GitBucket 4.8 release

Add API to get a single issue

LICENSE

@@ -187,7 +187,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2013-2016 GitBucket Team
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -65,6 +65,45 @@ Support
 
 Release Notes
 -------------
+## 4.8 - 23 Dec 2016
+- Search for repository names from the global header
+- Filter repositories on the sidebar of the dashboard
+- Search issues and wiki
+- Keep pull request comments after new commits are pushed
+- New web API to get a single issue
+- Performance improvement for the repository viewer
+
+### 4.7.1 - 28 Nov 2016
+- Bug fix: group repositories are not shown in the your repositories list on the sidebar
+- Small performance improvement of the dashboard
+
+### 4.7 - 26 Nov 2016
+- New permission system
+- Dropdown filter for issue labels, milestones and assignees
+- Keep sidebar folding status
+- Link from milestone label to the issue list
+
+### 4.6 - 29 Oct 2016
+- Add disable option for forking
+- Add History button to wiki page
+- Git repository URL redirection for GitHub compatibility
+- Get-Content API improvement
+- Indicate who is group master in Members tab in group view
+
+### 4.5 - 29 Sep 2016
+- Attach files by dropping into textarea
+- Issues / Pull requests switcher in dashboard
+- HikariCP could be configured in `GITBUCKET_HOME/database.conf`
+- Improve Cookie security
+- Display commit count on the history button
+- Improve mobile view
+
+### 4.4 - 28 Aug 2016
+- Import a SQL dump file to the database
+- `go get` support in private repositories
+- Sort milestones by due date
+- apache-sshd has been updated to 1.2.0
+
 ### 4.3 - 30 Jul 2016
 - Emoji support by [gitbucket-emoji-plugin](https://github.com/gitbucket/gitbucket-emoji-plugin)
 - User name suggestion

build.sbt

@@ -1,6 +1,6 @@
-val Organization = "gitbucket"
+val Organization = "io.github.gitbucket"
 val Name = "gitbucket"
-val GitBucketVersion = "4.3.0"
+val GitBucketVersion = "4.8"
 val ScalatraVersion = "2.4.1"
 val JettyVersion = "9.3.9.v20160517"
 
@@ -15,6 +15,7 @@ scalaVersion := "2.11.8"
 // dependency settings
 resolvers ++= Seq(
   Classpaths.typesafeReleases,
+  Resolver.jcenterRepo,
   "amateras" at "http://amateras.sourceforge.jp/mvn/",
   "sonatype-snapshot" at "https://oss.sonatype.org/content/repositories/snapshots/",
   "amateras-snapshot" at "http://amateras.sourceforge.jp/mvn-snapshot/"
@@ -33,7 +34,7 @@ libraryDependencies ++= Seq(
   "org.apache.commons"        % "commons-compress"             % "1.11",
   "org.apache.commons"        % "commons-email"                % "1.4",
   "org.apache.httpcomponents" % "httpclient"                   % "4.5.1",
-  "org.apache.sshd"           % "apache-sshd"                  % "1.0.0",
+  "org.apache.sshd"           % "apache-sshd"                  % "1.2.0",
   "org.apache.tika"           % "tika-core"                    % "1.13",
   "com.typesafe.slick"       %% "slick"                        % "2.1.0",
   "com.novell.ldap"           % "jldap"                        % "2009-10-07",
@@ -45,12 +46,13 @@ libraryDependencies ++= Seq(
   "com.typesafe"              % "config"                       % "1.3.0",
   "com.typesafe.akka"        %% "akka-actor"                   % "2.3.15",
   "fr.brouillard.oss.security.xhub" % "xhub4j-core"            % "1.0.0",
+  "com.github.bkromhout"      % "java-diff-utils"              % "2.1.1",
+  "org.cache2k"               % "cache2k-all"                  % "1.0.0.CR1",
   "com.enragedginger"        %% "akka-quartz-scheduler"        % "1.4.0-akka-2.3.x" exclude("c3p0","c3p0"),
   "org.eclipse.jetty"         % "jetty-webapp"                 % JettyVersion     % "provided",
   "javax.servlet"             % "javax.servlet-api"            % "3.1.0"          % "provided",
   "junit"                     % "junit"                        % "4.12"           % "test",
   "org.scalatra"             %% "scalatra-scalatest"           % ScalatraVersion  % "test",
-  "org.scalaz"               %% "scalaz-core"                  % "7.2.4"          % "test",
   "com.wix"                   % "wix-embedded-mysql"           % "1.0.3"          % "test",
   "ru.yandex.qatools.embed"   % "postgresql-embedded"          % "1.14"           % "test"
 )
@@ -106,7 +108,6 @@ libraryDependencies ++= Seq(
 
 val executableKey = TaskKey[File]("executable")
 executableKey := {
-  import org.apache.ivy.util.ChecksumHelper
   import java.util.jar.{ Manifest => JarManifest }
   import java.util.jar.Attributes.{ Name => AttrName }
 
@@ -164,9 +165,55 @@ executableKey := {
   log info s"built executable webapp ${outputFile}"
   outputFile
 }
-/*
+publishTo <<= version { (v: String) =>
-Keys.artifact in (Compile, executableKey) ~= {
+  val nexus = "https://oss.sonatype.org/"
-    _ copy (`type` = "war", extension = "war"))
+  if (v.trim.endsWith("SNAPSHOT")) Some("snapshots" at nexus + "content/repositories/snapshots")
+  else                             Some("releases"  at nexus + "service/local/staging/deploy/maven2")
 }
-addArtifact(Keys.artifact in (Compile, executableKey), executableKey)
+publishMavenStyle := true
-*/
+pomIncludeRepository := { _ => false }
+pomExtra := (
+  <url>https://github.com/gitbucket/gitbucket</url>
+  <licenses>
+    <license>
+      <name>The Apache Software License, Version 2.0</name>
+      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+    </license>
+  </licenses>
+  <scm>
+    <url>https://github.com/gitbucket/gitbucket</url>
+    <connection>scm:git:https://github.com/gitbucket/gitbucket.git</connection>
+  </scm>
+  <developers>
+    <developer>
+      <id>takezoe</id>
+      <name>Naoki Takezoe</name>
+      <url>https://github.com/takezoe</url>
+    </developer>
+    <developer>
+      <id>shimamoto</id>
+      <name>Takako Shimamoto</name>
+      <url>https://github.com/shimamoto</url>
+    </developer>
+    <developer>
+      <id>tanacasino</id>
+      <name>Tomofumi Tanaka</name>
+      <url>https://github.com/tanacasino</url>
+    </developer>
+    <developer>
+      <id>mrkm4ntr</id>
+      <name>Shintaro Murakami</name>
+      <url>https://github.com/mrkm4ntr</url>
+    </developer>
+    <developer>
+      <id>nazoking</id>
+      <name>nazoking</name>
+      <url>https://github.com/nazoking</url>
+    </developer>
+    <developer>
+      <id>McFoggy</id>
+      <name>Matthieu Brouillard</name>
+      <url>https://github.com/McFoggy</url>
+    </developer>
+  </developers>
+)

doc/release.md

@@ -46,9 +46,10 @@ $ sbt executable
 
 ### Deploy assembly jar file
 
-For plug-in development, we have to publish the assembly jar file to the public Maven repository by `release/deploy-assembly-jar.sh`.
+For plug-in development, we have to publish the GitBucket jar file to the Maven central repository as well. At first, hit following command to publish artifacts to the sonatype OSS repository:
 
 ```bash
-$ cd release/
+$ sbt publish-signed
-$ ./deploy-assembly-jar.sh
 ```
+
+Then operate release sequence at https://oss.sonatype.org/.

project/build.properties

@@ -1 +1 @@
-sbt.version=0.13.11
+sbt.version=0.13.12

project/plugins.sbt

@@ -4,3 +4,4 @@ addSbtPlugin("com.typesafe.sbt" % "sbt-twirl"       % "1.0.4")
 addSbtPlugin("com.eed3si9n"         % "sbt-assembly"      % "0.12.0")
 addSbtPlugin("com.earldouglas"      % "xsbt-web-plugin"   % "2.1.0")
 addSbtPlugin("fi.gekkio.sbtplugins" % "sbt-jrebel-plugin" % "0.10.0")
+addSbtPlugin("com.typesafe.sbt"     % "sbt-pgp"           % "0.8.3")

release/deploy-assembly-jar.sh

@@ -1,24 +0,0 @@
-#!/bin/sh
-. ./env.sh
-
-cd ../
-./sbt.sh clean assembly
-
-cd release
-
-if [[ "$GITBUCKET_VERSION" =~ -SNAPSHOT$ ]]; then
-  MVN_DEPLOY_PATH=mvn-snapshot
-else
-  MVN_DEPLOY_PATH=mvn
-fi
-
-echo $MVN_DEPLOY_PATH
-
-mvn deploy:deploy-file \
-  -DgroupId=gitbucket\
-  -DartifactId=gitbucket-assembly\
-  -Dversion=$GITBUCKET_VERSION\
-  -Dpackaging=jar\
-  -Dfile=../target/scala-2.11/gitbucket-assembly-$GITBUCKET_VERSION.jar\
-  -DrepositoryId=sourceforge.jp\
-  -Durl=scp://shell.sourceforge.jp/home/groups/a/am/amateras/htdocs/$MVN_DEPLOY_PATH/

release/env.sh

@@ -1,3 +0,0 @@
-#!/bin/sh
-export GITBUCKET_VERSION=`cat ../build.sbt | grep 'val GitBucketVersion' | cut -d \" -f 2`
-echo "GITBUCKET_VERSION: $GITBUCKET_VERSION"

release/pom.xml

@@ -1,17 +0,0 @@
-<?xml version="1.0"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <groupId>jp.sf.amateras</groupId>
-    <artifactId>gitbucket-assembly</artifactId>
-    <version>0.0.1</version>
-    <build>
-        <extensions>
-            <extension>
-                <groupId>org.apache.maven.wagon</groupId>
-                <artifactId>wagon-ssh</artifactId>
-                <version>2.10</version>
-            </extension>
-        </extensions>
-    </build>
-</project>

sbt.bat

@@ -1,2 +1,2 @@
 set SCRIPT_DIR=%~dp0
-java %JAVA_OPTS% -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar "%SCRIPT_DIR%\sbt-launch-0.13.9.jar" %*
+java %JAVA_OPTS% -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar "%SCRIPT_DIR%\sbt-launch-0.13.12.jar" %*

sbt.sh

@@ -1,2 +1,2 @@
 #!/bin/sh
-java $JAVA_OPTS -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar `dirname $0`/sbt-launch-0.13.9.jar "$@"
+java $JAVA_OPTS -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar `dirname $0`/sbt-launch-0.13.12.jar "$@"

src/main/java/JettyLauncher.java

@@ -3,12 +3,14 @@ import org.eclipse.jetty.webapp.WebAppContext;
 
 import java.io.File;
 import java.net.URL;
+import java.net.InetSocketAddress;
 import java.security.ProtectionDomain;
 
 public class JettyLauncher {
     public static void main(String[] args) throws Exception {
         String host = null;
         int port = 8080;
+        InetSocketAddress address = null;
         String contextPath = "/";
         boolean forceHttps = false;
 
@@ -29,7 +31,13 @@ public class JettyLauncher {
             }
         }
 
-        Server server = new Server(port);
+        if(host != null) {
+            address = new InetSocketAddress(host, port);
+        } else {
+            address = new InetSocketAddress(port);
+        }
+
+        Server server = new Server(address);
 
 //        SelectChannelConnector connector = new SelectChannelConnector();
 //        if(host != null) {
@@ -60,6 +68,8 @@ public class JettyLauncher {
         }
 
         server.setHandler(context);
+        server.setStopAtShutdown(true);
+        server.setStopTimeout(7_000);
         server.start();
         server.join();
     }

src/main/resources/update/gitbucket-core_4.6.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<changeSet>
+    <addColumn tableName="REPOSITORY">
+        <column name="ALLOW_FORK" type="boolean" nullable="false" defaultValueBoolean="true"/>
+    </addColumn>
+</changeSet>

src/main/resources/update/gitbucket-core_4.7.sql

@@ -0,0 +1,2 @@
+-- DELETE COLLABORATORS IN GROUP REPOSITORIES
+DELETE FROM COLLABORATOR WHERE USER_NAME IN (SELECT USER_NAME FROM ACCOUNT WHERE GROUP_ACCOUNT = TRUE)

src/main/resources/update/gitbucket-core_4.7.xml

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<changeSet>
+    <addColumn tableName="COLLABORATOR">
+        <column name="ROLE" type="varchar(10)" nullable="false" defaultValue="ADMIN"/>
+    </addColumn>
+    <addColumn tableName="REPOSITORY">
+        <column name="WIKI_OPTION" type="varchar(10)" nullable="false" defaultValue="DISABLE"/>
+        <column name="ISSUES_OPTION" type="varchar(10)" nullable="false" defaultValue="DISABLE"/>
+    </addColumn>
+    <update tableName="REPOSITORY">
+        <column name="WIKI_OPTION" value="DISABLE"/>
+        <where>ENABLE_WIKI = FALSE</where>
+    </update>
+    <update tableName="REPOSITORY">
+        <column name="WIKI_OPTION" value="PRIVATE"/>
+        <where>ENABLE_WIKI = TRUE AND ALLOW_WIKI_EDITING = FALSE</where>
+    </update>
+    <update tableName="REPOSITORY">
+        <column name="WIKI_OPTION" value="PUBLIC"/>
+        <where>ENABLE_WIKI = TRUE AND ALLOW_WIKI_EDITING = TRUE</where>
+    </update>
+    <update tableName="REPOSITORY">
+        <column name="ISSUES_OPTION" value="DISABLE"/>
+        <where>ENABLE_ISSUES = FALSE</where>
+    </update>
+    <update tableName="REPOSITORY">
+        <column name="ISSUES_OPTION" value="PUBLIC"/>
+        <where>ENABLE_ISSUES = TRUE</where>
+    </update>
+    <dropColumn tableName="REPOSITORY" columnName="ENABLE_WIKI"/>
+    <dropColumn tableName="REPOSITORY" columnName="ALLOW_WIKI_EDITING"/>
+    <dropColumn tableName="REPOSITORY" columnName="ENABLE_ISSUES"/>
+</changeSet>

src/main/scala/ScalatraBootstrap.scala

@@ -1,17 +1,23 @@
 
-import gitbucket.core.controller._
-import gitbucket.core.plugin.PluginRegistry
-import gitbucket.core.servlet.{ApiAuthenticationFilter, GitAuthenticationFilter, Database, TransactionFilter}
-import gitbucket.core.util.Directory
-
 import java.util.EnumSet
 import javax.servlet._
 
+import gitbucket.core.controller._
+import gitbucket.core.plugin.PluginRegistry
+import gitbucket.core.service.SystemSettingsService
+import gitbucket.core.servlet._
+import gitbucket.core.util.Directory
 import org.scalatra._
 
 
-class ScalatraBootstrap extends LifeCycle {
+class ScalatraBootstrap extends LifeCycle with SystemSettingsService {
   override def init(context: ServletContext) {
+
+    val settings = loadSystemSettings()
+    if(settings.baseUrl.exists(_.startsWith("https://"))) {
+      context.getSessionCookieConfig.setSecure(true)
+    }
+
     // Register TransactionFilter and BasicAuthenticationFilter at first
     context.addFilter("transactionFilter", new TransactionFilter)
     context.getFilterRegistration("transactionFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/*")
@@ -19,6 +25,9 @@ class ScalatraBootstrap extends LifeCycle {
     context.getFilterRegistration("gitAuthenticationFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/git/*")
     context.addFilter("apiAuthenticationFilter", new ApiAuthenticationFilter)
     context.getFilterRegistration("apiAuthenticationFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/api/v3/*")
+    context.addFilter("ghCompatRepositoryAccessFilter", new GHCompatRepositoryAccessFilter)
+    context.getFilterRegistration("ghCompatRepositoryAccessFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/*")
+
     // Register controllers
     context.mount(new AnonymousAccessController, "/*")
 

src/main/scala/gitbucket/core/GitBucketCoreModule.scala

@@ -13,5 +13,16 @@ object GitBucketCoreModule extends Module("gitbucket-core",
     new LiquibaseMigration("update/gitbucket-core_4.2.xml")
   ),
   new Version("4.2.1"),
-  new Version("4.3.0")
+  new Version("4.3.0"),
+  new Version("4.4.0"),
+  new Version("4.5.0"),
+  new Version("4.6.0",
+    new LiquibaseMigration("update/gitbucket-core_4.6.xml")
+  ),
+  new Version("4.7.0",
+    new LiquibaseMigration("update/gitbucket-core_4.7.xml"),
+    new SqlMigration("update/gitbucket-core_4.7.sql")
+  ),
+  new Version("4.7.1"),
+  new Version("4.8")
 )

src/main/scala/gitbucket/core/api/ApiContents.scala

@@ -1,11 +1,18 @@
 package gitbucket.core.api
 
 import gitbucket.core.util.JGitUtil.FileInfo
+import org.apache.commons.codec.binary.Base64
 
-case class ApiContents(`type`: String, name: String)
+case class ApiContents(`type`: String, name: String, content: Option[String], encoding: Option[String])
 
 object ApiContents{
-  def apply(fileInfo: FileInfo): ApiContents =
+  def apply(fileInfo: FileInfo, content: Option[Array[Byte]]): ApiContents = {
-    if(fileInfo.isDirectory) ApiContents("dir", fileInfo.name)
+    if(fileInfo.isDirectory) {
-    else ApiContents("file", fileInfo.name)
+      ApiContents("dir", fileInfo.name, None, None)
+    } else {
+      content.map(arr =>
+        ApiContents("file", fileInfo.name, Some(Base64.encodeBase64String(arr)), Some("base64"))
+      ).getOrElse(ApiContents("file", fileInfo.name, None, None))
+    }
+  }
 }

src/main/scala/gitbucket/core/api/ApiPullRequest.scala

@@ -1,7 +1,6 @@
 package gitbucket.core.api
 
-import gitbucket.core.model.{Issue, PullRequest}
+import gitbucket.core.model.{Account, Issue, IssueComment, PullRequest}
-
 import java.util.Date
 
 
@@ -15,6 +14,9 @@ case class ApiPullRequest(
   head: ApiPullRequest.Commit,
   base: ApiPullRequest.Commit,
   mergeable: Option[Boolean],
+  merged: Boolean,
+  merged_at: Option[Date],
+  merged_by: Option[ApiUser],
   title: String,
   body: String,
   user: ApiUser) {
@@ -31,7 +33,14 @@ case class ApiPullRequest(
 }
 
 object ApiPullRequest{
-  def apply(issue: Issue, pullRequest: PullRequest, headRepo: ApiRepository, baseRepo: ApiRepository, user: ApiUser): ApiPullRequest =
+  def apply(
+    issue: Issue,
+    pullRequest: PullRequest,
+    headRepo: ApiRepository,
+    baseRepo: ApiRepository,
+    user: ApiUser,
+    mergedComment: Option[(IssueComment, Account)]
+  ): ApiPullRequest =
     ApiPullRequest(
       number     = issue.issueId,
       updated_at = issue.updatedDate,
@@ -45,6 +54,9 @@ object ApiPullRequest{
                      ref  = pullRequest.branch,
                      repo = baseRepo)(issue.userName),
       mergeable  = None, // TODO: need check mergeable.
+      merged     = mergedComment.isDefined,
+      merged_at  = mergedComment.map { case (comment, _) => comment.registeredDate },
+      merged_by  = mergedComment.map { case (_, account) => ApiUser(account) },
       title      = issue.title,
       body       = issue.content.getOrElse(""),
       user       = user

src/main/scala/gitbucket/core/api/ApiUser.scala

@@ -30,7 +30,7 @@ object ApiUser{
   def apply(user: Account): ApiUser = ApiUser(
     login      = user.userName,
     email      = user.mailAddress,
-    `type`     = if(user.isGroupAccount){ "Organization" }else{ "User" },
+    `type`     = if(user.isGroupAccount){ "Organization" } else { "User" },
     site_admin = user.isAdmin,
     created_at = user.registeredDate
   )

src/main/scala/gitbucket/core/api/CreateARepository.scala

@@ -11,7 +11,7 @@ case class CreateARepository(
     auto_init: Boolean = false
 ) {
   def isValid: Boolean = {
-    name.length<=40 &&
+    name.length <= 100 &&
         name.matches("[a-zA-Z0-9\\-\\+_.]+") &&
         !name.startsWith("_") &&
         !name.startsWith("-")

src/main/scala/gitbucket/core/controller/AccountController.scala

@@ -14,6 +14,7 @@ import gitbucket.core.util._
 import io.github.gitbucket.scalatra.forms._
 import org.apache.commons.io.FileUtils
 import org.scalatra.i18n.Messages
+import org.scalatra.BadRequest
 
 
 class AccountController extends AccountControllerBase
@@ -38,7 +39,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   case class PersonalTokenForm(note: String)
 
   val newForm = mapping(
-    "userName"    -> trim(label("User name"    , text(required, maxlength(100), identifier, uniqueUserName))),
+    "userName"    -> trim(label("User name"    , text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
     "password"    -> trim(label("Password"     , text(required, maxlength(20)))),
     "fullName"    -> trim(label("Full Name"    , text(required, maxlength(100)))),
     "mailAddress" -> trim(label("Mail Address" , text(required, maxlength(100), uniqueMailAddress()))),
@@ -68,7 +69,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   case class EditGroupForm(groupName: String, url: Option[String], fileId: Option[String], members: String, clearImage: Boolean)
 
   val newGroupForm = mapping(
-    "groupName" -> trim(label("Group name" ,text(required, maxlength(100), identifier, uniqueUserName))),
+    "groupName" -> trim(label("Group name" ,text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
     "url"       -> trim(label("URL"        ,optional(text(maxlength(200))))),
     "fileId"    -> trim(label("File ID"    ,optional(text()))),
     "members"   -> trim(label("Members"    ,text(required, members)))
@@ -120,7 +121,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
         // Members
         case "members" if(account.isGroupAccount) => {
           val members = getGroupMembers(account.userName)
-          gitbucket.core.account.html.members(account, members.map(_.userName),
+          gitbucket.core.account.html.members(account, members,
             context.loginAccount.exists(x => members.exists { member => member.userName == x.userName && member.isManager }))
         }
 
@@ -133,7 +134,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
             context.loginAccount.exists(x => members.exists { member => member.userName == x.userName && member.isManager }))
         }
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   }
 
   get("/:userName.atom") {
@@ -156,7 +157,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
     val userName = params("userName")
     getAccountByUserName(userName).map { x =>
       html.edit(x, flash.get("info"), flash.get("error"))
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   post("/:userName/_edit", editForm)(oneselfOnly { form =>
@@ -172,7 +173,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
       flash += "info" -> "Account information has been updated."
       redirect(s"/${userName}/_edit")
 
