
    .reverse
-    html.branches(branches, hasWritePermission(repository.owner, repository.name, context.loginAccount), repository)
+    html.branches(branches, hasDeveloperRole(repository.owner, repository.name, context.loginAccount), repository)
  })
  /**
   * Creates a branch.
   */
-  post("/:owner/:repository/branches")(collaboratorsOnly { repository =>
+  post("/:owner/:repository/branches")(writableUsersOnly { repository =>
    val newBranchName = params.getOrElse("new", halt(400))
    val fromBranchName = params.getOrElse("from", halt(400))
    using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
@@ -457,7 +508,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
  /**
   * Deletes branch.
   */
-  get("/:owner/:repository/delete/*")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/delete/*")(writableUsersOnly { repository =>
    val branchName = multiParams("splat").head
    val userName   = context.loginAccount.get.userName
    if(repository.repository.defaultBranch != branchName){
@@ -485,11 +536,12 @@ trait RepositoryViewerControllerBase extends ControllerBase {
        archiveRepository(name, ".zip", repository)
      case name if name.endsWith(".tar.gz") =>
        archiveRepository(name, ".tar.gz", repository)
-      case _ => BadRequest
+      case _ => BadRequest()
    }
  })
  get("/:owner/:repository/network/members")(referrersOnly { repository =>
    if(repository.repository.options.allowFork) {
      html.forked(
        getRepository(
          repository.repository.originUserName.getOrElse(repository.owner),
@@ -502,6 +554,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
          case account: Option[Account] => getGroupsByUserName(account.get.userName)
        }, // groups of current user
        repository)
    } else BadRequest()
  })
  /**
@@ -512,7 +565,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
      val ref = multiParams("splat").head
      JGitUtil.getTreeId(git, ref).map{ treeId =>
        html.find(ref, treeId, repository)
-      } getOrElse NotFound
+      } getOrElse NotFound()
    }
  })
@@ -527,17 +580,6 @@ trait RepositoryViewerControllerBase extends ControllerBase {
    }
  })
  private def splitPath(repository: RepositoryService.RepositoryInfo, path: String): (String, String) = {
    val id = repository.branchList.collectFirst {
      case branch if(path == branch || path.startsWith(branch + "/")) => branch
    } orElse repository.tags.collectFirst {
      case tag if(path == tag.name || path.startsWith(tag.name + "/")) => tag.name
    } getOrElse path.split("/")(0)
    (id, path.substring(id.length).stripPrefix("/"))
  }
  private val readmeFiles = PluginRegistry().renderableExtensions.map { extension =>
    s"readme.${extension}"
  } ++ Seq("readme.txt", "readme")
@@ -551,10 +593,10 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   * @return HTML of the file list
   */
  private def fileList(repository: RepositoryService.RepositoryInfo, revstr: String = "", path: String = ".") = {
    if(repository.commitCount == 0){
      html.guide(repository, hasWritePermission(repository.owner, repository.name, context.loginAccount))
    } else {
    using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
      if(JGitUtil.isEmpty(git)){
        html.guide(repository, hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
      } else {
        // get specified commit
        JGitUtil.getDefaultBranch(git, repository, revstr).map { case (objectId, revision) =>
          defining(JGitUtil.getRevCommitFromId(git, objectId)) { revCommit =>
@@ -574,11 +616,16 @@ trait RepositoryViewerControllerBase extends ControllerBase {
            html.files(revision, repository,
              if(path == ".") Nil else path.split("/").toList, // current path
              new JGitUtil.CommitInfo(lastModifiedCommit), // last modified commit
-              files, readme, hasWritePermission(repository.owner, repository.name, context.loginAccount),
+              JGitUtil.getCommitCount(repository.owner, repository.name, revision),
              files,
              readme,
              hasDeveloperRole(repository.owner, repository.name, context.loginAccount),
              getPullRequestFromBranch(repository.owner, repository.name, revstr, repository.repository.defaultBranch),
-              flash.get("info"), flash.get("error"))
+              flash.get("info"),
              flash.get("error")
            )
          }
-        } getOrElse NotFound
+        } getOrElse NotFound()
      }
    }
  }
@@ -598,14 +645,18 @@ trait RepositoryViewerControllerBase extends ControllerBase {
        val headName = s"refs/heads/${branch}"
        val headTip  = git.getRepository.resolve(headName)
-        JGitUtil.processTree(git, headTip){ (path, tree) =>
+        val permission = JGitUtil.processTree(git, headTip){ (path, tree) =>
          // Add all entries except the editing file
          if(!newPath.exists(_ == path) && !oldPath.exists(_ == path)){
            builder.add(JGitUtil.createDirCacheEntry(path, tree.getEntryFileMode, tree.getEntryObjectId))
          }
-        }
+          // Retrieve permission if file exists to keep it
          oldPath.collect { case x if x == path => tree.getEntryFileMode.getBits }
        }.flatten.headOption
        newPath.foreach { newPath =>
-          builder.add(JGitUtil.createDirCacheEntry(newPath, FileMode.REGULAR_FILE,
+          builder.add(JGitUtil.createDirCacheEntry(newPath,
            permission.map { bits => FileMode.fromBits(bits) } getOrElse FileMode.REGULAR_FILE,
            inserter.insert(Constants.OBJ_BLOB, content.getBytes(charset))))
        }
        builder.finish()
@@ -628,8 +679,11 @@ trait RepositoryViewerControllerBase extends ControllerBase {
        updatePullRequests(repository.owner, repository.name, branch)
        // record activity
-        recordPushActivity(repository.owner, repository.name, loginAccount.userName, branch,
+        val commitInfo = new CommitInfo(JGitUtil.getRevCommitFromId(git, commitId))
-          List(new CommitInfo(JGitUtil.getRevCommitFromId(git, commitId))))
+        recordPushActivity(repository.owner, repository.name, loginAccount.userName, branch, List(commitInfo))
        // create issue comment by commit message
        createIssueComment(repository.owner, repository.name, commitInfo)
        // close issue by commit message
        closeIssuesFromMessage(message, loginAccount.userName, repository.owner, repository.name)
@@ -664,11 +718,6 @@ trait RepositoryViewerControllerBase extends ControllerBase {
  private def archiveRepository(name: String, suffix: String, repository: RepositoryService.RepositoryInfo): Unit = {
    val revision = name.stripSuffix(suffix)
    val workDir = getDownloadWorkDir(repository.owner, repository.name, session.getId)
    if(workDir.exists) {
      FileUtils.deleteDirectory(workDir)
    }
    workDir.mkdirs
    val filename = repository.name + "-" +
      (if(revision.length == 40) revision.substring(0, 10) else revision).replace('/', '_') + suffix
@@ -682,14 +731,14 @@ trait RepositoryViewerControllerBase extends ControllerBase {
      git.archive
         .setFormat(suffix.tail)
-         .setTree(revCommit.getTree)
+         .setTree(revCommit)
         .setOutputStream(response.getOutputStream)
         .call()
    }
  }
  private def isEditable(owner: String, repository: String, author: String)(implicit context: Context): Boolean =
-    hasWritePermission(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
+    hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
  override protected def renderUncaughtException(e: Throwable)(implicit request: HttpServletRequest, response: HttpServletResponse): Unit = {
    e.printStackTrace()
--- a/src/main/scala/gitbucket/core/controller/SystemSettingsController.scala
+++ b/src/main/scala/gitbucket/core/controller/SystemSettingsController.scala
@@ -14,7 +14,6 @@ import gitbucket.core.util.Directory._
 import gitbucket.core.util.StringUtil._
 import io.github.gitbucket.scalatra.forms._
 import org.apache.commons.io.{FileUtils, IOUtils}
 import org.apache.commons.mail.{DefaultAuthenticator, HtmlEmail}
 import org.scalatra.i18n.Messages
 class SystemSettingsController extends SystemSettingsControllerBase
@@ -42,6 +41,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
        "user"                     -> trim(label("SMTP User", optional(text()))),
        "password"                 -> trim(label("SMTP Password", optional(text()))),
        "ssl"                      -> trim(label("Enable SSL", optional(boolean()))),
        "starttls"                 -> trim(label("Enable STARTTLS", optional(boolean()))),
        "fromAddress"              -> trim(label("FROM Address", optional(text()))),
        "fromName"                 -> trim(label("FROM Name", optional(text())))
    )(Smtp.apply)),
@@ -78,6 +78,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
      "user"        -> trim(label("SMTP User", optional(text()))),
      "password"    -> trim(label("SMTP Password", optional(text()))),
      "ssl"         -> trim(label("Enable SSL", optional(boolean()))),
      "starttls"    -> trim(label("Enable STARTTLS", optional(boolean()))),
      "fromAddress" -> trim(label("FROM Address", optional(text()))),
      "fromName"    -> trim(label("FROM Name", optional(text())))
    )(Smtp.apply),
@@ -90,25 +91,26 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
  case class NewUserForm(userName: String, password: String, fullName: String,
                         mailAddress: String, isAdmin: Boolean,
-                         url: Option[String], fileId: Option[String])
+                         description: Option[String], url: Option[String], fileId: Option[String])
  case class EditUserForm(userName: String, password: Option[String], fullName: String,
-                          mailAddress: String, isAdmin: Boolean, url: Option[String],
+                          mailAddress: String, isAdmin: Boolean, description: Option[String], url: Option[String],
                          fileId: Option[String], clearImage: Boolean, isRemoved: Boolean)
-  case class NewGroupForm(groupName: String, url: Option[String], fileId: Option[String],
+  case class NewGroupForm(groupName: String, description: Option[String], url: Option[String], fileId: Option[String],
                          members: String)
-  case class EditGroupForm(groupName: String, url: Option[String], fileId: Option[String],
+  case class EditGroupForm(groupName: String, description: Option[String], url: Option[String], fileId: Option[String],
                           members: String, clearImage: Boolean, isRemoved: Boolean)
  val newUserForm = mapping(
-    "userName"    -> trim(label("Username"     ,text(required, maxlength(100), identifier, uniqueUserName))),
+    "userName"    -> trim(label("Username"     ,text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
    "password"    -> trim(label("Password"     ,text(required, maxlength(20)))),
    "fullName"    -> trim(label("Full Name"    ,text(required, maxlength(100)))),
    "mailAddress" -> trim(label("Mail Address" ,text(required, maxlength(100), uniqueMailAddress()))),
    "isAdmin"     -> trim(label("User Type"    ,boolean())),
    "description" -> trim(label("bio"          ,optional(text()))),
    "url"         -> trim(label("URL"          ,optional(text(maxlength(200))))),
    "fileId"      -> trim(label("File ID"      ,optional(text())))
  )(NewUserForm.apply)
@@ -119,6 +121,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
    "fullName"    -> trim(label("Full Name"    ,text(required, maxlength(100)))),
    "mailAddress" -> trim(label("Mail Address" ,text(required, maxlength(100), uniqueMailAddress("userName")))),
    "isAdmin"     -> trim(label("User Type"    ,boolean())),
    "description" -> trim(label("bio"          ,optional(text()))),
    "url"         -> trim(label("URL"          ,optional(text(maxlength(200))))),
    "fileId"      -> trim(label("File ID"      ,optional(text()))),
    "clearImage"  -> trim(label("Clear image"  ,boolean())),
@@ -126,7 +129,8 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
  )(EditUserForm.apply)
  val newGroupForm = mapping(
-    "groupName" -> trim(label("Group name" ,text(required, maxlength(100), identifier, uniqueUserName))),
+    "groupName" -> trim(label("Group name" ,text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
    "description" -> trim(label("Group description", optional(text()))),
    "url"       -> trim(label("URL"        ,optional(text(maxlength(200))))),
    "fileId"    -> trim(label("File ID"    ,optional(text()))),
    "members"   -> trim(label("Members"    ,text(required, members)))
@@ -134,6 +138,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
  val editGroupForm = mapping(
    "groupName"  -> trim(label("Group name"  ,text(required, maxlength(100), identifier))),
    "description" -> trim(label("Group description", optional(text()))),
    "url"        -> trim(label("URL"         ,optional(text(maxlength(200))))),
    "fileId"     -> trim(label("File ID"     ,optional(text()))),
    "members"    -> trim(label("Members"     ,text(required, members))),
@@ -165,7 +170,8 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
  post("/admin/system/sendmail", sendMailForm)(adminOnly { form =>
    try {
      new Mailer(form.smtp).send(form.testAddress,
-        "Test message from GitBucket", "This is a test message from GitBucket.")
+        "Test message from GitBucket", "This is a test message from GitBucket.",
        context.loginAccount.get)
      "Test mail has been sent to: " + form.testAddress
@@ -194,7 +200,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
  })
  post("/admin/users/_newuser", newUserForm)(adminOnly { form =>
-    createAccount(form.userName, sha1(form.password), form.fullName, form.mailAddress, form.isAdmin, form.url)
+    createAccount(form.userName, sha1(form.password), form.fullName, form.mailAddress, form.isAdmin, form.description, form.url)
    updateImage(form.userName, form.fileId, false)
    redirect("/admin/users")
  })
@@ -228,13 +234,14 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
          fullName     = form.fullName,
          mailAddress  = form.mailAddress,
          isAdmin      = form.isAdmin,
          description  = form.description,
          url          = form.url,
          isRemoved    = form.isRemoved))
        updateImage(userName, form.fileId, form.clearImage)
        redirect("/admin/users")
      }
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
  get("/admin/users/_newgroup")(adminOnly {
@@ -242,7 +249,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
  })
  post("/admin/users/_newgroup", newGroupForm)(adminOnly { form =>
-    createGroup(form.groupName, form.url)
+    createGroup(form.groupName, form.description, form.url)
    updateGroupMembers(form.groupName, form.members.split(",").map {
      _.split(":") match {
        case Array(userName, isManager) => (userName, isManager.toBoolean)
@@ -265,7 +272,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
      }
    }.toList){ case (groupName, members) =>
      getAccountByUserName(groupName, true).map { account =>
-        updateGroup(groupName, form.url, form.isRemoved)
+        updateGroup(groupName, form.url, form.description, form.isRemoved)
        if(form.isRemoved){
          // Remove from GROUP_MEMBER
@@ -280,19 +287,19 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
        } else {
          // Update GROUP_MEMBER
          updateGroupMembers(form.groupName, members)
-          // Update COLLABORATOR for group repositories
+//          // Update COLLABORATOR for group repositories
-          getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
+//          getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
-            removeCollaborators(form.groupName, repositoryName)
+//            removeCollaborators(form.groupName, repositoryName)
-            members.foreach { case (userName, isManager) =>
+//            members.foreach { case (userName, isManager) =>
-              addCollaborator(form.groupName, repositoryName, userName)
+//              addCollaborator(form.groupName, repositoryName, userName)
-            }
+//            }
-          }
+//          }
        }
        updateImage(form.groupName, form.fileId, form.clearImage)
        redirect("/admin/users")
-      } getOrElse NotFound
+      } getOrElse NotFound()
    }
  })
@@ -304,12 +311,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
  post("/admin/export")(adminOnly {
    import gitbucket.core.util.JDBCUtil._
-    val session = request2Session(request)
+    val file = request2Session(request).conn.exportAsSQL(request.getParameterValues("tableNames").toSeq)
    val file = if(params("type") == "sql"){
      session.conn.exportAsSQL(request.getParameterValues("tableNames").toSeq)
    } else {
      session.conn.exportAsXML(request.getParameterValues("tableNames").toSeq)
    }
    contentType = "application/octet-stream"
    response.setHeader("Content-Disposition", "attachment; filename=" + file.getName)
--- a/src/main/scala/gitbucket/core/controller/WikiController.scala
+++ b/src/main/scala/gitbucket/core/controller/WikiController.scala
@@ -14,10 +14,10 @@ import org.scalatra.i18n.Messages
 class WikiController extends WikiControllerBase 
  with WikiService with RepositoryService with AccountService with ActivityService
-  with CollaboratorsAuthenticator with ReferrerAuthenticator
+  with ReadableUsersAuthenticator with ReferrerAuthenticator
 trait WikiControllerBase extends ControllerBase {
-  self: WikiService with RepositoryService with ActivityService with CollaboratorsAuthenticator with ReferrerAuthenticator =>
+  self: WikiService with RepositoryService with ActivityService with ReadableUsersAuthenticator with ReferrerAuthenticator =>
  case class WikiPageEditForm(pageName: String, content: String, message: Option[String], currentPageName: String, id: String)
@@ -62,7 +62,7 @@ trait WikiControllerBase extends ControllerBase {
    using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))){ git =>
      JGitUtil.getCommitLog(git, "master", path = pageName + ".md") match {
-        case Right((logs, hasNext)) => html.history(Some(pageName), logs, repository)
+        case Right((logs, hasNext)) => html.history(Some(pageName), logs, repository, isEditable(repository))
        case Left(_) => NotFound()
      }
    }
@@ -87,7 +87,7 @@ trait WikiControllerBase extends ControllerBase {
    }
  })
-  get("/:owner/:repository/wiki/:page/_revert/:commitId")(referrersOnly { repository =>
+  get("/:owner/:repository/wiki/:page/_revert/:commitId")(readableUsersOnly { repository =>
    if(isEditable(repository)){
      val pageName = StringUtil.urlDecode(params("page"))
      val Array(from, to) = params("commitId").split("\\.\\.\\.")
@@ -101,7 +101,7 @@ trait WikiControllerBase extends ControllerBase {
    } else Unauthorized()
  })
-  get("/:owner/:repository/wiki/_revert/:commitId")(referrersOnly { repository =>
+  get("/:owner/:repository/wiki/_revert/:commitId")(readableUsersOnly { repository =>
    if(isEditable(repository)){
      val Array(from, to) = params("commitId").split("\\.\\.\\.")
@@ -114,14 +114,14 @@ trait WikiControllerBase extends ControllerBase {
    } else Unauthorized()
  })
-  get("/:owner/:repository/wiki/:page/_edit")(referrersOnly { repository =>
+  get("/:owner/:repository/wiki/:page/_edit")(readableUsersOnly { repository =>
    if(isEditable(repository)){
      val pageName = StringUtil.urlDecode(params("page"))
      html.edit(pageName, getWikiPage(repository.owner, repository.name, pageName), repository)
    } else Unauthorized()
  })
-  post("/:owner/:repository/wiki/_edit", editForm)(referrersOnly { (form, repository) =>
+  post("/:owner/:repository/wiki/_edit", editForm)(readableUsersOnly { (form, repository) =>
    if(isEditable(repository)){
      defining(context.loginAccount.get){ loginAccount =>
        saveWikiPage(
@@ -146,13 +146,13 @@ trait WikiControllerBase extends ControllerBase {
    } else Unauthorized()
  })
-  get("/:owner/:repository/wiki/_new")(referrersOnly { repository =>
+  get("/:owner/:repository/wiki/_new")(readableUsersOnly { repository =>
    if(isEditable(repository)){
      html.edit("", None, repository)
    } else Unauthorized()
  })
-  post("/:owner/:repository/wiki/_new", newForm)(referrersOnly { (form, repository) =>
+  post("/:owner/:repository/wiki/_new", newForm)(readableUsersOnly { (form, repository) =>
    if(isEditable(repository)){
      defining(context.loginAccount.get){ loginAccount =>
        saveWikiPage(repository.owner, repository.name, form.currentPageName, form.pageName,
@@ -170,7 +170,7 @@ trait WikiControllerBase extends ControllerBase {
    } else Unauthorized()
  })
-  get("/:owner/:repository/wiki/:page/_delete")(referrersOnly { repository =>
+  get("/:owner/:repository/wiki/:page/_delete")(readableUsersOnly { repository =>
    if(isEditable(repository)){
      val pageName = StringUtil.urlDecode(params("page"))
@@ -190,7 +190,7 @@ trait WikiControllerBase extends ControllerBase {
  get("/:owner/:repository/wiki/_history")(referrersOnly { repository =>
    using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))){ git =>
      JGitUtil.getCommitLog(git, "master") match {
-        case Right((logs, hasNext)) => html.history(None, logs, repository)
+        case Right((logs, hasNext)) => html.history(None, logs, repository, isEditable(repository))
        case Left(_) => NotFound()
      }
    }
@@ -201,7 +201,7 @@ trait WikiControllerBase extends ControllerBase {
    getFileContent(repository.owner, repository.name, path).map { bytes =>
      RawData(FileUtil.getContentType(path, bytes), bytes)
-    } getOrElse NotFound
+    } getOrElse NotFound()
  })
  private def unique: Constraint = new Constraint(){
@@ -240,9 +240,13 @@ trait WikiControllerBase extends ControllerBase {
  private def targetWikiPage = getWikiPage(params("owner"), params("repository"), params("pageName"))
-  private def isEditable(repository: RepositoryInfo)(implicit context: Context): Boolean =
+  private def isEditable(repository: RepositoryInfo)(implicit context: Context): Boolean = {
-    repository.repository.allowWikiEditing || (
+    repository.repository.options.wikiOption match {
-      hasWritePermission(repository.owner, repository.name, context.loginAccount)
+      case "ALL"     => !repository.repository.isPrivate && context.loginAccount.isDefined
-    )
+      case "PUBLIC"  => hasGuestRole(repository.owner, repository.name, context.loginAccount)
      case "PRIVATE" => hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
      case "DISABLE" => false
    }
  }
 }
--- a/src/main/scala/gitbucket/core/model/Account.scala
+++ b/src/main/scala/gitbucket/core/model/Account.scala
@@ -19,7 +19,8 @@ trait AccountComponent { self: Profile =>
    val image = column[String]("IMAGE")
    val groupAccount = column[Boolean]("GROUP_ACCOUNT")
    val removed = column[Boolean]("REMOVED")
-    def * = (userName, fullName, mailAddress, password, isAdmin, url.?, registeredDate, updatedDate, lastLoginDate.?, image.?, groupAccount, removed) <> (Account.tupled, Account.unapply)
+    val description = column[String]("DESCRIPTION")
    def * = (userName, fullName, mailAddress, password, isAdmin, url.?, registeredDate, updatedDate, lastLoginDate.?, image.?, groupAccount, removed, description.?) <> (Account.tupled, Account.unapply)
  }
 }
@@ -35,5 +36,6 @@ case class Account(
  lastLoginDate: Option[java.util.Date],
  image: Option[String],
  isGroupAccount: Boolean,
-  isRemoved: Boolean
+  isRemoved: Boolean,
  description: Option[String]
 )
--- a/src/main/scala/gitbucket/core/model/Collaborator.scala
+++ b/src/main/scala/gitbucket/core/model/Collaborator.scala
@@ -7,7 +7,8 @@ trait CollaboratorComponent extends TemplateComponent { self: Profile =>
  class Collaborators(tag: Tag) extends Table[Collaborator](tag, "COLLABORATOR") with BasicTemplate {
    val collaboratorName = column[String]("COLLABORATOR_NAME")
-    def * = (userName, repositoryName, collaboratorName) <> (Collaborator.tupled, Collaborator.unapply)
+    val role = column[String]("ROLE")
    def * = (userName, repositoryName, collaboratorName, role) <> (Collaborator.tupled, Collaborator.unapply)
    def byPrimaryKey(owner: String, repository: String, collaborator: String) =
      byRepository(owner, repository) && (collaboratorName === collaborator.bind)
@@ -17,5 +18,23 @@ trait CollaboratorComponent extends TemplateComponent { self: Profile =>
 case class Collaborator(
  userName: String,
  repositoryName: String,
-  collaboratorName: String
+  collaboratorName: String,
  role: String
 )
 sealed abstract class Role(val name: String)
 object Role {
  object ADMIN extends Role("ADMIN")
  object DEVELOPER extends Role("DEVELOPER")
  object GUEST extends Role("GUEST")
 //  val values: Vector[Permission] = Vector(ADMIN, WRITE, READ)
 //
 //  private val map: Map[String, Permission] = values.map(enum => enum.name -> enum).toMap
 //
 //  def apply(name: String): Permission = map(name)
 //
 //  def valueOf(name: String): Option[Permission] = map.get(name)
 }
--- a/src/main/scala/gitbucket/core/model/CommitStatus.scala
+++ b/src/main/scala/gitbucket/core/model/CommitStatus.scala
@@ -1,6 +1,5 @@
 package gitbucket.core.model
 import scala.slick.lifted.MappedTo
 import scala.slick.jdbc._
 trait CommitStatusComponent extends TemplateComponent { self: Profile =>
--- a/src/main/scala/gitbucket/core/model/ProtectedBranch.scala
+++ b/src/main/scala/gitbucket/core/model/ProtectedBranch.scala
@@ -1,8 +1,5 @@
 package gitbucket.core.model
 import scala.slick.lifted.MappedTo
 import scala.slick.jdbc._
 trait ProtectedBranchComponent extends TemplateComponent { self: Profile =>
  import profile.simple._
  import self._
--- a/src/main/scala/gitbucket/core/model/Repository.scala
+++ b/src/main/scala/gitbucket/core/model/Repository.scala
@@ -17,14 +17,51 @@ trait RepositoryComponent extends TemplateComponent { self: Profile =>
    val originRepositoryName = column[String]("ORIGIN_REPOSITORY_NAME")
    val parentUserName       = column[String]("PARENT_USER_NAME")
    val parentRepositoryName = column[String]("PARENT_REPOSITORY_NAME")
-    val enableIssues = column[Boolean]("ENABLE_ISSUES")
+    val issuesOption         = column[String]("ISSUES_OPTION")
    val externalIssuesUrl    = column[String]("EXTERNAL_ISSUES_URL")
-    val enableWiki = column[Boolean]("ENABLE_WIKI")
+    val wikiOption           = column[String]("WIKI_OPTION")
    val allowWikiEditing = column[Boolean]("ALLOW_WIKI_EDITING")
    val externalWikiUrl      = column[String]("EXTERNAL_WIKI_URL")
-    def * = (userName, repositoryName, isPrivate, description.?, defaultBranch,
+    val allowFork            = column[Boolean]("ALLOW_FORK")
-      registeredDate, updatedDate, lastActivityDate, originUserName.?, originRepositoryName.?, parentUserName.?, parentRepositoryName.?,
+
-      enableIssues, externalIssuesUrl.?, enableWiki, allowWikiEditing, externalWikiUrl.?) <> (Repository.tupled, Repository.unapply)
+    def * = (
      (userName, repositoryName, isPrivate, description.?, defaultBranch,
      registeredDate, updatedDate, lastActivityDate, originUserName.?, originRepositoryName.?, parentUserName.?, parentRepositoryName.?),
      (issuesOption, externalIssuesUrl.?, wikiOption, externalWikiUrl.?, allowFork)
    ).shaped <> (
      { case (repository, options) =>
        Repository(
          repository._1,
          repository._2,
          repository._3,
          repository._4,
          repository._5,
          repository._6,
          repository._7,
          repository._8,
          repository._9,
          repository._10,
          repository._11,
          repository._12,
          RepositoryOptions.tupled.apply(options)
        )
      }, { (r: Repository) =>
        Some(((
          r.userName,
          r.repositoryName,
          r.isPrivate,
          r.description,
          r.defaultBranch,
          r.registeredDate,
          r.updatedDate,
          r.lastActivityDate,
          r.originUserName,
          r.originRepositoryName,
          r.parentUserName,
          r.parentRepositoryName
        ),(
          RepositoryOptions.unapply(r.options).get
        )))
      })
    def byPrimaryKey(owner: String, repository: String) = byRepository(owner, repository)
  }
@@ -43,9 +80,13 @@ case class Repository(
  originRepositoryName: Option[String],
  parentUserName: Option[String],
  parentRepositoryName: Option[String],
-  enableIssues: Boolean,
+  options: RepositoryOptions
-  externalIssuesUrl: Option[String],
+)
-  enableWiki: Boolean,
+
-  allowWikiEditing: Boolean,
+case class RepositoryOptions(
-  externalWikiUrl: Option[String]
+  issuesOption: String,
  externalIssuesUrl: Option[String],
  wikiOption: String,
  externalWikiUrl: Option[String],
  allowFork: Boolean
 )
--- a/src/main/scala/gitbucket/core/plugin/Plugin.scala
+++ b/src/main/scala/gitbucket/core/plugin/Plugin.scala
@@ -149,6 +149,36 @@ abstract class Plugin {
   */
  def dashboardTabs(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(Context) => Option[Link]] = Nil
  /**
   * Override to add assets mappings.