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   get("/:userName/_delete")(oneselfOnly {
@@ -196,14 +197,14 @@ trait AccountControllerBase extends AccountManagementControllerBase {
         session.invalidate
         redirect("/")
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   get("/:userName/_ssh")(oneselfOnly {
     val userName = params("userName")
     getAccountByUserName(userName).map { x =>
       html.ssh(x, getPublicKeys(x.userName))
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   post("/:userName/_ssh", sshKeyForm)(oneselfOnly { form =>
@@ -234,7 +235,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
         case _ => None
       }
       html.application(x, tokens, generatedToken)
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   post("/:userName/_personalToken", personalTokenForm)(oneselfOnly { form =>
@@ -260,7 +261,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
       } else {
         html.register()
       }
-    } else NotFound
+    } else NotFound()
   }
 
   post("/register", newForm){ form =>
@@ -268,7 +269,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
       createAccount(form.userName, sha1(form.password), form.fullName, form.mailAddress, false, form.url)
       updateImage(form.userName, form.fileId, false)
       redirect("/signin")
-    } else NotFound
+    } else NotFound()
   }
 
   get("/groups/new")(usersOnly {
@@ -318,18 +319,18 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 
         // Update GROUP_MEMBER
         updateGroupMembers(form.groupName, members)
-        // Update COLLABORATOR for group repositories
+//        // Update COLLABORATOR for group repositories
-        getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
+//        getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
-          removeCollaborators(form.groupName, repositoryName)
+//          removeCollaborators(form.groupName, repositoryName)
-          members.foreach { case (userName, isManager) =>
+//          members.foreach { case (userName, isManager) =>
-            addCollaborator(form.groupName, repositoryName, userName)
+//            addCollaborator(form.groupName, repositoryName, userName)
-          }
+//          }
-        }
+//        }
 
         updateImage(form.groupName, form.fileId, form.clearImage)
         redirect(s"/${form.groupName}")
 
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
@@ -355,6 +356,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   })
 
   get("/:owner/:repository/fork")(readableUsersOnly { repository =>
+    if(repository.repository.options.allowFork){
       val loginAccount   = context.loginAccount.get
       val loginUserName  = loginAccount.userName
       val groups         = getGroupsByUserName(loginUserName)
@@ -370,9 +372,11 @@ trait AccountControllerBase extends AccountManagementControllerBase {
           )
         case _ => redirect(s"/${loginUserName}")
       }
+    } else BadRequest()
   })
 
   post("/:owner/:repository/fork", accountForm)(readableUsersOnly { (form, repository) =>
+    if(repository.repository.options.allowFork){
       val loginAccount  = context.loginAccount.get
       val loginUserName = loginAccount.userName
       val accountName   = form.accountName
@@ -398,13 +402,13 @@ trait AccountControllerBase extends AccountManagementControllerBase {
             parentUserName       = Some(repository.owner)
           )
 
-        // Add collaborators for group repository
+//          // Add collaborators for group repository
-        val ownerAccount = getAccountByUserName(accountName).get
+//          val ownerAccount = getAccountByUserName(accountName).get
-        if(ownerAccount.isGroupAccount){
+//          if(ownerAccount.isGroupAccount){
-          getGroupMembers(accountName).foreach { member =>
+//            getGroupMembers(accountName).foreach { member =>
-            addCollaborator(accountName, repository.name, member.userName)
+//              addCollaborator(accountName, repository.name, member.userName)
-          }
+//            }
-        }
+//          }
 
           // Insert default labels
           insertDefaultLabels(accountName, repository.name)
@@ -425,6 +429,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
           redirect(s"/${accountName}/${repository.name}")
         }
       }
+    } else BadRequest()
   })
 
   private def existsAccount: Constraint = new Constraint(){

src/main/scala/gitbucket/core/controller/ApiController.scala

@@ -7,9 +7,10 @@ import gitbucket.core.service.PullRequestService._
 import gitbucket.core.service._
 import gitbucket.core.util.ControlUtil._
 import gitbucket.core.util.Directory._
-import gitbucket.core.util.JGitUtil.{CommitInfo, getFileList, getBranches, getDefaultBranch}
+import gitbucket.core.util.JGitUtil._
 import gitbucket.core.util._
 import gitbucket.core.util.Implicits._
+import gitbucket.core.view.helpers.{renderMarkup, isRenderable}
 import org.eclipse.jgit.api.Git
 import org.scalatra.{NoContent, UnprocessableEntity, Created}
 import scala.collection.JavaConverters._
@@ -21,6 +22,7 @@ class ApiController extends ApiControllerBase
   with IssuesService
   with LabelsService
   with PullRequestService
+  with CommitsService
   with CommitStatusService
   with RepositoryCreationService
   with HandleCommentService
@@ -34,7 +36,7 @@ class ApiController extends ApiControllerBase
   with GroupManagerAuthenticator
   with ReferrerAuthenticator
   with ReadableUsersAuthenticator
-  with CollaboratorsAuthenticator
+  with WritableUsersAuthenticator
 
 trait ApiControllerBase extends ControllerBase {
   self: RepositoryService
@@ -51,7 +53,7 @@ trait ApiControllerBase extends ControllerBase {
     with GroupManagerAuthenticator
     with ReferrerAuthenticator
     with ReadableUsersAuthenticator
-    with CollaboratorsAuthenticator =>
+    with WritableUsersAuthenticator =>
 
   /**
     * https://developer.github.com/v3/#root-endpoint
@@ -66,7 +68,7 @@ trait ApiControllerBase extends ControllerBase {
   get("/api/v3/orgs/:groupName") {
     getAccountByUserName(params("groupName")).filter(account => account.isGroupAccount).map { account =>
       JsonFormat(ApiUser(account))
-    } getOrElse NotFound
+    } getOrElse NotFound()
   }
 
   /**
@@ -75,7 +77,7 @@ trait ApiControllerBase extends ControllerBase {
   get("/api/v3/users/:userName") {
     getAccountByUserName(params("userName")).filterNot(account => account.isGroupAccount).map { account =>
       JsonFormat(ApiUser(account))
-    } getOrElse NotFound
+    } getOrElse NotFound()
   }
 
   /**
@@ -109,13 +111,58 @@ trait ApiControllerBase extends ControllerBase {
    * https://developer.github.com/v3/repos/contents/#get-contents
    */
   get("/api/v3/repos/:owner/:repo/contents/*")(referrersOnly { repository =>
-    val (id, path) = repository.splitPath(multiParams("splat").head)
+    def getFileInfo(git: Git, revision: String, pathStr: String): Option[FileInfo] = {
-    val refStr = params("ref")
+      val path = new java.io.File(pathStr)
+      val dirName = path.getParent match {
+        case null => "."
+        case s => s
+      }
+      getFileList(git, revision, dirName).find(f => f.name.equals(path.getName))
+    }
+
+    val path = multiParams("splat").head match {
+      case s if s.isEmpty => "."
+      case s => s
+    }
+    val refStr = params.getOrElse("ref", repository.repository.defaultBranch)
+
     using(Git.open(getRepositoryDir(params("owner"), params("repo")))){ git =>
-      if (path.isEmpty) {
+      val fileList = getFileList(git, refStr, path)
-        JsonFormat(getFileList(git, refStr, ".").map{f => ApiContents(f)})
+      if (fileList.isEmpty) { // file or NotFound
-      } else {
+        getFileInfo(git, refStr, path).flatMap(f => {
-        JsonFormat(getFileList(git, refStr, path).map{f => ApiContents(f)})
+          val largeFile = params.get("large_file").exists(s => s.equals("true"))
+          val content = getContentFromId(git, f.id, largeFile)
+          request.getHeader("Accept") match {
+            case "application/vnd.github.v3.raw" => {
+              contentType = "application/vnd.github.v3.raw"
+              content
+            }
+            case "application/vnd.github.v3.html" if isRenderable(f.name) => {
+              contentType = "application/vnd.github.v3.html"
+              content.map(c =>
+                List(
+                  "<div data-path=\"", path, "\" id=\"file\">", "<article>",
+                  renderMarkup(path.split("/").toList, new String(c), refStr, repository, false, false, true).body,
+                  "</article>", "</div>"
+                ).mkString
+              )
+            }
+            case "application/vnd.github.v3.html" => {
+              contentType = "application/vnd.github.v3.html"
+              content.map(c =>
+                List(
+                  "<div data-path=\"", path, "\" id=\"file\">", "<div class=\"plain\">", "<pre>",
+                  play.twirl.api.HtmlFormat.escape(new String(c)).body,
+                  "</pre>", "</div>", "</div>"
+                ).mkString
+              )
+            }
+            case _ =>
+              Some(JsonFormat(ApiContents(f, content)))
+          }
+        }).getOrElse(NotFound())
+      } else { // directory
+        JsonFormat(fileList.map{f => ApiContents(f, None)})
       }
     }
   })
@@ -137,7 +184,8 @@ trait ApiControllerBase extends ControllerBase {
    * https://developer.github.com/v3/repos/collaborators/#list-collaborators
    */
   get("/api/v3/repos/:owner/:repo/collaborators") (referrersOnly { repository =>
-    JsonFormat(getCollaborators(params("owner"), params("repo")).map(u => ApiUser(getAccountByUserName(u).get)))
+    // TODO Should ApiUser take permission? getCollaboratorUserNames does not return owner group members.
+    JsonFormat(getCollaboratorUserNames(params("owner"), params("repo")).map(u => ApiUser(getAccountByUserName(u).get)))
   })
 
   /**
@@ -146,7 +194,7 @@ trait ApiControllerBase extends ControllerBase {
   get("/api/v3/user") {
     context.loginAccount.map { account =>
       JsonFormat(ApiUser(account))
-    } getOrElse Unauthorized
+    } getOrElse Unauthorized()
   }
 
   /**
@@ -180,7 +228,7 @@ trait ApiControllerBase extends ControllerBase {
           )
         }
       }
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
   /**
@@ -204,7 +252,7 @@ trait ApiControllerBase extends ControllerBase {
           )
         }
       }
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
   /**
@@ -222,7 +270,7 @@ trait ApiControllerBase extends ControllerBase {
         disableBranchProtection(repository.owner, repository.name, branch)
       }
       JsonFormat(ApiBranch(branch, protection)(RepositoryName(repository)))
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
   /**
@@ -235,6 +283,19 @@ trait ApiControllerBase extends ControllerBase {
     org.scalatra.NotFound(ApiError("Rate limiting is not enabled."))
   }
 
+  /**
+   * https://developer.github.com/v3/issues/#get-a-single-issue
+   */
+  get("/api/v3/repos/:owner/:repository/issues/:id")(referrersOnly { repository =>
+    (for{
+      issueId  <- params("id").toIntOpt
+      issue <- getIssue(repository.owner, repository.name, issueId.toString)
+      openedUser <- getAccountByUserName(issue.openedUserName)
+    } yield {
+      JsonFormat(ApiIssue(issue, RepositoryName(repository), ApiUser(openedUser)))
+    }) getOrElse NotFound()
+  })
+
   /**
    * https://developer.github.com/v3/issues/comments/#list-comments-on-an-issue
    */
@@ -244,7 +305,7 @@ trait ApiControllerBase extends ControllerBase {
       comments =  getCommentsForApi(repository.owner, repository.name, issueId.toInt)
     } yield {
       JsonFormat(comments.map{ case (issueComment, user, issue) => ApiComment(issueComment, RepositoryName(repository), issueId, ApiUser(user), issue.isPullRequest) })
-    }).getOrElse(NotFound)
+    }) getOrElse NotFound()
   })
 
   /**
@@ -260,7 +321,7 @@ trait ApiControllerBase extends ControllerBase {
       issueComment <- getComment(repository.owner, repository.name, id.toString())
     } yield {
       JsonFormat(ApiComment(issueComment, RepositoryName(repository), issueId, ApiUser(context.loginAccount.get), issue.isPullRequest))
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
   /**
@@ -287,7 +348,7 @@ trait ApiControllerBase extends ControllerBase {
    * Create a label
    * https://developer.github.com/v3/issues/labels/#create-a-label
    */
-  post("/api/v3/repos/:owner/:repository/labels")(collaboratorsOnly { repository =>
+  post("/api/v3/repos/:owner/:repository/labels")(writableUsersOnly { repository =>
     (for{
       data <- extractFromJsonBody[CreateALabel] if data.isValid
     } yield {
@@ -312,7 +373,7 @@ trait ApiControllerBase extends ControllerBase {
    * Update a label
    * https://developer.github.com/v3/issues/labels/#update-a-label
    */
-  patch("/api/v3/repos/:owner/:repository/labels/:labelName")(collaboratorsOnly { repository =>
+  patch("/api/v3/repos/:owner/:repository/labels/:labelName")(writableUsersOnly { repository =>
     (for{
       data <- extractFromJsonBody[CreateALabel] if data.isValid
     } yield {
@@ -322,12 +383,14 @@ trait ApiControllerBase extends ControllerBase {
             updateLabel(repository.owner, repository.name, label.labelId, data.name, data.color)
             JsonFormat(ApiLabel(
               getLabel(repository.owner, repository.name, label.labelId).get,
-              RepositoryName(repository)))
+              RepositoryName(repository)
+            ))
           } else {
             // TODO ApiError should support errors field to enhance compatibility of GitHub API
             UnprocessableEntity(ApiError(
               "Validation Failed",
-              Some("https://developer.github.com/v3/issues/labels/#create-a-label")))
+              Some("https://developer.github.com/v3/issues/labels/#create-a-label")
+            ))
           }
         } getOrElse NotFound()
       }
@@ -338,7 +401,7 @@ trait ApiControllerBase extends ControllerBase {
    * Delete a label
    * https://developer.github.com/v3/issues/labels/#delete-a-label
    */
-  delete("/api/v3/repos/:owner/:repository/labels/:labelName")(collaboratorsOnly { repository =>
+  delete("/api/v3/repos/:owner/:repository/labels/:labelName")(writableUsersOnly { repository =>
     LockUtil.lock(RepositoryName(repository).fullName) {
       getLabel(repository.owner, repository.name, params("labelName")).map { label =>
         deleteLabel(repository.owner, repository.name, label.labelId)
@@ -366,11 +429,12 @@ trait ApiControllerBase extends ControllerBase {
 
     JsonFormat(issues.map { case (issue, issueUser, commentCount, pullRequest, headRepo, headOwner) =>
       ApiPullRequest(
-        issue,
+        issue         = issue,
-        pullRequest,
+        pullRequest   = pullRequest,
-        ApiRepository(headRepo, ApiUser(headOwner)),
+        headRepo      = ApiRepository(headRepo, ApiUser(headOwner)),
-        ApiRepository(repository, ApiUser(baseOwner)),
+        baseRepo      = ApiRepository(repository, ApiUser(baseOwner)),
-        ApiUser(issueUser)
+        user          = ApiUser(issueUser),
+        mergedComment = getMergedComment(repository.owner, repository.name, issue.issueId)
       )
     })
   })
@@ -382,19 +446,21 @@ trait ApiControllerBase extends ControllerBase {
     (for{
       issueId   <- params("id").toIntOpt
       (issue, pullRequest) <- getPullRequest(repository.owner, repository.name, issueId)
-      users = getAccountsByUserNames(Set(repository.owner, pullRequest.requestUserName, issue.openedUserName), Set())
+      users     =  getAccountsByUserNames(Set(repository.owner, pullRequest.requestUserName, issue.openedUserName), Set.empty)
       baseOwner <- users.get(repository.owner)
       headOwner <- users.get(pullRequest.requestUserName)
       issueUser <- users.get(issue.openedUserName)
       headRepo  <- getRepository(pullRequest.requestUserName, pullRequest.requestRepositoryName)
     } yield {
       JsonFormat(ApiPullRequest(
-        issue,
+        issue         = issue,
-        pullRequest,
+        pullRequest   = pullRequest,
-        ApiRepository(headRepo, ApiUser(headOwner)),
+        headRepo      = ApiRepository(headRepo, ApiUser(headOwner)),
-        ApiRepository(repository, ApiUser(baseOwner)),
+        baseRepo      = ApiRepository(repository, ApiUser(baseOwner)),
-        ApiUser(issueUser)))
+        user          = ApiUser(issueUser),
-    }).getOrElse(NotFound)
+        mergedComment = getMergedComment(repository.owner, repository.name, issue.issueId)
+      ))
+    }) getOrElse NotFound()
   })
 
   /**
@@ -409,11 +475,11 @@ trait ApiControllerBase extends ControllerBase {
           val oldId = git.getRepository.resolve(pullreq.commitIdFrom)
           val newId = git.getRepository.resolve(pullreq.commitIdTo)
           val repoFullName = RepositoryName(repository)
-          val commits = git.log.addRange(oldId, newId).call.iterator.asScala.map(c => ApiCommitListItem(new CommitInfo(c), repoFullName)).toList
+          val commits = git.log.addRange(oldId, newId).call.iterator.asScala.map { c => ApiCommitListItem(new CommitInfo(c), repoFullName) }.toList
           JsonFormat(commits)
         }
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   /**
@@ -426,7 +492,7 @@ trait ApiControllerBase extends ControllerBase {
   /**
    * https://developer.github.com/v3/repos/statuses/#create-a-status
    */
-  post("/api/v3/repos/:owner/:repo/statuses/:sha")(collaboratorsOnly { repository =>
+  post("/api/v3/repos/:owner/:repo/statuses/:sha")(writableUsersOnly { repository =>
     (for{
       ref      <- params.get("sha")
       sha      <- JGitUtil.getShaByRef(repository.owner, repository.name, ref)
@@ -438,7 +504,7 @@ trait ApiControllerBase extends ControllerBase {
       status   <- getCommitStatus(repository.owner, repository.name, statusId)
     } yield {
       JsonFormat(ApiCommitStatus(status, ApiUser(creator)))
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
   /**
@@ -454,7 +520,7 @@ trait ApiControllerBase extends ControllerBase {
       JsonFormat(getCommitStatuesWithCreator(repository.owner, repository.name, sha).map{ case(status, creator) =>
         ApiCommitStatus(status, ApiUser(creator))
       })
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
   /**
@@ -479,11 +545,11 @@ trait ApiControllerBase extends ControllerBase {
     } yield {
       val statuses = getCommitStatuesWithCreator(repository.owner, repository.name, sha)
       JsonFormat(ApiCombinedCommitStatus(sha, statuses, ApiRepository(repository, owner)))
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
   private def isEditable(owner: String, repository: String, author: String)(implicit context: Context): Boolean =
-    hasWritePermission(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
+    hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
 
 }
 

src/main/scala/gitbucket/core/controller/ControllerBase.scala

@@ -191,6 +191,7 @@ case class Context(settings: SystemSettingsService.SystemSettings, loginAccount:
     case agent if agent.contains("Win") => "windows"
     case _ => null
   }
+  val sidebarCollapse = request.getSession.getAttribute("sidebar-collapse") != null
 
   /**
    * Get object from cache.
@@ -244,4 +245,13 @@ trait AccountManagementControllerBase extends ControllerBase {
         .map    { _ => "Mail address is already registered." }
   }
 
+  val allReservedNames = Set("git", "admin", "upload", "api")
+  protected def reservedNames(): Constraint = new Constraint(){
+    override def validate(name: String, value: String, messages: Messages): Option[String] = if(allReservedNames.contains(value)){
+      Some(s"${value} is reserved")
+    } else {
+      None
+    }
+  }
+
 }

src/main/scala/gitbucket/core/controller/DashboardController.scala

@@ -1,13 +1,13 @@
 package gitbucket.core.controller
 
 import gitbucket.core.dashboard.html
-import gitbucket.core.service.{RepositoryService, PullRequestService, AccountService, IssuesService}
+import gitbucket.core.service._
-import gitbucket.core.util.{StringUtil, Keys, UsersAuthenticator}
+import gitbucket.core.util.{Keys, UsersAuthenticator}
 import gitbucket.core.util.Implicits._
 import gitbucket.core.service.IssuesService._
 
 class DashboardController extends DashboardControllerBase
-  with IssuesService with PullRequestService with RepositoryService with AccountService
+  with IssuesService with PullRequestService with RepositoryService with AccountService with CommitsService
   with UsersAuthenticator
 
 trait DashboardControllerBase extends ControllerBase {
@@ -15,20 +15,7 @@ trait DashboardControllerBase extends ControllerBase {
     with UsersAuthenticator =>
 
   get("/dashboard/issues")(usersOnly {
-    val q = request.getParameter("q")
-    val account = context.loginAccount.get
-    Option(q).map { q =>
-      val condition = IssueSearchCondition(q, Map[String, Int]())
-      q match {
-        case q if(q.contains("is:pr")) => redirect(s"/dashboard/pulls?q=${StringUtil.urlEncode(q)}")
-        case q if(q.contains(s"author:${account.userName}")) => redirect(s"/dashboard/issues/created_by${condition.toURL}")
-        case q if(q.contains(s"assignee:${account.userName}")) => redirect(s"/dashboard/issues/assigned${condition.toURL}")
-        case q if(q.contains(s"mentions:${account.userName}")) => redirect(s"/dashboard/issues/mentioned${condition.toURL}")
-        case _ => searchIssues("created_by")
-      }
-    } getOrElse {
     searchIssues("created_by")
-    }
   })
 
   get("/dashboard/issues/assigned")(usersOnly {
@@ -44,20 +31,7 @@ trait DashboardControllerBase extends ControllerBase {
   })
 
   get("/dashboard/pulls")(usersOnly {
-    val q = request.getParameter("q")
-    val account = context.loginAccount.get
-    Option(q).map { q =>
-      val condition = IssueSearchCondition(q, Map[String, Int]())
-      q match {
-        case q if(q.contains("is:issue")) => redirect(s"/dashboard/issues?q=${StringUtil.urlEncode(q)}")
-        case q if(q.contains(s"author:${account.userName}")) => redirect(s"/dashboard/pulls/created_by${condition.toURL}")
-        case q if(q.contains(s"assignee:${account.userName}")) => redirect(s"/dashboard/pulls/assigned${condition.toURL}")
-        case q if(q.contains(s"mentions:${account.userName}")) => redirect(s"/dashboard/pulls/mentioned${condition.toURL}")
-        case _ => searchPullRequests("created_by")
-      }
-    } getOrElse {
     searchPullRequests("created_by")
-    }
   })
 
   get("/dashboard/pulls/created_by")(usersOnly {
@@ -73,14 +47,7 @@ trait DashboardControllerBase extends ControllerBase {
   })
 
   private def getOrCreateCondition(key: String, filter: String, userName: String) = {
-    val condition = session.putAndGet(key, if(request.hasQueryString){
+    val condition = IssueSearchCondition(request)
-      val q = request.getParameter("q")
-      if(q == null){
-        IssueSearchCondition(request)
-      } else {
-        IssueSearchCondition(q, Map[String, Int]())
-      }
-    } else session.getAs[IssueSearchCondition](key).getOrElse(IssueSearchCondition()))
 
     filter match {
       case "assigned"  => condition.copy(assigned = Some(Some(userName)), author = None, mentioned = None)
@@ -109,7 +76,7 @@ trait DashboardControllerBase extends ControllerBase {
       },
       filter,
       getGroupNames(userName),
-      getVisibleRepositories(context.loginAccount, withoutPhysicalInfo = true),
+      Nil,
       getUserRepositories(userName, withoutPhysicalInfo = true))
   }
 
@@ -134,7 +101,7 @@ trait DashboardControllerBase extends ControllerBase {
       },
       filter,
       getGroupNames(userName),
-      getVisibleRepositories(context.loginAccount, withoutPhysicalInfo = true),
+      Nil,
       getUserRepositories(userName, withoutPhysicalInfo = true))
   }
 

src/main/scala/gitbucket/core/controller/FileUploadController.scala

@@ -75,19 +75,14 @@ class FileUploadController extends ScalatraServlet with FileUploadSupport with R
           }
         }, FileUtil.isUploadableType)
       }
-    } getOrElse BadRequest
+    } getOrElse BadRequest()
   }
 
   post("/import") {
+    import JDBCUtil._
     session.get(Keys.Session.LoginAccount).collect { case loginAccount: Account if loginAccount.isAdmin =>
       execute({ (file, fileId) =>
-        if(file.getName.endsWith(".xml")){
+        request2Session(request).conn.importAsSQL(file.getInputStream)
-          import JDBCUtil._
-          val conn = request2Session(request).conn
-          conn.importAsXML(file.getInputStream)
-        } else {
-          throw new RuntimeException("Import is available for only the XML file.")
-        }
       }, _ => true)
     }
     redirect("/admin/data")
@@ -98,7 +93,7 @@ class FileUploadController extends ScalatraServlet with FileUploadSupport with R
     loginAccount match {
       case x if(x.isAdmin) => action
       case x if(getCollaborators(owner, repository).contains(x.userName)) => action
-      case _ => BadRequest
+      case _ => BadRequest()
     }
   }
 
@@ -106,10 +101,9 @@ class FileUploadController extends ScalatraServlet with FileUploadSupport with R
     case Some(file) if(mimeTypeChcker(file.name)) =>
       defining(FileUtil.generateFileId){ fileId =>
         f(file, fileId)
-
         Ok(fileId)
       }
-    case _ => BadRequest
+    case _ => BadRequest()
   }
 
 }

src/main/scala/gitbucket/core/controller/IndexController.scala

@@ -5,9 +5,9 @@ import gitbucket.core.model.Account
 import gitbucket.core.service._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.ControlUtil._
-import gitbucket.core.util.{LDAPUtil, Keys, UsersAuthenticator, ReferrerAuthenticator, StringUtil}
+import gitbucket.core.util.{Keys, LDAPUtil, ReferrerAuthenticator, StringUtil, UsersAuthenticator}
-
 import io.github.gitbucket.scalatra.forms._
+import org.scalatra.Ok
 
 
 class IndexController extends IndexControllerBase 
@@ -36,23 +36,11 @@ trait IndexControllerBase extends ControllerBase {
 
 
   get("/"){
-    val loginAccount = context.loginAccount
+    context.loginAccount.map { account =>
-    if(loginAccount.isEmpty) {
+      val visibleOwnerSet: Set[String] = Set(account.userName) ++ getGroupsByUserName(account.userName)
-        gitbucket.core.html.index(getRecentActivities(),
+      gitbucket.core.html.index(getRecentActivitiesByOwners(visibleOwnerSet), Nil, getUserRepositories(account.userName, withoutPhysicalInfo = true))
-            getVisibleRepositories(loginAccount, withoutPhysicalInfo = true),
+    }.getOrElse {
-            loginAccount.map{ account => getUserRepositories(account.userName, withoutPhysicalInfo = true) }.getOrElse(Nil)
+      gitbucket.core.html.index(getRecentActivities(), getVisibleRepositories(None, withoutPhysicalInfo = true), Nil)
-        )
-    } else {
-        val loginUserName = loginAccount.get.userName
-        val loginUserGroups = getGroupsByUserName(loginUserName)
-        var visibleOwnerSet : Set[String] = Set(loginUserName)
-        
-        visibleOwnerSet ++= loginUserGroups
-
-        gitbucket.core.html.index(getRecentActivitiesByOwners(visibleOwnerSet),
-            getVisibleRepositories(loginAccount, withoutPhysicalInfo = true),
-            loginAccount.map{ account => getUserRepositories(account.userName, withoutPhysicalInfo = true) }.getOrElse(Nil) 
-        )
     }
   }
 
@@ -81,6 +69,15 @@ trait IndexControllerBase extends ControllerBase {
     xml.feed(getRecentActivities())
   }
 
+  get("/sidebar-collapse"){
+    if(params("collapse") == "true"){
+      session.setAttribute("sidebar-collapse", "true")
+    }  else {
+      session.setAttribute("sidebar-collapse", null)
+    }
+    Ok()
+  }
+
   /**
    * Set account information into HttpSession and redirect.
    */
@@ -108,28 +105,34 @@ trait IndexControllerBase extends ControllerBase {
    */
   get("/_user/proposals")(usersOnly {
     contentType = formats("json")
+    val user  = params("user").toBoolean
+    val group = params("group").toBoolean
     org.json4s.jackson.Serialization.write(
-      Map("options" -> getAllUsers(false).filter(!_.isGroupAccount).map(_.userName).toArray)
+      Map("options" -> (
+        getAllUsers(false)
+          .withFilter { t => (user, group) match {
+            case (true, true) => true
+            case (true, false) => !t.isGroupAccount
+            case (false, true) => t.isGroupAccount
+            case (false, false) => false
+          }}.map { t => t.userName }
+      ))
     )
   })
 
   /**
-   * JSON API for checking user existence.
+   * JSON API for checking user or group existence.
+   * Returns a single string which is any of "group", "user" or "".
    */
   post("/_user/existence")(usersOnly {
     getAccountByUserName(params("userName")).map { account =>
-      if(params.get("userOnly").isDefined) !account.isGroupAccount else true
+      if(account.isGroupAccount) "group" else "user"
-    } getOrElse false
+    } getOrElse ""
   })
 
-  // TODO Move to RepositoryViwerController?
-  post("/search", searchForm){ form =>
-    redirect(s"/${form.owner}/${form.repository}/search?q=${StringUtil.urlEncode(form.query)}")
-  }
-
   // TODO Move to RepositoryViwerController?
   get("/:owner/:repository/search")(referrersOnly { repository =>
-    defining(params("q").trim, params.getOrElse("type", "code")){ case (query, target) =>
+    defining(params.getOrElse("q", "").trim, params.getOrElse("type", "code")){ case (query, target) =>
       val page = try {
         val i = params.getOrElse("page", "1").toInt
         if(i <= 0) 1 else i
@@ -139,23 +142,31 @@ trait IndexControllerBase extends ControllerBase {
 
       target.toLowerCase match {
         case "issue" => gitbucket.core.search.html.issues(
-          countFiles(repository.owner, repository.name, query),
+          if(query.nonEmpty) searchIssues(repository.owner, repository.name, query) else Nil,
-          searchIssues(repository.owner, repository.name, query),
-          countWikiPages(repository.owner, repository.name, query),
           query, page, repository)
 
         case "wiki" => gitbucket.core.search.html.wiki(
-          countFiles(repository.owner, repository.name, query),
+          if(query.nonEmpty) searchWikiPages(repository.owner, repository.name, query) else Nil,
-          countIssues(repository.owner, repository.name, query),
-          searchWikiPages(repository.owner, repository.name, query),
           query, page, repository)
 
         case _ => gitbucket.core.search.html.code(
-          searchFiles(repository.owner, repository.name, query),
+          if(query.nonEmpty) searchFiles(repository.owner, repository.name, query) else Nil,
-          countIssues(repository.owner, repository.name, query),
-          countWikiPages(repository.owner, repository.name, query),
           query, page, repository)
       }
     }
   })
+
+  get("/search"){
+    val query = params.getOrElse("query", "").trim.toLowerCase
+    val visibleRepositories = getVisibleRepositories(context.loginAccount, None)
+    val repositories = visibleRepositories.filter { repository =>
+      repository.name.toLowerCase.indexOf(query) >= 0 || repository.owner.toLowerCase.indexOf(query) >= 0
+    }
+    context.loginAccount.map { account =>
+      gitbucket.core.search.html.repositories(query, repositories, Nil, getUserRepositories(account.userName, withoutPhysicalInfo = true))
+    }.getOrElse {
+      gitbucket.core.search.html.repositories(query, repositories, visibleRepositories, Nil)
+    }
+  }
+
 }

src/main/scala/gitbucket/core/controller/IssuesController.scala

@@ -2,24 +2,45 @@ package gitbucket.core.controller
 
 import gitbucket.core.issues.html
 import gitbucket.core.service.IssuesService._
+import gitbucket.core.service.RepositoryService.RepositoryInfo
 import gitbucket.core.service._
 import gitbucket.core.util.ControlUtil._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util._
 import gitbucket.core.view
 import gitbucket.core.view.Markdown
-
 import io.github.gitbucket.scalatra.forms._
 import org.scalatra.Ok
 
 
 class IssuesController extends IssuesControllerBase
-  with IssuesService with RepositoryService with AccountService with LabelsService with MilestonesService with ActivityService with HandleCommentService
+  with IssuesService
-  with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with WebHookIssueCommentService
+  with RepositoryService
+  with AccountService
+  with LabelsService
+  with MilestonesService
+  with ActivityService
+  with HandleCommentService
+  with ReadableUsersAuthenticator
+  with ReferrerAuthenticator
+  with WritableUsersAuthenticator
+  with PullRequestService
+  with WebHookIssueCommentService
+  with CommitsService
 
 trait IssuesControllerBase extends ControllerBase {
-  self: IssuesService with RepositoryService with AccountService with LabelsService with MilestonesService with ActivityService with HandleCommentService
+  self: IssuesService
-    with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with WebHookIssueCommentService =>
+    with RepositoryService
+    with AccountService
+    with LabelsService
+    with MilestonesService
+    with ActivityService
+    with HandleCommentService
+    with ReadableUsersAuthenticator
+    with ReferrerAuthenticator
+    with WritableUsersAuthenticator
+    with PullRequestService
+    with WebHookIssueCommentService =>
 
   case class IssueCreateForm(title: String, content: Option[String],
     assignedUserName: Option[String], milestoneId: Option[Int], labelNames: Option[String])
@@ -67,38 +88,42 @@ trait IssuesControllerBase extends ControllerBase {
           _,
           getComments(owner, name, issueId.toInt),
           getIssueLabels(owner, name, issueId.toInt),
-          (getCollaborators(owner, name) ::: (if(getAccountByUserName(owner).get.isGroupAccount) Nil else List(owner))).sorted,
+          getAssignableUserNames(owner, name),
           getMilestonesWithIssueCount(owner, name),
           getLabels(owner, name),
-          hasWritePermission(owner, name, context.loginAccount),
+          isEditable(repository),
+          isManageable(repository),
           repository)
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
   get("/:owner/:repository/issues/new")(readableUsersOnly { repository =>
+    if(isEditable(repository)){ // TODO Should this check is provided by authenticator?
       defining(repository.owner, repository.name){ case (owner, name) =>
         html.create(
-        (getCollaborators(owner, name) ::: (if(getAccountByUserName(owner).get.isGroupAccount) Nil else List(owner))).sorted,
+          getAssignableUserNames(owner, name),
           getMilestones(owner, name),
           getLabels(owner, name),
-          hasWritePermission(owner, name, context.loginAccount),
+          isManageable(repository),
           repository)
       }
+    } else Unauthorized()
   })
 
   post("/:owner/:repository/issues/new", issueCreateForm)(readableUsersOnly { (form, repository) =>
+    if(isEditable(repository)){ // TODO Should this check is provided by authenticator?
       defining(repository.owner, repository.name){ case (owner, name) =>
-      val writable = hasWritePermission(owner, name, context.loginAccount)
+        val manageable = isManageable(repository)
         val userName = context.loginAccount.get.userName
 
         // insert issue
         val issueId = createIssue(owner, name, userName, form.title, form.content,
-        if(writable) form.assignedUserName else None,
+          if (manageable) form.assignedUserName else None,
-        if(writable) form.milestoneId else None)
+          if (manageable) form.milestoneId else None)
 
         // insert labels
-      if(writable){
+        if (manageable) {
           form.labelNames.map { value =>
             val labels = getLabels(owner, name)
             value.split(",").foreach { labelName =>
@@ -120,89 +145,90 @@ trait IssuesControllerBase extends ControllerBase {
           callIssuesWebHook("opened", repository, issue, context.baseUrl, context.loginAccount.get)
 
           // notifications
-        Notifier().toNotify(repository, issue, form.content.getOrElse("")){
+          Notifier().toNotify(repository, issue, form.content.getOrElse("")) {
             Notifier.msgIssue(s"${context.baseUrl}/${owner}/${name}/issues/${issueId}")
           }
         }
 
         redirect(s"/${owner}/${name}/issues/${issueId}")
       }
+    } else Unauthorized()
   })
 
   ajaxPost("/:owner/:repository/issues/edit_title/:id", issueTitleEditForm)(readableUsersOnly { (title, repository) =>
     defining(repository.owner, repository.name){ case (owner, name) =>
       getIssue(owner, name, params("id")).map { issue =>
-        if(isEditable(owner, name, issue.openedUserName)){
+        if(isEditableContent(owner, name, issue.openedUserName)){
           // update issue
           updateIssue(owner, name, issue.issueId, title, issue.content)
           // extract references and create refer comment
           createReferComment(owner, name, issue.copy(title = title), title, context.loginAccount.get)
 
           redirect(s"/${owner}/${name}/issues/_data/${issue.issueId}")
-        } else Unauthorized
+        } else Unauthorized()
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
   ajaxPost("/:owner/:repository/issues/edit/:id", issueEditForm)(readableUsersOnly { (content, repository) =>
     defining(repository.owner, repository.name){ case (owner, name) =>
       getIssue(owner, name, params("id")).map { issue =>
-        if(isEditable(owner, name, issue.openedUserName)){
+        if(isEditableContent(owner, name, issue.openedUserName)){
           // update issue
           updateIssue(owner, name, issue.issueId, issue.title, content)
           // extract references and create refer comment
           createReferComment(owner, name, issue, content.getOrElse(""), context.loginAccount.get)
 
           redirect(s"/${owner}/${name}/issues/_data/${issue.issueId}")
-        } else Unauthorized
+        } else Unauthorized()
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
   post("/:owner/:repository/issue_comments/new", commentForm)(readableUsersOnly { (form, repository) =>
     getIssue(repository.owner, repository.name, form.issueId.toString).flatMap { issue =>
-      val actionOpt = params.get("action").filter(_ => isEditable(issue.userName, issue.repositoryName, issue.openedUserName))
+      val actionOpt = params.get("action").filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName))
       handleComment(issue, Some(form.content), repository, actionOpt) map { case (issue, id) =>
         redirect(s"/${repository.owner}/${repository.name}/${
           if(issue.isPullRequest) "pull" else "issues"}/${form.issueId}#comment-${id}")
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   post("/:owner/:repository/issue_comments/state", issueStateForm)(readableUsersOnly { (form, repository) =>
     getIssue(repository.owner, repository.name, form.issueId.toString).flatMap { issue =>
-      val actionOpt = params.get("action").filter(_ => isEditable(issue.userName, issue.repositoryName, issue.openedUserName))
+      val actionOpt = params.get("action").filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName))
       handleComment(issue, form.content, repository, actionOpt) map { case (issue, id) =>
         redirect(s"/${repository.owner}/${repository.name}/${
           if(issue.isPullRequest) "pull" else "issues"}/${form.issueId}#comment-${id}")
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   ajaxPost("/:owner/:repository/issue_comments/edit/:id", commentForm)(readableUsersOnly { (form, repository) =>
     defining(repository.owner, repository.name){ case (owner, name) =>
       getComment(owner, name, params("id")).map { comment =>
-        if(isEditable(owner, name, comment.commentedUserName)){
+        if(isEditableContent(owner, name, comment.commentedUserName)){
           updateComment(comment.commentId, form.content)
           redirect(s"/${owner}/${name}/issue_comments/_data/${comment.commentId}")
-        } else Unauthorized
+        } else Unauthorized()
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
   ajaxPost("/:owner/:repository/issue_comments/delete/:id")(readableUsersOnly { repository =>
     defining(repository.owner, repository.name){ case (owner, name) =>
       getComment(owner, name, params("id")).map { comment =>
-        if(isEditable(owner, name, comment.commentedUserName)){
+        if(isEditableContent(owner, name, comment.commentedUserName)){
           Ok(deleteComment(comment.commentId))
-        } else Unauthorized
+        } else Unauthorized()
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
   ajaxGet("/:owner/:repository/issues/_data/:id")(readableUsersOnly { repository =>
     getIssue(repository.owner, repository.name, params("id")) map { x =>
-      if(isEditable(x.userName, x.repositoryName, x.openedUserName)){
+      if(isEditableContent(x.userName, x.repositoryName, x.openedUserName)){
         params.get("dataType") collect {
           case t if t == "html" => html.editissue(x.content, x.issueId, repository)
         } getOrElse {
@@ -218,18 +244,18 @@ trait IssuesControllerBase extends ControllerBase {
                 enableAnchor = true,
                 enableLineBreaks = true,
                 enableTaskList = true,
-                hasWritePermission = isEditable(x.userName, x.repositoryName, x.openedUserName)
+                hasWritePermission = true
               )
             )
           )
         }
-      } else Unauthorized
+      } else Unauthorized()
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   ajaxGet("/:owner/:repository/issue_comments/_data/:id")(readableUsersOnly { repository =>
     getComment(repository.owner, repository.name, params("id")) map { x =>
-      if(isEditable(x.userName, x.repositoryName, x.commentedUserName)){
+      if(isEditableContent(x.userName, x.repositoryName, x.commentedUserName)){
         params.get("dataType") collect {
           case t if t == "html" => html.editcomment(x.content, x.commentId, repository)
         } getOrElse {
@@ -244,51 +270,51 @@ trait IssuesControllerBase extends ControllerBase {
                 enableAnchor = true,
                 enableLineBreaks = true,
                 enableTaskList = true,
-                hasWritePermission = isEditable(x.userName, x.repositoryName, x.commentedUserName)
+                hasWritePermission = true
               )
             )
           )
         }
-      } else Unauthorized
+      } else Unauthorized()
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
-  ajaxPost("/:owner/:repository/issues/new/label")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/new/label")(writableUsersOnly { repository =>
     val labelNames = params("labelNames").split(",")
     val labels = getLabels(repository.owner, repository.name).filter(x => labelNames.contains(x.labelName))
     html.labellist(labels)
   })
 
-  ajaxPost("/:owner/:repository/issues/:id/label/new")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/:id/label/new")(writableUsersOnly { repository =>
     defining(params("id").toInt){ issueId =>
       registerIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt)
       html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
     }
   })
 
-  ajaxPost("/:owner/:repository/issues/:id/label/delete")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/:id/label/delete")(writableUsersOnly { repository =>
     defining(params("id").toInt){ issueId =>
       deleteIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt)
       html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
     }
   })
 
-  ajaxPost("/:owner/:repository/issues/:id/assign")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/:id/assign")(writableUsersOnly { repository =>
     updateAssignedUserName(repository.owner, repository.name, params("id").toInt, assignedUserName("assignedUserName"))
     Ok("updated")
   })
 
-  ajaxPost("/:owner/:repository/issues/:id/milestone")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/:id/milestone")(writableUsersOnly { repository =>
     updateMilestoneId(repository.owner, repository.name, params("id").toInt, milestoneId("milestoneId"))
     milestoneId("milestoneId").map { milestoneId =>
       getMilestonesWithIssueCount(repository.owner, repository.name)
           .find(_._1.milestoneId == milestoneId).map { case (_, openCount, closeCount) =>
         gitbucket.core.issues.milestones.html.progress(openCount + closeCount, closeCount)
-      } getOrElse NotFound
+      } getOrElse NotFound()
     } getOrElse Ok()
   })
 
-  post("/:owner/:repository/issues/batchedit/state")(collaboratorsOnly { repository =>
+  post("/:owner/:repository/issues/batchedit/state")(writableUsersOnly { repository =>
     defining(params.get("value")){ action =>
       action match {
         case Some("open")  => executeBatch(repository) { issueId =>
@@ -306,17 +332,17 @@ trait IssuesControllerBase extends ControllerBase {
     }
   })
 
-  post("/:owner/:repository/issues/batchedit/label")(collaboratorsOnly { repository =>
+  post("/:owner/:repository/issues/batchedit/label")(writableUsersOnly { repository =>
     params("value").toIntOpt.map{ labelId =>
       executeBatch(repository) { issueId =>
         getIssueLabel(repository.owner, repository.name, issueId, labelId) getOrElse {
           registerIssueLabel(repository.owner, repository.name, issueId, labelId)
         }
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
-  post("/:owner/:repository/issues/batchedit/assign")(collaboratorsOnly { repository =>
+  post("/:owner/:repository/issues/batchedit/assign")(writableUsersOnly { repository =>
     defining(assignedUserName("value")){ value =>
       executeBatch(repository) {
         updateAssignedUserName(repository.owner, repository.name, _, value)
@@ -324,7 +350,7 @@ trait IssuesControllerBase extends ControllerBase {
     }
   })
 
-  post("/:owner/:repository/issues/batchedit/milestone")(collaboratorsOnly { repository =>
+  post("/:owner/:repository/issues/batchedit/milestone")(writableUsersOnly { repository =>
     defining(milestoneId("value")){ value =>
       executeBatch(repository) {
         updateMilestoneId(repository.owner, repository.name, _, value)
@@ -340,15 +366,12 @@ trait IssuesControllerBase extends ControllerBase {
           RawData(FileUtil.getMimeType(file.getName), file)
         }
       case _ => None
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
   val assignedUserName = (key: String) => params.get(key) filter (_.trim != "")
   val milestoneId: String => Option[Int] = (key: String) => params.get(key).flatMap(_.toIntOpt)
 
-  private def isEditable(owner: String, repository: String, author: String)(implicit context: Context): Boolean =
-    hasWritePermission(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
-
   private def executeBatch(repository: RepositoryService.RepositoryInfo)(execute: Int => Unit) = {
     params("checked").split(',') map(_.toInt) foreach execute
     params("from") match {
@@ -360,36 +383,50 @@ trait IssuesControllerBase extends ControllerBase {
   private def searchIssues(repository: RepositoryService.RepositoryInfo) = {
     defining(repository.owner, repository.name){ case (owner, repoName) =>
       val page = IssueSearchCondition.page(request)
-      val sessionKey = Keys.Session.Issues(owner, repoName)
 