   */
  val assetsMappings: Seq[(String, String)] = Nil
  /**
   * Override to add assets mappings.
   */
  def assetsMappings(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[(String, String)] = Nil
  /**
   * Override to add text decorators.
   */
  val textDecorators: Seq[TextDecorator] = Nil
  /**
   * Override to add text decorators.
   */
  def textDecorators(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[TextDecorator] = Nil
  /**
   * Override to add suggestion provider.
   */
  val suggestionProviders: Seq[SuggestionProvider] = Nil
  /**
   * Override to add suggestion provider.
   */
  def suggestionProviders(registry: PluginRegistry, context: ServletContext, settings: SystemSettings): Seq[SuggestionProvider] = Nil
  /**
   * This method is invoked in initialization of plugin system.
   * Register plugin functionality to PluginRegistry.
@@ -193,6 +223,15 @@ abstract class Plugin {
    (dashboardTabs ++ dashboardTabs(registry, context, settings)).foreach { dashboardTab =>
      registry.addDashboardTab(dashboardTab)
    }
    (assetsMappings ++ assetsMappings(registry, context, settings)).foreach { assetMapping =>
      registry.addAssetsMapping((assetMapping._1, assetMapping._2, getClass.getClassLoader))
    }
    (textDecorators ++ textDecorators(registry, context, settings)).foreach { textDecorator =>
      registry.addTextDecorator(textDecorator)
    }
    (suggestionProviders ++ suggestionProviders(registry, context, settings)).foreach { suggestionProvider =>
      registry.addSuggestionProvider(suggestionProvider)
    }
  }
  /**
--- a/src/main/scala/gitbucket/core/plugin/PluginRegistory.scala
+++ b/src/main/scala/gitbucket/core/plugin/PluginRegistory.scala
@@ -13,8 +13,8 @@ import gitbucket.core.util.ControlUtil._
 import gitbucket.core.util.DatabaseConfig
 import gitbucket.core.util.Directory._
 import io.github.gitbucket.solidbase.Solidbase
 import io.github.gitbucket.solidbase.manager.JDBCVersionManager
 import io.github.gitbucket.solidbase.model.Module
 import liquibase.database.core.H2Database
 import org.apache.commons.codec.binary.{Base64, StringUtils}
 import org.slf4j.LoggerFactory
@@ -42,10 +42,13 @@ class PluginRegistry {
  private val systemSettingMenus = new ListBuffer[(Context) => Option[Link]]
  private val accountSettingMenus = new ListBuffer[(Context) => Option[Link]]
  private val dashboardTabs = new ListBuffer[(Context) => Option[Link]]
  private val assetsMappings = new ListBuffer[(String, String, ClassLoader)]
  private val textDecorators = new ListBuffer[TextDecorator]
-  def addPlugin(pluginInfo: PluginInfo): Unit = {
+  private val suggestionProviders = new ListBuffer[SuggestionProvider]
-    plugins += pluginInfo
+  suggestionProviders += new UserNameSuggestionProvider()
-  }
+
  def addPlugin(pluginInfo: PluginInfo): Unit = plugins += pluginInfo
  def getPlugins(): List[PluginInfo] = plugins.toList
@@ -66,42 +69,26 @@ class PluginRegistry {
  def getImage(id: String): String = images(id)
-  def addController(path: String, controller: ControllerBase): Unit = {
+  def addController(path: String, controller: ControllerBase): Unit = controllers += ((controller, path))
    controllers += ((controller, path))
  }
  @deprecated("Use addController(path: String, controller: ControllerBase) instead", "3.4.0")
-  def addController(controller: ControllerBase, path: String): Unit = {
+  def addController(controller: ControllerBase, path: String): Unit = addController(path, controller)
    addController(path, controller)
  }
  def getControllers(): Seq[(ControllerBase, String)] = controllers.toSeq
-  def addJavaScript(path: String, script: String): Unit = {
+  def addJavaScript(path: String, script: String): Unit = javaScripts += ((path, script))
    javaScripts += ((path, script))
  }
-  def getJavaScript(currentPath: String): List[String] = {
+  def getJavaScript(currentPath: String): List[String] = javaScripts.filter(x => currentPath.matches(x._1)).toList.map(_._2)
    javaScripts.filter(x => currentPath.matches(x._1)).toList.map(_._2)
  }
-  def addRenderer(extension: String, renderer: Renderer): Unit = {
+  def addRenderer(extension: String, renderer: Renderer): Unit = renderers += ((extension, renderer))
    renderers += ((extension, renderer))
  }
-  def getRenderer(extension: String): Renderer = {
+  def getRenderer(extension: String): Renderer = renderers.get(extension).getOrElse(DefaultRenderer)
    renderers.get(extension).getOrElse(DefaultRenderer)
  }
  def renderableExtensions: Seq[String] = renderers.keys.toSeq
-  def addRepositoryRouting(routing: GitRepositoryRouting): Unit = {
+  def addRepositoryRouting(routing: GitRepositoryRouting): Unit = repositoryRoutings += routing
    repositoryRoutings += routing
  }
-  def getRepositoryRoutings(): Seq[GitRepositoryRouting] = {
+  def getRepositoryRoutings(): Seq[GitRepositoryRouting] = repositoryRoutings.toSeq
    repositoryRoutings.toSeq
  }
  def getRepositoryRouting(repositoryPath: String): Option[GitRepositoryRouting] = {
    PluginRegistry().getRepositoryRoutings().find {
@@ -111,54 +98,49 @@ class PluginRegistry {
    }
  }
-  def addReceiveHook(commitHook: ReceiveHook): Unit = {
+  def addReceiveHook(commitHook: ReceiveHook): Unit = receiveHooks += commitHook
    receiveHooks += commitHook
  }
  def getReceiveHooks: Seq[ReceiveHook] = receiveHooks.toSeq
-  def addGlobalMenu(globalMenu: (Context) => Option[Link]): Unit = {
+  def addGlobalMenu(globalMenu: (Context) => Option[Link]): Unit = globalMenus += globalMenu
    globalMenus += globalMenu
  }
  def getGlobalMenus: Seq[(Context) => Option[Link]] = globalMenus.toSeq
-  def addRepositoryMenu(repositoryMenu: (RepositoryInfo, Context) => Option[Link]): Unit = {
+  def addRepositoryMenu(repositoryMenu: (RepositoryInfo, Context) => Option[Link]): Unit = repositoryMenus += repositoryMenu
    repositoryMenus += repositoryMenu
  }
  def getRepositoryMenus: Seq[(RepositoryInfo, Context) => Option[Link]] = repositoryMenus.toSeq
-  def addRepositorySettingTab(repositorySettingTab: (RepositoryInfo, Context) => Option[Link]): Unit = {
+  def addRepositorySettingTab(repositorySettingTab: (RepositoryInfo, Context) => Option[Link]): Unit = repositorySettingTabs += repositorySettingTab
    repositorySettingTabs += repositorySettingTab
  }
  def getRepositorySettingTabs: Seq[(RepositoryInfo, Context) => Option[Link]] = repositorySettingTabs.toSeq
-  def addProfileTab(profileTab: (Account, Context) => Option[Link]): Unit = {
+  def addProfileTab(profileTab: (Account, Context) => Option[Link]): Unit = profileTabs += profileTab
    profileTabs += profileTab
  }
  def getProfileTabs: Seq[(Account, Context) => Option[Link]] = profileTabs.toSeq
-  def addSystemSettingMenu(systemSettingMenu: (Context) => Option[Link]): Unit = {
+  def addSystemSettingMenu(systemSettingMenu: (Context) => Option[Link]): Unit = systemSettingMenus += systemSettingMenu
    systemSettingMenus += systemSettingMenu
  }
  def getSystemSettingMenus: Seq[(Context) => Option[Link]] = systemSettingMenus.toSeq
-  def addAccountSettingMenu(accountSettingMenu: (Context) => Option[Link]): Unit = {
+  def addAccountSettingMenu(accountSettingMenu: (Context) => Option[Link]): Unit = accountSettingMenus += accountSettingMenu
    accountSettingMenus += accountSettingMenu
  }
  def getAccountSettingMenus: Seq[(Context) => Option[Link]] = accountSettingMenus.toSeq
-  def addDashboardTab(dashboardTab: (Context) => Option[Link]): Unit = {
+  def addDashboardTab(dashboardTab: (Context) => Option[Link]): Unit = dashboardTabs += dashboardTab
    dashboardTabs += dashboardTab
  }
  def getDashboardTabs: Seq[(Context) => Option[Link]] = dashboardTabs.toSeq
  def addAssetsMapping(assetsMapping: (String, String, ClassLoader)): Unit = assetsMappings += assetsMapping
  def getAssetsMappings: Seq[(String, String, ClassLoader)] = assetsMappings.toSeq
  def addTextDecorator(textDecorator: TextDecorator): Unit = textDecorators += textDecorator
  def getTextDecorators: Seq[TextDecorator] = textDecorators.toSeq
  def addSuggestionProvider(suggestionProvider: SuggestionProvider): Unit = suggestionProviders += suggestionProvider
  def getSuggestionProviders: Seq[SuggestionProvider] = suggestionProviders.toSeq
 }
 /**
@@ -180,6 +162,8 @@ object PluginRegistry {
   */
  def initialize(context: ServletContext, settings: SystemSettings, conn: java.sql.Connection): Unit = {
    val pluginDir = new File(PluginHome)
    val manager = new JDBCVersionManager(conn)
    if(pluginDir.exists && pluginDir.isDirectory){
      pluginDir.listFiles(new FilenameFilter {
        override def accept(dir: File, name: String): Boolean = name.endsWith(".jar")
@@ -192,19 +176,26 @@ object PluginRegistry {
          val solidbase = new Solidbase()
          solidbase.migrate(conn, classLoader, DatabaseConfig.liquiDriver, new Module(plugin.pluginId, plugin.versions: _*))
          // Check version
          val databaseVersion = manager.getCurrentVersion(plugin.pluginId)
          val pluginVersion = plugin.versions.last.getVersion
          if(databaseVersion != pluginVersion){
            throw new IllegalStateException(s"Plugin version is ${pluginVersion}, but database version is ${databaseVersion}")
          }
          // Initialize
          plugin.initialize(instance, context, settings)
          instance.addPlugin(PluginInfo(
            pluginId      = plugin.pluginId,
            pluginName    = plugin.pluginName,
-            version     = plugin.versions.head.getVersion,
+            pluginVersion = plugin.versions.last.getVersion,
            description   = plugin.description,
            pluginClass   = plugin
          ))
        } catch {
          case e: Throwable => {
-            logger.error(s"Error during plugin initialization", e)
+            logger.error(s"Error during plugin initialization: ${pluginJar.getAbsolutePath}", e)
          }
        }
      }
@@ -231,7 +222,7 @@ case class Link(id: String, label: String, path: String, icon: Option[String] =
 case class PluginInfo(
  pluginId: String,
  pluginName: String,
-  version: String,
+  pluginVersion: String,
  description: String,
  pluginClass: Plugin
 )
--- a/src/main/scala/gitbucket/core/plugin/SuggestionProvider.scala
+++ b/src/main/scala/gitbucket/core/plugin/SuggestionProvider.scala
@@ -0,0 +1,27 @@
 package gitbucket.core.plugin
 import gitbucket.core.controller.Context
 import gitbucket.core.service.RepositoryService.RepositoryInfo
 trait SuggestionProvider {
  val id: String
  val prefix: String
  val suffix: String = " "
  val context: Seq[String]
  def values(repository: RepositoryInfo): Seq[String]
  def template(implicit context: Context): String = "value"
  def additionalScript(implicit context: Context): String = ""
 }
 class UserNameSuggestionProvider extends SuggestionProvider {
  override val id: String = "user"
  override val prefix: String = "@"
  override val context: Seq[String] = Seq("issues")
  override def values(repository: RepositoryInfo): Seq[String] = Nil
  override def template(implicit context: Context): String = "'@' + value"
  override def additionalScript(implicit context: Context): String =
    s"""$$.get('${context.path}/_user/proposals', { query: '', user: true, group: false }, function (data) { user = data.options; });"""
 }
--- a/src/main/scala/gitbucket/core/plugin/TextDecorator.scala
+++ b/src/main/scala/gitbucket/core/plugin/TextDecorator.scala
@@ -0,0 +1,10 @@
 package gitbucket.core.plugin
 import gitbucket.core.controller.Context
 import gitbucket.core.service.RepositoryService.RepositoryInfo
 trait TextDecorator {
  def decorate(text: String, repository: RepositoryInfo)(implicit context: Context): String
 }
--- a/src/main/scala/gitbucket/core/service/AccessTokenService.scala
+++ b/src/main/scala/gitbucket/core/service/AccessTokenService.scala
@@ -20,7 +20,7 @@ trait AccessTokenService {
  def tokenToHash(token: String): String = StringUtil.sha1(token)
  /**
-   * @retuen (TokenId, Token)
+   * @return (TokenId, Token)
   */
  def generateAccessToken(userName: String, note: String)(implicit s: Session): (Int, String) = {
    var token: String = null
--- a/src/main/scala/gitbucket/core/service/AccountService.scala
+++ b/src/main/scala/gitbucket/core/service/AccountService.scala
@@ -14,13 +14,20 @@ trait AccountService {
  private val logger = LoggerFactory.getLogger(classOf[AccountService])
-  def authenticate(settings: SystemSettings, userName: String, password: String)(implicit s: Session): Option[Account] =
+  def authenticate(settings: SystemSettings, userName: String, password: String)(implicit s: Session): Option[Account] = {
-    if(settings.ldapAuthentication){
+    val account = if (settings.ldapAuthentication) {
      ldapAuthentication(settings, userName, password)
    } else {
      defaultAuthentication(userName, password)
    }
    if(account.isEmpty){
      logger.info(s"Failed to authenticate: $userName")
    }
    account
  }
  /**
   * Authenticate by internal database.
   */
@@ -61,14 +68,14 @@ trait AccountService {
              defaultAuthentication(userName, password)
            }
            case None => {
-              createAccount(ldapUserInfo.userName, "", ldapUserInfo.fullName, ldapUserInfo.mailAddress, false, None)
+              createAccount(ldapUserInfo.userName, "", ldapUserInfo.fullName, ldapUserInfo.mailAddress, false, None, None)
              getAccountByUserName(ldapUserInfo.userName)
            }
          }
        }
      }
      case Left(errorMessage) => {
-        logger.info(s"LDAP Authentication Failed: ${errorMessage}")
+        logger.info(s"LDAP error: ${errorMessage}")
        defaultAuthentication(userName, password)
      }
    }
@@ -103,7 +110,7 @@ trait AccountService {
    } else false
  }
-  def createAccount(userName: String, password: String, fullName: String, mailAddress: String, isAdmin: Boolean, url: Option[String])
+  def createAccount(userName: String, password: String, fullName: String, mailAddress: String, isAdmin: Boolean, description: Option[String], url: Option[String])
                   (implicit s: Session): Unit =
    Accounts insert Account(
      userName       = userName,
@@ -117,12 +124,13 @@ trait AccountService {
      lastLoginDate  = None,
      image          = None,
      isGroupAccount = false,
-      isRemoved      = false)
+      isRemoved      = false,
      description    = description)
  def updateAccount(account: Account)(implicit s: Session): Unit =
    Accounts
      .filter { a =>  a.userName === account.userName.bind }
-      .map    { a => (a.password, a.fullName, a.mailAddress, a.isAdmin, a.url.?, a.registeredDate, a.updatedDate, a.lastLoginDate.?, a.removed) }
+      .map    { a => (a.password, a.fullName, a.mailAddress, a.isAdmin, a.url.?, a.registeredDate, a.updatedDate, a.lastLoginDate.?, a.removed, a.description.?) }
      .update (
        account.password,
        account.fullName,
@@ -132,7 +140,8 @@ trait AccountService {
        account.registeredDate,
        currentDate,
        account.lastLoginDate,
-        account.isRemoved)
+        account.isRemoved,
        account.description)
  def updateAvatarImage(userName: String, image: Option[String])(implicit s: Session): Unit =
    Accounts.filter(_.userName === userName.bind).map(_.image.?).update(image)
@@ -140,7 +149,7 @@ trait AccountService {
  def updateLastLoginDate(userName: String)(implicit s: Session): Unit =
    Accounts.filter(_.userName === userName.bind).map(_.lastLoginDate).update(currentDate)
-  def createGroup(groupName: String, url: Option[String])(implicit s: Session): Unit =
+  def createGroup(groupName: String, description: Option[String], url: Option[String])(implicit s: Session): Unit =
    Accounts insert Account(
      userName       = groupName,
      password       = "",
@@ -153,10 +162,13 @@ trait AccountService {
      lastLoginDate  = None,
      image          = None,
      isGroupAccount = true,
-      isRemoved      = false)
+      isRemoved      = false,
      description    = description)
-  def updateGroup(groupName: String, url: Option[String], removed: Boolean)(implicit s: Session): Unit =
+  def updateGroup(groupName: String, description: Option[String], url: Option[String], removed: Boolean)(implicit s: Session): Unit =
-    Accounts.filter(_.userName === groupName.bind).map(t => t.url.? -> t.removed).update(url, removed)
+    Accounts.filter(_.userName === groupName.bind)
      .map(t => (t.url.?, t.description.?, t.removed))
      .update(url, description, removed)
  def updateGroupMembers(groupName: String, members: List[(String, Boolean)])(implicit s: Session): Unit = {
    GroupMembers.filter(_.groupName === groupName.bind).delete
@@ -181,12 +193,11 @@ trait AccountService {
  def removeUserRelatedData(userName: String)(implicit s: Session): Unit = {
    GroupMembers.filter(_.userName === userName.bind).delete
    Collaborators.filter(_.collaboratorName === userName.bind).delete
    Repositories.filter(_.userName === userName.bind).delete
  }
  def getGroupNames(userName: String)(implicit s: Session): List[String] = {
    List(userName) ++
-      Collaborators.filter(_.collaboratorName === userName.bind).sortBy(_.userName).map(_.userName).list
+      Collaborators.filter(_.collaboratorName === userName.bind).sortBy(_.userName).map(_.userName).list.distinct
  }
 }
--- a/src/main/scala/gitbucket/core/service/CommitStatusService.scala
+++ b/src/main/scala/gitbucket/core/service/CommitStatusService.scala
@@ -5,9 +5,6 @@ import profile.simple._
 import gitbucket.core.model.{CommitState, CommitStatus, Account}
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.StringUtil._
 import gitbucket.core.service.RepositoryService.RepositoryInfo
 import org.joda.time.LocalDateTime
 import gitbucket.core.model.Profile.dateColumnType
 trait CommitStatusService {
--- a/src/main/scala/gitbucket/core/service/CommitsService.scala
+++ b/src/main/scala/gitbucket/core/service/CommitsService.scala
@@ -1,14 +1,11 @@
 package gitbucket.core.service
 import gitbucket.core.model.CommitComment
-import gitbucket.core.util.{StringUtil, Implicits}
+import gitbucket.core.util.Implicits
 import scala.slick.jdbc.{StaticQuery => Q}
 import Q.interpolation
 import gitbucket.core.model.Profile._
 import profile.simple._
 import Implicits._
 import StringUtil._
 trait CommitsService {
@@ -42,6 +39,12 @@ trait CommitsService {
      updatedDate       = currentDate,
      issueId           = issueId)
  def updateCommitCommentPosition(commentId: Int, commitId: String, oldLine: Option[Int], newLine: Option[Int])(implicit s: Session): Unit =
    CommitComments.filter(_.byPrimaryKey(commentId))
      .map { t =>
        (t.commitId, t.oldLine, t.newLine)
      }.update(commitId, oldLine, newLine)
  def updateCommitComment(commentId: Int, content: String)(implicit s: Session) =
    CommitComments
      .filter (_.byPrimaryKey(commentId))
--- a/src/main/scala/gitbucket/core/service/HandleCommentService.scala
+++ b/src/main/scala/gitbucket/core/service/HandleCommentService.scala
@@ -13,13 +13,13 @@ trait HandleCommentService {
    with WebHookService with WebHookIssueCommentService with WebHookPullRequestService =>
  /**
-   * @see [[https://github.com/takezoe/gitbucket/wiki/CommentAction]]
+   * @see [[https://github.com/gitbucket/gitbucket/wiki/CommentAction]]
   */
  def handleComment(issue: Issue, content: Option[String], repository: RepositoryService.RepositoryInfo, actionOpt: Option[String])
                   (implicit context: Context, s: Session) = {
-
+    context.loginAccount.flatMap { loginAccount =>
      defining(repository.owner, repository.name){ case (owner, name) =>
-      val userName = context.loginAccount.get.userName
+        val userName = loginAccount.userName
        val (action, recordActivity) = actionOpt
          .collect {
@@ -49,22 +49,24 @@ trait HandleCommentService {
        // extract references and create refer comment
        content.map { content =>
-        createReferComment(owner, name, issue, content, context.loginAccount.get)
+          createReferComment(owner, name, issue, content, loginAccount)
        }
        // call web hooks
        action match {
-        case None => commentId.map{ commentIdSome => callIssueCommentWebHook(repository, issue, commentIdSome, context.loginAccount.get) }
+          case None => commentId.map { commentIdSome => callIssueCommentWebHook(repository, issue, commentIdSome, loginAccount) }
-        case Some(act) => val webHookAction = act match {
+          case Some(act) => {
            val webHookAction = act match {
              case "open"   => "opened"
              case "reopen" => "reopened"
              case "close"  => "closed"
              case _ => act
            }
-          if(issue.isPullRequest){
+            if (issue.isPullRequest) {
-            callPullRequestWebHook(webHookAction, repository, issue.issueId, context.baseUrl, context.loginAccount.get)
+              callPullRequestWebHook(webHookAction, repository, issue.issueId, context.baseUrl, loginAccount)
            } else {
-            callIssuesWebHook(webHookAction, repository, issue, context.baseUrl, context.loginAccount.get)
+              callIssuesWebHook(webHookAction, repository, issue, context.baseUrl, loginAccount)
            }
          }
        }
@@ -87,5 +89,6 @@ trait HandleCommentService {
        commentId.map( issue -> _ )
      }
    }
  }
 }
--- a/src/main/scala/gitbucket/core/service/IssueCreationService.scala
+++ b/src/main/scala/gitbucket/core/service/IssueCreationService.scala
@@ -0,0 +1,74 @@
 package gitbucket.core.service
 import gitbucket.core.controller.Context
 import gitbucket.core.model.{Account, Issue}
 import gitbucket.core.model.Profile.profile.simple.Session
 import gitbucket.core.service.RepositoryService.RepositoryInfo
 import gitbucket.core.util.Notifier
 import gitbucket.core.util.Implicits._
 // TODO: Merged with IssuesService?
 trait IssueCreationService {
  self: RepositoryService with WebHookIssueCommentService with LabelsService with IssuesService with ActivityService =>
  def createIssue(repository: RepositoryInfo, title:String, body:Option[String],
                  assignee: Option[String], milestoneId: Option[Int], labelNames: Seq[String],
                  loginAccount: Account)(implicit context: Context, s: Session) : Issue = {
    val owner = repository.owner
    val name  = repository.name
    val userName   = loginAccount.userName
    val manageable = isIssueManageable(repository)
    // insert issue
    val issueId = insertIssue(owner, name, userName, title, body,
      if (manageable) assignee else None,
      if (manageable) milestoneId else None)
    val issue: Issue = getIssue(owner, name, issueId.toString).get
    // insert labels
    if (manageable) {
      val labels = getLabels(owner, name)
      labelNames.map { labelName =>
        labels.find(_.labelName == labelName).map { label =>
          registerIssueLabel(owner, name, issueId, label.labelId)
        }
      }
    }
    // record activity
    recordCreateIssueActivity(owner, name, userName, issueId, title)
    // extract references and create refer comment
    createReferComment(owner, name, issue, title + " " + body.getOrElse(""), loginAccount)
    // call web hooks
    callIssuesWebHook("opened", repository, issue, context.baseUrl, loginAccount)
    // notifications
    Notifier().toNotify(repository, issue, body.getOrElse("")) {
      Notifier.msgIssue(s"${context.baseUrl}/${owner}/${name}/issues/${issueId}")
    }
    issue
  }
  /**
   * Tests whether an logged-in user can manage issues.