       // retrieve search condition
-      val condition = session.putAndGet(sessionKey,
+      val condition = IssueSearchCondition(request)
-        if(request.hasQueryString){
-          val q = request.getParameter("q")
-          if(q == null || q.trim.isEmpty){
-            IssueSearchCondition(request)
-          } else {
-            IssueSearchCondition(q, getMilestones(owner, repoName).map(x => (x.title, x.milestoneId)).toMap)
-          }
-        } else session.getAs[IssueSearchCondition](sessionKey).getOrElse(IssueSearchCondition())
-      )
 
       html.list(
           "issues",
           searchIssue(condition, false, (page - 1) * IssueLimit, IssueLimit, owner -> repoName),
           page,
-          if(!getAccountByUserName(owner).exists(_.isGroupAccount)){
+          getAssignableUserNames(owner, repoName),
-            (getCollaborators(owner, repoName) :+ owner).sorted
-          } else {
-            getCollaborators(owner, repoName)
-          },
           getMilestones(owner, repoName),
           getLabels(owner, repoName),
           countIssue(condition.copy(state = "open"  ), false, owner -> repoName),
           countIssue(condition.copy(state = "closed"), false, owner -> repoName),
           condition,
           repository,
-          hasWritePermission(owner, repoName, context.loginAccount))
+          isEditable(repository),
+          isManageable(repository))
     }
   }
+
+  /**
+   * Tests whether an logged-in user can manage issues.
+   */
+  private def isManageable(repository: RepositoryInfo)(implicit context: Context): Boolean = {
+    hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+  }
+
+  /**
+   * Tests whether an logged-in user can post issues.
+   */
+  private def isEditable(repository: RepositoryInfo)(implicit context: Context): Boolean = {
+    repository.repository.options.issuesOption match {
+      case "ALL"     => !repository.repository.isPrivate && context.loginAccount.isDefined
+      case "PUBLIC"  => hasGuestRole(repository.owner, repository.name, context.loginAccount)
+      case "PRIVATE" => hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+      case "DISABLE" => false
+    }
+  }
+
+  /**
+   * Tests whether an issue or a comment is editable by a logged-in user.
+   */
+  private def isEditableContent(owner: String, repository: String, author: String)(implicit context: Context): Boolean = {
+    hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
+  }
+
 }

src/main/scala/gitbucket/core/controller/LabelsController.scala

@@ -2,7 +2,7 @@ package gitbucket.core.controller
 
 import gitbucket.core.issues.labels.html
 import gitbucket.core.service.{RepositoryService, AccountService, IssuesService, LabelsService}
-import gitbucket.core.util.{ReferrerAuthenticator, CollaboratorsAuthenticator}
+import gitbucket.core.util.{ReferrerAuthenticator, WritableUsersAuthenticator}
 import gitbucket.core.util.Implicits._
 import io.github.gitbucket.scalatra.forms._
 import org.scalatra.i18n.Messages
@@ -10,11 +10,11 @@ import org.scalatra.Ok
 
 class LabelsController extends LabelsControllerBase
   with LabelsService with IssuesService with RepositoryService with AccountService
-with ReferrerAuthenticator with CollaboratorsAuthenticator
+with ReferrerAuthenticator with WritableUsersAuthenticator
 
 trait LabelsControllerBase extends ControllerBase {
   self: LabelsService with IssuesService with RepositoryService
-    with ReferrerAuthenticator with CollaboratorsAuthenticator =>
+    with ReferrerAuthenticator with WritableUsersAuthenticator =>
 
   case class LabelForm(labelName: String, color: String)
 
@@ -29,40 +29,40 @@ trait LabelsControllerBase extends ControllerBase {
       getLabels(repository.owner, repository.name),
       countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
       repository,
-      hasWritePermission(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
   })
 
-  ajaxGet("/:owner/:repository/issues/labels/new")(collaboratorsOnly { repository =>
+  ajaxGet("/:owner/:repository/issues/labels/new")(writableUsersOnly { repository =>
     html.edit(None, repository)
   })
 
-  ajaxPost("/:owner/:repository/issues/labels/new", labelForm)(collaboratorsOnly { (form, repository) =>
+  ajaxPost("/:owner/:repository/issues/labels/new", labelForm)(writableUsersOnly { (form, repository) =>
     val labelId = createLabel(repository.owner, repository.name, form.labelName, form.color.substring(1))
     html.label(
       getLabel(repository.owner, repository.name, labelId).get,
       // TODO futility
       countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
       repository,
-      hasWritePermission(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
   })
 
-  ajaxGet("/:owner/:repository/issues/labels/:labelId/edit")(collaboratorsOnly { repository =>
+  ajaxGet("/:owner/:repository/issues/labels/:labelId/edit")(writableUsersOnly { repository =>
     getLabel(repository.owner, repository.name, params("labelId").toInt).map { label =>
       html.edit(Some(label), repository)
     } getOrElse NotFound()
   })
 
-  ajaxPost("/:owner/:repository/issues/labels/:labelId/edit", labelForm)(collaboratorsOnly { (form, repository) =>
+  ajaxPost("/:owner/:repository/issues/labels/:labelId/edit", labelForm)(writableUsersOnly { (form, repository) =>
     updateLabel(repository.owner, repository.name, params("labelId").toInt, form.labelName, form.color.substring(1))
     html.label(
       getLabel(repository.owner, repository.name, params("labelId").toInt).get,
       // TODO futility
       countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
       repository,
-      hasWritePermission(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
   })
 
-  ajaxPost("/:owner/:repository/issues/labels/:labelId/delete")(collaboratorsOnly { repository =>
+  ajaxPost("/:owner/:repository/issues/labels/:labelId/delete")(writableUsersOnly { repository =>
     deleteLabel(repository.owner, repository.name, params("labelId").toInt)
     Ok()
   })

src/main/scala/gitbucket/core/controller/MilestonesController.scala

@@ -2,17 +2,17 @@ package gitbucket.core.controller
 
 import gitbucket.core.issues.milestones.html
 import gitbucket.core.service.{RepositoryService, MilestonesService, AccountService}
-import gitbucket.core.util.{ReferrerAuthenticator, CollaboratorsAuthenticator}
+import gitbucket.core.util.{ReferrerAuthenticator, WritableUsersAuthenticator}
 import gitbucket.core.util.Implicits._
 import io.github.gitbucket.scalatra.forms._
 
 class MilestonesController extends MilestonesControllerBase
   with MilestonesService with RepositoryService with AccountService
-  with ReferrerAuthenticator with CollaboratorsAuthenticator
+  with ReferrerAuthenticator with WritableUsersAuthenticator
 
 trait MilestonesControllerBase extends ControllerBase {
   self: MilestonesService with RepositoryService
-    with ReferrerAuthenticator with CollaboratorsAuthenticator  =>
+    with ReferrerAuthenticator with WritableUsersAuthenticator  =>
 
   case class MilestoneForm(title: String, description: Option[String], dueDate: Option[java.util.Date])
 
@@ -27,58 +27,58 @@ trait MilestonesControllerBase extends ControllerBase {
       params.getOrElse("state", "open"),
       getMilestonesWithIssueCount(repository.owner, repository.name),
       repository,
-      hasWritePermission(repository.owner, repository.name, context.loginAccount))
+      hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
   })
 
-  get("/:owner/:repository/issues/milestones/new")(collaboratorsOnly {
+  get("/:owner/:repository/issues/milestones/new")(writableUsersOnly {
     html.edit(None, _)
   })
 
-  post("/:owner/:repository/issues/milestones/new", milestoneForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/issues/milestones/new", milestoneForm)(writableUsersOnly { (form, repository) =>
     createMilestone(repository.owner, repository.name, form.title, form.description, form.dueDate)
     redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
   })
 
-  get("/:owner/:repository/issues/milestones/:milestoneId/edit")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/issues/milestones/:milestoneId/edit")(writableUsersOnly { repository =>
     params("milestoneId").toIntOpt.map{ milestoneId =>
       html.edit(getMilestone(repository.owner, repository.name, milestoneId), repository)
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
-  post("/:owner/:repository/issues/milestones/:milestoneId/edit", milestoneForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/issues/milestones/:milestoneId/edit", milestoneForm)(writableUsersOnly { (form, repository) =>
     params("milestoneId").toIntOpt.flatMap{ milestoneId =>
       getMilestone(repository.owner, repository.name, milestoneId).map { milestone =>
         updateMilestone(milestone.copy(title = form.title, description = form.description, dueDate = form.dueDate))
         redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
-  get("/:owner/:repository/issues/milestones/:milestoneId/close")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/issues/milestones/:milestoneId/close")(writableUsersOnly { repository =>
     params("milestoneId").toIntOpt.flatMap{ milestoneId =>
       getMilestone(repository.owner, repository.name, milestoneId).map { milestone =>
         closeMilestone(milestone)
         redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
-  get("/:owner/:repository/issues/milestones/:milestoneId/open")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/issues/milestones/:milestoneId/open")(writableUsersOnly { repository =>
     params("milestoneId").toIntOpt.flatMap{ milestoneId =>
       getMilestone(repository.owner, repository.name, milestoneId).map { milestone =>
         openMilestone(milestone)
         redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
-  get("/:owner/:repository/issues/milestones/:milestoneId/delete")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/issues/milestones/:milestoneId/delete")(writableUsersOnly { repository =>
     params("milestoneId").toIntOpt.flatMap{ milestoneId =>
       getMilestone(repository.owner, repository.name, milestoneId).map { milestone =>
         deleteMilestone(repository.owner, repository.name, milestone.milestoneId)
         redirect(s"/${repository.owner}/${repository.name}/issues/milestones")
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
 }

src/main/scala/gitbucket/core/controller/PullRequestsController.scala

@@ -6,36 +6,32 @@ import gitbucket.core.service.CommitStatusService
 import gitbucket.core.service.MergeService
 import gitbucket.core.service.IssuesService._
 import gitbucket.core.service.PullRequestService._
+import gitbucket.core.service.RepositoryService.RepositoryInfo
 import gitbucket.core.service._
 import gitbucket.core.util.ControlUtil._
 import gitbucket.core.util.Directory._
 import gitbucket.core.util.Implicits._
-import gitbucket.core.util.JGitUtil._
 import gitbucket.core.util._
-import gitbucket.core.view
-import gitbucket.core.view.helpers
-
 import io.github.gitbucket.scalatra.forms._
 import org.eclipse.jgit.api.Git
 import org.eclipse.jgit.lib.PersonIdent
-import org.slf4j.LoggerFactory
 
 import scala.collection.JavaConverters._
 
 
 class PullRequestsController extends PullRequestsControllerBase
   with RepositoryService with AccountService with IssuesService with PullRequestService with MilestonesService with LabelsService
-  with CommitsService with ActivityService with WebHookPullRequestService with ReferrerAuthenticator with CollaboratorsAuthenticator
+  with CommitsService with ActivityService with WebHookPullRequestService
+  with ReadableUsersAuthenticator with ReferrerAuthenticator with WritableUsersAuthenticator
   with CommitStatusService with MergeService with ProtectedBranchService
 
 
 trait PullRequestsControllerBase extends ControllerBase {
   self: RepositoryService with AccountService with IssuesService with MilestonesService with LabelsService
-    with CommitsService with ActivityService with PullRequestService with WebHookPullRequestService with ReferrerAuthenticator with CollaboratorsAuthenticator
+    with CommitsService with ActivityService with PullRequestService with WebHookPullRequestService
+    with ReadableUsersAuthenticator with ReferrerAuthenticator with WritableUsersAuthenticator
     with CommitStatusService with MergeService with ProtectedBranchService =>
 
-  private val logger = LoggerFactory.getLogger(classOf[PullRequestsControllerBase])
-
   val pullRequestForm = mapping(
     "title"                 -> trim(label("Title"  , text(required, maxlength(100)))),
     "content"               -> trim(label("Content", optional(text()))),
@@ -94,17 +90,18 @@ trait PullRequestsControllerBase extends ControllerBase {
             (commits.flatten.map(commit => getCommitComments(owner, name, commit.id, true)).flatten.toList ::: getComments(owner, name, issueId))
               .sortWith((a, b) => a.registeredDate before b.registeredDate),
             getIssueLabels(owner, name, issueId),
-            (getCollaborators(owner, name) ::: (if(getAccountByUserName(owner).get.isGroupAccount) Nil else List(owner))).sorted,
+            getAssignableUserNames(owner, name),
             getMilestonesWithIssueCount(owner, name),
             getLabels(owner, name),
             commits,
             diffs,
-            hasWritePermission(owner, name, context.loginAccount),
+            isEditable(repository),
+            isManageable(repository),
             repository,
             flash.toMap.map(f => f._1 -> f._2.toString))
         }
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   ajaxGet("/:owner/:repository/pull/:id/mergeguide")(referrersOnly { repository =>
@@ -115,7 +112,7 @@ trait PullRequestsControllerBase extends ControllerBase {
         val hasConflict = LockUtil.lock(s"${owner}/${name}"){
           checkConflict(owner, name, pullreq.branch, issueId)
         }
-        val hasMergePermission = hasWritePermission(owner, name, context.loginAccount)
+        val hasMergePermission = hasDeveloperRole(owner, name, context.loginAccount)
         val branchProtection = getProtectedBranchInfo(owner, name, pullreq.branch)
         val mergeStatus = PullRequestService.MergeStatus(
            hasConflict         = hasConflict,
@@ -125,7 +122,7 @@ trait PullRequestsControllerBase extends ControllerBase {
            needStatusCheck     = context.loginAccount.map{ u =>
                                    branchProtection.needStatusCheck(u.userName)
                                  }.getOrElse(true),
-           hasUpdatePermission = hasWritePermission(pullreq.requestUserName, pullreq.requestRepositoryName, context.loginAccount) &&
+           hasUpdatePermission = hasDeveloperRole(pullreq.requestUserName, pullreq.requestRepositoryName, context.loginAccount) &&
                                    context.loginAccount.map{ u =>
                                      !getProtectedBranchInfo(pullreq.requestUserName, pullreq.requestRepositoryName, pullreq.requestBranch).needStatusCheck(u.userName)
                                    }.getOrElse(false),
@@ -138,10 +135,10 @@ trait PullRequestsControllerBase extends ControllerBase {
           repository,
           getRepository(pullreq.requestUserName, pullreq.requestRepositoryName).get)
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
-  get("/:owner/:repository/pull/:id/delete/*")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/pull/:id/delete/*")(writableUsersOnly { repository =>
     params("id").toIntOpt.map { issueId =>
       val branchName = multiParams("splat").head
       val userName   = context.loginAccount.get.userName
@@ -153,27 +150,27 @@ trait PullRequestsControllerBase extends ControllerBase {
       }
       createComment(repository.owner, repository.name, userName, issueId, branchName, "delete_branch")
       redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
-  post("/:owner/:repository/pull/:id/update_branch")(referrersOnly { baseRepository =>
+  post("/:owner/:repository/pull/:id/update_branch")(writableUsersOnly { baseRepository =>
     (for {
       issueId <- params("id").toIntOpt
       loginAccount <- context.loginAccount
       (issue, pullreq) <- getPullRequest(baseRepository.owner, baseRepository.name, issueId)
       owner = pullreq.requestUserName
       name  = pullreq.requestRepositoryName
-      if hasWritePermission(owner, name, context.loginAccount)
+      if hasDeveloperRole(owner, name, context.loginAccount)
     } yield {
+      val repository = getRepository(owner, name).get
       val branchProtection = getProtectedBranchInfo(owner, name, pullreq.requestBranch)
       if(branchProtection.needStatusCheck(loginAccount.userName)){
         flash += "error" -> s"branch ${pullreq.requestBranch} is protected need status check."
       } else {
-        val repository = getRepository(owner, name).get
         LockUtil.lock(s"${owner}/${name}"){
           val alias = if(pullreq.repositoryName == pullreq.requestRepositoryName && pullreq.userName == pullreq.requestUserName){
             pullreq.branch
-          }else{
+          } else {
             s"${pullreq.userName}:${pullreq.branch}"
           }
           val existIds = using(Git.open(Directory.getRepositoryDir(owner, name))) { git => JGitUtil.getAllCommitIds(git) }.toSet
@@ -187,11 +184,10 @@ trait PullRequestsControllerBase extends ControllerBase {
 
               using(Git.open(Directory.getRepositoryDir(owner, name))) { git =>
                 //  after update branch
-
                 val newCommitId = git.getRepository.resolve(s"refs/heads/${pullreq.requestBranch}")
                 val commits = git.log.addRange(oldId, newCommitId).call.iterator.asScala.map(c => new JGitUtil.CommitInfo(c)).toList
 
-                commits.foreach{ commit =>
+                commits.foreach { commit =>
                   if(!existIds.contains(commit.id)){
                     createIssueComment(owner, name, commit)
                   }
@@ -220,12 +216,13 @@ trait PullRequestsControllerBase extends ControllerBase {
               flash += "info" -> s"Merge branch '${alias}' into ${pullreq.requestBranch}"
           }
         }
-        redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
       }
-    }) getOrElse NotFound
+      redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
+
+    }) getOrElse NotFound()
   })
 
-  post("/:owner/:repository/pull/:id/merge", mergeForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/pull/:id/merge", mergeForm)(writableUsersOnly { (form, repository) =>
     params("id").toIntOpt.flatMap { issueId =>
       val owner = repository.owner
       val name  = repository.name
@@ -273,7 +270,7 @@ trait PullRequestsControllerBase extends ControllerBase {
           }
         }
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   get("/:owner/:repository/compare")(referrersOnly { forkedRepository =>
@@ -290,7 +287,7 @@ trait PullRequestsControllerBase extends ControllerBase {
 
             redirect(s"/${forkedRepository.owner}/${forkedRepository.name}/compare/${originUserName}:${oldBranch}...${newBranch}")
           }
-        } getOrElse NotFound
+        } getOrElse NotFound()
       }
       case _ => {
         using(Git.open(getRepositoryDir(forkedRepository.owner, forkedRepository.name))){ git =>
@@ -374,8 +371,8 @@ trait PullRequestsControllerBase extends ControllerBase {
               forkedRepository,
               originRepository,
               forkedRepository,
-              hasWritePermission(originRepository.owner, originRepository.name, context.loginAccount),
+              hasDeveloperRole(originRepository.owner, originRepository.name, context.loginAccount),
-              (getCollaborators(originRepository.owner, originRepository.name) ::: (if(getAccountByUserName(originRepository.owner).get.isGroupAccount) Nil else List(originRepository.owner))).sorted,
+              getAssignableUserNames(originRepository.owner, originRepository.name),
               getMilestones(originRepository.owner, originRepository.name),
               getLabels(originRepository.owner, originRepository.name)
             )
@@ -386,10 +383,10 @@ trait PullRequestsControllerBase extends ControllerBase {
                      s"${forkedOwner}:${newId.map(_ => forkedId).getOrElse(forkedRepository.repository.defaultBranch)}")
         }
       }
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
-  ajaxGet("/:owner/:repository/compare/*...*/mergecheck")(collaboratorsOnly { forkedRepository =>
+  ajaxGet("/:owner/:repository/compare/*...*/mergecheck")(readableUsersOnly { forkedRepository =>
     val Seq(origin, forked) = multiParams("splat")
     val (originOwner, tmpOriginBranch) = parseCompareIdentifie(origin, forkedRepository.owner)
     val (forkedOwner, tmpForkedBranch) = parseCompareIdentifie(forked, forkedRepository.owner)
@@ -416,12 +413,15 @@ trait PullRequestsControllerBase extends ControllerBase {
         }
         html.mergecheck(conflict)
       }
-    }) getOrElse NotFound
+    }) getOrElse NotFound()
   })
 
-  post("/:owner/:repository/pulls/new", pullRequestForm)(referrersOnly { (form, repository) =>
+  post("/:owner/:repository/pulls/new", pullRequestForm)(readableUsersOnly { (form, repository) =>
     defining(repository.owner, repository.name){ case (owner, name) =>
-      val writable = hasWritePermission(owner, name, context.loginAccount)
+      val manageable = isManageable(repository)
+      val editable = isEditable(repository)
+
+      if(editable) {
         val loginUserName = context.loginAccount.get.userName
 
         val issueId = createIssue(
@@ -430,8 +430,8 @@ trait PullRequestsControllerBase extends ControllerBase {
           loginUser = loginUserName,
           title = form.title,
           content = form.content,
-        assignedUserName = if(writable) form.assignedUserName else None,
+          assignedUserName = if (manageable) form.assignedUserName else None,
-        milestoneId      = if(writable) form.milestoneId else None,
+          milestoneId = if (manageable) form.milestoneId else None,
           isPullRequest = true)
 
         createPullRequest(
@@ -446,7 +446,7 @@ trait PullRequestsControllerBase extends ControllerBase {
           commitIdTo = form.commitIdTo)
 
         // insert labels
-      if(writable){
+        if (manageable) {
           form.labelNames.map { value =>
             val labels = getLabels(owner, name)
             value.split(",").foreach { labelName =>
@@ -471,12 +471,13 @@ trait PullRequestsControllerBase extends ControllerBase {
           createReferComment(owner, name, issue, form.title + " " + form.content.getOrElse(""), context.loginAccount.get)
 
           // notifications
-        Notifier().toNotify(repository, issue, form.content.getOrElse("")){
+          Notifier().toNotify(repository, issue, form.content.getOrElse("")) {
             Notifier.msgPullRequest(s"${context.baseUrl}/${owner}/${name}/pull/${issueId}")
           }
         }
 
         redirect(s"/${owner}/${name}/pull/${issueId}")
+      } else Unauthorized()
     }
   })
 
@@ -494,53 +495,45 @@ trait PullRequestsControllerBase extends ControllerBase {
       (defaultOwner, value)
     }
 
-  private def getRequestCompareInfo(userName: String, repositoryName: String, branch: String,
-      requestUserName: String, requestRepositoryName: String, requestCommitId: String): (Seq[Seq[CommitInfo]], Seq[DiffInfo]) =
-    using(
-      Git.open(getRepositoryDir(userName, repositoryName)),
-      Git.open(getRepositoryDir(requestUserName, requestRepositoryName))
-    ){ (oldGit, newGit) =>
-      val oldId = oldGit.getRepository.resolve(branch)
-      val newId = newGit.getRepository.resolve(requestCommitId)
-
-      val commits = newGit.log.addRange(oldId, newId).call.iterator.asScala.map { revCommit =>
-        new CommitInfo(revCommit)
-      }.toList.splitWith { (commit1, commit2) =>
-        helpers.date(commit1.commitTime) == view.helpers.date(commit2.commitTime)
-      }
-
-      val diffs = JGitUtil.getDiffs(newGit, oldId.getName, newId.getName, true)
-
-      (commits, diffs)
-    }
-
   private def searchPullRequests(userName: Option[String], repository: RepositoryService.RepositoryInfo) =
     defining(repository.owner, repository.name){ case (owner, repoName) =>
       val page = IssueSearchCondition.page(request)
-      val sessionKey = Keys.Session.Pulls(owner, repoName)
 
       // retrieve search condition
-      val condition = session.putAndGet(sessionKey,
+      val condition = IssueSearchCondition(request)
-        if(request.hasQueryString) IssueSearchCondition(request)
-        else session.getAs[IssueSearchCondition](sessionKey).getOrElse(IssueSearchCondition())
-      )
 
       gitbucket.core.issues.html.list(
         "pulls",
         searchIssue(condition, true, (page - 1) * PullRequestLimit, PullRequestLimit, owner -> repoName),
         page,
-        if(!getAccountByUserName(owner).exists(_.isGroupAccount)){
+        getAssignableUserNames(owner, repoName),
-          (getCollaborators(owner, repoName) :+ owner).sorted
-        } else {
-          getCollaborators(owner, repoName)
-        },
         getMilestones(owner, repoName),
         getLabels(owner, repoName),
         countIssue(condition.copy(state = "open"  ), true, owner -> repoName),
         countIssue(condition.copy(state = "closed"), true, owner -> repoName),
         condition,
         repository,
-        hasWritePermission(owner, repoName, context.loginAccount))
+        isEditable(repository),
+        isManageable(repository))
+    }
+
+  /**
+   * Tests whether an logged-in user can manage pull requests.
+   */
+  private def isManageable(repository: RepositoryInfo)(implicit context: Context): Boolean = {
+    hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+  }
+
+  /**
+   * Tests whether an logged-in user can post pull requests.
+   */
+  private def isEditable(repository: RepositoryInfo)(implicit context: Context): Boolean = {
+    repository.repository.options.issuesOption match {
+      case "ALL"     => !repository.repository.isPrivate && context.loginAccount.isDefined
+      case "PUBLIC"  => hasGuestRole(repository.owner, repository.name, context.loginAccount)
+      case "PRIVATE" => hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+      case "DISABLE" => false
+    }
   }
 
 }

src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala

@@ -31,22 +31,22 @@ trait RepositorySettingsControllerBase extends ControllerBase {
     repositoryName: String,
     description: Option[String],
     isPrivate: Boolean,
-    enableIssues: Boolean,
+    issuesOption: String,
     externalIssuesUrl: Option[String],
-    enableWiki: Boolean,
+    wikiOption: String,
-    allowWikiEditing: Boolean,
+    externalWikiUrl: Option[String],
-    externalWikiUrl: Option[String]
+    allowFork: Boolean
   )
   
   val optionsForm = mapping(
-    "repositoryName"    -> trim(label("Repository Name"    , text(required, maxlength(40), identifier, renameRepositoryName))),
+    "repositoryName"    -> trim(label("Repository Name"    , text(required, maxlength(100), identifier, renameRepositoryName))),
     "description"       -> trim(label("Description"        , optional(text()))),
     "isPrivate"         -> trim(label("Repository Type"    , boolean())),
-    "enableIssues"      -> trim(label("Enable Issues"      , boolean())),
+    "issuesOption"      -> trim(label("Issues Option"      , text(required, featureOption))),
     "externalIssuesUrl" -> trim(label("External Issues URL", optional(text(maxlength(200))))),
-    "enableWiki"        -> trim(label("Enable Wiki"        , boolean())),
+    "wikiOption"        -> trim(label("Wiki Option"        , text(required, featureOption))),
-    "allowWikiEditing"  -> trim(label("Allow Wiki Editing" , boolean())),
+    "externalWikiUrl"   -> trim(label("External Wiki URL"  , optional(text(maxlength(200))))),
-    "externalWikiUrl"   -> trim(label("External Wiki URL"  , optional(text(maxlength(200)))))
+    "allowFork"         -> trim(label("Allow Forking"      , boolean()))
   )(OptionsForm.apply)
 
   // for default branch
@@ -56,12 +56,12 @@ trait RepositorySettingsControllerBase extends ControllerBase {
     "defaultBranch"  -> trim(label("Default Branch" , text(required, maxlength(100))))
   )(DefaultBranchForm.apply)
 
-  // for collaborator addition
+//  // for collaborator addition
-  case class CollaboratorForm(userName: String)
+//  case class CollaboratorForm(userName: String)
-
+//
-  val collaboratorForm = mapping(
+//  val collaboratorForm = mapping(
-    "userName" -> trim(label("Username", text(required, collaborator)))
+//    "userName" -> trim(label("Username", text(required, collaborator)))
-  )(CollaboratorForm.apply)
+//  )(CollaboratorForm.apply)
 
   // for web hook url addition
   case class WebHookForm(url: String, events: Set[WebHook.Event], ctype: WebHookContentType, token: Option[String])
@@ -107,11 +107,11 @@ trait RepositorySettingsControllerBase extends ControllerBase {
       repository.repository.parentUserName.map { _ =>
         repository.repository.isPrivate
       } getOrElse form.isPrivate,
-      form.enableIssues,
+      form.issuesOption,
       form.externalIssuesUrl,
-      form.enableWiki,
+      form.wikiOption,
-      form.allowWikiEditing,
+      form.externalWikiUrl,
-      form.externalWikiUrl
+      form.allowFork
     )
     // Change repository name
     if(repository.name != form.repositoryName){
@@ -175,22 +175,12 @@ trait RepositorySettingsControllerBase extends ControllerBase {
       repository)
   })
 
-  /**
+  post("/:owner/:repository/settings/collaborators")(ownerOnly { repository =>
-   * Add the collaborator.
+    val collaborators = params("collaborators")
-   */
+    removeCollaborators(repository.owner, repository.name)
-  post("/:owner/:repository/settings/collaborators/add", collaboratorForm)(ownerOnly { (form, repository) =>
+    collaborators.split(",").withFilter(_.nonEmpty).map { collaborator =>
-    if(!getAccountByUserName(repository.owner).get.isGroupAccount){
+      val userName :: role :: Nil = collaborator.split(":").toList
-      addCollaborator(repository.owner, repository.name, form.userName)
+      addCollaborator(repository.owner, repository.name, userName, role)
-    }
-    redirect(s"/${repository.owner}/${repository.name}/settings/collaborators")
-  })
-
-  /**
-   * Add the collaborator.
-   */
-  get("/:owner/:repository/settings/collaborators/remove")(ownerOnly { repository =>
-    if(!getAccountByUserName(repository.owner).get.isGroupAccount){
-      removeCollaborator(repository.owner, repository.name, params("name"))
     }
     redirect(s"/${repository.owner}/${repository.name}/settings/collaborators")
   })
@@ -248,7 +238,7 @@ trait RepositorySettingsControllerBase extends ControllerBase {
       val dummyWebHookInfo = WebHook(repository.owner, repository.name, url, ctype, token)
       val dummyPayload = {
         val ownerAccount = getAccountByUserName(repository.owner).get
-        val commits = if(repository.commitCount == 0) List.empty else git.log
+        val commits = if(JGitUtil.isEmpty(git)) List.empty else git.log
           .add(git.getRepository.resolve(repository.repository.defaultBranch))
           .setMaxCount(4)
           .call.iterator.asScala.map(new CommitInfo(_)).toList
@@ -297,7 +287,7 @@ trait RepositorySettingsControllerBase extends ControllerBase {
   get("/:owner/:repository/settings/hooks/edit")(ownerOnly { repository =>
     getWebHook(repository.owner, repository.name, params("url")).map{ case (webhook, events) =>
       html.edithooks(webhook, events, repository, flash.get("info"), false)
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   /**
@@ -394,20 +384,20 @@ trait RepositorySettingsControllerBase extends ControllerBase {
     }
   }
 
-  /**
+//  /**
-   * Provides Constraint to validate the collaborator name.
+//   * Provides Constraint to validate the collaborator name.
-   */
+//   */
-  private def collaborator: Constraint = new Constraint(){
+//  private def collaborator: Constraint = new Constraint(){
-    override def validate(name: String, value: String, messages: Messages): Option[String] =
+//    override def validate(name: String, value: String, messages: Messages): Option[String] =
-      getAccountByUserName(value) match {
+//      getAccountByUserName(value) match {
-        case None => Some("User does not exist.")
+//        case None => Some("User does not exist.")
-        case Some(x) if(x.isGroupAccount)
+////        case Some(x) if(x.isGroupAccount)
-                  => Some("User does not exist.")
+////                  => Some("User does not exist.")
-        case Some(x) if(x.userName == params("owner") || getCollaborators(params("owner"), params("repository")).contains(x.userName))
+//        case Some(x) if(x.userName == params("owner") || getCollaborators(params("owner"), params("repository")).contains(x.userName))
-                  => Some("User can access this repository already.")
+//                  => Some(value + " is repository owner.") // TODO also group members?
-        case _    => None
+//        case _    => None
-      }
+//      }
-  }
+//  }
 
   /**
    * Duplicate check for the rename repository name.
@@ -421,6 +411,15 @@ trait RepositorySettingsControllerBase extends ControllerBase {
       }
   }
 
+  /**
+   *
+   */
+  private def featureOption: Constraint = new Constraint(){
+    override def validate(name: String, value: String, params: Map[String, String], messages: Messages): Option[String] =
+      if(Seq("DISABLE", "PRIVATE", "PUBLIC", "ALL").contains(value)) None else Some("Option is invalid.")
+  }
+
+
   /**
    * Provides Constraint to validate the repository transfer user.
    */

src/main/scala/gitbucket/core/controller/RepositoryViewerController.scala

@@ -31,7 +31,7 @@ import org.scalatra._
 
 class RepositoryViewerController extends RepositoryViewerControllerBase
   with RepositoryService with AccountService with ActivityService with IssuesService with WebHookService with CommitsService
-  with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with CommitStatusService
+  with ReadableUsersAuthenticator with ReferrerAuthenticator with WritableUsersAuthenticator with PullRequestService with CommitStatusService
   with WebHookPullRequestService with WebHookPullRequestReviewCommentService with ProtectedBranchService
 
 /**
@@ -39,7 +39,7 @@ class RepositoryViewerController extends RepositoryViewerControllerBase
  */
 trait RepositoryViewerControllerBase extends ControllerBase {
   self: RepositoryService with AccountService with ActivityService with IssuesService with WebHookService with CommitsService
-    with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with CommitStatusService
+    with ReadableUsersAuthenticator with ReferrerAuthenticator with WritableUsersAuthenticator with PullRequestService with CommitStatusService
     with WebHookPullRequestService with WebHookPullRequestReviewCommentService with ProtectedBranchService =>
 
   ArchiveCommand.registerFormat("zip", new ZipFormat)
@@ -110,16 +110,21 @@ trait RepositoryViewerControllerBase extends ControllerBase {
       enableLineBreaks = params("enableLineBreaks").toBoolean,
       enableTaskList = params("enableTaskList").toBoolean,
       enableAnchor = false,
-      hasWritePermission = hasWritePermission(repository.owner, repository.name, context.loginAccount)
+      hasWritePermission = hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
     )
   })
 
   /**
    * Displays the file list of the repository root and the default branch.
    */
-  get("/:owner/:repository")(referrersOnly {
+  get("/:owner/:repository") {
-    fileList(_)
+    params.get("go-get") match {
-  })
+      case Some("1") => defining(request.paths){ paths =>
+        getRepository(paths(0), paths(1)).map(gitbucket.core.html.goget(_))getOrElse NotFound()
+      }
+      case _ => referrersOnly(fileList(_))
+    }
+  }
 
   /**
    * Displays the file list of the specified path and branch.
@@ -146,13 +151,13 @@ trait RepositoryViewerControllerBase extends ControllerBase {
           html.commits(if(path.isEmpty) Nil else path.split("/").toList, branchName, repository,
             logs.splitWith{ (commit1, commit2) =>
               view.helpers.date(commit1.commitTime) == view.helpers.date(commit2.commitTime)
-            }, page, hasNext, hasWritePermission(repository.owner, repository.name, context.loginAccount))
+            }, page, hasNext, hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
-        case Left(_) => NotFound
+        case Left(_) => NotFound()
       }
     }
   })
 
-  get("/:owner/:repository/new/*")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/new/*")(writableUsersOnly { repository =>
     val (branch, path) = repository.splitPath(multiParams("splat").head)
     val protectedBranch = getProtectedBranchInfo(repository.owner, repository.name, branch).needStatusCheck(context.loginAccount.get.userName)
     html.editor(branch, repository, if(path.length == 0) Nil else path.split("/").toList,
@@ -160,7 +165,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
       protectedBranch)
   })
 
-  get("/:owner/:repository/edit/*")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/edit/*")(writableUsersOnly { repository =>
     val (branch, path) = repository.splitPath(multiParams("splat").head)
     val protectedBranch = getProtectedBranchInfo(repository.owner, repository.name, branch).needStatusCheck(context.loginAccount.get.userName)
 
@@ -172,11 +177,11 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         html.editor(branch, repository, paths.take(paths.size - 1).toList, Some(paths.last),
           JGitUtil.getContentInfo(git, path, objectId),
           protectedBranch)
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
-  get("/:owner/:repository/remove/*")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/remove/*")(writableUsersOnly { repository =>
     val (branch, path) = repository.splitPath(multiParams("splat").head)
     using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
       val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(branch))
@@ -185,11 +190,11 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         val paths = path.split("/")
         html.delete(branch, repository, paths.take(paths.size - 1).toList, paths.last,
           JGitUtil.getContentInfo(git, path, objectId))
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
-  post("/:owner/:repository/create", editorForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/create", editorForm)(writableUsersOnly { (form, repository) =>
     commitFile(
       repository  = repository,
       branch      = form.branch,
@@ -206,7 +211,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     }")
   })
 
-  post("/:owner/:repository/update", editorForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/update", editorForm)(writableUsersOnly { (form, repository) =>
     commitFile(
       repository  = repository,
       branch      = form.branch,
@@ -227,7 +232,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     }")
   })
 
-  post("/:owner/:repository/remove", deleteForm)(collaboratorsOnly { (form, repository) =>
+  post("/:owner/:repository/remove", deleteForm)(writableUsersOnly { (form, repository) =>
     commitFile(repository, form.branch, form.path, None, Some(form.fileName), "", "",
       form.message.getOrElse(s"Delete ${form.fileName}"))
 
@@ -245,7 +250,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
           loader.copyTo(response.outputStream)
           ()
         }
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
@@ -265,15 +270,15 @@ trait RepositoryViewerControllerBase extends ControllerBase {
             response.setContentLength(loader.getSize.toInt)
             loader.copyTo(response.outputStream)
             ()
-          } getOrElse NotFound
+          } getOrElse NotFound()
         } else {
           html.blob(id, repository, path.split("/").toList,
             JGitUtil.getContentInfo(git, path, objectId),
             new JGitUtil.CommitInfo(JGitUtil.getLastModifiedCommit(git, revCommit, path)),
-            hasWritePermission(repository.owner, repository.name, context.loginAccount),
+            hasDeveloperRole(repository.owner, repository.name, context.loginAccount),
             request.paths(2) == "blame")
         }
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
@@ -323,13 +328,13 @@ trait RepositoryViewerControllerBase extends ControllerBase {
               html.commit(id, new JGitUtil.CommitInfo(revCommit),
                 JGitUtil.getBranchesOfCommit(git, revCommit.getName),
                 JGitUtil.getTagsOfCommit(git, revCommit.getName),
-                getCommitComments(repository.owner, repository.name, id, false),
+                getCommitComments(repository.owner, repository.name, id, true),
-                repository, diffs, oldCommitId, hasWritePermission(repository.owner, repository.name, context.loginAccount))
+                repository, diffs, oldCommitId, hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
           }
         }
       }
     } catch {
-      case e:MissingObjectException => NotFound
+      case e:MissingObjectException => NotFound()
     }
   })
 
@@ -353,7 +358,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     html.commentform(
       commitId = id,
       fileName, oldLineNumber, newLineNumber, issueId,
-      hasWritePermission = hasWritePermission(repository.owner, repository.name, context.loginAccount),
+      hasWritePermission = hasDeveloperRole(repository.owner, repository.name, context.loginAccount),
       repository = repository
     )
   })
@@ -369,7 +374,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         callPullRequestReviewCommentWebHook("create", comment, repository, issueId, context.baseUrl, context.loginAccount.get)
       case None => recordCommentCommitActivity(repository.owner, repository.name, context.loginAccount.get.userName, id, form.content)
     }
-    helper.html.commitcomment(comment, hasWritePermission(repository.owner, repository.name, context.loginAccount), repository)
+    helper.html.commitcomment(comment, hasDeveloperRole(repository.owner, repository.name, context.loginAccount), repository)
   })
 
   ajaxGet("/:owner/:repository/commit_comments/_data/:id")(readableUsersOnly { repository =>
@@ -388,12 +393,12 @@ trait RepositoryViewerControllerBase extends ControllerBase {
                 enableRefsLink = true,
                 enableAnchor = true,
                 enableLineBreaks = true,
-                hasWritePermission = isEditable(x.userName, x.repositoryName, x.commentedUserName)
+                hasWritePermission = true
               )
             ))
         }
-      } else Unauthorized
+      } else Unauthorized()
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   ajaxPost("/:owner/:repository/commit_comments/edit/:id", commentForm)(readableUsersOnly { (form, repository) =>
@@ -402,8 +407,8 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         if(isEditable(owner, name, comment.commentedUserName)){
           updateCommitComment(comment.commentId, form.content)
           redirect(s"/${owner}/${name}/commit_comments/_data/${comment.commentId}")
-        } else Unauthorized
+        } else Unauthorized()
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
@@ -412,8 +417,8 @@ trait RepositoryViewerControllerBase extends ControllerBase {
       getCommitComment(owner, name, params("id")).map { comment =>
         if(isEditable(owner, name, comment.commentedUserName)){
           Ok(deleteCommitComment(comment.commentId))
-        } else Unauthorized
+        } else Unauthorized()
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
@@ -432,13 +437,13 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     .map(br => (br, getPullRequestByRequestCommit(repository.owner, repository.name, repository.repository.defaultBranch, br.name, br.commitId), protectedBranches.contains(br.name)))
     .reverse
 
-    html.branches(branches, hasWritePermission(repository.owner, repository.name, context.loginAccount), repository)
+    html.branches(branches, hasDeveloperRole(repository.owner, repository.name, context.loginAccount), repository)
   })
 
   /**
    * Creates a branch.
    */
-  post("/:owner/:repository/branches")(collaboratorsOnly { repository =>
+  post("/:owner/:repository/branches")(writableUsersOnly { repository =>
     val newBranchName = params.getOrElse("new", halt(400))
     val fromBranchName = params.getOrElse("from", halt(400))
     using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
@@ -456,7 +461,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   /**
    * Deletes branch.
    */
-  get("/:owner/:repository/delete/*")(collaboratorsOnly { repository =>
+  get("/:owner/:repository/delete/*")(writableUsersOnly { repository =>
     val branchName = multiParams("splat").head
     val userName   = context.loginAccount.get.userName
     if(repository.repository.defaultBranch != branchName){
@@ -484,11 +489,12 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         archiveRepository(name, ".zip", repository)
       case name if name.endsWith(".tar.gz") =>
         archiveRepository(name, ".tar.gz", repository)
-      case _ => BadRequest
+      case _ => BadRequest()
     }
   })
 
   get("/:owner/:repository/network/members")(referrersOnly { repository =>
+    if(repository.repository.options.allowFork) {
       html.forked(
         getRepository(
           repository.repository.originUserName.getOrElse(repository.owner),
@@ -501,6 +507,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
           case account: Option[Account] => getGroupsByUserName(account.get.userName)
         }, // groups of current user
         repository)
+    } else BadRequest()
   })
 
   /**
@@ -511,7 +518,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
       val ref = multiParams("splat").head
       JGitUtil.getTreeId(git, ref).map{ treeId =>
         html.find(ref, treeId, repository)
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
@@ -539,10 +546,10 @@ trait RepositoryViewerControllerBase extends ControllerBase {
    * @return HTML of the file list
    */
   private def fileList(repository: RepositoryService.RepositoryInfo, revstr: String = "", path: String = ".") = {
-    if(repository.commitCount == 0){
-      html.guide(repository, hasWritePermission(repository.owner, repository.name, context.loginAccount))
-    } else {
     using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
+      if(JGitUtil.isEmpty(git)){
+        html.guide(repository, hasDeveloperRole(repository.owner, repository.name, context.loginAccount))
+      } else {
         // get specified commit
         JGitUtil.getDefaultBranch(git, repository, revstr).map { case (objectId, revision) =>
           defining(JGitUtil.getRevCommitFromId(git, objectId)) { revCommit =>
@@ -562,11 +569,16 @@ trait RepositoryViewerControllerBase extends ControllerBase {
             html.files(revision, repository,
               if(path == ".") Nil else path.split("/").toList, // current path
               new JGitUtil.CommitInfo(lastModifiedCommit), // last modified commit
-              files, readme, hasWritePermission(repository.owner, repository.name, context.loginAccount),
+              JGitUtil.getCommitCount(repository.owner, repository.name, revision),
+              files,
+              readme,
+              hasDeveloperRole(repository.owner, repository.name, context.loginAccount),
               getPullRequestFromBranch(repository.owner, repository.name, revstr, repository.repository.defaultBranch),
-              flash.get("info"), flash.get("error"))
+              flash.get("info"),
+              flash.get("error")
+            )
           }
-        } getOrElse NotFound
+        } getOrElse NotFound()
       }
     }
   }
@@ -586,14 +598,18 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         val headName = s"refs/heads/${branch}"
         val headTip  = git.getRepository.resolve(headName)
 
-        JGitUtil.processTree(git, headTip){ (path, tree) =>
+        val permission = JGitUtil.processTree(git, headTip){ (path, tree) =>
+          // Add all entries except the editing file
           if(!newPath.exists(_ == path) && !oldPath.exists(_ == path)){
             builder.add(JGitUtil.createDirCacheEntry(path, tree.getEntryFileMode, tree.getEntryObjectId))
           }
-        }
+          // Retrieve permission if file exists to keep it
+          oldPath.collect { case x if x == path => tree.getEntryFileMode.getBits }
+        }.flatten.headOption
 
         newPath.foreach { newPath =>
-          builder.add(JGitUtil.createDirCacheEntry(newPath, FileMode.REGULAR_FILE,
+          builder.add(JGitUtil.createDirCacheEntry(newPath,
+            permission.map { bits => FileMode.fromBits(bits) } getOrElse FileMode.REGULAR_FILE,
             inserter.insert(Constants.OBJ_BLOB, content.getBytes(charset))))
         }
         builder.finish()
@@ -616,8 +632,11 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         updatePullRequests(repository.owner, repository.name, branch)
 
         // record activity
-        recordPushActivity(repository.owner, repository.name, loginAccount.userName, branch,
+        val commitInfo = new CommitInfo(JGitUtil.getRevCommitFromId(git, commitId))
-          List(new CommitInfo(JGitUtil.getRevCommitFromId(git, commitId))))
+        recordPushActivity(repository.owner, repository.name, loginAccount.userName, branch, List(commitInfo))
+
+        // create issue comment by commit message
+        createIssueComment(repository.owner, repository.name, commitInfo)
 