   */
  protected def isIssueManageable(repository: RepositoryInfo)(implicit context: Context, s: Session): Boolean = {
    hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
  }
  /**
   * Tests whether an logged-in user can post issues.
   */
  protected def isIssueEditable(repository: RepositoryInfo)(implicit context: Context, s: Session): Boolean = {
    repository.repository.options.issuesOption match {
      case "ALL"     => !repository.repository.isPrivate && context.loginAccount.isDefined
      case "PUBLIC"  => hasGuestRole(repository.owner, repository.name, context.loginAccount)
      case "PRIVATE" => hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
      case "DISABLE" => false
    }
  }
 }
--- a/src/main/scala/gitbucket/core/service/IssuesService.scala
+++ b/src/main/scala/gitbucket/core/service/IssuesService.scala
@@ -13,8 +13,9 @@ import scala.slick.jdbc.{StaticQuery => Q}
 import Q.interpolation
 trait IssuesService {
-  self: AccountService =>
+  self: AccountService with RepositoryService =>
  import IssuesService._
  def getIssue(owner: String, repository: String, issueId: String)(implicit s: Session) =
@@ -23,7 +24,7 @@ trait IssuesService {
    else None
  def getComments(owner: String, repository: String, issueId: Int)(implicit s: Session) =
-    IssueComments filter (_.byIssue(owner, repository, issueId)) list
+    IssueComments filter (_.byIssue(owner, repository, issueId)) sortBy(_.commentId asc) list
  /** @return IssueComment and commentedUser and Issue */
  def getCommentsForApi(owner: String, repository: String, issueId: Int)(implicit s: Session): List[(IssueComment, Account, Issue)] =
@@ -34,6 +35,10 @@ trait IssuesService {
    .map{ case ((t1, t2), t3) => (t1, t2, t3) }
    .list
  def getMergedComment(owner: String, repository: String, issueId: Int)(implicit s: Session): Option[(IssueComment, Account)] = {
    getCommentsForApi(owner, repository, issueId).collectFirst { case (comment, account, _) if comment.action == "merged" => (comment, account) }
  }
  def getComment(owner: String, repository: String, commentId: String)(implicit s: Session) =
    if (commentId forall (_.isDigit))
      IssueComments filter { t =>
@@ -106,7 +111,6 @@ trait IssuesService {
            pp.setInt(a._3)
          }
      }
      import gitbucket.core.model.Profile.commitStateColumnType
      val query = Q.query[Seq[(String, String, Int)], (String, String, Int, Int, Int, Option[String], Option[CommitState], Option[String], Option[String])](s"""
        SELECT
          SUMM.USER_NAME,
@@ -163,18 +167,14 @@ trait IssuesService {
                 (implicit s: Session): List[IssueInfo] = {
    // get issues and comment count and labels
    val result = searchIssueQueryBase(condition, pullRequest, offset, limit, repos)
-        .leftJoin (IssueLabels) .on { case ((t1, t2), t3) => t1.byIssue(t3.userName, t3.repositoryName, t3.issueId) }
+      .leftJoin (IssueLabels) .on { case (((t1, t2), i), t3) => t1.byIssue(t3.userName, t3.repositoryName, t3.issueId) }
-        .leftJoin (Labels)      .on { case (((t1, t2), t3), t4) => t3.byLabel(t4.userName, t4.repositoryName, t4.labelId) }
+      .leftJoin (Labels)      .on { case ((((t1, t2), i), t3), t4) => t3.byLabel(t4.userName, t4.repositoryName, t4.labelId) }
-        .leftJoin (Milestones)  .on { case ((((t1, t2), t3), t4), t5) => t1.byMilestone(t5.userName, t5.repositoryName, t5.milestoneId) }
+      .leftJoin (Milestones)  .on { case (((((t1, t2), i), t3), t4), t5) => t1.byMilestone(t5.userName, t5.repositoryName, t5.milestoneId) }
-        .map { case ((((t1, t2), t3), t4), t5) =>
+      .sortBy { case (((((t1, t2), i), t3), t4), t5) => i asc }
-          (t1, t2.commentCount, t4.labelId.?, t4.labelName.?, t4.color.?, t5.title.?)
+      .map { case (((((t1, t2), i), t3), t4), t5) => (t1, t2.commentCount, t4.labelId.?, t4.labelName.?, t4.color.?, t5.title.?) }
        }
      .list
-        .splitWith { (c1, c2) =>
+      .splitWith { (c1, c2) => c1._1.userName == c2._1.userName && c1._1.repositoryName == c2._1.repositoryName && c1._1.issueId == c2._1.issueId }
-          c1._1.userName       == c2._1.userName &&
+
          c1._1.repositoryName == c2._1.repositoryName &&
          c1._1.issueId        == c2._1.issueId
        }
    val status = getCommitStatues(result.map(_.head._1).map(is => (is.userName, is.repositoryName, is.issueId)))
    result.map { issues => issues.head match {
@@ -189,6 +189,19 @@ trait IssuesService {
    }} toList
  }
  /** for api
    * @return (issue, issueUser, commentCount)
    */
  def searchIssueByApi(condition: IssueSearchCondition, offset: Int, limit: Int, repos: (String, String)*)
                            (implicit s: Session): List[(Issue, Account)] = {
    // get issues and comment count and labels
    searchIssueQueryBase(condition, false, offset, limit, repos)
      .innerJoin(Accounts).on { case (((t1, t2), i), t3) => t3.userName === t1.openedUserName }
      .sortBy { case (((t1, t2), i), t3) => i asc }
      .map { case (((t1, t2), i), t3) => (t1, t3) }
      .list
  }
  /** for api
   * @return (issue, issueUser, commentCount, pullRequest, headRepo, headOwner)
   */
@@ -196,13 +209,12 @@ trait IssuesService {
                            (implicit s: Session): List[(Issue, Account, Int, PullRequest, Repository, Account)] = {
    // get issues and comment count and labels
    searchIssueQueryBase(condition, true, offset, limit, repos)
-      .innerJoin(PullRequests).on { case ((t1, t2), t3) => t3.byPrimaryKey(t1.userName, t1.repositoryName, t1.issueId) }
+      .innerJoin(PullRequests).on { case (((t1, t2), i), t3) => t3.byPrimaryKey(t1.userName, t1.repositoryName, t1.issueId) }
-      .innerJoin(Repositories).on { case (((t1, t2), t3), t4) => t4.byRepository(t1.userName, t1.repositoryName) }
+      .innerJoin(Repositories).on { case ((((t1, t2), i), t3), t4) => t4.byRepository(t1.userName, t1.repositoryName) }
-      .innerJoin(Accounts).on { case ((((t1, t2), t3), t4), t5) => t5.userName === t1.openedUserName }
+      .innerJoin(Accounts).on { case (((((t1, t2), i), t3), t4), t5) => t5.userName === t1.openedUserName }
-      .innerJoin(Accounts).on { case (((((t1, t2), t3), t4), t5), t6) => t6.userName === t4.userName }
+      .innerJoin(Accounts).on { case ((((((t1, t2), i), t3), t4), t5), t6) => t6.userName === t4.userName }
-      .map { case (((((t1, t2), t3), t4), t5), t6) =>
+      .sortBy { case ((((((t1, t2), i), t3), t4), t5), t6) => i asc }
-          (t1, t5, t2.commentCount, t3, t4, t6)
+      .map { case ((((((t1, t2), i), t3), t4), t5), t6) => (t1, t5, t2.commentCount, t3, t4, t6) }
      }
      .list
  }
@@ -210,6 +222,7 @@ trait IssuesService {
                                  (implicit s: Session) =
    searchIssueQuery(repos, condition, pullRequest)
      .innerJoin(IssueOutline).on { (t1, t2) => t1.byIssue(t2.userName, t2.repositoryName, t2.issueId) }
      .sortBy { case (t1, t2) => t1.issueId desc }
      .sortBy { case (t1, t2) =>
        (condition.sort match {
          case "created"  => t1.registeredDate
@@ -222,7 +235,7 @@ trait IssuesService {
          }
        }
      }
-        .drop(offset).take(limit)
+      .drop(offset).take(limit).zipWithIndex
  /**
@@ -268,7 +281,7 @@ trait IssuesService {
        } exists), condition.mentioned.isDefined)
    }
-  def createIssue(owner: String, repository: String, loginUser: String, title: String, content: Option[String],
+  def insertIssue(owner: String, repository: String, loginUser: String, title: String, content: Option[String],
                  assignedUserName: Option[String], milestoneId: Option[Int],
                  isPullRequest: Boolean = false)(implicit s: Session) =
    // next id number
@@ -437,6 +450,11 @@ trait IssuesService {
    }
  }
  def getAssignableUserNames(owner: String, repository: String)(implicit s: Session): List[String] = {
    (getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN, Role.DEVELOPER)) :::
      (if (getAccountByUserName(owner).get.isGroupAccount) getGroupMembers(owner).map(_.userName) else List(owner))).distinct.sorted
  }
 }
 object IssuesService {
@@ -518,50 +536,6 @@ object IssuesService {
      if(value == null || value.isEmpty || (allow.nonEmpty && !allow.contains(value))) None else Some(value)
    }
    /**
     * Restores IssueSearchCondition instance from filter query.
     */
    def apply(filter: String, milestones: Map[String, Int]): IssueSearchCondition = {
      val conditions = filter.split("[ 　\t]+").flatMap { x =>
        x.split(":") match {
           case Array(key, value) => Some((key, value))
           case _ => None
        }
      }.groupBy(_._1).map { case (key, values) =>
        key -> values.map(_._2).toSeq
      }
      val (sort, direction) = conditions.get("sort").flatMap(_.headOption).getOrElse("created-desc") match {
        case "created-asc"   => ("created" , "asc" )
        case "comments-desc" => ("comments", "desc")
        case "comments-asc"  => ("comments", "asc" )
        case "updated-desc"  => ("comments", "desc")
        case "updated-asc"   => ("comments", "asc" )
        case _               => ("created" , "desc")
      }
      IssueSearchCondition(
        conditions.get("label").map(_.toSet).getOrElse(Set.empty),
        conditions.get("milestone").flatMap(_.headOption) match {
          case None         => None
          case Some("none") => Some(None)
          case Some(x)      => Some(Some(x))
        },
        conditions.get("author").flatMap(_.headOption),
        conditions.get("assignee").flatMap(_.headOption) match {
          case None         => None
          case Some("none") => Some(None)
          case Some(x)      => Some(Some(x))
        },
        conditions.get("mentions").flatMap(_.headOption),
        conditions.get("is").getOrElse(Seq.empty).find(x => x == "open" || x == "closed").getOrElse("open"),
        sort,
        direction,
        conditions.get("visibility").flatMap(_.headOption),
        conditions.get("group").map(_.toSet).getOrElse(Set.empty)
      )
    }
    /**
     * Restores IssueSearchCondition instance from request parameters.
     */
--- a/src/main/scala/gitbucket/core/service/MergeService.scala
+++ b/src/main/scala/gitbucket/core/service/MergeService.scala
@@ -1,9 +1,7 @@
 package gitbucket.core.service
 import gitbucket.core.model.Account
 import gitbucket.core.util.LockUtil
 import gitbucket.core.util.Directory._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.ControlUtil._
 import org.eclipse.jgit.merge.MergeStrategy
--- a/src/main/scala/gitbucket/core/service/MilestonesService.scala
+++ b/src/main/scala/gitbucket/core/service/MilestonesService.scala
@@ -41,7 +41,7 @@ trait MilestonesService {
  def getMilestonesWithIssueCount(owner: String, repository: String)(implicit s: Session): List[(Milestone, Int, Int)] = {
    val counts = Issues
-      .filter  { t => (t.byRepository(owner, repository)) && (t.milestoneId.? isDefined) }
+      .filter  { t => t.byRepository(owner, repository) && (t.milestoneId.? isDefined) }
      .groupBy { t => t.milestoneId -> t.closed }
      .map     { case (t1, t2) => t1._1 -> t1._2 -> t2.length }
      .toMap
@@ -52,6 +52,6 @@ trait MilestonesService {
  }
  def getMilestones(owner: String, repository: String)(implicit s: Session): List[Milestone] =
-    Milestones.filter(_.byRepository(owner, repository)).sortBy(_.milestoneId asc).list
+    Milestones.filter(_.byRepository(owner, repository)).sortBy(t => (t.dueDate.asc, t.closedDate.desc, t.milestoneId.desc)).list
 }
--- a/src/main/scala/gitbucket/core/service/ProtectedBranchService.scala
+++ b/src/main/scala/gitbucket/core/service/ProtectedBranchService.scala
@@ -86,7 +86,7 @@ object ProtectedBranchService {
    def getStopReason(isAllowNonFastForwards: Boolean, command: ReceiveCommand, pusher: String)(implicit session: Session): Option[String] = {
      if(enabled){
        command.getType() match {
-          case ReceiveCommand.Type.UPDATE|ReceiveCommand.Type.UPDATE_NONFASTFORWARD if isAllowNonFastForwards =>
+          case ReceiveCommand.Type.UPDATE_NONFASTFORWARD if isAllowNonFastForwards =>
            Some("Cannot force-push to a protected branch")
          case ReceiveCommand.Type.UPDATE|ReceiveCommand.Type.UPDATE_NONFASTFORWARD if needStatusCheck(pusher) =>
            unSuccessedContexts(command.getNewId.name) match {
@@ -98,7 +98,7 @@ object ProtectedBranchService {
            Some("Cannot delete a protected branch")
          case _ => None
        }
-      }else{
+      } else {
        None
      }
    }
--- a/src/main/scala/gitbucket/core/service/PullRequestService.scala
+++ b/src/main/scala/gitbucket/core/service/PullRequestService.scala
@@ -1,12 +1,22 @@
 package gitbucket.core.service
-import gitbucket.core.model.{Account, Issue, PullRequest, WebHook, CommitStatus, CommitState}
+import difflib.{Delta, DiffUtils}
 import gitbucket.core.model.{Session => _, _}
 import gitbucket.core.model.Profile._
 import gitbucket.core.util.ControlUtil._
 import gitbucket.core.util.Directory._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.JGitUtil
 import gitbucket.core.util.JGitUtil.{CommitInfo, DiffInfo}
 import gitbucket.core.view
 import gitbucket.core.view.helpers
 import org.eclipse.jgit.api.Git
 import profile.simple._
 import scala.collection.JavaConverters._
-trait PullRequestService { self: IssuesService =>
+
 trait PullRequestService { self: IssuesService with CommitsService =>
  import PullRequestService._
  def getPullRequest(owner: String, repository: String, issueId: Int)
@@ -111,9 +121,26 @@ trait PullRequestService { self: IssuesService =>
  def updatePullRequests(owner: String, repository: String, branch: String)(implicit s: Session): Unit =
    getPullRequestsByRequest(owner, repository, branch, false).foreach { pullreq =>
      if(Repositories.filter(_.byRepository(pullreq.userName, pullreq.repositoryName)).exists.run){
        // Update the git repository
        val (commitIdTo, commitIdFrom) = JGitUtil.updatePullRequest(
          pullreq.userName, pullreq.repositoryName, pullreq.branch, pullreq.issueId,
          pullreq.requestUserName, pullreq.requestRepositoryName, pullreq.requestBranch)
        // Collect comment positions
        val positions = getCommitComments(pullreq.userName, pullreq.repositoryName, pullreq.commitIdTo, true)
          .collect {
            case CommitComment(_, _, _, commentId, _, _, Some(file), None, Some(newLine), _, _, _) => (file, commentId, Right(newLine))
            case CommitComment(_, _, _, commentId, _, _, Some(file), Some(oldLine), None, _, _, _) => (file, commentId, Left(oldLine))
          }
          .groupBy { case (file, _, _) => file }
          .map { case (file, comments) => file ->
            comments.map { case (_, commentId, lineNumber) => (commentId, lineNumber) }
          }
        // Update comments position
        updatePullRequestCommentPositions(positions, pullreq.requestUserName, pullreq.requestRepositoryName, pullreq.commitIdTo, commitIdTo)
        // Update commit id in the PULL_REQUEST table
        updateCommitId(pullreq.userName, pullreq.repositoryName, pullreq.issueId, commitIdTo, commitIdFrom)
      }
    }
@@ -137,6 +164,78 @@ trait PullRequestService { self: IssuesService =>
        .firstOption
    }
  }
  private def updatePullRequestCommentPositions(positions: Map[String, Seq[(Int, Either[Int, Int])]], userName: String, repositoryName: String,
                                                oldCommitId: String, newCommitId: String)(implicit s: Session): Unit = {
    val (_, diffs) = getRequestCompareInfo(userName, repositoryName, oldCommitId, userName, repositoryName, newCommitId)
    val patchs = positions.map { case (file, _) =>
      diffs.find(x => x.oldPath == file).map { diff =>
        (diff.oldContent, diff.newContent) match {
          case (Some(oldContent), Some(newContent)) => {
            val oldLines = oldContent.replace("\r\n", "\n").split("\n")
            val newLines = newContent.replace("\r\n", "\n").split("\n")
            file -> Option(DiffUtils.diff(oldLines.toList.asJava, newLines.toList.asJava))
          }
          case _ =>
            file -> None
        }
      }.getOrElse {
        file -> None
      }
    }
    positions.foreach { case (file, comments) =>
      patchs(file) match {
        case Some(patch) => file -> comments.foreach { case (commentId, lineNumber) => lineNumber match {
          case Left(oldLine)  => updateCommitCommentPosition(commentId, newCommitId, Some(oldLine), None)
          case Right(newLine) =>
            var counter = newLine
            patch.getDeltas.asScala.filter(_.getOriginal.getPosition < newLine).foreach { delta =>
              delta.getType match {
                case Delta.TYPE.CHANGE =>
                  if(delta.getOriginal.getPosition <= newLine - 1 && newLine <= delta.getOriginal.getPosition + delta.getRevised.getLines.size){
                    counter = -1
                  } else {
                    counter = counter + (delta.getRevised.getLines.size - delta.getOriginal.getLines.size)
                  }
                case Delta.TYPE.INSERT => counter = counter + delta.getRevised.getLines.size
                case Delta.TYPE.DELETE => counter = counter - delta.getOriginal.getLines.size
              }
            }
            if(counter >= 0){
              updateCommitCommentPosition(commentId, newCommitId, None, Some(counter))
            }
        }}
        case _ => comments.foreach { case (commentId, lineNumber) => lineNumber match {
          case Right(oldLine) => updateCommitCommentPosition(commentId, newCommitId, Some(oldLine), None)
          case Left(newLine)  => updateCommitCommentPosition(commentId, newCommitId, None, Some(newLine))
        }}
      }
    }
  }
  def getRequestCompareInfo(userName: String, repositoryName: String, branch: String,
                            requestUserName: String, requestRepositoryName: String, requestCommitId: String): (Seq[Seq[CommitInfo]], Seq[DiffInfo]) =
    using(
      Git.open(getRepositoryDir(userName, repositoryName)),
      Git.open(getRepositoryDir(requestUserName, requestRepositoryName))
    ){ (oldGit, newGit) =>
      val oldId = oldGit.getRepository.resolve(branch)
      val newId = newGit.getRepository.resolve(requestCommitId)
      val commits = newGit.log.addRange(oldId, newId).call.iterator.asScala.map { revCommit =>
        new CommitInfo(revCommit)
      }.toList.splitWith { (commit1, commit2) =>
        helpers.date(commit1.commitTime) == view.helpers.date(commit2.commitTime)
      }
      val diffs = JGitUtil.getDiffs(newGit, oldId.getName, newId.getName, true)
      (commits, diffs)
    }
 }
 object PullRequestService {
--- a/src/main/scala/gitbucket/core/service/RepositoryCreationService.scala
+++ b/src/main/scala/gitbucket/core/service/RepositoryCreationService.scala
@@ -21,12 +21,12 @@ trait RepositoryCreationService {
    // Insert to the database at first
    insertRepository(name, owner, description, isPrivate)
-    // Add collaborators for group repository
+//    // Add collaborators for group repository
-    if(ownerAccount.isGroupAccount){
+//    if(ownerAccount.isGroupAccount){
-      getGroupMembers(owner).foreach { member =>
+//      getGroupMembers(owner).foreach { member =>
-        addCollaborator(owner, name, member.userName)
+//        addCollaborator(owner, name, member.userName)
-      }
+//      }
-    }
+//    }
    // Insert default labels
    insertDefaultLabels(owner, name)
--- a/src/main/scala/gitbucket/core/service/RepositoryService.scala
+++ b/src/main/scala/gitbucket/core/service/RepositoryService.scala
@@ -1,9 +1,16 @@
 package gitbucket.core.service
 import gitbucket.core.controller.Context
-import gitbucket.core.model.{Collaborator, Repository, Account}
+import gitbucket.core.model.{Collaborator, Repository, RepositoryOptions, Account, Role}
 import gitbucket.core.model.Profile._
 import gitbucket.core.plugin.PluginRegistry
 import gitbucket.core.util.JGitUtil
 import gitbucket.core.util.JGitUtil.FileInfo
 import gitbucket.core.util.ControlUtil._
 import gitbucket.core.util.Directory
 import gitbucket.core.util.FileUtil
 import gitbucket.core.util.StringUtil
 import org.eclipse.jgit.api.Git
 import profile.simple._
 trait RepositoryService { self: AccountService =>
@@ -37,11 +44,13 @@ trait RepositoryService { self: AccountService =>
        originRepositoryName = originRepositoryName,
        parentUserName       = parentUserName,
        parentRepositoryName = parentRepositoryName,
-        enableIssues         = true,
+        options              = RepositoryOptions(
          issuesOption         = "PUBLIC", // TODO DISABLE for the forked repository?
          externalIssuesUrl    = None,
-        enableWiki           = true,
+          wikiOption           = "PUBLIC", // TODO DISABLE for the forked repository?