         // close issue by commit message
         closeIssuesFromMessage(message, loginAccount.userName, repository.owner, repository.name)
@@ -677,7 +696,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   }
 
   private def isEditable(owner: String, repository: String, author: String)(implicit context: Context): Boolean =
-    hasWritePermission(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
+    hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
 
   override protected def renderUncaughtException(e: Throwable)(implicit request: HttpServletRequest, response: HttpServletResponse): Unit = {
     e.printStackTrace()

src/main/scala/gitbucket/core/controller/SystemSettingsController.scala

@@ -13,9 +13,7 @@ import gitbucket.core.util.ControlUtil._
 import gitbucket.core.util.Directory._
 import gitbucket.core.util.StringUtil._
 import io.github.gitbucket.scalatra.forms._
-import io.github.gitbucket.solidbase.manager.JDBCVersionManager
 import org.apache.commons.io.{FileUtils, IOUtils}
-import org.apache.commons.mail.{DefaultAuthenticator, HtmlEmail}
 import org.scalatra.i18n.Messages
 
 class SystemSettingsController extends SystemSettingsControllerBase
@@ -105,7 +103,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 
 
   val newUserForm = mapping(
-    "userName"    -> trim(label("Username"     ,text(required, maxlength(100), identifier, uniqueUserName))),
+    "userName"    -> trim(label("Username"     ,text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
     "password"    -> trim(label("Password"     ,text(required, maxlength(20)))),
     "fullName"    -> trim(label("Full Name"    ,text(required, maxlength(100)))),
     "mailAddress" -> trim(label("Mail Address" ,text(required, maxlength(100), uniqueMailAddress()))),
@@ -127,7 +125,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
   )(EditUserForm.apply)
 
   val newGroupForm = mapping(
-    "groupName" -> trim(label("Group name" ,text(required, maxlength(100), identifier, uniqueUserName))),
+    "groupName" -> trim(label("Group name" ,text(required, maxlength(100), identifier, uniqueUserName, reservedNames))),
     "url"       -> trim(label("URL"        ,optional(text(maxlength(200))))),
     "fileId"    -> trim(label("File ID"    ,optional(text()))),
     "members"   -> trim(label("Members"    ,text(required, members)))
@@ -176,11 +174,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
   })
 
   get("/admin/plugins")(adminOnly {
-    val manager = new JDBCVersionManager(request2Session(request).conn)
+    html.plugins(PluginRegistry().getPlugins())
-    val plugins = PluginRegistry().getPlugins().map { plugin =>
-      (plugin, manager.getCurrentVersion(plugin.pluginId))
-    }
-    html.plugins(plugins)
   })
 
 
@@ -239,7 +233,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
         updateImage(userName, form.fileId, form.clearImage)
         redirect("/admin/users")
       }
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   get("/admin/users/_newgroup")(adminOnly {
@@ -285,19 +279,19 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
         } else {
           // Update GROUP_MEMBER
           updateGroupMembers(form.groupName, members)
-          // Update COLLABORATOR for group repositories
+//          // Update COLLABORATOR for group repositories
-          getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
+//          getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
-            removeCollaborators(form.groupName, repositoryName)
+//            removeCollaborators(form.groupName, repositoryName)
-            members.foreach { case (userName, isManager) =>
+//            members.foreach { case (userName, isManager) =>
-              addCollaborator(form.groupName, repositoryName, userName)
+//              addCollaborator(form.groupName, repositoryName, userName)
-            }
+//            }
-          }
+//          }
         }
 
         updateImage(form.groupName, form.fileId, form.clearImage)
         redirect("/admin/users")
 
-      } getOrElse NotFound
+      } getOrElse NotFound()
     }
   })
 
@@ -309,12 +303,7 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 
   post("/admin/export")(adminOnly {
     import gitbucket.core.util.JDBCUtil._
-    val session = request2Session(request)
+    val file = request2Session(request).conn.exportAsSQL(request.getParameterValues("tableNames").toSeq)
-    val file = if(params("type") == "sql"){
-      session.conn.exportAsSQL(request.getParameterValues("tableNames").toSeq)
-    } else {
-      session.conn.exportAsXML(request.getParameterValues("tableNames").toSeq)
-    }
 
     contentType = "application/octet-stream"
     response.setHeader("Content-Disposition", "attachment; filename=" + file.getName)

src/main/scala/gitbucket/core/controller/WikiController.scala

@@ -14,10 +14,10 @@ import org.scalatra.i18n.Messages
 
 class WikiController extends WikiControllerBase 
   with WikiService with RepositoryService with AccountService with ActivityService
-  with CollaboratorsAuthenticator with ReferrerAuthenticator
+  with ReadableUsersAuthenticator with ReferrerAuthenticator
 
 trait WikiControllerBase extends ControllerBase {
-  self: WikiService with RepositoryService with ActivityService with CollaboratorsAuthenticator with ReferrerAuthenticator =>
+  self: WikiService with RepositoryService with ActivityService with ReadableUsersAuthenticator with ReferrerAuthenticator =>
 
   case class WikiPageEditForm(pageName: String, content: String, message: Option[String], currentPageName: String, id: String)
   
@@ -62,7 +62,7 @@ trait WikiControllerBase extends ControllerBase {
 
     using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))){ git =>
       JGitUtil.getCommitLog(git, "master", path = pageName + ".md") match {
-        case Right((logs, hasNext)) => html.history(Some(pageName), logs, repository)
+        case Right((logs, hasNext)) => html.history(Some(pageName), logs, repository, isEditable(repository))
         case Left(_) => NotFound()
       }
     }
@@ -87,7 +87,7 @@ trait WikiControllerBase extends ControllerBase {
     }
   })
 
-  get("/:owner/:repository/wiki/:page/_revert/:commitId")(referrersOnly { repository =>
+  get("/:owner/:repository/wiki/:page/_revert/:commitId")(readableUsersOnly { repository =>
     if(isEditable(repository)){
       val pageName = StringUtil.urlDecode(params("page"))
       val Array(from, to) = params("commitId").split("\\.\\.\\.")
@@ -101,7 +101,7 @@ trait WikiControllerBase extends ControllerBase {
     } else Unauthorized()
   })
 
-  get("/:owner/:repository/wiki/_revert/:commitId")(referrersOnly { repository =>
+  get("/:owner/:repository/wiki/_revert/:commitId")(readableUsersOnly { repository =>
     if(isEditable(repository)){
       val Array(from, to) = params("commitId").split("\\.\\.\\.")
 
@@ -114,14 +114,14 @@ trait WikiControllerBase extends ControllerBase {
     } else Unauthorized()
   })
 
-  get("/:owner/:repository/wiki/:page/_edit")(referrersOnly { repository =>
+  get("/:owner/:repository/wiki/:page/_edit")(readableUsersOnly { repository =>
     if(isEditable(repository)){
       val pageName = StringUtil.urlDecode(params("page"))
       html.edit(pageName, getWikiPage(repository.owner, repository.name, pageName), repository)
     } else Unauthorized()
   })
   
-  post("/:owner/:repository/wiki/_edit", editForm)(referrersOnly { (form, repository) =>
+  post("/:owner/:repository/wiki/_edit", editForm)(readableUsersOnly { (form, repository) =>
     if(isEditable(repository)){
       defining(context.loginAccount.get){ loginAccount =>
         saveWikiPage(
@@ -146,13 +146,13 @@ trait WikiControllerBase extends ControllerBase {
     } else Unauthorized()
   })
   
-  get("/:owner/:repository/wiki/_new")(referrersOnly { repository =>
+  get("/:owner/:repository/wiki/_new")(readableUsersOnly { repository =>
     if(isEditable(repository)){
       html.edit("", None, repository)
     } else Unauthorized()
   })
   
-  post("/:owner/:repository/wiki/_new", newForm)(referrersOnly { (form, repository) =>
+  post("/:owner/:repository/wiki/_new", newForm)(readableUsersOnly { (form, repository) =>
     if(isEditable(repository)){
       defining(context.loginAccount.get){ loginAccount =>
         saveWikiPage(repository.owner, repository.name, form.currentPageName, form.pageName,
@@ -170,7 +170,7 @@ trait WikiControllerBase extends ControllerBase {
     } else Unauthorized()
   })
   
-  get("/:owner/:repository/wiki/:page/_delete")(referrersOnly { repository =>
+  get("/:owner/:repository/wiki/:page/_delete")(readableUsersOnly { repository =>
     if(isEditable(repository)){
       val pageName = StringUtil.urlDecode(params("page"))
 
@@ -190,7 +190,7 @@ trait WikiControllerBase extends ControllerBase {
   get("/:owner/:repository/wiki/_history")(referrersOnly { repository =>
     using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))){ git =>
       JGitUtil.getCommitLog(git, "master") match {
-        case Right((logs, hasNext)) => html.history(None, logs, repository)
+        case Right((logs, hasNext)) => html.history(None, logs, repository, isEditable(repository))
         case Left(_) => NotFound()
       }
     }
@@ -201,7 +201,7 @@ trait WikiControllerBase extends ControllerBase {
 
     getFileContent(repository.owner, repository.name, path).map { bytes =>
       RawData(FileUtil.getContentType(path, bytes), bytes)
-    } getOrElse NotFound
+    } getOrElse NotFound()
   })
 
   private def unique: Constraint = new Constraint(){
@@ -240,9 +240,13 @@ trait WikiControllerBase extends ControllerBase {
 
   private def targetWikiPage = getWikiPage(params("owner"), params("repository"), params("pageName"))
 
-  private def isEditable(repository: RepositoryInfo)(implicit context: Context): Boolean =
+  private def isEditable(repository: RepositoryInfo)(implicit context: Context): Boolean = {
-    repository.repository.allowWikiEditing || (
+    repository.repository.options.wikiOption match {
-      hasWritePermission(repository.owner, repository.name, context.loginAccount)
+      case "ALL"     => !repository.repository.isPrivate && context.loginAccount.isDefined
-    )
+      case "PUBLIC"  => hasGuestRole(repository.owner, repository.name, context.loginAccount)
+      case "PRIVATE" => hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
+      case "DISABLE" => false
+    }
+  }
 
 }

src/main/scala/gitbucket/core/model/Collaborator.scala

@@ -7,7 +7,8 @@ trait CollaboratorComponent extends TemplateComponent { self: Profile =>
 
   class Collaborators(tag: Tag) extends Table[Collaborator](tag, "COLLABORATOR") with BasicTemplate {
     val collaboratorName = column[String]("COLLABORATOR_NAME")
-    def * = (userName, repositoryName, collaboratorName) <> (Collaborator.tupled, Collaborator.unapply)
+    val role = column[String]("ROLE")
+    def * = (userName, repositoryName, collaboratorName, role) <> (Collaborator.tupled, Collaborator.unapply)
 
     def byPrimaryKey(owner: String, repository: String, collaborator: String) =
       byRepository(owner, repository) && (collaboratorName === collaborator.bind)
@@ -17,5 +18,23 @@ trait CollaboratorComponent extends TemplateComponent { self: Profile =>
 case class Collaborator(
   userName: String,
   repositoryName: String,
-  collaboratorName: String
+  collaboratorName: String,
+  role: String
 )
+
+sealed abstract class Role(val name: String)
+
+object Role {
+  object ADMIN extends Role("ADMIN")
+  object DEVELOPER extends Role("DEVELOPER")
+  object GUEST extends Role("GUEST")
+
+//  val values: Vector[Permission] = Vector(ADMIN, WRITE, READ)
+//
+//  private val map: Map[String, Permission] = values.map(enum => enum.name -> enum).toMap
+//
+//  def apply(name: String): Permission = map(name)
+//
+//  def valueOf(name: String): Option[Permission] = map.get(name)
+
+}

src/main/scala/gitbucket/core/model/Repository.scala

@@ -17,14 +17,51 @@ trait RepositoryComponent extends TemplateComponent { self: Profile =>
     val originRepositoryName = column[String]("ORIGIN_REPOSITORY_NAME")
     val parentUserName       = column[String]("PARENT_USER_NAME")
     val parentRepositoryName = column[String]("PARENT_REPOSITORY_NAME")
-    val enableIssues = column[Boolean]("ENABLE_ISSUES")
+    val issuesOption         = column[String]("ISSUES_OPTION")
     val externalIssuesUrl    = column[String]("EXTERNAL_ISSUES_URL")
-    val enableWiki = column[Boolean]("ENABLE_WIKI")
+    val wikiOption           = column[String]("WIKI_OPTION")
-    val allowWikiEditing = column[Boolean]("ALLOW_WIKI_EDITING")
     val externalWikiUrl      = column[String]("EXTERNAL_WIKI_URL")
-    def * = (userName, repositoryName, isPrivate, description.?, defaultBranch,
+    val allowFork            = column[Boolean]("ALLOW_FORK")
-      registeredDate, updatedDate, lastActivityDate, originUserName.?, originRepositoryName.?, parentUserName.?, parentRepositoryName.?,
+
-      enableIssues, externalIssuesUrl.?, enableWiki, allowWikiEditing, externalWikiUrl.?) <> (Repository.tupled, Repository.unapply)
+    def * = (
+      (userName, repositoryName, isPrivate, description.?, defaultBranch,
+      registeredDate, updatedDate, lastActivityDate, originUserName.?, originRepositoryName.?, parentUserName.?, parentRepositoryName.?),
+      (issuesOption, externalIssuesUrl.?, wikiOption, externalWikiUrl.?, allowFork)
+    ).shaped <> (
+      { case (repository, options) =>
+        Repository(
+          repository._1,
+          repository._2,
+          repository._3,
+          repository._4,
+          repository._5,
+          repository._6,
+          repository._7,
+          repository._8,
+          repository._9,
+          repository._10,
+          repository._11,
+          repository._12,
+          RepositoryOptions.tupled.apply(options)
+        )
+      }, { (r: Repository) =>
+        Some(((
+          r.userName,
+          r.repositoryName,
+          r.isPrivate,
+          r.description,
+          r.defaultBranch,
+          r.registeredDate,
+          r.updatedDate,
+          r.lastActivityDate,
+          r.originUserName,
+          r.originRepositoryName,
+          r.parentUserName,
+          r.parentRepositoryName
+        ),(
+          RepositoryOptions.unapply(r.options).get
+        )))
+      })
 
     def byPrimaryKey(owner: String, repository: String) = byRepository(owner, repository)
   }
@@ -43,9 +80,13 @@ case class Repository(
   originRepositoryName: Option[String],
   parentUserName: Option[String],
   parentRepositoryName: Option[String],
-  enableIssues: Boolean,
+  options: RepositoryOptions
-  externalIssuesUrl: Option[String],
+)
-  enableWiki: Boolean,
+
-  allowWikiEditing: Boolean,
+case class RepositoryOptions(
-  externalWikiUrl: Option[String]
+  issuesOption: String,
+  externalIssuesUrl: Option[String],
+  wikiOption: String,
+  externalWikiUrl: Option[String],
+  allowFork: Boolean
 )

src/main/scala/gitbucket/core/plugin/PluginRegistory.scala

@@ -13,6 +13,7 @@ import gitbucket.core.util.ControlUtil._
 import gitbucket.core.util.DatabaseConfig
 import gitbucket.core.util.Directory._
 import io.github.gitbucket.solidbase.Solidbase
+import io.github.gitbucket.solidbase.manager.JDBCVersionManager
 import io.github.gitbucket.solidbase.model.Module
 import org.apache.commons.codec.binary.{Base64, StringUtils}
 import org.slf4j.LoggerFactory
@@ -161,6 +162,8 @@ object PluginRegistry {
    */
   def initialize(context: ServletContext, settings: SystemSettings, conn: java.sql.Connection): Unit = {
     val pluginDir = new File(PluginHome)
+    val manager = new JDBCVersionManager(conn)
+
     if(pluginDir.exists && pluginDir.isDirectory){
       pluginDir.listFiles(new FilenameFilter {
         override def accept(dir: File, name: String): Boolean = name.endsWith(".jar")
@@ -173,6 +176,13 @@ object PluginRegistry {
           val solidbase = new Solidbase()
           solidbase.migrate(conn, classLoader, DatabaseConfig.liquiDriver, new Module(plugin.pluginId, plugin.versions: _*))
 
+          // Check version
+          val databaseVersion = manager.getCurrentVersion(plugin.pluginId)
+          val pluginVersion = plugin.versions.last.getVersion
+          if(databaseVersion != pluginVersion){
+            throw new IllegalStateException(s"Plugin version is ${pluginVersion}, but database version is ${databaseVersion}")
+          }
+
           // Initialize
           plugin.initialize(instance, context, settings)
           instance.addPlugin(PluginInfo(
@@ -185,7 +195,7 @@ object PluginRegistry {
 
         } catch {
           case e: Throwable => {
-            logger.error(s"Error during plugin initialization", e)
+            logger.error(s"Error during plugin initialization: ${pluginJar.getAbsolutePath}", e)
           }
         }
       }

src/main/scala/gitbucket/core/plugin/SuggestionProvider.scala

@@ -23,5 +23,5 @@ class UserNameSuggestionProvider extends SuggestionProvider {
   override def values(repository: RepositoryInfo): Seq[String] = Nil
   override def template(implicit context: Context): String = "'@' + value"
   override def additionalScript(implicit context: Context): String =
-    s"""$$.get('${context.path}/_user/proposals', { query: '' }, function (data) { user = data.options; });"""
+    s"""$$.get('${context.path}/_user/proposals', { query: '', user: true, group: false }, function (data) { user = data.options; });"""
 }

src/main/scala/gitbucket/core/service/AccountService.scala

@@ -181,12 +181,11 @@ trait AccountService {
   def removeUserRelatedData(userName: String)(implicit s: Session): Unit = {
     GroupMembers.filter(_.userName === userName.bind).delete
     Collaborators.filter(_.collaboratorName === userName.bind).delete
-    Repositories.filter(_.userName === userName.bind).delete
   }
 
   def getGroupNames(userName: String)(implicit s: Session): List[String] = {
     List(userName) ++
-      Collaborators.filter(_.collaboratorName === userName.bind).sortBy(_.userName).map(_.userName).list
+      Collaborators.filter(_.collaboratorName === userName.bind).sortBy(_.userName).map(_.userName).list.distinct
   }
 
 }

src/main/scala/gitbucket/core/service/CommitsService.scala

@@ -42,6 +42,12 @@ trait CommitsService {
       updatedDate       = currentDate,
       issueId           = issueId)
 
+  def updateCommitCommentPosition(commentId: Int, commitId: String, oldLine: Option[Int], newLine: Option[Int])(implicit s: Session): Unit =
+    CommitComments.filter(_.byPrimaryKey(commentId))
+      .map { t =>
+        (t.commitId, t.oldLine, t.newLine)
+      }.update(commitId, oldLine, newLine)
+
   def updateCommitComment(commentId: Int, content: String)(implicit s: Session) =
     CommitComments
       .filter (_.byPrimaryKey(commentId))

src/main/scala/gitbucket/core/service/HandleCommentService.scala

@@ -13,7 +13,7 @@ trait HandleCommentService {
     with WebHookService with WebHookIssueCommentService with WebHookPullRequestService =>
 
   /**
-   * @see [[https://github.com/takezoe/gitbucket/wiki/CommentAction]]
+   * @see [[https://github.com/gitbucket/gitbucket/wiki/CommentAction]]
    */
   def handleComment(issue: Issue, content: Option[String], repository: RepositoryService.RepositoryInfo, actionOpt: Option[String])
                    (implicit context: Context, s: Session) = {
@@ -54,19 +54,21 @@ trait HandleCommentService {
 
       // call web hooks
       action match {
-        case None => commentId.map{ commentIdSome => callIssueCommentWebHook(repository, issue, commentIdSome, context.loginAccount.get) }
+        case None => commentId.map { commentIdSome => callIssueCommentWebHook(repository, issue, commentIdSome, context.loginAccount.get) }
-        case Some(act) => val webHookAction = act match {
+        case Some(act) => {
+          val webHookAction = act match {
             case "open"   => "opened"
             case "reopen" => "reopened"
             case "close"  => "closed"
             case _ => act
           }
-          if(issue.isPullRequest){
+          if (issue.isPullRequest) {
             callPullRequestWebHook(webHookAction, repository, issue.issueId, context.baseUrl, context.loginAccount.get)
           } else {
             callIssuesWebHook(webHookAction, repository, issue, context.baseUrl, context.loginAccount.get)
           }
         }
+      }
 
       // notifications
       Notifier() match {

src/main/scala/gitbucket/core/service/IssuesService.scala

@@ -13,8 +13,9 @@ import scala.slick.jdbc.{StaticQuery => Q}
 import Q.interpolation
 
 
+
 trait IssuesService {
-  self: AccountService =>
+  self: AccountService with RepositoryService =>
   import IssuesService._
 
   def getIssue(owner: String, repository: String, issueId: String)(implicit s: Session) =
@@ -34,6 +35,10 @@ trait IssuesService {
     .map{ case ((t1, t2), t3) => (t1, t2, t3) }
     .list
 
+  def getMergedComment(owner: String, repository: String, issueId: Int)(implicit s: Session): Option[(IssueComment, Account)] = {
+    getCommentsForApi(owner, repository, issueId).collectFirst { case (comment, account, _) if comment.action == "merged" => (comment, account) }
+  }
+
   def getComment(owner: String, repository: String, commentId: String)(implicit s: Session) =
     if (commentId forall (_.isDigit))
       IssueComments filter { t =>
@@ -163,18 +168,14 @@ trait IssuesService {
                  (implicit s: Session): List[IssueInfo] = {
     // get issues and comment count and labels
     val result = searchIssueQueryBase(condition, pullRequest, offset, limit, repos)
-        .leftJoin (IssueLabels) .on { case ((t1, t2), t3) => t1.byIssue(t3.userName, t3.repositoryName, t3.issueId) }
+      .leftJoin (IssueLabels) .on { case (((t1, t2), i), t3) => t1.byIssue(t3.userName, t3.repositoryName, t3.issueId) }
-        .leftJoin (Labels)      .on { case (((t1, t2), t3), t4) => t3.byLabel(t4.userName, t4.repositoryName, t4.labelId) }
+      .leftJoin (Labels)      .on { case ((((t1, t2), i), t3), t4) => t3.byLabel(t4.userName, t4.repositoryName, t4.labelId) }
-        .leftJoin (Milestones)  .on { case ((((t1, t2), t3), t4), t5) => t1.byMilestone(t5.userName, t5.repositoryName, t5.milestoneId) }
+      .leftJoin (Milestones)  .on { case (((((t1, t2), i), t3), t4), t5) => t1.byMilestone(t5.userName, t5.repositoryName, t5.milestoneId) }
-        .map { case ((((t1, t2), t3), t4), t5) =>
+      .sortBy { case (((((t1, t2), i), t3), t4), t5) => i asc }
-          (t1, t2.commentCount, t4.labelId.?, t4.labelName.?, t4.color.?, t5.title.?)
+      .map { case (((((t1, t2), i), t3), t4), t5) => (t1, t2.commentCount, t4.labelId.?, t4.labelName.?, t4.color.?, t5.title.?) }
-        }
       .list
-        .splitWith { (c1, c2) =>
+      .splitWith { (c1, c2) => c1._1.userName == c2._1.userName && c1._1.repositoryName == c2._1.repositoryName && c1._1.issueId == c2._1.issueId }
-          c1._1.userName       == c2._1.userName &&
+
-          c1._1.repositoryName == c2._1.repositoryName &&
-          c1._1.issueId        == c2._1.issueId
-        }
     val status = getCommitStatues(result.map(_.head._1).map(is => (is.userName, is.repositoryName, is.issueId)))
 
     result.map { issues => issues.head match {
@@ -196,13 +197,12 @@ trait IssuesService {
                             (implicit s: Session): List[(Issue, Account, Int, PullRequest, Repository, Account)] = {
     // get issues and comment count and labels
     searchIssueQueryBase(condition, true, offset, limit, repos)
-      .innerJoin(PullRequests).on { case ((t1, t2), t3) => t3.byPrimaryKey(t1.userName, t1.repositoryName, t1.issueId) }
+      .innerJoin(PullRequests).on { case (((t1, t2), i), t3) => t3.byPrimaryKey(t1.userName, t1.repositoryName, t1.issueId) }
-      .innerJoin(Repositories).on { case (((t1, t2), t3), t4) => t4.byRepository(t1.userName, t1.repositoryName) }
+      .innerJoin(Repositories).on { case ((((t1, t2), i), t3), t4) => t4.byRepository(t1.userName, t1.repositoryName) }
-      .innerJoin(Accounts).on { case ((((t1, t2), t3), t4), t5) => t5.userName === t1.openedUserName }
+      .innerJoin(Accounts).on { case (((((t1, t2), i), t3), t4), t5) => t5.userName === t1.openedUserName }
-      .innerJoin(Accounts).on { case (((((t1, t2), t3), t4), t5), t6) => t6.userName === t4.userName }
+      .innerJoin(Accounts).on { case ((((((t1, t2), i), t3), t4), t5), t6) => t6.userName === t4.userName }
-      .map { case (((((t1, t2), t3), t4), t5), t6) =>
+      .sortBy { case ((((((t1, t2), i), t3), t4), t5), t6) => i asc }
-          (t1, t5, t2.commentCount, t3, t4, t6)
+      .map { case ((((((t1, t2), i), t3), t4), t5), t6) => (t1, t5, t2.commentCount, t3, t4, t6) }
-      }
       .list
   }
 