-        allowWikiEditing     = true,
+          externalWikiUrl      = None,
-        externalWikiUrl      = None
+          allowFork            = true
        )
      )
    IssueId insert (userName, repositoryName, 0)
@@ -121,11 +130,8 @@ trait RepositoryService { self: AccountService =>
          repositoryName = newRepositoryName
        )) :_*)
-        if(account.isGroupAccount){
+        // TODO Drop transfered owner from collaborators?
          Collaborators.insertAll(getGroupMembers(newUserName).map(m => Collaborator(newUserName, newRepositoryName, m.userName)) :_*)
        } else {
        Collaborators.insertAll(collaborators.map(_.copy(userName = newUserName, repositoryName = newRepositoryName)) :_*)
        }
        // Update activity messages
        Activities.filter { t =>
@@ -224,7 +230,7 @@ trait RepositoryService { self: AccountService =>
  }
  /**
-   * Returns the repositories without private repository that user does not have access right.
+   * Returns the repositories except private repository that user does not have access right.
   * Include public repository, private own repository and private but collaborator repository.
   *
   * @param userName the user name of collaborator
@@ -233,8 +239,10 @@ trait RepositoryService { self: AccountService =>
  def getAllRepositories(userName: String)(implicit s: Session): List[(String, String)] = {
    Repositories.filter { t1 =>
      (t1.isPrivate === false.bind) ||
-      (t1.userName  === userName.bind) ||
+      (t1.userName  === userName.bind) || (t1.userName in (GroupMembers.filter(_.userName === userName.bind).map(_.groupName))) ||
-      (Collaborators.filter { t2 => t2.byRepository(t1.userName, t1.repositoryName) && (t2.collaboratorName === userName.bind)} exists)
+      (Collaborators.filter { t2 => t2.byRepository(t1.userName, t1.repositoryName) &&
        ((t2.collaboratorName === userName.bind) || (t2.collaboratorName in GroupMembers.filter(_.userName === userName.bind).map(_.groupName)))
      } exists)
    }.sortBy(_.lastActivityDate desc).map{ t =>
      (t.userName, t.repositoryName)
    }.list
@@ -243,8 +251,10 @@ trait RepositoryService { self: AccountService =>
  def getUserRepositories(userName: String, withoutPhysicalInfo: Boolean = false)
                         (implicit s: Session): List[RepositoryInfo] = {
    Repositories.filter { t1 =>
-      (t1.userName === userName.bind) ||
+      (t1.userName === userName.bind) || (t1.userName in (GroupMembers.filter(_.userName === userName.bind).map(_.groupName))) ||
-        (Collaborators.filter { t2 => t2.byRepository(t1.userName, t1.repositoryName) && (t2.collaboratorName === userName.bind)} exists)
+      (Collaborators.filter { t2 => t2.byRepository(t1.userName, t1.repositoryName) &&
        ((t2.collaboratorName === userName.bind) || (t2.collaboratorName in GroupMembers.filter(_.userName === userName.bind).map(_.groupName)))
      } exists)
    }.sortBy(_.lastActivityDate desc).list.map{ repository =>
      new RepositoryInfo(
        if(withoutPhysicalInfo){
@@ -279,8 +289,13 @@ trait RepositoryService { self: AccountService =>
      case Some(x) if(x.isAdmin) => Repositories
      // for Normal Users
      case Some(x) if(!x.isAdmin) =>
-        Repositories filter { t => (t.isPrivate === false.bind) || (t.userName === x.userName) ||
+        Repositories filter { t =>
-          (Collaborators.filter { t2 => t2.byRepository(t.userName, t.repositoryName) && (t2.collaboratorName === x.userName.bind)} exists)
+          (t.isPrivate === false.bind) || (t.userName === x.userName) ||
          (t.userName in GroupMembers.filter(_.userName === x.userName.bind).map(_.groupName)) ||
          (Collaborators.filter { t2 =>
            t2.byRepository(t.userName, t.repositoryName) &&
              ((t2.collaboratorName === x.userName.bind) || (t2.collaboratorName in GroupMembers.filter(_.userName === x.userName.bind).map(_.groupName)))
          } exists)
        }
      // for Guests
      case None => Repositories filter(_.isPrivate === false.bind)
@@ -320,11 +335,12 @@ trait RepositoryService { self: AccountService =>
   */
  def saveRepositoryOptions(userName: String, repositoryName: String,
      description: Option[String], isPrivate: Boolean,
-      enableIssues: Boolean, externalIssuesUrl: Option[String],
+      issuesOption: String, externalIssuesUrl: Option[String],
-      enableWiki: Boolean, allowWikiEditing: Boolean, externalWikiUrl: Option[String])(implicit s: Session): Unit =
+      wikiOption: String, externalWikiUrl: Option[String],
      allowFork: Boolean)(implicit s: Session): Unit =
    Repositories.filter(_.byRepository(userName, repositoryName))
-      .map { r => (r.description.?, r.isPrivate, r.enableIssues, r.externalIssuesUrl.?, r.enableWiki, r.allowWikiEditing, r.externalWikiUrl.?, r.updatedDate) }
+      .map { r => (r.description.?, r.isPrivate, r.issuesOption, r.externalIssuesUrl.?, r.wikiOption, r.externalWikiUrl.?, r.allowFork, r.updatedDate) }
-      .update (description, isPrivate, enableIssues, externalIssuesUrl, enableWiki, allowWikiEditing, externalWikiUrl, currentDate)
+      .update (description, isPrivate, issuesOption, externalIssuesUrl, wikiOption, externalWikiUrl, allowFork, currentDate)
  def saveRepositoryDefaultBranch(userName: String, repositoryName: String,
      defaultBranch: String)(implicit s: Session): Unit =
@@ -333,49 +349,64 @@ trait RepositoryService { self: AccountService =>
      .update (defaultBranch)
  /**
-   * Add collaborator to the repository.
+   * Add collaborator (user or group) to the repository.
   *
   * @param userName the user name of the repository owner
   * @param repositoryName the repository name
   * @param collaboratorName the collaborator name
   */
-  def addCollaborator(userName: String, repositoryName: String, collaboratorName: String)(implicit s: Session): Unit =
+  def addCollaborator(userName: String, repositoryName: String, collaboratorName: String, role: String)(implicit s: Session): Unit =
-    Collaborators insert Collaborator(userName, repositoryName, collaboratorName)
+    Collaborators insert Collaborator(userName, repositoryName, collaboratorName, role)
  /**
   * Remove collaborator from the repository.
   * 
   * @param userName the user name of the repository owner
   * @param repositoryName the repository name
   * @param collaboratorName the collaborator name
   */
  def removeCollaborator(userName: String, repositoryName: String, collaboratorName: String)(implicit s: Session): Unit =
    Collaborators.filter(_.byPrimaryKey(userName, repositoryName, collaboratorName)).delete
  /**
   * Remove all collaborators from the repository.
   *
   * @param userName the user name of the repository owner
   * @param repositoryName the repository name
   */
  def removeCollaborators(userName: String, repositoryName: String)(implicit s: Session): Unit =
    Collaborators.filter(_.byRepository(userName, repositoryName)).delete
  /**
-   * Returns the list of collaborators name which is sorted with ascending order.
+   * Returns the list of collaborators name (user name or group name) which is sorted with ascending order.
   * 
   * @param userName the user name of the repository owner
   * @param repositoryName the repository name
   * @return the list of collaborators name
   */
-  def getCollaborators(userName: String, repositoryName: String)(implicit s: Session): List[String] =
+  def getCollaborators(userName: String, repositoryName: String)(implicit s: Session): List[(Collaborator, Boolean)] =
-    Collaborators.filter(_.byRepository(userName, repositoryName)).sortBy(_.collaboratorName).map(_.collaboratorName).list
+    Collaborators
      .innerJoin(Accounts).on(_.collaboratorName === _.userName)
      .filter { case (t1, t2) => t1.byRepository(userName, repositoryName) }
      .map { case (t1, t2) => (t1, t2.groupAccount) }
      .sortBy { case (t1, t2) => t1.collaboratorName }
      .list
-  def hasWritePermission(owner: String, repository: String, loginAccount: Option[Account])(implicit s: Session): Boolean = {
+  /**
   * Returns the list of all collaborator name and permission which is sorted with ascending order.
   * If a group is added as a collaborator, this method returns users who are belong to that group.
   */
  def getCollaboratorUserNames(userName: String, repositoryName: String, filter: Seq[Role] = Nil)(implicit s: Session): List[String] = {
    val q1 = Collaborators
      .innerJoin(Accounts).on { case (t1, t2) => (t1.collaboratorName === t2.userName) && (t2.groupAccount === false.bind) }
      .filter { case (t1, t2) => t1.byRepository(userName, repositoryName) }
      .map { case (t1, t2) => (t1.collaboratorName, t1.role) }
    val q2 = Collaborators
      .innerJoin(Accounts).on { case (t1, t2) => (t1.collaboratorName === t2.userName) && (t2.groupAccount === true.bind) }
      .innerJoin(GroupMembers).on { case ((t1, t2), t3) => t2.userName === t3.groupName }
      .filter { case ((t1, t2), t3) => t1.byRepository(userName, repositoryName) }
      .map { case ((t1, t2), t3) => (t3.userName, t1.role) }
    q1.union(q2).list.filter { x => filter.isEmpty || filter.exists(_.name == x._2) }.map(_._1)
  }
  def hasDeveloperRole(owner: String, repository: String, loginAccount: Option[Account])(implicit s: Session): Boolean = {
    loginAccount match {
      case Some(a) if(a.isAdmin) => true
      case Some(a) if(a.userName == owner) => true
-      case Some(a) if(getCollaborators(owner, repository).contains(a.userName)) => true
+      case Some(a) if(getGroupMembers(owner).exists(_.userName == a.userName)) => true
      case Some(a) if(getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN, Role.DEVELOPER)).contains(a.userName)) => true
      case _ => false
    }
  }
  def hasGuestRole(owner: String, repository: String, loginAccount: Option[Account])(implicit s: Session): Boolean = {
    loginAccount match {
      case Some(a) if(a.isAdmin) => true
      case Some(a) if(a.userName == owner) => true
      case Some(a) if(getGroupMembers(owner).exists(_.userName == a.userName)) => true
      case Some(a) if(getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN, Role.DEVELOPER, Role.GUEST)).contains(a.userName)) => true
      case _ => false
    }
  }
@@ -392,34 +423,68 @@ trait RepositoryService { self: AccountService =>
    }
    .sortBy(_.userName asc).map(t => t.userName -> t.repositoryName).list
  private val templateExtensions = Seq("md", "markdown")
  /**
    * Returns content of template set per repository.
    *
    * @param repository the repository information
    * @param fileBaseName the file basename without extension of template
    * @return The content of template if the repository has it, otherwise empty string.
   */
  def getContentTemplate(repository: RepositoryInfo, fileBaseName: String)(implicit s: Session): String = {
    val withExtFilenames = templateExtensions.map(extension => s"${fileBaseName.toLowerCase()}.${extension}")
    def choiceTemplate(files: List[FileInfo]): Option[FileInfo] =
      files.find { f =>
        f.name.toLowerCase() == fileBaseName
      }.orElse {
        files.find(f => withExtFilenames.contains(f.name.toLowerCase()))
      }
    // Get template file from project root. When didn't find, will lookup default folder.
    using(Git.open(Directory.getRepositoryDir(repository.owner, repository.name))) { git =>
      choiceTemplate(JGitUtil.getFileList(git, repository.repository.defaultBranch, ".")).orElse {
        choiceTemplate(JGitUtil.getFileList(git, repository.repository.defaultBranch, ".gitbucket"))
      }.map { file =>
        JGitUtil.getContentFromId(git, file.id, true).collect {
          case bytes if FileUtil.isText(bytes) => StringUtil.convertFromByteArray(bytes)
        }
      } getOrElse None
    } getOrElse ""
  }
 }
 object RepositoryService {
  case class RepositoryInfo(owner: String, name: String, repository: Repository,
-    issueCount: Int, pullCount: Int, commitCount: Int, forkedCount: Int,
+    issueCount: Int, pullCount: Int, forkedCount: Int,
    branchList: Seq[String], tags: Seq[JGitUtil.TagInfo], managers: Seq[String]) {
    /**
     * Creates instance with issue count and pull request count.
     */
    def this(repo: JGitUtil.RepositoryInfo, model: Repository, issueCount: Int, pullCount: Int, forkedCount: Int, managers: Seq[String]) =
-      this(
+      this(repo.owner, repo.name, model, issueCount, pullCount, forkedCount, repo.branchList, repo.tags, managers)
        repo.owner, repo.name, model,
        issueCount, pullCount, repo.commitCount, forkedCount,
        repo.branchList, repo.tags, managers)
    /**
     * Creates instance without issue count and pull request count.
     */
    def this(repo: JGitUtil.RepositoryInfo, model: Repository, 	forkedCount: Int, managers: Seq[String]) =
-      this(
+      this(repo.owner, repo.name, model, 0, 0, forkedCount, repo.branchList, repo.tags, managers)
        repo.owner, repo.name, model,
        0, 0, repo.commitCount, forkedCount,
        repo.branchList, repo.tags, managers)
    def httpUrl(implicit context: Context): String = RepositoryService.httpUrl(owner, name)
    def sshUrl(implicit context: Context): Option[String] = RepositoryService.sshUrl(owner, name)
    def splitPath(path: String): (String, String) = {
      val id = branchList.collectFirst {
        case branch if(path == branch || path.startsWith(branch + "/")) => branch
      } orElse tags.collectFirst {
        case tag if(path == tag.name || path.startsWith(tag.name + "/")) => tag.name
      } getOrElse path.split("/")(0)
      (id, path.substring(id.length).stripPrefix("/"))
    }
  }
  def httpUrl(owner: String, name: String)(implicit context: Context): String = s"${context.baseUrl}/git/${owner}/${name}.git"
--- a/src/main/scala/gitbucket/core/service/RequestCache.scala
+++ b/src/main/scala/gitbucket/core/service/RequestCache.scala
@@ -11,7 +11,7 @@ import Implicits.request2Session
 * It may be called many times in one request, so each method stores
 * its result into the cache which available during a request.
 */
-trait RequestCache extends SystemSettingsService with AccountService with IssuesService {
+trait RequestCache extends SystemSettingsService with AccountService with IssuesService with RepositoryService {
  private implicit def context2Session(implicit context: Context): Session =
    request2Session(context.request)
--- a/src/main/scala/gitbucket/core/service/SystemSettingsService.scala
+++ b/src/main/scala/gitbucket/core/service/SystemSettingsService.scala
@@ -32,6 +32,7 @@ trait SystemSettingsService {
          smtp.user.foreach(props.setProperty(SmtpUser, _))
          smtp.password.foreach(props.setProperty(SmtpPassword, _))
          smtp.ssl.foreach(x => props.setProperty(SmtpSsl, x.toString))
          smtp.starttls.foreach(x => props.setProperty(SmtpStarttls, x.toString))
          smtp.fromAddress.foreach(props.setProperty(SmtpFromAddress, _))
          smtp.fromName.foreach(props.setProperty(SmtpFromName, _))
        }
@@ -73,7 +74,7 @@ trait SystemSettingsService {
        getValue(props, AllowAccountRegistration, false),
        getValue(props, AllowAnonymousAccess, true),
        getValue(props, IsCreateRepoOptionPublic, true),
-        getValue(props, Gravatar, true),
+        getValue(props, Gravatar, false),
        getValue(props, Notification, false),
        getOptionValue[Int](props, ActivityLogLimit, None),
        getValue(props, Ssh, false),
@@ -87,6 +88,7 @@ trait SystemSettingsService {
            getOptionValue(props, SmtpUser, None),
            getOptionValue(props, SmtpPassword, None),
            getOptionValue[Boolean](props, SmtpSsl, None),
            getOptionValue[Boolean](props, SmtpStarttls, None),
            getOptionValue(props, SmtpFromAddress, None),
            getOptionValue(props, SmtpFromName, None)))
        } else {
@@ -168,6 +170,7 @@ object SystemSettingsService {
    user: Option[String],
    password: Option[String],
    ssl: Option[Boolean],
    starttls: Option[Boolean],
    fromAddress: Option[String],
    fromName: Option[String])
@@ -176,6 +179,9 @@ object SystemSettingsService {
    port:Int,
    genericUser:String)
  case class Lfs(
    serverUrl: Option[String])
  val DefaultSshPort = 29418
  val DefaultSmtpPort = 25
  val DefaultLdapPort = 389
@@ -197,6 +203,7 @@ object SystemSettingsService {
  private val SmtpUser = "smtp.user"
  private val SmtpPassword = "smtp.password"
  private val SmtpSsl = "smtp.ssl"
  private val SmtpStarttls = "smtp.starttls"
  private val SmtpFromAddress = "smtp.from_address"
  private val SmtpFromName = "smtp.from_name"
  private val LdapAuthentication = "ldap_authentication"
--- a/src/main/scala/gitbucket/core/service/WebHookService.scala
+++ b/src/main/scala/gitbucket/core/service/WebHookService.scala
@@ -1,10 +1,9 @@
 package gitbucket.core.service
 import java.io.ByteArrayInputStream
 import fr.brouillard.oss.security.xhub.XHub
-import fr.brouillard.oss.security.xhub.XHub.{XHubDigest, XHubConverter}
+import fr.brouillard.oss.security.xhub.XHub.{XHubConverter, XHubDigest}
 import gitbucket.core.api._
-import gitbucket.core.model.{WebHook, Account, Issue, PullRequest, IssueComment, WebHookEvent, CommitComment}
+import gitbucket.core.model.{Account, CommitComment, Issue, IssueComment, PullRequest, WebHook, WebHookEvent}
 import gitbucket.core.model.Profile._
 import org.apache.http.client.utils.URLEncodedUtils
 import profile.simple._
@@ -17,11 +16,13 @@ import org.apache.http.message.BasicNameValuePair
 import org.eclipse.jgit.api.Git
 import org.eclipse.jgit.lib.ObjectId
 import org.slf4j.LoggerFactory
 import scala.concurrent._
 import org.apache.http.HttpRequest
 import org.apache.http.HttpResponse
 import gitbucket.core.model.WebHookContentType
 import org.apache.http.client.entity.EntityBuilder
 import org.apache.http.entity.ContentType
 trait WebHookService {
@@ -33,15 +34,15 @@ trait WebHookService {
  def getWebHooks(owner: String, repository: String)(implicit s: Session): List[(WebHook, Set[WebHook.Event])] =
    WebHooks.filter(_.byRepository(owner, repository))
      .innerJoin(WebHookEvents).on { (w, t) => t.byWebHook(w) }
-      .map{ case (w,t) => w -> t.event }
+      .map { case (w,t) => w -> t.event }
      .list.groupBy(_._1).mapValues(_.map(_._2).toSet).toList.sortBy(_._1.url)
  /** get All WebHook informations of repository event */
  def getWebHooksByEvent(owner: String, repository: String, event: WebHook.Event)(implicit s: Session): List[WebHook] =
     WebHooks.filter(_.byRepository(owner, repository))
       .innerJoin(WebHookEvents).on { (wh, whe) => whe.byWebHook(wh) }
-       .filter{ case (wh, whe) => whe.event === event.bind}
+       .filter { case (wh, whe) => whe.event === event.bind}
-       .map{ case (wh, whe) => wh }
+       .map { case (wh, whe) => wh }
       .list.distinct
  /** get All WebHook information from repository to url */
@@ -49,12 +50,12 @@ trait WebHookService {
    WebHooks
      .filter(_.byPrimaryKey(owner, repository, url))
      .innerJoin(WebHookEvents).on { (w, t) => t.byWebHook(w) }
-      .map{ case (w,t) => w -> t.event }
+      .map { case (w,t) => w -> t.event }
      .list.groupBy(_._1).mapValues(_.map(_._2).toSet).headOption
  def addWebHook(owner: String, repository: String, url :String, events: Set[WebHook.Event], ctype: WebHookContentType, token: Option[String])(implicit s: Session): Unit = {
    WebHooks insert WebHook(owner, repository, url, ctype, token)
-    events.toSet.map{ event: WebHook.Event =>
+    events.map { event: WebHook.Event =>
      WebHookEvents insert WebHookEvent(owner, repository, url, event)
    }
  }
@@ -62,7 +63,7 @@ trait WebHookService {
  def updateWebHook(owner: String, repository: String, url :String, events: Set[WebHook.Event], ctype: WebHookContentType, token: Option[String])(implicit s: Session): Unit = {
    WebHooks.filter(_.byPrimaryKey(owner, repository, url)).map(w => (w.ctype, w.token)).update((ctype, token))
    WebHookEvents.filter(_.byWebHook(owner, repository, url)).delete
-    events.toSet.map{ event: WebHook.Event =>
+    events.map { event: WebHook.Event =>
      WebHookEvents insert WebHookEvent(owner, repository, url, event)
    }
  }
@@ -81,7 +82,7 @@ trait WebHookService {
  def callWebHook(event: WebHook.Event, webHooks: List[WebHook], payload: WebHookPayload)
                 (implicit c: JsonFormat.Context): List[(WebHook, String, Future[HttpRequest], Future[HttpResponse])] = {
    import org.apache.http.impl.client.HttpClientBuilder
-    import ExecutionContext.Implicits.global
+    import ExecutionContext.Implicits.global // TODO Shouldn't use the default execution context
    import org.apache.http.protocol.HttpContext
    import org.apache.http.client.methods.HttpPost
@@ -91,7 +92,7 @@ trait WebHookService {
      webHooks.map { webHook =>
        val reqPromise = Promise[HttpRequest]
        val f = Future {
-          val itcp = new org.apache.http.HttpRequestInterceptor{
+          val itcp = new org.apache.http.HttpRequestInterceptor {
            def process(res: HttpRequest, ctx: HttpContext): Unit = {
              reqPromise.success(res)
            }
@@ -118,7 +119,7 @@ trait WebHookService {
                }
              }
              case WebHookContentType.JSON => {
-            	  httpPost.setEntity(EntityBuilder.create().setText(json).build())
+            	  httpPost.setEntity(EntityBuilder.create().setContentType(ContentType.APPLICATION_JSON).setText(json).build())
                if (webHook.token.exists(_.trim.nonEmpty)) {
                  httpPost.addHeader("X-Hub-Signature", XHub.generateHeaderXHubToken(XHubConverter.HEXA_LOWERCASE, XHubDigest.SHA1, webHook.token.orNull, json.getBytes("UTF-8")))
                }
@@ -129,8 +130,8 @@ trait WebHookService {
            httpPost.releaseConnection()
            logger.debug(s"end web hook invocation for ${webHook}")
            res
-          }catch{
+          } catch {
-            case e:Throwable => {
+            case e: Throwable => {
              if(!reqPromise.isCompleted){
                reqPromise.failure(e)
              }
@@ -198,7 +199,9 @@ trait WebHookPullRequestService extends WebHookService {
          headOwner      = headOwner,
          baseRepository = repository,
          baseOwner      = baseOwner,
-          sender         = sender)
+          sender         = sender,
          mergedComment  = getMergedComment(repository.owner, repository.name, issueId)
        )
      }
    }
  }
@@ -237,7 +240,10 @@ trait WebHookPullRequestService extends WebHookService {
        headOwner      = headOwner,
        baseRepository = baseRepo,
        baseOwner      = baseOwner,
-        sender         = sender)
+        sender         = sender,
        mergedComment  = getMergedComment(baseRepo.owner, baseRepo.name, issue.issueId)
      )
      callWebHook(WebHook.PullRequest, webHooks, payload)
    }
  }
@@ -267,7 +273,9 @@ trait WebHookPullRequestReviewCommentService extends WebHookService {
          headOwner      = headOwner,
          baseRepository = repository,
          baseOwner      = baseOwner,
-          sender         = sender)
+          sender         = sender,
          mergedComment  = getMergedComment(repository.owner, repository.name, issue.issueId)
        )
      }
    }
  }
@@ -365,11 +373,21 @@ object WebHookService {
        headOwner: Account,
        baseRepository: RepositoryInfo,
        baseOwner: Account,
-        sender: Account): WebHookPullRequestPayload = {
+        sender: Account,
        mergedComment: Option[(IssueComment, Account)]): WebHookPullRequestPayload = {
      val headRepoPayload = ApiRepository(headRepository, headOwner)
      val baseRepoPayload = ApiRepository(baseRepository, baseOwner)
      val senderPayload = ApiUser(sender)
-      val pr = ApiPullRequest(issue, pullRequest, headRepoPayload, baseRepoPayload, ApiUser(issueUser))
+      val pr = ApiPullRequest(
        issue         = issue,
        pullRequest   = pullRequest,
        headRepo      = headRepoPayload,
        baseRepo      = baseRepoPayload,
        user          = ApiUser(issueUser),
        mergedComment = mergedComment
      )
      WebHookPullRequestPayload(
        action       = action,
        number       = issue.issueId,
@@ -389,7 +407,7 @@ object WebHookService {
    sender: ApiUser
  ) extends WebHookPayload
-  object WebHookIssueCommentPayload{
+  object WebHookIssueCommentPayload {
    def apply(
        issue: Issue,
        issueUser: Account,
@@ -415,7 +433,7 @@ object WebHookService {
    sender: ApiUser
  ) extends WebHookPayload
-  object WebHookPullRequestReviewCommentPayload{
+  object WebHookPullRequestReviewCommentPayload {
    def apply(
      action: String,
      comment: CommitComment,
@@ -426,15 +444,29 @@ object WebHookService {
      headOwner: Account,
      baseRepository: RepositoryInfo,
      baseOwner: Account,
-        sender: Account
+      sender: Account,
      mergedComment: Option[(IssueComment, Account)]
    ) : WebHookPullRequestReviewCommentPayload = {
      val headRepoPayload = ApiRepository(headRepository, headOwner)
      val baseRepoPayload = ApiRepository(baseRepository, baseOwner)
      val senderPayload = ApiUser(sender)
      WebHookPullRequestReviewCommentPayload(
        action       = action,
-        comment = ApiPullRequestReviewComment(comment, senderPayload, RepositoryName(baseRepository), issue.issueId),
+        comment      = ApiPullRequestReviewComment(
-        pull_request = ApiPullRequest(issue, pullRequest, headRepoPayload, baseRepoPayload, ApiUser(issueUser)),
+          comment        = comment,
          commentedUser  = senderPayload,
          repositoryName = RepositoryName(baseRepository),
          issueId        = issue.issueId
        ),
        pull_request = ApiPullRequest(
          issue         = issue,
          pullRequest   = pullRequest,
          headRepo      = headRepoPayload,
          baseRepo      = baseRepoPayload,
          user          = ApiUser(issueUser),
          mergedComment = mergedComment
        ),
        repository   = baseRepoPayload,
        sender       = senderPayload)
    }
--- a/src/main/scala/gitbucket/core/servlet/AccessTokenAuthenticationFilter.scala
+++ b/src/main/scala/gitbucket/core/servlet/AccessTokenAuthenticationFilter.scala
@@ -4,15 +4,12 @@ import javax.servlet._
 import javax.servlet.http.{HttpServletRequest, HttpServletResponse}
 import gitbucket.core.model.Account
-import gitbucket.core.service.AccessTokenService
+import gitbucket.core.service.SystemSettingsService.SystemSettings
-import gitbucket.core.util.Keys
+import gitbucket.core.service.{AccessTokenService, AccountService, SystemSettingsService}
-
+import gitbucket.core.util.{AuthUtil, Keys}
 import org.scalatra.servlet.ServletApiImplicits._
 import org.scalatra._
-class AccessTokenAuthenticationFilter extends Filter with AccessTokenService {
+class ApiAuthenticationFilter extends Filter with AccessTokenService with AccountService with SystemSettingsService {
  private val tokenHeaderPrefix = "token "
  override def init(filterConfig: FilterConfig): Unit = {}
@@ -23,9 +20,9 @@ class AccessTokenAuthenticationFilter extends Filter with AccessTokenService {
    implicit val session = req.getAttribute(Keys.Request.DBSession).asInstanceOf[slick.jdbc.JdbcBackend#Session]
    val response = res.asInstanceOf[HttpServletResponse]
    Option(request.getHeader("Authorization")).map{
-      case auth if auth.startsWith("token ") => AccessTokenService.getAccountByAccessToken(auth.substring(6).trim).toRight(Unit)
+      case auth if auth.startsWith("token ") => AccessTokenService.getAccountByAccessToken(auth.substring(6).trim).toRight(())
-      // TODO Basic Authentication Support
+      case auth if auth.startsWith("Basic ") => doBasicAuth(auth, loadSystemSettings(), request).toRight(())
-      case _ => Left(Unit)
+      case _ => Left(())
    }.orElse{
      Option(request.getSession.getAttribute(Keys.Session.LoginAccount).asInstanceOf[Account]).map(Right(_))
    } match {
@@ -40,4 +37,10 @@ class AccessTokenAuthenticationFilter extends Filter with AccessTokenService {
      }
    }
  }
  def doBasicAuth(auth: String, settings: SystemSettings, request: HttpServletRequest): Option[Account] = {
    implicit val session = request.getAttribute(Keys.Request.DBSession).asInstanceOf[slick.jdbc.JdbcBackend#Session]
    val Array(username, password) = AuthUtil.decodeAuthHeader(auth).split(":", 2)
    authenticate(settings, username, password)
  }
 }
--- a/src/main/scala/gitbucket/core/servlet/GHCompatRepositoryAccessFilter.scala
+++ b/src/main/scala/gitbucket/core/servlet/GHCompatRepositoryAccessFilter.scala
@@ -0,0 +1,36 @@
 package gitbucket.core.servlet
 import javax.servlet._
 import javax.servlet.http.{HttpServletRequest, HttpServletResponse}
 import gitbucket.core.service.SystemSettingsService
 /**
  * A controller to provide GitHub compatible URL for Git clients.
  */
 class GHCompatRepositoryAccessFilter extends Filter with SystemSettingsService {
  /**
    * Pattern of GitHub compatible repository URL.
    * <code>/:user/:repo.git/</code>
    */
  private val githubRepositoryPattern = """^/[^/]+/[^/]+\.git/.*""".r
  override def init(filterConfig: FilterConfig) = {}
  override def doFilter(req: ServletRequest, res: ServletResponse, chain: FilterChain) = {
    implicit val request  = req.asInstanceOf[HttpServletRequest]
    val response = res.asInstanceOf[HttpServletResponse]
    val requestPath = request.getRequestURI.substring(request.getContextPath.length)
    requestPath match {
      case githubRepositoryPattern() =>
        response.sendRedirect(baseUrl + "/git" + requestPath)
      case _ =>
        chain.doFilter(req, res)
    }
  }
  override def destroy() = {}
 }
--- a/src/main/scala/gitbucket/core/servlet/BasicAuthenticationFilter.scala
+++ b/src/main/scala/gitbucket/core/servlet/BasicAuthenticationFilter.scala
@@ -5,16 +5,16 @@ import javax.servlet.http._
 import gitbucket.core.plugin.{GitRepositoryFilter, GitRepositoryRouting, PluginRegistry}
 import gitbucket.core.service.SystemSettingsService.SystemSettings
 import gitbucket.core.service.{RepositoryService, AccountService, SystemSettingsService}
-import gitbucket.core.util.{Keys, Implicits}
+import gitbucket.core.util.{Keys, Implicits, AuthUtil}
 import org.slf4j.LoggerFactory
 import Implicits._
 /**
 * Provides BASIC Authentication for [[GitRepositoryServlet]].
 */
-class BasicAuthenticationFilter extends Filter with RepositoryService with AccountService with SystemSettingsService {
+class GitAuthenticationFilter extends Filter with RepositoryService with AccountService with SystemSettingsService {
-  private val logger = LoggerFactory.getLogger(classOf[BasicAuthenticationFilter])
+  private val logger = LoggerFactory.getLogger(classOf[GitAuthenticationFilter])
  def init(config: FilterConfig) = {}
@@ -43,7 +43,7 @@ class BasicAuthenticationFilter extends Filter with RepositoryService with Accou
    } catch {
      case ex: Exception => {
        logger.error("error", ex)
-        requireAuth(response)
+        AuthUtil.requireAuth(response)
      }
    }
  }
@@ -54,7 +54,7 @@ class BasicAuthenticationFilter extends Filter with RepositoryService with Accou
    val account = for {
      auth <- Option(request.getHeader("Authorization"))
-      Array(username, password) = decodeAuthHeader(auth).split(":", 2)
+      Array(username, password) = AuthUtil.decodeAuthHeader(auth).split(":", 2)
      account <- authenticate(settings, username, password)
    } yield {
      request.setAttribute(Keys.Request.UserName, account.userName)
@@ -64,61 +64,53 @@ class BasicAuthenticationFilter extends Filter with RepositoryService with Accou
    if(filter.filter(request.gitRepositoryPath, account.map(_.userName), settings, isUpdating)){
      chain.doFilter(request, response)
    } else {
-      requireAuth(response)
+      AuthUtil.requireAuth(response)
    }
  }
  private def defaultRepository(request: HttpServletRequest, response: HttpServletResponse, chain: FilterChain,
                                settings: SystemSettings, isUpdating: Boolean): Unit = {
-    implicit val r = request
+    val action = request.paths match {
    request.paths match {
      case Array(_, repositoryOwner, repositoryName, _*) =>
        Database() withSession { implicit session =>
          getRepository(repositoryOwner, repositoryName.replaceFirst("\\.wiki\\.git$|\\.git$", "")) match {
            case Some(repository) => {
-            if(!isUpdating && !repository.repository.isPrivate && settings.allowAnonymousAccess){
+              val execute = if (!isUpdating && !repository.repository.isPrivate && settings.allowAnonymousAccess) {
-              chain.doFilter(request, response)
+                // Authentication is not required
                true
              } else {
                // Authentication is required
                val passed = for {
                  auth <- Option(request.getHeader("Authorization"))
-                Array(username, password) = decodeAuthHeader(auth).split(":", 2)
+                  Array(username, password) = AuthUtil.decodeAuthHeader(auth).split(":", 2)
                  account <- authenticate(settings, username, password)
-              } yield if(isUpdating || repository.repository.isPrivate){
+                } yield if (isUpdating || repository.repository.isPrivate) {
-                  if(hasWritePermission(repository.owner, repository.name, Some(account))){
+                  if (hasDeveloperRole(repository.owner, repository.name, Some(account))) {
                    request.setAttribute(Keys.Request.UserName, account.userName)
                    true
                  } else false
                } else true
                passed.getOrElse(false)
              }
-              if(passed.getOrElse(false)){
+              if (execute) {
-                chain.doFilter(request, response)
+                () => chain.doFilter(request, response)
              } else {
-                requireAuth(response)
+                () => AuthUtil.requireAuth(response)
              }
            }
-          }
+            case None => () => {
          case None => {
              logger.debug(s"Repository ${repositoryOwner}/${repositoryName} is not found.")
              response.sendError(HttpServletResponse.SC_NOT_FOUND)
            }
          }
-      case _ => {
+        }
      case _ => () => {
        logger.debug(s"Not enough path arguments: ${request.paths}")
        response.sendError(HttpServletResponse.SC_NOT_FOUND)
      }
    }
  }
-  private def requireAuth(response: HttpServletResponse): Unit = {
+    action()
    response.setHeader("WWW-Authenticate", "BASIC realm=\"GitBucket\"")
    response.sendError(HttpServletResponse.SC_UNAUTHORIZED)
  }
  private def decodeAuthHeader(header: String): String = {
    try {
      new String(new sun.misc.BASE64Decoder().decodeBuffer(header.substring(6)))
    } catch {
      case _: Throwable => ""
    }
  }
 }
--- a/src/main/scala/gitbucket/core/servlet/GitLfsTransferServlet.scala
+++ b/src/main/scala/gitbucket/core/servlet/GitLfsTransferServlet.scala
@@ -0,0 +1,83 @@
 package gitbucket.core.servlet
 import java.io.{File, FileInputStream, FileOutputStream}
 import java.text.MessageFormat
 import javax.servlet.http.{HttpServlet, HttpServletRequest, HttpServletResponse}
 import gitbucket.core.util.{FileUtil, StringUtil}
 import org.apache.commons.io.{FileUtils, IOUtils}
 import org.json4s.jackson.Serialization._
 import org.apache.http.HttpStatus
 import gitbucket.core.util.ControlUtil._
 /**
 * Provides GitLFS Transfer API
 * https://github.com/git-lfs/git-lfs/blob/master/docs/api/basic-transfers.md
 */
 class GitLfsTransferServlet extends HttpServlet {
  private implicit val jsonFormats = gitbucket.core.api.JsonFormat.jsonFormats
  private val LongObjectIdLength = 32
  private val LongObjectIdStringLength = LongObjectIdLength * 2
  override protected def doGet(req: HttpServletRequest, res: HttpServletResponse): Unit = {
    for {
      (owner, repository, oid) <- getPathInfo(req, res) if checkToken(req, oid)
    } yield {
      val file = new File(FileUtil.getLfsFilePath(owner, repository, oid))
      if(file.exists()){
        res.setStatus(HttpStatus.SC_OK)
        res.setContentType("application/octet-stream")
        res.setContentLength(file.length.toInt)
        using(new FileInputStream(file), res.getOutputStream){ (in, out) =>
          IOUtils.copy(in, out)
          out.flush()
        }
      } else {
        sendError(res, HttpStatus.SC_NOT_FOUND,
          MessageFormat.format("Object ''{0}'' not found", oid))
      }
    }
  }
  override protected def doPut(req: HttpServletRequest, res: HttpServletResponse): Unit = {
    for {
      (owner, repository, oid) <- getPathInfo(req, res) if checkToken(req, oid)
    } yield {
      val file = new File(FileUtil.getLfsFilePath(owner, repository, oid))
      FileUtils.forceMkdir(file.getParentFile)
      using(req.getInputStream, new FileOutputStream(file)){ (in, out) =>
        IOUtils.copy(in, out)
      }
      res.setStatus(HttpStatus.SC_OK)
    }
  }
  private def checkToken(req: HttpServletRequest, oid: String): Boolean = {
    val token = req.getHeader("Authorization")
    if(token != null){
      val Array(expireAt, targetOid) = StringUtil.decodeBlowfish(token).split(" ")
      oid == targetOid && expireAt.toLong > System.currentTimeMillis
    } else {
      false
    }
  }
  private def getPathInfo(req: HttpServletRequest, res: HttpServletResponse): Option[(String, String, String)] = {
    req.getRequestURI.substring(1).split("/") match {
      case Array(_, owner, repository, oid) => Some((owner, repository, oid))
      case _ => None
    }
  }
  private def sendError(res: HttpServletResponse, status: Int, message: String): Unit = {
    res.setStatus(status)
    using(res.getWriter()){ out =>
      out.write(write(GitLfs.Error(message)))
      out.flush()
    }
  }
 }
--- a/src/main/scala/gitbucket/core/servlet/GitRepositoryServlet.scala
+++ b/src/main/scala/gitbucket/core/servlet/GitRepositoryServlet.scala
@@ -1,9 +1,10 @@
 package gitbucket.core.servlet
 import java.io.File
 import java.util.Date
 import gitbucket.core.api
-import gitbucket.core.model.{Session, WebHook}
+import gitbucket.core.model.WebHook
 import gitbucket.core.plugin.{GitRepositoryRouting, PluginRegistry}
 import gitbucket.core.service.IssuesService.IssueSearchCondition
 import gitbucket.core.service.WebHookService._
@@ -11,27 +12,28 @@ import gitbucket.core.service._
 import gitbucket.core.util.ControlUtil._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util._
 import org.eclipse.jgit.api.Git
 import org.eclipse.jgit.http.server.GitServlet
 import org.eclipse.jgit.lib._
 import org.eclipse.jgit.transport._
 import org.eclipse.jgit.transport.resolver._
 import org.slf4j.LoggerFactory
 import javax.servlet.ServletConfig
-import javax.servlet.http.{HttpServletResponse, HttpServletRequest}
+import javax.servlet.http.{HttpServletRequest, HttpServletResponse}
 import org.json4s.jackson.Serialization._
 /**
 * Provides Git repository via HTTP.
 * 
 * This servlet provides only Git repository functionality.
- * Authentication is provided by [[BasicAuthenticationFilter]].
+ * Authentication is provided by [[GitAuthenticationFilter]].
 */
 class GitRepositoryServlet extends GitServlet with SystemSettingsService {
  private val logger = LoggerFactory.getLogger(classOf[GitRepositoryServlet])
  private implicit val jsonFormats = gitbucket.core.api.JsonFormat.jsonFormats
  override def init(config: ServletConfig): Unit = {
    setReceivePackFactory(new GitBucketReceivePackFactory())
@@ -45,15 +47,73 @@ class GitRepositoryServlet extends GitServlet with SystemSettingsService {
  override def service(req: HttpServletRequest, res: HttpServletResponse): Unit = {
    val agent = req.getHeader("USER-AGENT")
    val index = req.getRequestURI.indexOf(".git")
-    if(index >= 0 && (agent == null || agent.toLowerCase.indexOf("git/") < 0)){
+    if(index >= 0 && (agent == null || agent.toLowerCase.indexOf("git") < 0)){
      // redirect for browsers
      val paths = req.getRequestURI.substring(0, index).split("/")
      res.sendRedirect(baseUrl(req) + "/" + paths.dropRight(1).last + "/" + paths.last)
    } else if(req.getMethod.toUpperCase == "POST" && req.getRequestURI.endsWith("/info/lfs/objects/batch")){
      serviceGitLfsBatchAPI(req, res)
    } else {
      // response for git client
      super.service(req, res)
    }
  }
  /**
   * Provides GitLFS Batch API
   * https://github.com/git-lfs/git-lfs/blob/master/docs/api/batch.md
   */
  protected def serviceGitLfsBatchAPI(req: HttpServletRequest, res: HttpServletResponse): Unit = {
    val batchRequest = read[GitLfs.BatchRequest](req.getInputStream)
    val settings = loadSystemSettings()
    settings.baseUrl match {
      case None => {
        throw new IllegalStateException("lfs.server_url is not configured.")
      }
      case Some(baseUrl) => {
        req.getRequestURI.substring(1).replace(".git/", "/").split("/") match {
          case Array(_, owner, repository, _*) => {
            val timeout = System.currentTimeMillis + (60000 * 10) // 10 min.
            val batchResponse = batchRequest.operation match {
                case "upload" =>
                  GitLfs.BatchUploadResponse("basic", batchRequest.objects.map { requestObject =>
                    GitLfs.BatchResponseObject(requestObject.oid, requestObject.size, true,
                      GitLfs.Actions(
                        upload = Some(GitLfs.Action(
                          href = baseUrl + "/git-lfs/" + owner + "/" + repository + "/" + requestObject.oid,
                          header = Map("Authorization" -> StringUtil.encodeBlowfish(timeout + " " + requestObject.oid)),
                          expires_at = new Date(timeout)
                        ))
                      )
                    )
                  })
                case "download" =>
                  GitLfs.BatchUploadResponse("basic", batchRequest.objects.map { requestObject =>
                    GitLfs.BatchResponseObject(requestObject.oid, requestObject.size, true,
                      GitLfs.Actions(
                        download = Some(GitLfs.Action(
                          href = baseUrl + "/git-lfs/" + owner + "/" + repository + "/" + requestObject.oid,
                          header = Map("Authorization" -> StringUtil.encodeBlowfish(timeout + " " + requestObject.oid)),
                          expires_at = new Date(timeout)
                        ))
                      )
                    )
                  })
            }
            res.setContentType("application/vnd.git-lfs+json")
            using(res.getWriter){ out =>
              out.print(write(batchResponse))
              out.flush()
            }
          }
        }
      }
    }
  }
 }
 class GitBucketRepositoryResolver(parent: FileResolver[HttpServletRequest]) extends RepositoryResolver[HttpServletRequest] {
@@ -107,15 +167,16 @@ class GitBucketReceivePackFactory extends ReceivePackFactory[HttpServletRequest]
 import scala.collection.JavaConverters._
-class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl: String)(implicit session: Session)
+class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl: String)/*(implicit session: Session)*/
  extends PostReceiveHook with PreReceiveHook
  with RepositoryService with AccountService with IssuesService with ActivityService with PullRequestService with WebHookService
-  with WebHookPullRequestService with ProtectedBranchService {
+  with WebHookPullRequestService with CommitsService {
  private val logger = LoggerFactory.getLogger(classOf[CommitLogHook])
  private var existIds: Seq[String] = Nil
  def onPreReceive(receivePack: ReceivePack, commands: java.util.Collection[ReceiveCommand]): Unit = {
    Database() withTransaction { implicit session =>
      try {
        commands.asScala.foreach { command =>
          // call pre-commit hook
@@ -135,10 +196,14 @@ class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl:
        }
      }
    }
  }
  def onPostReceive(receivePack: ReceivePack, commands: java.util.Collection[ReceiveCommand]): Unit = {
    Database() withTransaction { implicit session =>
      try {
        using(Git.open(Directory.getRepositoryDir(owner, repository))) { git =>
          JGitUtil.removeCache(git)
          val pushedIds = scala.collection.mutable.Set[String]()
          commands.asScala.foreach { command =>
            logger.debug(s"commandType: ${command.getType}, refName: ${command.getRefName}")
@@ -169,7 +234,7 @@ class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl:
                  pushedIds.add(commit.id)
                  createIssueComment(owner, repository, commit)
                  // close issues
-                if(refName(1) == "heads" && branchName == defaultBranch && command.getType == ReceiveCommand.Type.UPDATE){
+                  if (refName(1) == "heads" && branchName == defaultBranch && command.getType == ReceiveCommand.Type.UPDATE) {
                    closeIssuesFromMessage(commit.fullMessage, pusher, owner, repository)
                  }
                }
@@ -178,14 +243,14 @@ class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl:
            }
            // record activity
-          if(refName(1) == "heads"){
+            if (refName(1) == "heads") {
              command.getType match {
                case ReceiveCommand.Type.CREATE => recordCreateBranchActivity(owner, repository, pusher, branchName)
                case ReceiveCommand.Type.UPDATE => recordPushActivity(owner, repository, pusher, branchName, newCommits)
                case ReceiveCommand.Type.DELETE => recordDeleteBranchActivity(owner, repository, pusher, branchName)
                case _ =>
              }
-          } else if(refName(1) == "tags"){
+            } else if (refName(1) == "tags") {
              command.getType match {
                case ReceiveCommand.Type.CREATE => recordCreateTagActivity(owner, repository, pusher, branchName, newCommits)
                case ReceiveCommand.Type.DELETE => recordDeleteTagActivity(owner, repository, pusher, branchName, newCommits)
@@ -193,13 +258,13 @@ class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl:
              }
            }
-          if(refName(1) == "heads"){
+            if (refName(1) == "heads") {
              command.getType match {
                case ReceiveCommand.Type.CREATE |
                     ReceiveCommand.Type.UPDATE |
                     ReceiveCommand.Type.UPDATE_NONFASTFORWARD =>
                  updatePullRequests(owner, repository, branchName)
-                getAccountByUserName(pusher).map{ pusherAccount =>
+                  getAccountByUserName(pusher).map { pusherAccount =>
                    callPullRequestWebHookByRequestBranch("synchronize", repositoryInfo, branchName, baseUrl, pusherAccount)
                  }
                case _ =>
@@ -207,8 +272,8 @@ class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl:
            }
            // call web hook
-          callWebHookOf(owner, repository, WebHook.Push){
+            callWebHookOf(owner, repository, WebHook.Push) {
-            for(pusherAccount <- getAccountByUserName(pusher);
+              for (pusherAccount <- getAccountByUserName(pusher);
                   ownerAccount <- getAccountByUserName(owner)) yield {
                WebHookPushPayload(git, pusherAccount, command.getRefName, repositoryInfo, newCommits, ownerAccount,
                  newId = command.getNewId(), oldId = command.getOldId())
@@ -228,5 +293,48 @@ class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl:
        }
      }
    }
  }
 }
 object GitLfs {
  case class BatchRequest(
    operation: String,
    transfers: Seq[String],
    objects: Seq[BatchRequestObject]
  )
  case class BatchRequestObject(
    oid: String,
    size: Long
  )
  case class BatchUploadResponse(
    transfer: String,
    objects: Seq[BatchResponseObject]
  )
  case class BatchResponseObject(
    oid: String,
    size: Long,
    authenticated: Boolean,
    actions: Actions
  )
  case class Actions(
    download: Option[Action] = None,
    upload: Option[Action] = None
  )
  case class Action(
    href: String,
    header: Map[String, String] = Map.empty,
    expires_at: Date
  )
  case class Error(
    message: String
  )
 }
--- a/src/main/scala/gitbucket/core/servlet/InitializeListener.scala
+++ b/src/main/scala/gitbucket/core/servlet/InitializeListener.scala
@@ -17,6 +17,7 @@ import org.apache.commons.io.FileUtils
 import org.slf4j.LoggerFactory
 import akka.actor.{Actor, Props, ActorSystem}
 import com.typesafe.akka.extension.quartz.QuartzSchedulerExtension
 import scala.collection.JavaConverters._
 /**
 * Initialize GitBucket system.