@@ -210,6 +210,7 @@ trait IssuesService {
                                   (implicit s: Session) =
     searchIssueQuery(repos, condition, pullRequest)
       .innerJoin(IssueOutline).on { (t1, t2) => t1.byIssue(t2.userName, t2.repositoryName, t2.issueId) }
+      .sortBy { case (t1, t2) => t1.issueId desc }
       .sortBy { case (t1, t2) =>
         (condition.sort match {
           case "created"  => t1.registeredDate
@@ -222,7 +223,7 @@ trait IssuesService {
           }
         }
       }
-        .drop(offset).take(limit)
+      .drop(offset).take(limit).zipWithIndex
 
 
   /**
@@ -437,6 +438,11 @@ trait IssuesService {
     }
   }
 
+  def getAssignableUserNames(owner: String, repository: String)(implicit s: Session): List[String] = {
+    (getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN, Role.DEVELOPER)) :::
+      (if (getAccountByUserName(owner).get.isGroupAccount) getGroupMembers(owner).map(_.userName) else List(owner))).distinct.sorted
+  }
+
 }
 
 object IssuesService {
@@ -518,50 +524,6 @@ object IssuesService {
       if(value == null || value.isEmpty || (allow.nonEmpty && !allow.contains(value))) None else Some(value)
     }
 
-    /**
-     * Restores IssueSearchCondition instance from filter query.
-     */
-    def apply(filter: String, milestones: Map[String, Int]): IssueSearchCondition = {
-      val conditions = filter.split("[ 　\t]+").flatMap { x =>
-        x.split(":") match {
-           case Array(key, value) => Some((key, value))
-           case _ => None
-        }
-      }.groupBy(_._1).map { case (key, values) =>
-        key -> values.map(_._2).toSeq
-      }
-
-      val (sort, direction) = conditions.get("sort").flatMap(_.headOption).getOrElse("created-desc") match {
-        case "created-asc"   => ("created" , "asc" )
-        case "comments-desc" => ("comments", "desc")
-        case "comments-asc"  => ("comments", "asc" )
-        case "updated-desc"  => ("comments", "desc")
-        case "updated-asc"   => ("comments", "asc" )
-        case _               => ("created" , "desc")
-      }
-
-      IssueSearchCondition(
-        conditions.get("label").map(_.toSet).getOrElse(Set.empty),
-        conditions.get("milestone").flatMap(_.headOption) match {
-          case None         => None
-          case Some("none") => Some(None)
-          case Some(x)      => Some(Some(x))
-        },
-        conditions.get("author").flatMap(_.headOption),
-        conditions.get("assignee").flatMap(_.headOption) match {
-          case None         => None
-          case Some("none") => Some(None)
-          case Some(x)      => Some(Some(x))
-        },
-        conditions.get("mentions").flatMap(_.headOption),
-        conditions.get("is").getOrElse(Seq.empty).find(x => x == "open" || x == "closed").getOrElse("open"),
-        sort,
-        direction,
-        conditions.get("visibility").flatMap(_.headOption),
-        conditions.get("group").map(_.toSet).getOrElse(Set.empty)
-      )
-    }
-
     /**
      * Restores IssueSearchCondition instance from request parameters.
      */

src/main/scala/gitbucket/core/service/MilestonesService.scala

@@ -41,7 +41,7 @@ trait MilestonesService {
 
   def getMilestonesWithIssueCount(owner: String, repository: String)(implicit s: Session): List[(Milestone, Int, Int)] = {
     val counts = Issues
-      .filter  { t => (t.byRepository(owner, repository)) && (t.milestoneId.? isDefined) }
+      .filter  { t => t.byRepository(owner, repository) && (t.milestoneId.? isDefined) }
       .groupBy { t => t.milestoneId -> t.closed }
       .map     { case (t1, t2) => t1._1 -> t1._2 -> t2.length }
       .toMap
@@ -52,6 +52,6 @@ trait MilestonesService {
   }
 
   def getMilestones(owner: String, repository: String)(implicit s: Session): List[Milestone] =
-    Milestones.filter(_.byRepository(owner, repository)).sortBy(_.milestoneId asc).list
+    Milestones.filter(_.byRepository(owner, repository)).sortBy(t => (t.dueDate.asc, t.closedDate.desc, t.milestoneId.desc)).list
 
 }

src/main/scala/gitbucket/core/service/ProtectedBranchService.scala

@@ -86,7 +86,7 @@ object ProtectedBranchService {
     def getStopReason(isAllowNonFastForwards: Boolean, command: ReceiveCommand, pusher: String)(implicit session: Session): Option[String] = {
       if(enabled){
         command.getType() match {
-          case ReceiveCommand.Type.UPDATE|ReceiveCommand.Type.UPDATE_NONFASTFORWARD if isAllowNonFastForwards =>
+          case ReceiveCommand.Type.UPDATE_NONFASTFORWARD if isAllowNonFastForwards =>
             Some("Cannot force-push to a protected branch")
           case ReceiveCommand.Type.UPDATE|ReceiveCommand.Type.UPDATE_NONFASTFORWARD if needStatusCheck(pusher) =>
             unSuccessedContexts(command.getNewId.name) match {
@@ -98,7 +98,7 @@ object ProtectedBranchService {
             Some("Cannot delete a protected branch")
           case _ => None
         }
-      }else{
+      } else {
         None
       }
     }

src/main/scala/gitbucket/core/service/PullRequestService.scala

@@ -1,12 +1,22 @@
 package gitbucket.core.service
 
-import gitbucket.core.model.{Account, Issue, PullRequest, WebHook, CommitStatus, CommitState}
+import difflib.{Delta, DiffUtils}
+import gitbucket.core.model.{Session => _, _}
 import gitbucket.core.model.Profile._
+import gitbucket.core.util.ControlUtil._
+import gitbucket.core.util.Directory._
+import gitbucket.core.util.Implicits._
 import gitbucket.core.util.JGitUtil
+import gitbucket.core.util.JGitUtil.{CommitInfo, DiffInfo}
+import gitbucket.core.view
+import gitbucket.core.view.helpers
+import org.eclipse.jgit.api.Git
 import profile.simple._
 
+import scala.collection.JavaConverters._
 
-trait PullRequestService { self: IssuesService =>
+
+trait PullRequestService { self: IssuesService with CommitsService =>
   import PullRequestService._
 
   def getPullRequest(owner: String, repository: String, issueId: Int)
@@ -111,9 +121,26 @@ trait PullRequestService { self: IssuesService =>
   def updatePullRequests(owner: String, repository: String, branch: String)(implicit s: Session): Unit =
     getPullRequestsByRequest(owner, repository, branch, false).foreach { pullreq =>
       if(Repositories.filter(_.byRepository(pullreq.userName, pullreq.repositoryName)).exists.run){
+        // Update the git repository
         val (commitIdTo, commitIdFrom) = JGitUtil.updatePullRequest(
           pullreq.userName, pullreq.repositoryName, pullreq.branch, pullreq.issueId,
           pullreq.requestUserName, pullreq.requestRepositoryName, pullreq.requestBranch)
+
+        // Collect comment positions
+        val positions = getCommitComments(pullreq.userName, pullreq.repositoryName, pullreq.commitIdTo, true)
+          .collect {
+            case CommitComment(_, _, _, commentId, _, _, Some(file), None, Some(newLine), _, _, _) => (file, commentId, Right(newLine))
+            case CommitComment(_, _, _, commentId, _, _, Some(file), Some(oldLine), None, _, _, _) => (file, commentId, Left(oldLine))
+          }
+          .groupBy { case (file, _, _) => file }
+          .map { case (file, comments) => file ->
+            comments.map { case (_, commentId, lineNumber) => (commentId, lineNumber) }
+          }
+
+        // Update comments position
+        updatePullRequestCommentPositions(positions, pullreq.requestUserName, pullreq.requestRepositoryName, pullreq.commitIdTo, commitIdTo)
+
+        // Update commit id in the PULL_REQUEST table
         updateCommitId(pullreq.userName, pullreq.repositoryName, pullreq.issueId, commitIdTo, commitIdFrom)
       }
     }
@@ -137,6 +164,78 @@ trait PullRequestService { self: IssuesService =>
         .firstOption
     }
   }
+
+  private def updatePullRequestCommentPositions(positions: Map[String, Seq[(Int, Either[Int, Int])]], userName: String, repositoryName: String,
+                                                oldCommitId: String, newCommitId: String)(implicit s: Session): Unit = {
+
+    val (_, diffs) = getRequestCompareInfo(userName, repositoryName, oldCommitId, userName, repositoryName, newCommitId)
+
+    val patchs = positions.map { case (file, _) =>
+      diffs.find(x => x.oldPath == file).map { diff =>
+        (diff.oldContent, diff.newContent) match {
+          case (Some(oldContent), Some(newContent)) => {
+            val oldLines = oldContent.replace("\r\n", "\n").split("\n")
+            val newLines = newContent.replace("\r\n", "\n").split("\n")
+            file -> Option(DiffUtils.diff(oldLines.toList.asJava, newLines.toList.asJava))
+          }
+          case _ =>
+            file -> None
+        }
+      }.getOrElse {
+        file -> None
+      }
+    }
+
+    positions.foreach { case (file, comments) =>
+      patchs(file) match {
+        case Some(patch) => file -> comments.foreach { case (commentId, lineNumber) => lineNumber match {
+          case Left(oldLine)  => updateCommitCommentPosition(commentId, newCommitId, Some(oldLine), None)
+          case Right(newLine) =>
+            var counter = newLine
+            patch.getDeltas.asScala.filter(_.getOriginal.getPosition < newLine).foreach { delta =>
+              delta.getType match {
+                case Delta.TYPE.CHANGE =>
+                  if(delta.getOriginal.getPosition <= newLine - 1 && newLine <= delta.getOriginal.getPosition + delta.getRevised.getLines.size){
+                    counter = -1
+                  } else {
+                    counter = counter + (delta.getRevised.getLines.size - delta.getOriginal.getLines.size)
+                  }
+                case Delta.TYPE.INSERT => counter = counter + delta.getRevised.getLines.size
+                case Delta.TYPE.DELETE => counter = counter - delta.getOriginal.getLines.size
+              }
+            }
+            if(counter >= 0){
+              updateCommitCommentPosition(commentId, newCommitId, None, Some(counter))
+            }
+        }}
+        case _ => comments.foreach { case (commentId, lineNumber) => lineNumber match {
+          case Right(oldLine) => updateCommitCommentPosition(commentId, newCommitId, Some(oldLine), None)
+          case Left(newLine)  => updateCommitCommentPosition(commentId, newCommitId, None, Some(newLine))
+        }}
+      }
+    }
+  }
+
+  def getRequestCompareInfo(userName: String, repositoryName: String, branch: String,
+                            requestUserName: String, requestRepositoryName: String, requestCommitId: String): (Seq[Seq[CommitInfo]], Seq[DiffInfo]) =
+    using(
+      Git.open(getRepositoryDir(userName, repositoryName)),
+      Git.open(getRepositoryDir(requestUserName, requestRepositoryName))
+    ){ (oldGit, newGit) =>
+      val oldId = oldGit.getRepository.resolve(branch)
+      val newId = newGit.getRepository.resolve(requestCommitId)
+
+      val commits = newGit.log.addRange(oldId, newId).call.iterator.asScala.map { revCommit =>
+        new CommitInfo(revCommit)
+      }.toList.splitWith { (commit1, commit2) =>
+        helpers.date(commit1.commitTime) == view.helpers.date(commit2.commitTime)
+      }
+
+      val diffs = JGitUtil.getDiffs(newGit, oldId.getName, newId.getName, true)
+
+      (commits, diffs)
+    }
+
 }
 
 object PullRequestService {

src/main/scala/gitbucket/core/service/RepositoryCreationService.scala

@@ -21,12 +21,12 @@ trait RepositoryCreationService {
     // Insert to the database at first
     insertRepository(name, owner, description, isPrivate)
 
-    // Add collaborators for group repository
+//    // Add collaborators for group repository
-    if(ownerAccount.isGroupAccount){
+//    if(ownerAccount.isGroupAccount){
-      getGroupMembers(owner).foreach { member =>
+//      getGroupMembers(owner).foreach { member =>
-        addCollaborator(owner, name, member.userName)
+//        addCollaborator(owner, name, member.userName)
-      }
+//      }
-    }
+//    }
 
     // Insert default labels
     insertDefaultLabels(owner, name)

src/main/scala/gitbucket/core/service/RepositoryService.scala

@@ -1,7 +1,7 @@
 package gitbucket.core.service
 
 import gitbucket.core.controller.Context
-import gitbucket.core.model.{Collaborator, Repository, Account}
+import gitbucket.core.model.{Collaborator, Repository, RepositoryOptions, Account, Role}
 import gitbucket.core.model.Profile._
 import gitbucket.core.util.JGitUtil
 import profile.simple._
@@ -37,11 +37,13 @@ trait RepositoryService { self: AccountService =>
         originRepositoryName = originRepositoryName,
         parentUserName       = parentUserName,
         parentRepositoryName = parentRepositoryName,
-        enableIssues         = true,
+        options              = RepositoryOptions(
+          issuesOption         = "PUBLIC", // TODO DISABLE for the forked repository?
           externalIssuesUrl    = None,
-        enableWiki           = true,
+          wikiOption           = "PUBLIC", // TODO DISABLE for the forked repository?
-        allowWikiEditing     = true,
+          externalWikiUrl      = None,
-        externalWikiUrl      = None
+          allowFork            = true
+        )
       )
 
     IssueId insert (userName, repositoryName, 0)
@@ -121,11 +123,8 @@ trait RepositoryService { self: AccountService =>
           repositoryName = newRepositoryName
         )) :_*)
 
-        if(account.isGroupAccount){
+        // TODO Drop transfered owner from collaborators?
-          Collaborators.insertAll(getGroupMembers(newUserName).map(m => Collaborator(newUserName, newRepositoryName, m.userName)) :_*)
-        } else {
         Collaborators.insertAll(collaborators.map(_.copy(userName = newUserName, repositoryName = newRepositoryName)) :_*)
-        }
 
         // Update activity messages
         Activities.filter { t =>
@@ -224,7 +223,7 @@ trait RepositoryService { self: AccountService =>
   }
 
   /**
-   * Returns the repositories without private repository that user does not have access right.
+   * Returns the repositories except private repository that user does not have access right.
    * Include public repository, private own repository and private but collaborator repository.
    *
    * @param userName the user name of collaborator
@@ -233,8 +232,10 @@ trait RepositoryService { self: AccountService =>
   def getAllRepositories(userName: String)(implicit s: Session): List[(String, String)] = {
     Repositories.filter { t1 =>
       (t1.isPrivate === false.bind) ||
-      (t1.userName  === userName.bind) ||
+      (t1.userName  === userName.bind) || (t1.userName in (GroupMembers.filter(_.userName === userName.bind).map(_.groupName))) ||
-      (Collaborators.filter { t2 => t2.byRepository(t1.userName, t1.repositoryName) && (t2.collaboratorName === userName.bind)} exists)
+      (Collaborators.filter { t2 => t2.byRepository(t1.userName, t1.repositoryName) &&
+        ((t2.collaboratorName === userName.bind) || (t2.collaboratorName in GroupMembers.filter(_.userName === userName.bind).map(_.groupName)))
+      } exists)
     }.sortBy(_.lastActivityDate desc).map{ t =>
       (t.userName, t.repositoryName)
     }.list
@@ -243,8 +244,10 @@ trait RepositoryService { self: AccountService =>
   def getUserRepositories(userName: String, withoutPhysicalInfo: Boolean = false)
                          (implicit s: Session): List[RepositoryInfo] = {
     Repositories.filter { t1 =>
-      (t1.userName === userName.bind) ||
+      (t1.userName === userName.bind) || (t1.userName in (GroupMembers.filter(_.userName === userName.bind).map(_.groupName))) ||
-        (Collaborators.filter { t2 => t2.byRepository(t1.userName, t1.repositoryName) && (t2.collaboratorName === userName.bind)} exists)
+      (Collaborators.filter { t2 => t2.byRepository(t1.userName, t1.repositoryName) &&
+        ((t2.collaboratorName === userName.bind) || (t2.collaboratorName in GroupMembers.filter(_.userName === userName.bind).map(_.groupName)))
+      } exists)
     }.sortBy(_.lastActivityDate desc).list.map{ repository =>
       new RepositoryInfo(
         if(withoutPhysicalInfo){
@@ -279,8 +282,13 @@ trait RepositoryService { self: AccountService =>
       case Some(x) if(x.isAdmin) => Repositories
       // for Normal Users
       case Some(x) if(!x.isAdmin) =>
-        Repositories filter { t => (t.isPrivate === false.bind) || (t.userName === x.userName) ||
+        Repositories filter { t =>
-          (Collaborators.filter { t2 => t2.byRepository(t.userName, t.repositoryName) && (t2.collaboratorName === x.userName.bind)} exists)
+          (t.isPrivate === false.bind) || (t.userName === x.userName) ||
+          (t.userName in GroupMembers.filter(_.userName === x.userName.bind).map(_.groupName)) ||
+          (Collaborators.filter { t2 =>
+            t2.byRepository(t.userName, t.repositoryName) &&
+              ((t2.collaboratorName === x.userName.bind) || (t2.collaboratorName in GroupMembers.filter(_.userName === x.userName.bind).map(_.groupName)))
+          } exists)
         }
       // for Guests
       case None => Repositories filter(_.isPrivate === false.bind)
@@ -320,11 +328,12 @@ trait RepositoryService { self: AccountService =>
    */
   def saveRepositoryOptions(userName: String, repositoryName: String,
       description: Option[String], isPrivate: Boolean,
-      enableIssues: Boolean, externalIssuesUrl: Option[String],
+      issuesOption: String, externalIssuesUrl: Option[String],
-      enableWiki: Boolean, allowWikiEditing: Boolean, externalWikiUrl: Option[String])(implicit s: Session): Unit =
+      wikiOption: String, externalWikiUrl: Option[String],
+      allowFork: Boolean)(implicit s: Session): Unit =
     Repositories.filter(_.byRepository(userName, repositoryName))
-      .map { r => (r.description.?, r.isPrivate, r.enableIssues, r.externalIssuesUrl.?, r.enableWiki, r.allowWikiEditing, r.externalWikiUrl.?, r.updatedDate) }
+      .map { r => (r.description.?, r.isPrivate, r.issuesOption, r.externalIssuesUrl.?, r.wikiOption, r.externalWikiUrl.?, r.allowFork, r.updatedDate) }
-      .update (description, isPrivate, enableIssues, externalIssuesUrl, enableWiki, allowWikiEditing, externalWikiUrl, currentDate)
+      .update (description, isPrivate, issuesOption, externalIssuesUrl, wikiOption, externalWikiUrl, allowFork, currentDate)
 
   def saveRepositoryDefaultBranch(userName: String, repositoryName: String,
       defaultBranch: String)(implicit s: Session): Unit =
@@ -333,49 +342,64 @@ trait RepositoryService { self: AccountService =>
       .update (defaultBranch)
 
   /**
-   * Add collaborator to the repository.
+   * Add collaborator (user or group) to the repository.
-   *
-   * @param userName the user name of the repository owner
-   * @param repositoryName the repository name
-   * @param collaboratorName the collaborator name
    */
-  def addCollaborator(userName: String, repositoryName: String, collaboratorName: String)(implicit s: Session): Unit =
+  def addCollaborator(userName: String, repositoryName: String, collaboratorName: String, role: String)(implicit s: Session): Unit =
-    Collaborators insert Collaborator(userName, repositoryName, collaboratorName)
+    Collaborators insert Collaborator(userName, repositoryName, collaboratorName, role)
-
-  /**
-   * Remove collaborator from the repository.
-   * 
-   * @param userName the user name of the repository owner
-   * @param repositoryName the repository name
-   * @param collaboratorName the collaborator name
-   */
-  def removeCollaborator(userName: String, repositoryName: String, collaboratorName: String)(implicit s: Session): Unit =
-    Collaborators.filter(_.byPrimaryKey(userName, repositoryName, collaboratorName)).delete
 
   /**
    * Remove all collaborators from the repository.
-   *
-   * @param userName the user name of the repository owner
-   * @param repositoryName the repository name
    */
   def removeCollaborators(userName: String, repositoryName: String)(implicit s: Session): Unit =
     Collaborators.filter(_.byRepository(userName, repositoryName)).delete
 
   /**
-   * Returns the list of collaborators name which is sorted with ascending order.
+   * Returns the list of collaborators name (user name or group name) which is sorted with ascending order.
-   * 
-   * @param userName the user name of the repository owner
-   * @param repositoryName the repository name
-   * @return the list of collaborators name
    */
-  def getCollaborators(userName: String, repositoryName: String)(implicit s: Session): List[String] =
+  def getCollaborators(userName: String, repositoryName: String)(implicit s: Session): List[(Collaborator, Boolean)] =
-    Collaborators.filter(_.byRepository(userName, repositoryName)).sortBy(_.collaboratorName).map(_.collaboratorName).list
+    Collaborators
+      .innerJoin(Accounts).on(_.collaboratorName === _.userName)
+      .filter { case (t1, t2) => t1.byRepository(userName, repositoryName) }
+      .map { case (t1, t2) => (t1, t2.groupAccount) }
+      .sortBy { case (t1, t2) => t1.collaboratorName }
+      .list
 