@@ -35,6 +36,7 @@ class InitializeListener extends ServletContextListener with SystemSettingsServi
    Database() withTransaction { session =>
      val conn = session.conn
      val manager = new JDBCVersionManager(conn)
      // Check version
      val versionFile = new File(GitBucketHome, "version")
@@ -56,9 +58,8 @@ class InitializeListener extends ServletContextListener with SystemSettingsServi
          }
          // Change form
          val manager = new JDBCVersionManager(conn)
          manager.initialize()
-          manager.updateVersion(GitBucketCoreModule.getModuleId, "4.0")
+          manager.updateVersion(GitBucketCoreModule.getModuleId, "4.0.0")
          conn.select("SELECT PLUGIN_ID, VERSION FROM PLUGIN"){ rs =>
            manager.updateVersion(rs.getString("PLUGIN_ID"), rs.getString("VERSION"))
          }
@@ -77,6 +78,19 @@ class InitializeListener extends ServletContextListener with SystemSettingsServi
      val solidbase = new Solidbase()
      solidbase.migrate(conn, Thread.currentThread.getContextClassLoader, DatabaseConfig.liquiDriver, GitBucketCoreModule)
      // Rescue code for users who updated from 3.14 to 4.0.0
      // https://github.com/gitbucket/gitbucket/issues/1227
      val currentVersion = manager.getCurrentVersion(GitBucketCoreModule.getModuleId)
      val databaseVersion = if(currentVersion == "4.0"){
        manager.updateVersion(GitBucketCoreModule.getModuleId, "4.0.0")
        "4.0.0"
      } else currentVersion
      val gitbucketVersion = GitBucketCoreModule.getVersions.asScala.last.getVersion
      if(databaseVersion != gitbucketVersion){
        throw new IllegalStateException(s"Initialization failed. GitBucket version is ${gitbucketVersion}, but database version is ${databaseVersion}.")
      }
      // Load plugins
      logger.info("Initialize plugins")
      PluginRegistry.initialize(event.getServletContext, loadSystemSettings(), conn)
--- a/src/main/scala/gitbucket/core/servlet/PluginAssetsServlet.scala
+++ b/src/main/scala/gitbucket/core/servlet/PluginAssetsServlet.scala
@@ -0,0 +1,39 @@
 package gitbucket.core.servlet
 import javax.servlet.http.{HttpServlet, HttpServletRequest, HttpServletResponse}
 import gitbucket.core.plugin.PluginRegistry
 import gitbucket.core.util.FileUtil
 import org.apache.commons.io.IOUtils
 /**
 * Supply assets which are provided by plugins.
 */
 class PluginAssetsServlet extends HttpServlet {
  override def doGet(req: HttpServletRequest, resp: HttpServletResponse): Unit = {
    val assetsMappings = PluginRegistry().getAssetsMappings
    val path = req.getRequestURI.substring(req.getContextPath.length)
    assetsMappings
      .find    { case (prefix, _, _) => path.startsWith("/plugin-assets" + prefix) }
      .flatMap { case (prefix, resourcePath, classLoader) =>
        val resourceName = path.substring(("/plugin-assets" + prefix).length)
        Option(classLoader.getResourceAsStream(resourcePath.replaceFirst("^/", "") + resourceName))
      }
      .map { in =>
        try {
          val bytes = IOUtils.toByteArray(in)
          resp.setContentLength(bytes.length)
          resp.setContentType(FileUtil.getContentType(path, bytes))
          resp.getOutputStream.write(bytes)
        } finally {
          in.close()
        }
      }
      .getOrElse {
        resp.setStatus(404)
      }
  }
 }
--- a/src/main/scala/gitbucket/core/servlet/TransactionFilter.scala
+++ b/src/main/scala/gitbucket/core/servlet/TransactionFilter.scala
@@ -21,8 +21,9 @@ class TransactionFilter extends Filter {
  def destroy(): Unit = {}
  def doFilter(req: ServletRequest, res: ServletResponse, chain: FilterChain): Unit = {
-    if(req.asInstanceOf[HttpServletRequest].getServletPath().startsWith("/assets/")){
+    val servletPath = req.asInstanceOf[HttpServletRequest].getServletPath()
-      // assets don't need transaction
+    if(servletPath.startsWith("/assets/")  || servletPath == "/git" || servletPath == "/git-lfs"){
      // assets and git-lfs don't need transaction
      chain.doFilter(req, res)
    } else {
      Database() withTransaction { session =>
@@ -52,6 +53,13 @@ object Database {
    config.setJdbcUrl(DatabaseConfig.url)
    config.setUsername(DatabaseConfig.user)
    config.setPassword(DatabaseConfig.password)
    config.setAutoCommit(false)
    DatabaseConfig.connectionTimeout.foreach(config.setConnectionTimeout)
    DatabaseConfig.idleTimeout.foreach(config.setIdleTimeout)
    DatabaseConfig.maxLifetime.foreach(config.setMaxLifetime)
    DatabaseConfig.minimumIdle.foreach(config.setMinimumIdle)
    DatabaseConfig.maximumPoolSize.foreach(config.setMaximumPoolSize)
    logger.debug("load database connection pool")
    new HikariDataSource(config)
  }
--- a/src/main/scala/gitbucket/core/ssh/GitCommand.scala
+++ b/src/main/scala/gitbucket/core/ssh/GitCommand.scala
@@ -13,7 +13,7 @@ import ControlUtil._
 import org.eclipse.jgit.api.Git
 import Directory._
 import org.eclipse.jgit.transport.{ReceivePack, UploadPack}
-import org.apache.sshd.server.command.UnknownCommand
+import org.apache.sshd.server.scp.UnknownCommand
 import org.eclipse.jgit.errors.RepositoryNotFoundException
 object GitCommand {
@@ -30,13 +30,12 @@ abstract class GitCommand extends Command with SessionAware {
  @volatile protected var callback: ExitCallback = null
  @volatile private var authUser:Option[String] = None
-  protected def runTask(authUser: String)(implicit session: Session): Unit
+  protected def runTask(authUser: String): Unit
  private def newTask(): Runnable = new Runnable {
    override def run(): Unit = {
      authUser match {
        case Some(authUser) =>
          Database() withSession { implicit session =>
          try {
            runTask(authUser)
            callback.onExit(0)
@@ -48,7 +47,6 @@ abstract class GitCommand extends Command with SessionAware {
              logger.error(e.getMessage, e)
              callback.onExit(1)
          }
          }
        case None =>
          val message = "User not authenticated"
          logger.error(message)
@@ -92,7 +90,7 @@ abstract class DefaultGitCommand(val owner: String, val repoName: String) extend
  protected def isWritableUser(username: String, repositoryInfo: RepositoryService.RepositoryInfo)
                              (implicit session: Session): Boolean =
    getAccountByUserName(username) match {
-      case Some(account) => hasWritePermission(repositoryInfo.owner, repositoryInfo.name, Some(account))
+      case Some(account) => hasDeveloperRole(repositoryInfo.owner, repositoryInfo.name, Some(account))
      case None => false
    }
@@ -102,9 +100,14 @@ abstract class DefaultGitCommand(val owner: String, val repoName: String) extend
 class DefaultGitUploadPack(owner: String, repoName: String) extends DefaultGitCommand(owner, repoName)
    with RepositoryService with AccountService {
-  override protected def runTask(user: String)(implicit session: Session): Unit = {
+  override protected def runTask(user: String): Unit = {
-    getRepository(owner, repoName.replaceFirst("\\.wiki\\Z", "")).foreach { repositoryInfo =>
+    val execute = Database() withSession { implicit session =>
-      if(!repositoryInfo.repository.isPrivate || isWritableUser(user, repositoryInfo)){
+      getRepository(owner, repoName.replaceFirst("\\.wiki\\Z", "")).map { repositoryInfo =>
        !repositoryInfo.repository.isPrivate || isWritableUser(user, repositoryInfo)
      }.getOrElse(false)
    }
    if(execute){
      using(Git.open(getRepositoryDir(owner, repoName))) { git =>
        val repository = git.getRepository
        val upload = new UploadPack(repository)
@@ -112,19 +115,23 @@ class DefaultGitUploadPack(owner: String, repoName: String) extends DefaultGitCo
      }
    }
  }
  }
 }
 class DefaultGitReceivePack(owner: String, repoName: String, baseUrl: String) extends DefaultGitCommand(owner, repoName)
    with RepositoryService with AccountService {
-  override protected def runTask(user: String)(implicit session: Session): Unit = {
+  override protected def runTask(user: String): Unit = {
-    getRepository(owner, repoName.replaceFirst("\\.wiki\\Z", "")).foreach { repositoryInfo =>
+    val execute = Database() withSession { implicit session =>
-      if(isWritableUser(user, repositoryInfo)){
+      getRepository(owner, repoName.replaceFirst("\\.wiki\\Z", "")).map { repositoryInfo =>
        isWritableUser(user, repositoryInfo)
      }.getOrElse(false)
    }
    if(execute) {
      using(Git.open(getRepositoryDir(owner, repoName))) { git =>
        val repository = git.getRepository
        val receive = new ReceivePack(repository)
-          if(!repoName.endsWith(".wiki")){
+        if (!repoName.endsWith(".wiki")) {
          val hook = new CommitLogHook(owner, repoName, user, baseUrl)
          receive.setPreReceiveHook(hook)
          receive.setPostReceiveHook(hook)
@@ -133,14 +140,17 @@ class DefaultGitReceivePack(owner: String, repoName: String, baseUrl: String) ex
      }
    }
  }
  }
 }
 class PluginGitUploadPack(repoName: String, routing: GitRepositoryRouting) extends GitCommand
    with SystemSettingsService {
-  override protected def runTask(user: String)(implicit session: Session): Unit = {
+  override protected def runTask(user: String): Unit = {
-    if(routing.filter.filter("/" + repoName, Some(user), loadSystemSettings(), false)){
+    val execute = Database() withSession { implicit session =>
      routing.filter.filter("/" + repoName, Some(user), loadSystemSettings(), false)
    }
    if(execute){
      val path = routing.urlPattern.r.replaceFirstIn(repoName, routing.localPath)
      using(Git.open(new File(Directory.GitBucketHome, path))){ git =>
        val repository = git.getRepository
@@ -154,8 +164,11 @@ class PluginGitUploadPack(repoName: String, routing: GitRepositoryRouting) exten
 class PluginGitReceivePack(repoName: String, routing: GitRepositoryRouting) extends GitCommand
    with SystemSettingsService {
-  override protected def runTask(user: String)(implicit session: Session): Unit = {
+  override protected def runTask(user: String): Unit = {
-    if(routing.filter.filter("/" + repoName, Some(user), loadSystemSettings(), true)){
+    val execute = Database() withSession { implicit session =>
      routing.filter.filter("/" + repoName, Some(user), loadSystemSettings(), true)
    }
    if(execute){
      val path = routing.urlPattern.r.replaceFirstIn(repoName, routing.localPath)
      using(Git.open(new File(Directory.GitBucketHome, path))){ git =>
        val repository = git.getRepository
--- a/src/main/scala/gitbucket/core/ssh/NoShell.scala
+++ b/src/main/scala/gitbucket/core/ssh/NoShell.scala
@@ -1,6 +1,5 @@
 package gitbucket.core.ssh
 import gitbucket.core.service.SystemSettingsService
 import gitbucket.core.service.SystemSettingsService.SshAddress
 import org.apache.sshd.common.Factory
 import org.apache.sshd.server.{Environment, ExitCallback, Command}
--- a/src/main/scala/gitbucket/core/ssh/PublicKeyAuthenticator.scala
+++ b/src/main/scala/gitbucket/core/ssh/PublicKeyAuthenticator.scala
@@ -2,17 +2,16 @@ package gitbucket.core.ssh
 import java.security.PublicKey
 import gitbucket.core.model.SshKey
 import gitbucket.core.service.SshKeyService
 import gitbucket.core.servlet.Database
 import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator
 import org.apache.sshd.server.session.ServerSession
-import org.apache.sshd.common.session.Session
+import org.apache.sshd.common.AttributeStore
 import org.slf4j.LoggerFactory
 object PublicKeyAuthenticator {
  // put in the ServerSession here to be read by GitCommand later
-  private val userNameSessionKey = new Session.AttributeKey[String]
+  private val userNameSessionKey = new AttributeStore.AttributeKey[String]
  def putUserName(serverSession:ServerSession, userName:String):Unit =
    serverSession.setAttribute(userNameSessionKey, userName)
--- a/src/main/scala/gitbucket/core/util/AuthUtil.scala
+++ b/src/main/scala/gitbucket/core/util/AuthUtil.scala
@@ -0,0 +1,21 @@
 package gitbucket.core.util
 import javax.servlet.http.HttpServletResponse
 /**
 * Provides HTTP (Basic) Authentication related functions.
 */
 object AuthUtil {
  def requireAuth(response: HttpServletResponse): Unit = {
    response.setHeader("WWW-Authenticate", "BASIC realm=\"GitBucket\"")
    response.sendError(HttpServletResponse.SC_UNAUTHORIZED)
  }
  def decodeAuthHeader(header: String): String = {
    try {
      new String(new sun.misc.BASE64Decoder().decodeBuffer(header.substring(6)))
    } catch {
      case _: Throwable => ""
    }
  }
 }
--- a/src/main/scala/gitbucket/core/util/Authenticator.scala
+++ b/src/main/scala/gitbucket/core/util/Authenticator.scala
@@ -1,7 +1,8 @@
 package gitbucket.core.util
 import gitbucket.core.controller.ControllerBase
-import gitbucket.core.service.{RepositoryService, AccountService}
+import gitbucket.core.service.{AccountService, RepositoryService}
 import gitbucket.core.model.Role
 import RepositoryService.RepositoryInfo
 import Implicits._
 import ControlUtil._
@@ -40,9 +41,9 @@ trait OwnerAuthenticator { self: ControllerBase with RepositoryService with Acco
          context.loginAccount match {
            case Some(x) if(x.isAdmin) => action(repository)
            case Some(x) if(repository.owner == x.userName) => action(repository)
-            case Some(x) if(getGroupMembers(repository.owner).exists { member =>
+            // TODO Repository management is allowed for only group managers?
-              member.userName == x.userName && member.isManager == true
+            case Some(x) if(getGroupMembers(repository.owner).exists { m => m.userName == x.userName && m.isManager == true }) => action(repository)
-            }) => action(repository)
+            case Some(x) if(getCollaboratorUserNames(paths(0), paths(1), Seq(Role.ADMIN)).contains(x.userName)) => action(repository)
            case _ => Unauthorized()
          }
        } getOrElse NotFound()
@@ -86,32 +87,9 @@ trait AdminAuthenticator { self: ControllerBase =>
 }
 /**
- * Allows only collaborators and administrators.
+ * Allows only guests and signed in users who can access the repository.
 */
-trait CollaboratorsAuthenticator { self: ControllerBase with RepositoryService =>
+trait ReferrerAuthenticator { self: ControllerBase with RepositoryService with AccountService =>
  protected def collaboratorsOnly(action: (RepositoryInfo) => Any) = { authenticate(action) }
  protected def collaboratorsOnly[T](action: (T, RepositoryInfo) => Any) = (form: T) => { authenticate(action(form, _)) }
  private def authenticate(action: (RepositoryInfo) => Any) = {
    {
      defining(request.paths){ paths =>
        getRepository(paths(0), paths(1)).map { repository =>
          context.loginAccount match {
            case Some(x) if(x.isAdmin) => action(repository)
            case Some(x) if(paths(0) == x.userName) => action(repository)
            case Some(x) if(getCollaborators(paths(0), paths(1)).contains(x.userName)) => action(repository)
            case _ => Unauthorized()
          }
        } getOrElse NotFound()
      }
    }
  }
 }
 /**
 * Allows only the repository owner (or manager for group repository) and administrators.
 */
 trait ReferrerAuthenticator { self: ControllerBase with RepositoryService =>
  protected def referrersOnly(action: (RepositoryInfo) => Any) = { authenticate(action) }
  protected def referrersOnly[T](action: (T, RepositoryInfo) => Any) = (form: T) => { authenticate(action(form, _)) }
@@ -125,7 +103,8 @@ trait ReferrerAuthenticator { self: ControllerBase with RepositoryService =>
            context.loginAccount match {
              case Some(x) if(x.isAdmin) => action(repository)
              case Some(x) if(paths(0) == x.userName) => action(repository)
-              case Some(x) if(getCollaborators(paths(0), paths(1)).contains(x.userName)) => action(repository)
+              case Some(x) if(getGroupMembers(repository.owner).exists(_.userName == x.userName)) => action(repository)
              case Some(x) if(getCollaboratorUserNames(paths(0), paths(1)).contains(x.userName)) => action(repository)
              case _ => Unauthorized()
            }
          }
@@ -136,9 +115,9 @@ trait ReferrerAuthenticator { self: ControllerBase with RepositoryService =>
 }
 /**
- * Allows only signed in users which can access the repository.
+ * Allows only signed in users who have read permission for the repository.
 */
-trait ReadableUsersAuthenticator { self: ControllerBase with RepositoryService =>
+trait ReadableUsersAuthenticator { self: ControllerBase with RepositoryService with AccountService =>
  protected def readableUsersOnly(action: (RepositoryInfo) => Any) = { authenticate(action) }
  protected def readableUsersOnly[T](action: (T, RepositoryInfo) => Any) = (form: T) => { authenticate(action(form, _)) }
@@ -150,7 +129,32 @@ trait ReadableUsersAuthenticator { self: ControllerBase with RepositoryService =
            case Some(x) if(x.isAdmin) => action(repository)
            case Some(x) if(!repository.repository.isPrivate) => action(repository)
            case Some(x) if(paths(0) == x.userName) => action(repository)
-            case Some(x) if(getCollaborators(paths(0), paths(1)).contains(x.userName)) => action(repository)
+            case Some(x) if(getGroupMembers(repository.owner).exists(_.userName == x.userName)) => action(repository)
            case Some(x) if(getCollaboratorUserNames(paths(0), paths(1)).contains(x.userName)) => action(repository)
            case _ => Unauthorized()
          }
        } getOrElse NotFound()
      }
    }
  }
 }
 /**
 * Allows only signed in users who have write permission for the repository.
 */
 trait WritableUsersAuthenticator { self: ControllerBase with RepositoryService with AccountService =>
  protected def writableUsersOnly(action: (RepositoryInfo) => Any) = { authenticate(action) }
  protected def writableUsersOnly[T](action: (T, RepositoryInfo) => Any) = (form: T) => { authenticate(action(form, _)) }
  private def authenticate(action: (RepositoryInfo) => Any) = {
    {
      defining(request.paths){ paths =>
        getRepository(paths(0), paths(1)).map { repository =>
          context.loginAccount match {
            case Some(x) if(x.isAdmin) => action(repository)
            case Some(x) if(paths(0) == x.userName) => action(repository)
            case Some(x) if(getGroupMembers(repository.owner).exists(_.userName == x.userName)) => action(repository)
            case Some(x) if(getCollaboratorUserNames(paths(0), paths(1), Seq(Role.ADMIN, Role.DEVELOPER)).contains(x.userName)) => action(repository)
            case _ => Unauthorized()
          }
        } getOrElse NotFound()
--- a/src/main/scala/gitbucket/core/util/ControlUtil.scala
+++ b/src/main/scala/gitbucket/core/util/ControlUtil.scala
@@ -20,6 +20,20 @@ object ControlUtil {
      }
    }
  def using[A <% { def close(): Unit }, B <% { def close(): Unit }, C](resource1: A, resource2: B)(f: (A, B) => C): C =
    try f(resource1, resource2) finally {
      if(resource1 != null){
        ignoring(classOf[Throwable]) {
          resource1.close()
        }
      }
      if(resource2 != null){
        ignoring(classOf[Throwable]) {
          resource2.close()
        }
      }
    }
  def using[T](git: Git)(f: Git => T): T =
    try f(git) finally git.getRepository.close()
--- a/src/main/scala/gitbucket/core/util/DatabaseConfig.scala
+++ b/src/main/scala/gitbucket/core/util/DatabaseConfig.scala
@@ -17,6 +17,11 @@ object DatabaseConfig {
          |  url = "jdbc:h2:${DatabaseHome};MVCC=true"
          |  user = "sa"
          |  password = "sa"
          |#  connectionTimeout = 30000
          |#  idleTimeout = 600000
          |#  maxLifetime = 1800000
          |#  minimumIdle = 10
          |#  maximumPoolSize = 10
          |}
          |""".stripMargin, "UTF-8")
    }
@@ -28,12 +33,21 @@ object DatabaseConfig {
  def url(directory: Option[String]): String =
    dbUrl.replace("${DatabaseHome}", directory.getOrElse(DatabaseHome))
-  lazy val url: String = url(None)
+  lazy val url                : String = url(None)
-  lazy val user: String = config.getString("db.user")
+  lazy val user               : String = config.getString("db.user")
-  lazy val password: String = config.getString("db.password")
+  lazy val password           : String = config.getString("db.password")
-  lazy val jdbcDriver: String = DatabaseType(url).jdbcDriver
+  lazy val jdbcDriver         : String = DatabaseType(url).jdbcDriver
-  lazy val slickDriver: slick.driver.JdbcProfile = DatabaseType(url).slickDriver
+  lazy val slickDriver        : slick.driver.JdbcProfile = DatabaseType(url).slickDriver
-  lazy val liquiDriver: AbstractJdbcDatabase = DatabaseType(url).liquiDriver
+  lazy val liquiDriver        : AbstractJdbcDatabase     = DatabaseType(url).liquiDriver
  lazy val connectionTimeout  : Option[Long]   = getOptionValue("db.connectionTimeout", config.getLong)
  lazy val idleTimeout        : Option[Long]   = getOptionValue("db.idleTimeout"      , config.getLong)
  lazy val maxLifetime        : Option[Long]   = getOptionValue("db.maxLifetime"      , config.getLong)
  lazy val minimumIdle        : Option[Int]    = getOptionValue("db.minimumIdle"      , config.getInt)
  lazy val maximumPoolSize    : Option[Int]    = getOptionValue("db.maximumPoolSize"  , config.getInt)
  private def getOptionValue[T](path: String, f: String => T): Option[T] = {
    if(config.hasPath(path)) Some(f(path)) else None
  }
 }
--- a/src/main/scala/gitbucket/core/util/Directory.scala
+++ b/src/main/scala/gitbucket/core/util/Directory.scala
@@ -1,11 +1,9 @@
 package gitbucket.core.util
 import java.io.File
 import ControlUtil._
 import org.apache.commons.io.FileUtils
 /**
- * Provides directories used by GitBucket.
+ * Provides directory locations used by GitBucket.
 */
 object Directory {
@@ -50,6 +48,12 @@ object Directory {
  def getAttachedDir(owner: String, repository: String): File =
    new File(s"${RepositoryHome}/${owner}/${repository}/comments")
  /**
   * Directory for files which are attached to issue.
   */
  def getLfsDir(owner: String, repository: String): File =
    new File(s"${RepositoryHome}/${owner}/${repository}/lfs")
  /**
   * Directory for uploaded files by the specified user.
   */
@@ -72,12 +76,6 @@ object Directory {
   */
  def getPluginCacheDir(): File = new File(s"${TemporaryHome}/_plugins")
  /**
   * Temporary directory which is used to create an archive to download repository contents.
   */
  def getDownloadWorkDir(owner: String, repository: String, sessionId: String): File = 
    new File(getTemporaryDir(owner, repository), s"download/${sessionId}")
  /**
   * Substance directory of the wiki repository.
   */
--- a/src/main/scala/gitbucket/core/util/FileUtil.scala
+++ b/src/main/scala/gitbucket/core/util/FileUtil.scala
@@ -62,4 +62,8 @@ object FileUtil {
      "image/jpeg",
      "image/png",
      "text/plain")
  def getLfsFilePath(owner: String, repository: String, oid: String): String =
    Directory.getLfsDir(owner, repository) + "/" + oid
 }
--- a/src/main/scala/gitbucket/core/util/Implicits.scala
+++ b/src/main/scala/gitbucket/core/util/Implicits.scala
@@ -4,6 +4,8 @@ import gitbucket.core.api.JsonFormat
 import gitbucket.core.controller.Context
 import gitbucket.core.servlet.Database
 import java.util.regex.Pattern.quote
 import javax.servlet.http.{HttpSession, HttpServletRequest}
 import scala.util.matching.Regex
@@ -22,7 +24,7 @@ object Implicits {
  implicit def context2ApiJsonFormatContext(implicit context: Context): JsonFormat.Context = JsonFormat.Context(context.baseUrl)
-  implicit class RichSeq[A](seq: Seq[A]) {
+  implicit class RichSeq[A](private val seq: Seq[A]) extends AnyVal {
    def splitWith(condition: (A, A) => Boolean): Seq[Seq[A]] = split(seq)(condition)
@@ -38,7 +40,7 @@ object Implicits {
      }
  }
-  implicit class RichString(value: String){
+  implicit class RichString(private val value: String) extends AnyVal {
    def replaceBy(regex: Regex)(replace: Regex.MatchData => Option[String]): String = {
      val sb = new StringBuilder()
      var i = 0
@@ -61,7 +63,7 @@ object Implicits {
    }
  }
-  implicit class RichRequest(request: HttpServletRequest){
+  implicit class RichRequest(private val request: HttpServletRequest) extends AnyVal {
    def paths: Array[String] = (request.getRequestURI.substring(request.getContextPath.length + 1) match{
      case path if path.startsWith("api/v3/repos/") => path.substring(13/* "/api/v3/repos".length */)
@@ -73,7 +75,7 @@ object Implicits {
    def hasAttribute(name: String): Boolean = request.getAttribute(name) != null
-    def gitRepositoryPath: String = request.getRequestURI.replaceFirst("^/git/", "/")
+    def gitRepositoryPath: String = request.getRequestURI.replaceFirst("^" + quote(request.getContextPath) + "/git/", "/")
    def baseUrl:String = {
      val url = request.getRequestURL.toString
@@ -82,13 +84,7 @@ object Implicits {
    }
  }
-  implicit class RichSession(session: HttpSession){
+  implicit class RichSession(private val session: HttpSession) extends AnyVal {
    def putAndGet[T](key: String, value: T): T = {
      session.setAttribute(key, value)
      value
    }
    def getAndRemove[T](key: String): Option[T] = {
      val value = session.getAttribute(key).asInstanceOf[T]
      if(value == null){
--- a/src/main/scala/gitbucket/core/util/JDBCUtil.scala
+++ b/src/main/scala/gitbucket/core/util/JDBCUtil.scala
@@ -3,20 +3,20 @@ package gitbucket.core.util
 import java.io._
 import java.sql._
 import java.text.SimpleDateFormat
 import javax.xml.stream.{XMLStreamConstants, XMLInputFactory, XMLOutputFactory}
 import ControlUtil._
 import scala.StringBuilder
 import scala.annotation.tailrec
 import scala.collection.mutable
 import scala.collection.mutable.ListBuffer
 /**
 * Provides implicit class which extends java.sql.Connection.
- * This is used in automatic migration in [[servlet.AutoUpdateListener]].
+ * This is used in following points:
 *
 * - Automatic migration in [[gitbucket.core.servlet.InitializeListener]]
 * - Data importing / exporting in [[gitbucket.core.controller.SystemSettingsController]] and [[gitbucket.core.controller.FileUploadController]]
 */
 object JDBCUtil {
-  implicit class RichConnection(conn: Connection){
+  implicit class RichConnection(private val conn: Connection) extends AnyVal {
    def update(sql: String, params: Any*): Int = {
      execute(sql, params: _*){ stmt =>
@@ -64,65 +64,38 @@ object JDBCUtil {
      }
    }
-    def importAsXML(in: InputStream): Unit = {
+    def importAsSQL(in: InputStream): Unit = {
      conn.setAutoCommit(false)
      try {
-        val factory = XMLInputFactory.newInstance()
+        using(in){ in =>
-        using(factory.createXMLStreamReader(in, "UTF-8")){ reader =>
+          var out = new ByteArrayOutputStream()
          // stateful objects
          var elementName   = ""
          var insertTable   = ""
          var insertColumns = Map.empty[String, (String, String)]
-          while(reader.hasNext){
+          var length = 0
-            reader.next()
+          val bytes = new scala.Array[Byte](1024 * 8)
          var stringLiteral = false
-            reader.getEventType match {
+          while({ length = in.read(bytes); length != -1 }){
-              case XMLStreamConstants.START_ELEMENT =>
+            for(i <- 0 to length - 1){
-                elementName = reader.getName.getLocalPart
+              val c = bytes(i)
-                if(elementName == "insert"){
+              if(c == '\''){
-                  insertTable = reader.getAttributeValue(null, "table")
+                stringLiteral = !stringLiteral
                } else if(elementName == "delete"){
                  val tableName = reader.getAttributeValue(null, "table")
                  conn.update(s"DELETE FROM ${tableName}")
                } else if(elementName == "column"){
                  val columnName  = reader.getAttributeValue(null, "name")
                  val columnType  = reader.getAttributeValue(null, "type")
                  val columnValue = reader.getElementText
                  insertColumns = insertColumns + (columnName -> (columnType, columnValue))
              }
-              case XMLStreamConstants.END_ELEMENT =>
+              if(c == ';' && !stringLiteral){
-                // Execute insert statement
+                val sql = new String(out.toByteArray, "UTF-8")
-                reader.getName.getLocalPart match {
+                conn.update(sql.trim)
-                  case "insert" => {
+                out = new ByteArrayOutputStream()
                    val sb = new StringBuilder()
                    sb.append(s"INSERT INTO ${insertTable} (")
                    sb.append(insertColumns.map { case (columnName, _) => columnName }.mkString(", "))
                    sb.append(") VALUES (")
                    sb.append(insertColumns.map { case (_, (columnType, columnValue)) =>
                      if(columnType == null || columnValue == null){
                        "NULL"
                      } else if(columnType == "string"){
                        "'" + columnValue.replace("'", "''") + "'"
                      } else if(columnType == "timestamp"){
                        "'" + columnValue + "'"
              } else {
-                        columnValue.toString
+                out.write(c)
                      }
                    }.mkString(", "))
                    sb.append(")")
                    conn.update(sb.toString)
                    insertColumns = Map.empty[String, (String, String)] // Clear column information
                  }
                  case _ => // Nothing to do
                }
              case _ => // Nothing to do
              }
            }
          }
          val remain = out.toByteArray
          if(remain.length != 0){
            val sql = new String(remain, "UTF-8")
            conn.update(sql.trim)
          }
        }
        conn.commit()
      } catch {
@@ -133,68 +106,6 @@ object JDBCUtil {
      }
    }
    def exportAsXML(targetTables: Seq[String]): File = {
      val dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss")
      val file = File.createTempFile("gitbucket-export-", ".xml")
      val factory = XMLOutputFactory.newInstance()
      using(factory.createXMLStreamWriter(new FileOutputStream(file), "UTF-8")){ writer =>
        val dbMeta = conn.getMetaData
        val allTablesInDatabase = allTablesOrderByDependencies(dbMeta)
        writer.writeStartDocument("UTF-8", "1.0")
        writer.writeStartElement("tables")
        println(allTablesInDatabase.mkString(", "))
        allTablesInDatabase.reverse.foreach { tableName =>
          if (targetTables.contains(tableName)) {
            writer.writeStartElement("delete")
            writer.writeAttribute("table", tableName)
            writer.writeEndElement()
          }
        }
        allTablesInDatabase.foreach { tableName =>
          if (targetTables.contains(tableName)) {
            select(s"SELECT * FROM ${tableName}") { rs =>
              writer.writeStartElement("insert")
              writer.writeAttribute("table", tableName)
              val rsMeta = rs.getMetaData
              (1 to rsMeta.getColumnCount).foreach { i =>
                val columnName = rsMeta.getColumnName(i)
                val (columnType, columnValue) = if(rs.getObject(columnName) == null){
                  (null, null)
                } else {
                  rsMeta.getColumnType(i) match {
                    case Types.BOOLEAN | Types.BIT => ("boolean", rs.getBoolean(columnName))
                    case Types.VARCHAR | Types.CLOB | Types.CHAR | Types.LONGVARCHAR => ("string", rs.getString(columnName))
                    case Types.INTEGER => ("int", rs.getInt(columnName))
                    case Types.TIMESTAMP => ("timestamp", dateFormat.format(rs.getTimestamp(columnName)))
                  }
                }
                writer.writeStartElement("column")
                writer.writeAttribute("name", columnName)
                if(columnType != null){
                  writer.writeAttribute("type", columnType)
                }
                if(columnValue != null){
                  writer.writeCharacters(columnValue.toString)
                }
                writer.writeEndElement()
              }
              writer.writeEndElement()
            }
          }
        }
        writer.writeEndElement()
        writer.writeEndDocument()
      }
      file
    }
    def exportAsSQL(targetTables: Seq[String]): File = {
      val dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss")
      val file = File.createTempFile("gitbucket-export-", ".sql")
@@ -303,8 +214,6 @@ object JDBCUtil {
      tsort(edges).toSeq
    }
    case class TableDependency(tableName: String, children: Seq[String])
    def tsort[A](edges: Traversable[(A, A)]): Iterable[A] = {
      @tailrec
@@ -325,4 +234,6 @@ object JDBCUtil {
    }
  }
  private case class TableDependency(tableName: String, children: Seq[String])
 }
--- a/src/main/scala/gitbucket/core/util/JGitUtil.scala
+++ b/src/main/scala/gitbucket/core/util/JGitUtil.scala
@@ -5,6 +5,7 @@ import org.eclipse.jgit.api.Git
 import Directory._
 import StringUtil._
 import ControlUtil._
 import scala.annotation.tailrec
 import scala.collection.JavaConverters._
 import org.eclipse.jgit.lib._
@@ -16,7 +17,11 @@ import org.eclipse.jgit.diff.DiffEntry.ChangeType
 import org.eclipse.jgit.errors.{ConfigInvalidException, MissingObjectException}
 import org.eclipse.jgit.transport.RefSpec
 import java.util.Date
-import org.eclipse.jgit.api.errors.{JGitInternalException, InvalidRefNameException, RefAlreadyExistsException, NoHeadException}
+import java.util.concurrent.TimeUnit
 import java.util.function.Consumer
 import org.cache2k.{Cache2kBuilder, CacheEntry}
 import org.eclipse.jgit.api.errors.{InvalidRefNameException, JGitInternalException, NoHeadException, RefAlreadyExistsException}
 import org.eclipse.jgit.dircache.DirCacheEntry
 import org.slf4j.LoggerFactory
@@ -32,14 +37,11 @@ object JGitUtil {
   *
   * @param owner the user name of the repository owner
   * @param name the repository name
   * @param commitCount the commit count. If the repository has over 1000 commits then this property is 1001.
   * @param branchList the list of branch names
   * @param tags the list of tags
   */
-  case class RepositoryInfo(owner: String, name: String, commitCount: Int, branchList: List[String], tags: List[TagInfo]){
+  case class RepositoryInfo(owner: String, name: String, branchList: List[String], tags: List[TagInfo]){
-    def this(owner: String, name: String) = {
+    def this(owner: String, name: String) = this(owner, name, Nil, Nil)
      this(owner, name, 0, Nil, Nil)
    }
  }
  /**
@@ -170,19 +172,53 @@ object JGitUtil {
    revCommit
  }
  private val cache = new Cache2kBuilder[String, Int]() {}
    .name("commit-count")
    .expireAfterWrite(24, TimeUnit.HOURS)
    .entryCapacity(10000)
    .build()
  def removeCache(git: Git): Unit = {
    val dir = git.getRepository.getDirectory
    val keyPrefix = dir.getAbsolutePath + "@"
    cache.forEach(new Consumer[CacheEntry[String, Int]] {
      override def accept(entry: CacheEntry[String, Int]): Unit = {
        if(entry.getKey.startsWith(keyPrefix)){
          cache.remove(entry.getKey)
        }
      }
    })
  }
  /**
   * Returns the number of commits in the specified branch or commit.
   * If the specified branch has over 10000 commits, this method returns 100001.
   */
  def getCommitCount(owner: String, repository: String, branch: String): Int = {
    val dir = getRepositoryDir(owner, repository)
    val key = dir.getAbsolutePath + "@" + branch
    val entry = cache.getEntry(key)
    if(entry == null) {
      using(Git.open(dir)) { git =>
        val commitId = git.getRepository.resolve(branch)
        val commitCount = git.log.add(commitId).call.iterator.asScala.take(10001).size
        cache.put(key, commitCount)
        commitCount
      }
    } else {
      entry.getValue
    }
  }
  /**
   * Returns the repository information. It contains branch names and tag names.
   */
  def getRepositoryInfo(owner: String, repository: String): RepositoryInfo = {
    using(Git.open(getRepositoryDir(owner, repository))){ git =>
      try {
-        // get commit count
+        RepositoryInfo(owner, repository,
        val commitCount = git.log.all.call.iterator.asScala.map(_ => 1).take(10001).sum
        RepositoryInfo(
          owner, repository,
          // commit count
          commitCount,
          // branches
          git.branchList.call.asScala.map { ref =>
            ref.getName.stripPrefix("refs/heads/")
@@ -195,9 +231,7 @@ object JGitUtil {
        )
      } catch {
        // not initialized
-        case e: NoHeadException => RepositoryInfo(
+        case e: NoHeadException => RepositoryInfo(owner, repository, Nil, Nil)
          owner, repository, 0, Nil, Nil)
      }
    }
  }
@@ -213,7 +247,7 @@ object JGitUtil {
  def getFileList(git: Git, revision: String, path: String = "."): List[FileInfo] = {
    using(new RevWalk(git.getRepository)){ revWalk =>
      val objectId = git.getRepository.resolve(revision)
-      if(objectId==null) return Nil
+      if(objectId == null) return Nil
      val revCommit = revWalk.parseCommit(objectId)
      def useTreeWalk(rev:RevCommit)(f:TreeWalk => Any): Unit = if (path == ".") {
@@ -255,14 +289,14 @@ object JGitUtil {
                          revIterator:java.util.Iterator[RevCommit]): List[(ObjectId, FileMode, String, Option[String], RevCommit)] ={
        if(restList.isEmpty){
          result
-        }else if(!revIterator.hasNext){ // maybe, revCommit has only 1 log. other case, restList be empty
+        } else if(!revIterator.hasNext){ // maybe, revCommit has only 1 log. other case, restList be empty
-          result ++ restList.map{ case (tuple, map) => tupleAdd(tuple, map.values.headOption.getOrElse(revCommit)) }
+          result ++ restList.map { case (tuple, map) => tupleAdd(tuple, map.values.headOption.getOrElse(revCommit)) }
-        }else{
+        } else {
          val newCommit = revIterator.next
-          val (thisTimeChecks,skips) = restList.partition{ case (tuple, parentsMap) => parentsMap.contains(newCommit) }
+          val (thisTimeChecks,skips) = restList.partition { case (tuple, parentsMap) => parentsMap.contains(newCommit) }
          if(thisTimeChecks.isEmpty){
            findLastCommits(result, restList, revIterator)
-          }else{
+          } else {
            var nextRest = skips
            var nextResult = result
            // Map[(name, oid), (tuple, parentsMap)]
@@ -270,20 +304,20 @@ object JGitUtil {
            lazy val newParentsMap = newCommit.getParents.map(_ -> newCommit).toMap
            useTreeWalk(newCommit){ walk =>
              while(walk.next){
-                rest.remove(walk.getNameString -> walk.getObjectId(0)).map{ case (tuple, _) =>
+                rest.remove(walk.getNameString -> walk.getObjectId(0)).map { case (tuple, _) =>
                  if(newParentsMap.isEmpty){
                    nextResult +:= tupleAdd(tuple, newCommit)
-                  }else{
+                  } else {
                    nextRest +:= tuple -> newParentsMap
                  }
                }
              }
            }
-            rest.values.map{ case (tuple, parentsMap) =>
+            rest.values.map { case (tuple, parentsMap) =>
              val restParentsMap = parentsMap - newCommit
              if(restParentsMap.isEmpty){
                nextResult +:= tupleAdd(tuple, parentsMap(newCommit))
-              }else{
+              } else {
                nextRest +:= tuple -> restParentsMap
              }
            }
@@ -295,7 +329,7 @@ object JGitUtil {
      var fileList: List[(ObjectId, FileMode, String, Option[String])] = Nil
      useTreeWalk(revCommit){ treeWalk =>
        while (treeWalk.next()) {
-          val linkUrl =if (treeWalk.getFileMode(0) == FileMode.GITLINK) {
+          val linkUrl = if (treeWalk.getFileMode(0) == FileMode.GITLINK) {
            getSubmodules(git, revCommit.getTree).find(_.path == treeWalk.getPathString).map(_.url)
          } else None
          fileList +:= (treeWalk.getObjectId(0), treeWalk.getFileMode(0), treeWalk.getNameString, linkUrl)
@@ -345,7 +379,7 @@ object JGitUtil {
  def getTreeId(git: Git, revision: String): Option[String] = {
    using(new RevWalk(git.getRepository)){ revWalk =>
      val objectId  = git.getRepository.resolve(revision)
-      if(objectId==null) return None
+      if(objectId == null) return None
      val revCommit = revWalk.parseCommit(objectId)
      Some(revCommit.getTree.name)
    }
@@ -357,7 +391,7 @@ object JGitUtil {
  def getAllFileListByTreeId(git: Git, treeId: String): List[String] = {
    using(new RevWalk(git.getRepository)){ revWalk =>
      val objectId  = git.getRepository.resolve(treeId+"^{tree}")
-      if(objectId==null) return Nil
+      if(objectId == null) return Nil
      using(new TreeWalk(git.getRepository)){ treeWalk =>
        treeWalk.addTree(objectId)
        treeWalk.setRecursive(true)
@@ -705,6 +739,8 @@ object JGitUtil {
    refUpdate.setNewObjectId(newHeadId)
    refUpdate.update()
    removeCache(git)
    newHeadId
  }
@@ -830,14 +866,16 @@ object JGitUtil {
    existIds.toSeq
  }
-  def processTree(git: Git, id: ObjectId)(f: (String, CanonicalTreeParser) => Unit) = {
+  def processTree[T](git: Git, id: ObjectId)(f: (String, CanonicalTreeParser) => T): Seq[T] = {
    using(new RevWalk(git.getRepository)){ revWalk =>
      using(new TreeWalk(git.getRepository)){ treeWalk =>
        val index = treeWalk.addTree(revWalk.parseTree(id))
        treeWalk.setRecursive(true)
        val result = new collection.mutable.ListBuffer[T]()
        while(treeWalk.next){
-          f(treeWalk.getPathString, treeWalk.getTree(index, classOf[CanonicalTreeParser]))
+          result += f(treeWalk.getPathString, treeWalk.getTree(index, classOf[CanonicalTreeParser]))
        }
        result.toSeq
      }
    }
  }
@@ -875,6 +913,7 @@ object JGitUtil {
  /**
   * Returns the last modified commit of specified path
   *
   * @param git the Git object
   * @param startCommit the search base commit id
   * @param path the path of target file or directory
@@ -957,6 +996,7 @@ object JGitUtil {
  /**
   * Returns sha1
   *
   * @param owner repository owner
   * @param name  repository name
   * @param revstr  A git object references expression
--- a/src/main/scala/gitbucket/core/util/Notifier.scala
+++ b/src/main/scala/gitbucket/core/util/Notifier.scala
@@ -1,7 +1,7 @@
 package gitbucket.core.util
-import gitbucket.core.model.{Session, Issue}
+import gitbucket.core.model.{Account, Issue, Session}
-import gitbucket.core.service.{RepositoryService, AccountService, IssuesService, SystemSettingsService}
+import gitbucket.core.service.{AccountService, IssuesService, RepositoryService, SystemSettingsService}
 import gitbucket.core.servlet.Database
 import gitbucket.core.view.Markdown
@@ -9,29 +9,35 @@ import scala.concurrent._
 import ExecutionContext.Implicits.global
 import org.apache.commons.mail.{DefaultAuthenticator, HtmlEmail}
 import org.slf4j.LoggerFactory
 import gitbucket.core.controller.Context
 import SystemSettingsService.Smtp
 import ControlUtil.defining
 trait Notifier extends RepositoryService with AccountService with IssuesService {
  def toNotify(r: RepositoryService.RepositoryInfo, issue: Issue, content: String)
      (msg: String => String)(implicit context: Context): Unit
-  protected def recipients(issue: Issue)(notify: String => Unit)(implicit session: Session, context: Context) =
+  protected def recipients(issue: Issue, loginAccount: Account)(notify: String => Unit)(implicit session: Session) =
    (
        // individual repository's owner
        issue.userName ::
        // group members of group repository
        getGroupMembers(issue.userName).map(_.userName) :::
        // collaborators
-        getCollaborators(issue.userName, issue.repositoryName) :::
+        getCollaboratorUserNames(issue.userName, issue.repositoryName) :::
        // participants
        issue.openedUserName ::
        getComments(issue.userName, issue.repositoryName, issue.issueId).map(_.commentedUserName)
    )
    .distinct
-    .withFilter ( _ != context.loginAccount.get.userName )  // the operation in person is excluded
+    .withFilter ( _ != loginAccount.userName )  // the operation in person is excluded
-    .foreach ( getAccountByUserName(_) filterNot (_.isGroupAccount) filterNot (LDAPUtil.isDummyMailAddress(_)) foreach (x => notify(x.mailAddress)) )
+    .foreach (
-
+      getAccountByUserName(_)
        .filterNot (_.isGroupAccount)
        .filterNot (LDAPUtil.isDummyMailAddress(_))
        .foreach (x => notify(x.mailAddress))
    )
 }
 object Notifier {
@@ -68,7 +74,8 @@ class Mailer(private val smtp: Smtp) extends Notifier {
  private val logger = LoggerFactory.getLogger(classOf[Mailer])
  def toNotify(r: RepositoryService.RepositoryInfo, issue: Issue, content: String)
-      (msg: String => String)(implicit context: Context) = {
+      (msg: String => String)(implicit context: Context): Unit = {
    context.loginAccount.foreach { loginAccount =>
      val database = Database()
      val f = Future {
@@ -82,10 +89,9 @@ class Mailer(private val smtp: Smtp) extends Notifier {
                enableRefsLink   = true,
                enableAnchor     = false,
                enableLineBreaks = false
-            ))) { case (subject, msg) =>
+              ))
-            recipients(issue) { to =>
+          ) { case (subject, msg) =>
-              send(to, subject, msg)
+            recipients(issue, loginAccount) { to => send(to, subject, msg, loginAccount) }
            }
          }
        }
        "Notifications Successful."
@@ -97,8 +103,9 @@ class Mailer(private val smtp: Smtp) extends Notifier {
        case t => logger.error("Notifications Failed.", t)
      }
    }
  }
-  def send(to: String, subject: String, msg: String)(implicit context: Context): Unit = {
+  def send(to: String, subject: String, msg: String, loginAccount: Account): Unit = {
    val email = new HtmlEmail
    email.setHostName(smtp.host)
    email.setSmtpPort(smtp.port.get)
@@ -107,10 +114,17 @@ class Mailer(private val smtp: Smtp) extends Notifier {
    }
    smtp.ssl.foreach { ssl =>
      email.setSSLOnConnect(ssl)
      if(ssl == true) {
        email.setSslSmtpPort(smtp.port.get.toString)
      }
    }
    smtp.starttls.foreach { starttls =>
      email.setStartTLSEnabled(starttls)
      email.setStartTLSRequired(starttls)
    }
    smtp.fromAddress
-      .map (_ -> smtp.fromName.getOrElse(context.loginAccount.get.userName))
+      .map (_ -> smtp.fromName.getOrElse(loginAccount.userName))
-      .orElse (Some("notifications@gitbucket.com" -> context.loginAccount.get.userName))
+      .orElse (Some("notifications@gitbucket.com" -> loginAccount.userName))
      .foreach { case (address, name) =>
        email.setFrom(address, name)
      }
--- a/src/main/scala/gitbucket/core/util/StringUtil.scala
+++ b/src/main/scala/gitbucket/core/util/StringUtil.scala
@@ -1,14 +1,23 @@
 package gitbucket.core.util
 import java.net.{URLDecoder, URLEncoder}
 import org.mozilla.universalchardet.UniversalDetector
 import ControlUtil._
 import org.apache.commons.io.input.BOMInputStream
 import org.apache.commons.io.IOUtils
 import org.apache.commons.codec.binary.Base64
 import scala.util.control.Exception._
 object StringUtil {
  private lazy val BlowfishKey = {
    // last 4 numbers in current timestamp
    val time = System.currentTimeMillis.toString
    time.substring(time.length - 4)
  }
  def sha1(value: String): String =
    defining(java.security.MessageDigest.getInstance("SHA-1")){ md =>
      md.update(value.getBytes)
@@ -21,6 +30,20 @@ object StringUtil {
    md.digest.map(b => "%02x".format(b)).mkString
  }
  def encodeBlowfish(value: String): String = {
    val spec = new javax.crypto.spec.SecretKeySpec(BlowfishKey.getBytes(), "Blowfish")
    val cipher = javax.crypto.Cipher.getInstance("Blowfish")
    cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, spec)
    new String(Base64.encodeBase64(cipher.doFinal(value.getBytes("UTF-8"))), "UTF-8")
  }
  def decodeBlowfish(value: String): String = {
    val spec = new javax.crypto.spec.SecretKeySpec(BlowfishKey.getBytes(), "Blowfish")
    val cipher = javax.crypto.Cipher.getInstance("Blowfish")
    cipher.init(javax.crypto.Cipher.DECRYPT_MODE, spec)
    new String(cipher.doFinal(Base64.decodeBase64(value)), "UTF-8")
  }
  def urlEncode(value: String): String = URLEncoder.encode(value, "UTF-8").replace("+", "%20")
  def urlDecode(value: String): String = URLDecoder.decode(value, "UTF-8")
@@ -86,8 +109,9 @@ object StringUtil {
   *@param message the message which may contains issue id
   * @return the iterator of issue id
   */
-  def extractIssueId(message: String): Iterator[String] =
+  def extractIssueId(message: String): Seq[String] =
-    "(^|\\W)#(\\d+)(\\W|$)".r.findAllIn(message).matchData.map(_.group(2))
+    "(^|\\W)#(\\d+)(\\W|$)".r
      .findAllIn(message).matchData.map(_.group(2)).toSeq.distinct
  /**
   * Extract close issue id like ```close #issueId ``` from the given message.
@@ -95,7 +119,8 @@ object StringUtil {
   * @param message the message which may contains close command
   * @return the iterator of issue id
   */
-  def extractCloseId(message: String): Iterator[String] =
+  def extractCloseId(message: String): Seq[String] =
-    "(?i)(?<!\\w)(?:fix(?:e[sd])?|resolve[sd]?|close[sd]?)\\s+#(\\d+)(?!\\w)".r.findAllIn(message).matchData.map(_.group(1))
+    "(?i)(?<!\\w)(?:fix(?:e[sd])?|resolve[sd]?|close[sd]?)\\s+#(\\d+)(?!\\w)".r
      .findAllIn(message).matchData.map(_.group(1)).toSeq.distinct
 }
--- a/src/main/scala/gitbucket/core/view/LinkConverter.scala
+++ b/src/main/scala/gitbucket/core/view/LinkConverter.scala
@@ -37,7 +37,7 @@ trait LinkConverter { self: RequestCache =>
      // convert username/project@SHA to link
      .replaceBy("(?<=(^|\\W))([a-zA-Z0-9\\-_]+)/([a-zA-Z0-9\\-_\\.]+)@([a-f0-9]{40})(?=(\\W|$))".r){ m =>
        getAccountByUserName(m.group(2)).map { _ =>
-          s"""<a href="${context.path}/${m.group(2)}/${m.group(3)}/commit/${m.group(4)}">${m.group(2)}/${m.group(3)}@${m.group(4).substring(0, 7)}</a>"""
+          s"""<code><a href="${context.path}/${m.group(2)}/${m.group(3)}/commit/${m.group(4)}">${m.group(2)}/${m.group(3)}@${m.group(4).substring(0, 7)}</a></code>"""
        }
      }
@@ -56,7 +56,7 @@ trait LinkConverter { self: RequestCache =>
      // convert username@SHA to link
      .replaceBy( ("(?<=(^|\\W))([a-zA-Z0-9\\-_]+)@([a-f0-9]{40})(?=(\\W|$))").r ) { m =>
        getAccountByUserName(m.group(2)).map { _ =>
-          s"""<a href="${context.path}/${m.group(2)}/${repository.name}/commit/${m.group(3)}">${m.group(2)}@${m.group(3).substring(0, 7)}</a>"""
+          s"""<code><a href="${context.path}/${m.group(2)}/${repository.name}/commit/${m.group(3)}">${m.group(2)}@${m.group(3).substring(0, 7)}</a></code>"""
        }
      }
@@ -73,7 +73,7 @@ trait LinkConverter { self: RequestCache =>
      }
      // convert issue id to link
-      .replaceBy(("(?<=(^|\\W))(GH-|" + issueIdPrefix + ")([0-9]+)(?=(\\W|$))").r){ m =>
+      .replaceBy(("(?<=(^|\\W))(GH-|(?<!&)" + issueIdPrefix + ")([0-9]+)(?=(\\W|$))").r){ m =>
        val prefix = if(m.group(2) == "issue:") "#" else m.group(2)
        getIssue(repository.owner, repository.name, m.group(3)) match {
          case Some(issue) if(issue.isPullRequest) =>
@@ -93,6 +93,8 @@ trait LinkConverter { self: RequestCache =>
      }
      // convert commit id to link
-      .replaceAll("(?<=(^|[^\\w/@]))([a-f0-9]{40})(?=(\\W|$))", s"""<a href="${context.path}/${repository.owner}/${repository.name}/commit/$$2">$$2</a>""")
+      .replaceBy("(?<=(^|[^\\w/@]))([a-f0-9]{40})(?=(\\W|$))".r){ m =>
        Some(s"""<code><a href="${context.path}/${repository.owner}/${repository.name}/commit/${m.group(2)}">${m.group(2).substring(0, 7)}</a></code>""")
      }
  }
 }
--- a/src/main/scala/gitbucket/core/view/Markdown.scala
+++ b/src/main/scala/gitbucket/core/view/Markdown.scala
@@ -44,6 +44,7 @@ object Markdown {
    val renderer = new GitBucketMarkedRenderer(options, repository,
      enableWikiLink, enableRefsLink, enableAnchor, enableTaskList, hasWritePermission, pages)
    //helpers.decorateHtml(Marked.marked(source, options, renderer), repository)
    Marked.marked(source, options, renderer)
  }
@@ -109,11 +110,10 @@ object Markdown {
    override def text(text: String): String = {
      // convert commit id and username to link.
      val t1 = if(enableRefsLink) convertRefsLinks(text, repository, "#", false) else text
      // convert task list to checkbox.
      val t2 = if(enableTaskList) convertCheckBox(t1, hasWritePermission) else t1
-
+      // decorate by TextDecorator plugins
-      t2
+      helpers.decorateHtml(t2, repository)
    }
    override def link(href: String, title: String, text: String): String = {
@@ -147,21 +147,23 @@ object Markdown {
    }
    private def fixUrl(url: String, isImage: Boolean = false): String = {
      lazy val urlWithRawParam: String = url + (if(isImage && !url.endsWith("?raw=true")) "?raw=true" else "")
      if(url.startsWith("http://") || url.startsWith("https://") || url.startsWith("/")){
        url
      } else if(url.startsWith("#")){
        ("#" + generateAnchorName(url.substring(1)))
      } else if(!enableWikiLink){
        if(context.currentPath.contains("/blob/")){
-          url + (if(isImage) "?raw=true" else "")
+          urlWithRawParam
        } else if(context.currentPath.contains("/tree/")){
          val paths = context.currentPath.split("/")
          val branch = if(paths.length > 3) paths.drop(4).mkString("/") else repository.repository.defaultBranch
-          repository.httpUrl.replaceFirst("/git/", "/").stripSuffix(".git") + "/blob/" + branch + "/" + url + (if(isImage) "?raw=true" else "")
+          repository.httpUrl.replaceFirst("/git/", "/").stripSuffix(".git") + "/blob/" + branch + "/" + urlWithRawParam
        } else {
          val paths = context.currentPath.split("/")
          val branch = if(paths.length > 3) paths.last else repository.repository.defaultBranch
-          repository.httpUrl.replaceFirst("/git/", "/").stripSuffix(".git") + "/blob/" + branch + "/" + url + (if(isImage) "?raw=true" else "")
+          repository.httpUrl.replaceFirst("/git/", "/").stripSuffix(".git") + "/blob/" + branch + "/" + urlWithRawParam
        }
      } else {
        repository.httpUrl.replaceFirst("/git/", "/").stripSuffix(".git") + "/wiki/_blob/" + url
--- a/src/main/scala/gitbucket/core/view/helpers.scala
+++ b/src/main/scala/gitbucket/core/view/helpers.scala
@@ -5,10 +5,10 @@ import java.util.{Date, Locale, TimeZone}
 import gitbucket.core.controller.Context
 import gitbucket.core.model.CommitState
-import gitbucket.core.plugin.{RenderRequest, PluginRegistry}
+import gitbucket.core.plugin.{PluginRegistry, RenderRequest}
 import gitbucket.core.service.RepositoryService.RepositoryInfo
 import gitbucket.core.service.{RepositoryService, RequestCache}
 import gitbucket.core.util.{FileUtil, JGitUtil, StringUtil}
 import play.twirl.api.{Html, HtmlFormat}
 /**
@@ -151,7 +151,7 @@ object helpers extends AvatarImageProvider with LinkConverter with RequestCache
   * Converts commit id, issue id and username to the link.
   */
  def link(value: String, repository: RepositoryService.RepositoryInfo)(implicit context: Context): Html =
-    Html(convertRefsLinks(value, repository))
+    Html(decorateHtml(convertRefsLinks(value, repository), repository))
  def cut(value: String, length: Int): String =
    if(value.length > length){
@@ -161,7 +161,7 @@ object helpers extends AvatarImageProvider with LinkConverter with RequestCache
    }
  import scala.util.matching.Regex._
-  implicit class RegexReplaceString(s: String) {
+  implicit class RegexReplaceString(private val s: String) extends AnyVal {
    def replaceAll(pattern: String, replacer: (Match) => String): String = {
      pattern.r.replaceAllIn(s, (m: Match) => replacer(m).replace("$", "\\$"))
    }
@@ -297,7 +297,7 @@ object helpers extends AvatarImageProvider with LinkConverter with RequestCache
  /**
   * Implicit conversion to add mkHtml() to Seq[Html].
   */
-  implicit class RichHtmlSeq(seq: Seq[Html]) {
+  implicit class RichHtmlSeq(private val seq: Seq[Html]) extends AnyVal {
    def mkHtml(separator: String) = Html(seq.mkString(separator))
    def mkHtml(separator: scala.xml.Elem) = Html(seq.mkString(separator.toString))
  }
@@ -316,10 +316,18 @@ object helpers extends AvatarImageProvider with LinkConverter with RequestCache
    case CommitState.FAILURE => "Failed"
  }
  /**
   * Render a given object as the JSON string.
   */
  def json(obj: AnyRef): String = {
    implicit val formats = org.json4s.DefaultFormats
    org.json4s.jackson.Serialization.write(obj)
  }
  // This pattern comes from: http://stackoverflow.com/a/4390768/1771641 (extract-url-from-string)
  private[this] val detectAndRenderLinksRegex = """(?i)\b((?:https?://|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,13}/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:'".,<>?«»“”‘’]))""".r
-  def detectAndRenderLinks(text: String): Html = {
+  def detectAndRenderLinks(text: String, repository: RepositoryInfo)(implicit context: Context): String = {
    val matches = detectAndRenderLinksRegex.findAllMatchIn(text).toSeq
    val (x, pos) = matches.foldLeft((collection.immutable.Seq.empty[Html], 0)){ case ((x, pos), m) =>
@@ -333,6 +341,43 @@ object helpers extends AvatarImageProvider with LinkConverter with RequestCache
    // append rest fragment
    val out = if (pos < text.length) x :+ HtmlFormat.escape(text.substring(pos)) else x
-    HtmlFormat.fill(out)
+    decorateHtml(HtmlFormat.fill(out).toString, repository)
  }
  def decorateHtml(html: String, repository: RepositoryInfo)(implicit context: Context): String = {
    PluginRegistry().getTextDecorators.foldLeft(html){ case (html, decorator) =>
      val text = new StringBuilder()
      val result = new StringBuilder()
      var tag = false
      html.foreach { c =>
        c match {
          case '<' if tag == false => {
            tag = true
            if(text.nonEmpty){
              result.append(decorator.decorate(text.toString, repository))
              text.setLength(0)
            }
            result.append(c)
          }
          case '>' if tag == true => {
            tag = false
            result.append(c)
          }
          case _ if tag == false => {
            text.append(c)
          }
          case _ if tag == true => {
            result.append(c)
          }
        }
      }
      if(text.nonEmpty){
        result.append(decorator.decorate(text.toString, repository))
      }
      result.toString
    }
  }
 }
--- a/src/main/twirl/gitbucket/core/account/activity.scala.html
+++ b/src/main/twirl/gitbucket/core/account/activity.scala.html
@@ -1,11 +1,10 @@
@(account: gitbucket.core.model.Account,
  groupNames: List[String],
  activities: List[gitbucket.core.model.Activity])(implicit context: gitbucket.core.controller.Context)
-@import context._
+@import gitbucket.core.view.helpers
-@import gitbucket.core.view.helpers._
+@gitbucket.core.account.html.main(account, groupNames, "activity"){
@main(account, groupNames, "activity"){
  <div class="pull-right">
-    <a href="@path/@{account.userName}.atom"><img src="@assets/common/images/feed.png" alt="activities"></a>
+    <a href="@context.path/@{account.userName}.atom"><img src="@{helpers.assets}/common/images/feed.png" alt="activities"></a>
  </div>
-  @helper.html.activities(activities)
+  @gitbucket.core.helper.html.activities(activities)
 }
--- a/src/main/twirl/gitbucket/core/account/application.scala.html
+++ b/src/main/twirl/gitbucket/core/account/application.scala.html
@@ -1,28 +1,26 @@
@(account: gitbucket.core.model.Account,
  personalTokens: List[gitbucket.core.model.AccessToken],
  gneratedToken: Option[(gitbucket.core.model.AccessToken, String)])(implicit context: gitbucket.core.controller.Context)
-@import context._
+@gitbucket.core.html.main("Applications"){
@import gitbucket.core.view.helpers._
@html.main("Applications"){
 <div class="container body">
-  @menu("application", settings.ssh){
+  @gitbucket.core.account.html.menu("application", context.settings.ssh){
    <div class="panel panel-default">
      <div class="panel-heading strong">Personal access tokens</div>
      <div class="panel-body">
        @if(personalTokens.isEmpty && gneratedToken.isEmpty){
          No tokens.
        } else {
-          Tokens you have generated that can be used to access the GitBucket API.
+          Tokens you have generated which can be used to access the GitBucket API.
          <hr style="margin-top: 10px;">
        }
-        @gneratedToken.map{ case (token, tokenString) =>
+        @gneratedToken.map { case (token, tokenString) =>
          <div class="alert alert-info">
            Make sure to copy your new personal access token now. You won't be able to see it again!
          </div>
-          <a href="@path/@account.userName/_personalToken/delete/@token.accessTokenId" class="btn btn-sm btn-danger pull-right">Delete</a>
+          <a href="@context.path/@account.userName/_personalToken/delete/@token.accessTokenId" class="btn btn-sm btn-danger pull-right">Delete</a>
          <div style="width: 50%;">
-            @helper.html.copy("generated-token-copy", tokenString){
+            @gitbucket.core.helper.html.copy("generated-token", "generated-token-copy", tokenString){
-              <input type="text" value="@tokenString" class="form-control input-sm" readonly>
+              <input type="text" value="@tokenString" class="form-control input-sm" id="generated-token" readonly>
            }
          </div>
          <hr style="margin-top: 10px;">
@@ -32,11 +30,11 @@
            <hr>
          }
          <strong style="line-height: 30px;">@token.note</strong>
-          <a href="@path/@account.userName/_personalToken/delete/@token.accessTokenId" class="btn btn-sm btn-danger pull-right">Delete</a>
+          <a href="@context.path/@account.userName/_personalToken/delete/@token.accessTokenId" class="btn btn-sm btn-danger pull-right">Delete</a>
        }
      </div>
    </div>
-    <form method="POST" action="@path/@account.userName/_personalToken" validate="true">
+    <form method="POST" action="@context.path/@account.userName/_personalToken" validate="true">
      <div class="panel panel-default">
        <div class="panel-heading strong">Generate new token</div>
        <div class="panel-body">
@@ -44,7 +42,7 @@
            <label for="note" class="strong">Token description</label>
            <div><span id="error-note" class="error"></span></div>
            <input type="text" name="note" id="note" class="form-control"/>
-            <p class="muted">What's this token for?</p>
+            <p class="muted">What is this token for?</p>
          </fieldset>
          <input type="submit" class="btn btn-success" value="Generate token"/>
        </div>
--- a/src/main/twirl/gitbucket/core/account/edit.scala.html
+++ b/src/main/twirl/gitbucket/core/account/edit.scala.html
@@ -1,14 +1,13 @@
@(account: gitbucket.core.model.Account, info: Option[Any], error: Option[Any])(implicit context: gitbucket.core.controller.Context)
@import gitbucket.core.util.LDAPUtil
-@import context._
+@import gitbucket.core.view.helpers
-@import gitbucket.core.view.helpers._
+@gitbucket.core.html.main("Edit your profile"){
@html.main("Edit your profile"){
 <div class="container body">
-  @menu("profile", settings.ssh){
+  @gitbucket.core.account.html.menu("profile", context.settings.ssh){
-    @helper.html.information(info)
+    @gitbucket.core.helper.html.information(info)
-    @helper.html.error(error)
+    @gitbucket.core.helper.html.error(error)
    @if(LDAPUtil.isDummyMailAddress(account)){<div class="alert alert-danger">Please register your mail address.</div>}
-    <form action="@url(account.userName)/_edit" method="POST" validate="true">
+    <form action="@helpers.url(account.userName)/_edit" method="POST" validate="true">
      <div class="panel panel-default">
        <div class="panel-heading strong">Profile</div>
        <div class="panel-body">
@@ -38,11 +37,16 @@
                <input type="text" name="url" id="url" class="form-control" value="@account.url"/>
                <span id="error-url" class="error"></span>
              </fieldset>
              <fieldset class="form-group">
                <label for="description" class="strong">Bio (optional):</label>
                <textarea name="description" id="description" class="form-control">@account.description</textarea>
                <span id="error-description" class="error"></span>
              </fieldset>
            </div>
            <div class="col-md-6">
              <fieldset class="form-group">
                <label for="avatar" class="strong">Image (optional):</label>
-                @helper.html.uploadavatar(Some(account))
+                @gitbucket.core.helper.html.uploadavatar(Some(account))
              </fieldset>
            </div>
          </div>
@@ -50,10 +54,10 @@
      </div>
      <div>
        <div class="pull-right">
-          <a href="@path/@account.userName/_delete" class="btn btn-danger" id="delete">Delete account</a>
+          <a href="@context.path/@account.userName/_delete" class="btn btn-danger" id="delete">Delete account</a>
        </div>
        <input type="submit" class="btn btn-success" value="Save"/>
-        @if(!LDAPUtil.isDummyMailAddress(account)){<a href="@url(account.userName)" class="btn btn-default">Cancel</a>}
+        @if(!LDAPUtil.isDummyMailAddress(account)){<a href="@helpers.url(account.userName)" class="btn btn-default">Cancel</a>}
      </div>
    </form>
  }
--- a/src/main/twirl/gitbucket/core/account/group.scala.html
+++ b/src/main/twirl/gitbucket/core/account/group.scala.html
@@ -1,11 +1,10 @@
@(account: Option[gitbucket.core.model.Account], members: List[gitbucket.core.model.GroupMember])(implicit context: gitbucket.core.controller.Context)
-@import context._
+@import gitbucket.core.view.helpers
-@import gitbucket.core.view.helpers._
+@gitbucket.core.html.main(if(account.isEmpty) "Create group" else "Edit group"){
@html.main(if(account.isEmpty) "Create group" else "Edit group"){
 <div class="content-wrapper main-center">
  <div class="content body">
    <h2>@{if(account.isEmpty) "Create group" else "Edit group"}</h2>
-    <form id="form" method="post" action="@if(account.isEmpty){@path/groups/new} else {@path/@account.get.userName/_editgroup}" validate="true">
+    <form id="form" method="post" action="@if(account.isEmpty){@context.path/groups/new} else {@context.path/@account.get.userName/_editgroup}" validate="true">
      <div class="row">
        <div class="col-md-5">
          <fieldset class="form-group">
@@ -22,9 +21,15 @@
            </div>
            <input type="text" name="url" id="url" class="form-control" value="@account.map(_.url)"/>
          </fieldset>
          <fieldset class="form-group">
            <label for="groupDescription" class="strong">Description (Optional)</label>
            <div>
              <textarea name="description" id="description" class="form-control">@account.map(_.description)</textarea>
            </div>
          </fieldset>
          <fieldset class="form-group">
            <label for="avatar" class="strong">Image (Optional)</label>
-            @helper.html.uploadavatar(account)
+            @gitbucket.core.helper.html.uploadavatar(account)
          </fieldset>
        </div>
        <div class="col-md-7">
@@ -32,7 +37,7 @@
            <label class="strong">Members</label>
            <ul id="member-list" class="collaborator">
            </ul>
-            @helper.html.account("memberName", 200)
+            @gitbucket.core.helper.html.account("memberName", 200, true, false)
            <input type="button" class="btn btn-default" value="Add" id="addMember"/>
            <input type="hidden" id="members" name="members" value="@members.map(member => member.userName + ":" + member.isManager).mkString(",")"/>
            <div>
@@ -44,12 +49,12 @@
      <fieldset class="border-top">
        @if(account.isDefined){
          <div class="pull-right">
-            <a href="@url(account.get.userName)/_deletegroup" id="delete" class="btn btn-danger">Delete Group</a>
+            <a href="@helpers.url(account.get.userName)/_deletegroup" id="delete" class="btn btn-danger">Delete group</a>
          </div>
        }
-        <input type="submit" class="btn btn-success" value="@if(account.isEmpty){Create Group} else {Update Group}"/>
+        <input type="submit" class="btn btn-success" value="@if(account.isEmpty){Create group} else {Update group}"/>
        @if(account.isDefined){
-          <a href="@url(account.get.userName)" class="btn btn-default">Cancel</a>
+          <a href="@helpers.url(account.get.userName)" class="btn btn-default">Cancel</a>
        }
      </fieldset>
    </form>
@@ -81,10 +86,9 @@ $(function(){
    }
    // check existence
-    $.post('@path/_user/existence', {
+    $.post('@context.path/_user/existence', { 'userName': userName },
-      'userName': userName
+      function(data, status){
-    }, function(data, status){
+        if(data == 'user'){
      if(data == 'true'){
          addMemberHTML(userName, false);
        } else {
          $('#error-members').text('User does not exist.');
@@ -125,7 +129,7 @@ $(function(){
        .append(memberButton)
        .append(managerButton))
      .append(' ')
-      .append($('<a>').attr('href', '@path/' + userName).text(userName))
+      .append($('<a>').attr('href', '@context.path/' + userName).text(userName))
      .append(' ')
      .append($('<a href="#" class="remove pull-right">(remove)</a>')));
  }
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1 @@`
							`addSbtPlugin("io.get-coursier" % "sbt-coursier" % "1.0.0-M15")`
`@@ -1,2 +1,2 @@`
	`set SCRIPT_DIR=%~dp0`	`set SCRIPT_DIR=%~dp0`
	`java %JAVA_OPTS% -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar "%SCRIPT_DIR%\sbt-launch-0.13.9.jar" %*`	`java %JAVA_OPTS% -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar "%SCRIPT_DIR%\sbt-launch-0.13.12.jar" %*`
`@@ -1,2 +1,2 @@`
	`#!/bin/sh`	`#!/bin/sh`
	java $JAVA_OPTS -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar `dirname $0`/sbt-launch-0.13.9.jar "$@"	java $JAVA_OPTS -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar `dirname $0`/sbt-launch-0.13.12.jar "$@"
		`@@ -0,0 +1,2 @@`
							`-- DELETE COLLABORATORS IN GROUP REPOSITORIES`
							`DELETE FROM COLLABORATOR WHERE USER_NAME IN (SELECT USER_NAME FROM ACCOUNT WHERE GROUP_ACCOUNT = TRUE)`
		`@@ -0,0 +1,3 @@`
							`package gitbucket.core.api`

							`case class ApiEndPoint(rate_limit_url: ApiPath = ApiPath("/api/v3/rate_limit"))`