-  def hasWritePermission(owner: String, repository: String, loginAccount: Option[Account])(implicit s: Session): Boolean = {
+  /**
+   * Returns the list of all collaborator name and permission which is sorted with ascending order.
+   * If a group is added as a collaborator, this method returns users who are belong to that group.
+   */
+  def getCollaboratorUserNames(userName: String, repositoryName: String, filter: Seq[Role] = Nil)(implicit s: Session): List[String] = {
+    val q1 = Collaborators
+      .innerJoin(Accounts).on { case (t1, t2) => (t1.collaboratorName === t2.userName) && (t2.groupAccount === false.bind) }
+      .filter { case (t1, t2) => t1.byRepository(userName, repositoryName) }
+      .map { case (t1, t2) => (t1.collaboratorName, t1.role) }
+
+    val q2 = Collaborators
+      .innerJoin(Accounts).on { case (t1, t2) => (t1.collaboratorName === t2.userName) && (t2.groupAccount === true.bind) }
+      .innerJoin(GroupMembers).on { case ((t1, t2), t3) => t2.userName === t3.groupName }
+      .filter { case ((t1, t2), t3) => t1.byRepository(userName, repositoryName) }
+      .map { case ((t1, t2), t3) => (t3.userName, t1.role) }
+
+    q1.union(q2).list.filter { x => filter.isEmpty || filter.exists(_.name == x._2) }.map(_._1)
+  }
+
+
+  def hasDeveloperRole(owner: String, repository: String, loginAccount: Option[Account])(implicit s: Session): Boolean = {
     loginAccount match {
       case Some(a) if(a.isAdmin) => true
       case Some(a) if(a.userName == owner) => true
-      case Some(a) if(getCollaborators(owner, repository).contains(a.userName)) => true
+      case Some(a) if(getGroupMembers(owner).exists(_.userName == a.userName)) => true
+      case Some(a) if(getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN, Role.DEVELOPER)).contains(a.userName)) => true
+      case _ => false
+    }
+  }
+
+  def hasGuestRole(owner: String, repository: String, loginAccount: Option[Account])(implicit s: Session): Boolean = {
+    loginAccount match {
+      case Some(a) if(a.isAdmin) => true
+      case Some(a) if(a.userName == owner) => true
+      case Some(a) if(getGroupMembers(owner).exists(_.userName == a.userName)) => true
+      case Some(a) if(getCollaboratorUserNames(owner, repository, Seq(Role.ADMIN, Role.DEVELOPER, Role.GUEST)).contains(a.userName)) => true
       case _ => false
     }
   }
@@ -397,26 +421,20 @@ trait RepositoryService { self: AccountService =>
 object RepositoryService {
 
   case class RepositoryInfo(owner: String, name: String, repository: Repository,
-    issueCount: Int, pullCount: Int, commitCount: Int, forkedCount: Int,
+    issueCount: Int, pullCount: Int, forkedCount: Int,
     branchList: Seq[String], tags: Seq[JGitUtil.TagInfo], managers: Seq[String]) {
 
     /**
      * Creates instance with issue count and pull request count.
      */
     def this(repo: JGitUtil.RepositoryInfo, model: Repository, issueCount: Int, pullCount: Int, forkedCount: Int, managers: Seq[String]) =
-      this(
+      this(repo.owner, repo.name, model, issueCount, pullCount, forkedCount, repo.branchList, repo.tags, managers)
-        repo.owner, repo.name, model,
-        issueCount, pullCount, repo.commitCount, forkedCount,
-        repo.branchList, repo.tags, managers)
 
     /**
      * Creates instance without issue count and pull request count.
      */
     def this(repo: JGitUtil.RepositoryInfo, model: Repository, 	forkedCount: Int, managers: Seq[String]) =
-      this(
+      this(repo.owner, repo.name, model, 0, 0, forkedCount, repo.branchList, repo.tags, managers)
-        repo.owner, repo.name, model,
-        0, 0, repo.commitCount, forkedCount,
-        repo.branchList, repo.tags, managers)
 
     def httpUrl(implicit context: Context): String = RepositoryService.httpUrl(owner, name)
     def sshUrl(implicit context: Context): Option[String] = RepositoryService.sshUrl(owner, name)
@@ -430,7 +448,6 @@ object RepositoryService {
 
       (id, path.substring(id.length).stripPrefix("/"))
     }
-
   }
 
   def httpUrl(owner: String, name: String)(implicit context: Context): String = s"${context.baseUrl}/git/${owner}/${name}.git"

src/main/scala/gitbucket/core/service/RequestCache.scala

@@ -11,7 +11,7 @@ import Implicits.request2Session
  * It may be called many times in one request, so each method stores
  * its result into the cache which available during a request.
  */
-trait RequestCache extends SystemSettingsService with AccountService with IssuesService {
+trait RequestCache extends SystemSettingsService with AccountService with IssuesService with RepositoryService {
 
   private implicit def context2Session(implicit context: Context): Session =
     request2Session(context.request)

src/main/scala/gitbucket/core/service/SystemSettingsService.scala

@@ -73,7 +73,7 @@ trait SystemSettingsService {
         getValue(props, AllowAccountRegistration, false),
         getValue(props, AllowAnonymousAccess, true),
         getValue(props, IsCreateRepoOptionPublic, true),
-        getValue(props, Gravatar, true),
+        getValue(props, Gravatar, false),
         getValue(props, Notification, false),
         getOptionValue[Int](props, ActivityLogLimit, None),
         getValue(props, Ssh, false),

src/main/scala/gitbucket/core/service/WebHookService.scala

@@ -1,9 +1,11 @@
 package gitbucket.core.service
 
+import java.util.Date
+
 import fr.brouillard.oss.security.xhub.XHub
-import fr.brouillard.oss.security.xhub.XHub.{XHubDigest, XHubConverter}
+import fr.brouillard.oss.security.xhub.XHub.{XHubConverter, XHubDigest}
 import gitbucket.core.api._
-import gitbucket.core.model.{WebHook, Account, Issue, PullRequest, IssueComment, WebHookEvent, CommitComment}
+import gitbucket.core.model.{Account, CommitComment, Issue, IssueComment, PullRequest, WebHook, WebHookEvent}
 import gitbucket.core.model.Profile._
 import org.apache.http.client.utils.URLEncodedUtils
 import profile.simple._
@@ -16,6 +18,7 @@ import org.apache.http.message.BasicNameValuePair
 import org.eclipse.jgit.api.Git
 import org.eclipse.jgit.lib.ObjectId
 import org.slf4j.LoggerFactory
+
 import scala.concurrent._
 import org.apache.http.HttpRequest
 import org.apache.http.HttpResponse
@@ -33,15 +36,15 @@ trait WebHookService {
   def getWebHooks(owner: String, repository: String)(implicit s: Session): List[(WebHook, Set[WebHook.Event])] =
     WebHooks.filter(_.byRepository(owner, repository))
       .innerJoin(WebHookEvents).on { (w, t) => t.byWebHook(w) }
-      .map{ case (w,t) => w -> t.event }
+      .map { case (w,t) => w -> t.event }
       .list.groupBy(_._1).mapValues(_.map(_._2).toSet).toList.sortBy(_._1.url)
 
   /** get All WebHook informations of repository event */
   def getWebHooksByEvent(owner: String, repository: String, event: WebHook.Event)(implicit s: Session): List[WebHook] =
      WebHooks.filter(_.byRepository(owner, repository))
        .innerJoin(WebHookEvents).on { (wh, whe) => whe.byWebHook(wh) }
-       .filter{ case (wh, whe) => whe.event === event.bind}
+       .filter { case (wh, whe) => whe.event === event.bind}
-       .map{ case (wh, whe) => wh }
+       .map { case (wh, whe) => wh }
        .list.distinct
 
   /** get All WebHook information from repository to url */
@@ -49,12 +52,12 @@ trait WebHookService {
     WebHooks
       .filter(_.byPrimaryKey(owner, repository, url))
       .innerJoin(WebHookEvents).on { (w, t) => t.byWebHook(w) }
-      .map{ case (w,t) => w -> t.event }
+      .map { case (w,t) => w -> t.event }
       .list.groupBy(_._1).mapValues(_.map(_._2).toSet).headOption
 
   def addWebHook(owner: String, repository: String, url :String, events: Set[WebHook.Event], ctype: WebHookContentType, token: Option[String])(implicit s: Session): Unit = {
     WebHooks insert WebHook(owner, repository, url, ctype, token)
-    events.toSet.map{ event: WebHook.Event =>
+    events.map { event: WebHook.Event =>
       WebHookEvents insert WebHookEvent(owner, repository, url, event)
     }
   }
@@ -62,7 +65,7 @@ trait WebHookService {
   def updateWebHook(owner: String, repository: String, url :String, events: Set[WebHook.Event], ctype: WebHookContentType, token: Option[String])(implicit s: Session): Unit = {
     WebHooks.filter(_.byPrimaryKey(owner, repository, url)).map(w => (w.ctype, w.token)).update((ctype, token))
     WebHookEvents.filter(_.byWebHook(owner, repository, url)).delete
-    events.toSet.map{ event: WebHook.Event =>
+    events.map { event: WebHook.Event =>
       WebHookEvents insert WebHookEvent(owner, repository, url, event)
     }
   }
@@ -81,7 +84,7 @@ trait WebHookService {
   def callWebHook(event: WebHook.Event, webHooks: List[WebHook], payload: WebHookPayload)
                  (implicit c: JsonFormat.Context): List[(WebHook, String, Future[HttpRequest], Future[HttpResponse])] = {
     import org.apache.http.impl.client.HttpClientBuilder
-    import ExecutionContext.Implicits.global
+    import ExecutionContext.Implicits.global // TODO Shouldn't use the default execution context
     import org.apache.http.protocol.HttpContext
     import org.apache.http.client.methods.HttpPost
 
@@ -91,7 +94,7 @@ trait WebHookService {
       webHooks.map { webHook =>
         val reqPromise = Promise[HttpRequest]
         val f = Future {
-          val itcp = new org.apache.http.HttpRequestInterceptor{
+          val itcp = new org.apache.http.HttpRequestInterceptor {
             def process(res: HttpRequest, ctx: HttpContext): Unit = {
               reqPromise.success(res)
             }
@@ -129,8 +132,8 @@ trait WebHookService {
             httpPost.releaseConnection()
             logger.debug(s"end web hook invocation for ${webHook}")
             res
-          }catch{
+          } catch {
-            case e:Throwable => {
+            case e: Throwable => {
               if(!reqPromise.isCompleted){
                 reqPromise.failure(e)
               }
@@ -198,7 +201,9 @@ trait WebHookPullRequestService extends WebHookService {
           headOwner      = headOwner,
           baseRepository = repository,
           baseOwner      = baseOwner,
-          sender         = sender)
+          sender         = sender,
+          mergedComment  = getMergedComment(repository.owner, repository.name, issueId)
+        )
       }
     }
   }
@@ -237,7 +242,10 @@ trait WebHookPullRequestService extends WebHookService {
         headOwner      = headOwner,
         baseRepository = baseRepo,
         baseOwner      = baseOwner,
-        sender         = sender)
+        sender         = sender,
+        mergedComment  = getMergedComment(baseRepo.owner, baseRepo.name, issue.issueId)
+      )
+
       callWebHook(WebHook.PullRequest, webHooks, payload)
     }
   }
@@ -267,7 +275,9 @@ trait WebHookPullRequestReviewCommentService extends WebHookService {
           headOwner      = headOwner,
           baseRepository = repository,
           baseOwner      = baseOwner,
-          sender         = sender)
+          sender         = sender,
+          mergedComment  = getMergedComment(repository.owner, repository.name, issue.issueId)
+        )
       }
     }
   }
@@ -365,11 +375,21 @@ object WebHookService {
         headOwner: Account,
         baseRepository: RepositoryInfo,
         baseOwner: Account,
-        sender: Account): WebHookPullRequestPayload = {
+        sender: Account,
+        mergedComment: Option[(IssueComment, Account)]): WebHookPullRequestPayload = {
+
       val headRepoPayload = ApiRepository(headRepository, headOwner)
       val baseRepoPayload = ApiRepository(baseRepository, baseOwner)
       val senderPayload = ApiUser(sender)
-      val pr = ApiPullRequest(issue, pullRequest, headRepoPayload, baseRepoPayload, ApiUser(issueUser))
+      val pr = ApiPullRequest(
+        issue         = issue,
+        pullRequest   = pullRequest,
+        headRepo      = headRepoPayload,
+        baseRepo      = baseRepoPayload,
+        user          = ApiUser(issueUser),
+        mergedComment = mergedComment
+      )
+
       WebHookPullRequestPayload(
         action       = action,
         number       = issue.issueId,
@@ -389,7 +409,7 @@ object WebHookService {
     sender: ApiUser
   ) extends WebHookPayload
 
-  object WebHookIssueCommentPayload{
+  object WebHookIssueCommentPayload {
     def apply(
         issue: Issue,
         issueUser: Account,
@@ -415,7 +435,7 @@ object WebHookService {
     sender: ApiUser
   ) extends WebHookPayload
 
-  object WebHookPullRequestReviewCommentPayload{
+  object WebHookPullRequestReviewCommentPayload {
     def apply(
       action: String,
       comment: CommitComment,
@@ -426,15 +446,29 @@ object WebHookService {
       headOwner: Account,
       baseRepository: RepositoryInfo,
       baseOwner: Account,
-        sender: Account
+      sender: Account,
+      mergedComment: Option[(IssueComment, Account)]
     ) : WebHookPullRequestReviewCommentPayload = {
       val headRepoPayload = ApiRepository(headRepository, headOwner)
       val baseRepoPayload = ApiRepository(baseRepository, baseOwner)
       val senderPayload = ApiUser(sender)
+
       WebHookPullRequestReviewCommentPayload(
         action       = action,
-        comment = ApiPullRequestReviewComment(comment, senderPayload, RepositoryName(baseRepository), issue.issueId),
+        comment      = ApiPullRequestReviewComment(
-        pull_request = ApiPullRequest(issue, pullRequest, headRepoPayload, baseRepoPayload, ApiUser(issueUser)),
+          comment        = comment,
+          commentedUser  = senderPayload,
+          repositoryName = RepositoryName(baseRepository),
+          issueId        = issue.issueId
+        ),
+        pull_request = ApiPullRequest(
+          issue         = issue,
+          pullRequest   = pullRequest,
+          headRepo      = headRepoPayload,
+          baseRepo      = baseRepoPayload,
+          user          = ApiUser(issueUser),
+          mergedComment = mergedComment
+        ),
         repository   = baseRepoPayload,
         sender       = senderPayload)
     }

src/main/scala/gitbucket/core/servlet/GHCompatRepositoryAccessFilter.scala

@@ -0,0 +1,36 @@
+package gitbucket.core.servlet
+
+import javax.servlet._
+import javax.servlet.http.{HttpServletRequest, HttpServletResponse}
+
+import gitbucket.core.service.SystemSettingsService
+
+/**
+  * A controller to provide GitHub compatible URL for Git clients.
+  */
+class GHCompatRepositoryAccessFilter extends Filter with SystemSettingsService {
+
+  /**
+    * Pattern of GitHub compatible repository URL.
+    * <code>/:user/:repo.git/</code>
+    */
+  private val githubRepositoryPattern = """^/[^/]+/[^/]+\.git/.*""".r
+
+  override def init(filterConfig: FilterConfig) = {}
+
+  override def doFilter(req: ServletRequest, res: ServletResponse, chain: FilterChain) = {
+    implicit val request  = req.asInstanceOf[HttpServletRequest]
+    val response = res.asInstanceOf[HttpServletResponse]
+    val requestPath = request.getRequestURI.substring(request.getContextPath.length)
+    requestPath match {
+      case githubRepositoryPattern() =>
+        response.sendRedirect(baseUrl + "/git" + requestPath)
+
+      case _ =>
+        chain.doFilter(req, res)
+    }
+  }
+
+  override def destroy() = {}
+
+}

src/main/scala/gitbucket/core/servlet/GitAuthenticationFilter.scala

@@ -84,7 +84,7 @@ class GitAuthenticationFilter extends Filter with RepositoryService with Account
                 Array(username, password) = AuthUtil.decodeAuthHeader(auth).split(":", 2)
                 account <- authenticate(settings, username, password)
               } yield if(isUpdating || repository.repository.isPrivate){
-                  if(hasWritePermission(repository.owner, repository.name, Some(account))){
+                  if(hasDeveloperRole(repository.owner, repository.name, Some(account))){
                     request.setAttribute(Keys.Request.UserName, account.userName)
                     true
                   } else false

src/main/scala/gitbucket/core/servlet/GitRepositoryServlet.scala

@@ -110,7 +110,7 @@ import scala.collection.JavaConverters._
 class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl: String)(implicit session: Session)
   extends PostReceiveHook with PreReceiveHook
   with RepositoryService with AccountService with IssuesService with ActivityService with PullRequestService with WebHookService
-  with WebHookPullRequestService with ProtectedBranchService {
+  with WebHookPullRequestService with CommitsService {
   
   private val logger = LoggerFactory.getLogger(classOf[CommitLogHook])
   private var existIds: Seq[String] = Nil
@@ -139,6 +139,8 @@ class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl:
   def onPostReceive(receivePack: ReceivePack, commands: java.util.Collection[ReceiveCommand]): Unit = {
     try {
       using(Git.open(Directory.getRepositoryDir(owner, repository))) { git =>
+        JGitUtil.removeCache(git)
+
         val pushedIds = scala.collection.mutable.Set[String]()
         commands.asScala.foreach { command =>
           logger.debug(s"commandType: ${command.getType}, refName: ${command.getRefName}")

src/main/scala/gitbucket/core/servlet/InitializeListener.scala

@@ -17,6 +17,7 @@ import org.apache.commons.io.FileUtils
 import org.slf4j.LoggerFactory
 import akka.actor.{Actor, Props, ActorSystem}
 import com.typesafe.akka.extension.quartz.QuartzSchedulerExtension
+import scala.collection.JavaConverters._
 
 /**
  * Initialize GitBucket system.
@@ -80,8 +81,14 @@ class InitializeListener extends ServletContextListener with SystemSettingsServi
       // Rescue code for users who updated from 3.14 to 4.0.0
       // https://github.com/gitbucket/gitbucket/issues/1227
       val currentVersion = manager.getCurrentVersion(GitBucketCoreModule.getModuleId)
-      if(currentVersion == "4.0"){
+      val databaseVersion = if(currentVersion == "4.0"){
         manager.updateVersion(GitBucketCoreModule.getModuleId, "4.0.0")
+        "4.0.0"
+      } else currentVersion
+
+      val gitbucketVersion = GitBucketCoreModule.getVersions.asScala.last.getVersion
+      if(databaseVersion != gitbucketVersion){
+        throw new IllegalStateException(s"Initialization failed. GitBucket version is ${gitbucketVersion}, but database version is ${databaseVersion}.")
       }
 
       // Load plugins

src/main/scala/gitbucket/core/servlet/TransactionFilter.scala

@@ -52,6 +52,13 @@ object Database {
     config.setJdbcUrl(DatabaseConfig.url)
     config.setUsername(DatabaseConfig.user)
     config.setPassword(DatabaseConfig.password)
+    config.setAutoCommit(false)
+    DatabaseConfig.connectionTimeout.foreach(config.setConnectionTimeout)
+    DatabaseConfig.idleTimeout.foreach(config.setIdleTimeout)
+    DatabaseConfig.maxLifetime.foreach(config.setMaxLifetime)
+    DatabaseConfig.minimumIdle.foreach(config.setMinimumIdle)
+    DatabaseConfig.maximumPoolSize.foreach(config.setMaximumPoolSize)
+
     logger.debug("load database connection pool")
     new HikariDataSource(config)
   }

src/main/scala/gitbucket/core/ssh/GitCommand.scala

@@ -13,7 +13,7 @@ import ControlUtil._
 import org.eclipse.jgit.api.Git
 import Directory._
 import org.eclipse.jgit.transport.{ReceivePack, UploadPack}
-import org.apache.sshd.server.command.UnknownCommand
+import org.apache.sshd.server.scp.UnknownCommand
 import org.eclipse.jgit.errors.RepositoryNotFoundException
 
 object GitCommand {
@@ -36,7 +36,7 @@ abstract class GitCommand extends Command with SessionAware {
     override def run(): Unit = {
       authUser match {
         case Some(authUser) =>
-          Database() withSession { implicit session =>
+          Database() withTransaction { implicit session =>
             try {
               runTask(authUser)
               callback.onExit(0)
@@ -92,7 +92,7 @@ abstract class DefaultGitCommand(val owner: String, val repoName: String) extend
   protected def isWritableUser(username: String, repositoryInfo: RepositoryService.RepositoryInfo)
                               (implicit session: Session): Boolean =
     getAccountByUserName(username) match {
-      case Some(account) => hasWritePermission(repositoryInfo.owner, repositoryInfo.name, Some(account))
+      case Some(account) => hasDeveloperRole(repositoryInfo.owner, repositoryInfo.name, Some(account))
       case None => false
     }
 

src/main/scala/gitbucket/core/ssh/PublicKeyAuthenticator.scala

@@ -7,12 +7,12 @@ import gitbucket.core.service.SshKeyService
 import gitbucket.core.servlet.Database
 import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator
 import org.apache.sshd.server.session.ServerSession
-import org.apache.sshd.common.session.Session
+import org.apache.sshd.common.AttributeStore
 import org.slf4j.LoggerFactory
 
 object PublicKeyAuthenticator {
   // put in the ServerSession here to be read by GitCommand later
-  private val userNameSessionKey = new Session.AttributeKey[String]
+  private val userNameSessionKey = new AttributeStore.AttributeKey[String]
 
   def putUserName(serverSession:ServerSession, userName:String):Unit =
     serverSession.setAttribute(userNameSessionKey, userName)

src/main/scala/gitbucket/core/util/Authenticator.scala

@@ -1,7 +1,8 @@
 package gitbucket.core.util
 
 import gitbucket.core.controller.ControllerBase
-import gitbucket.core.service.{RepositoryService, AccountService}
+import gitbucket.core.service.{AccountService, RepositoryService}
+import gitbucket.core.model.Role
 import RepositoryService.RepositoryInfo
 import Implicits._
 import ControlUtil._
@@ -40,9 +41,9 @@ trait OwnerAuthenticator { self: ControllerBase with RepositoryService with Acco
           context.loginAccount match {
             case Some(x) if(x.isAdmin) => action(repository)
             case Some(x) if(repository.owner == x.userName) => action(repository)
-            case Some(x) if(getGroupMembers(repository.owner).exists { member =>
+            // TODO Repository management is allowed for only group managers?
-              member.userName == x.userName && member.isManager == true
+            case Some(x) if(getGroupMembers(repository.owner).exists { m => m.userName == x.userName && m.isManager == true }) => action(repository)
-            }) => action(repository)
+            case Some(x) if(getCollaboratorUserNames(paths(0), paths(1), Seq(Role.ADMIN)).contains(x.userName)) => action(repository)
             case _ => Unauthorized()
           }
         } getOrElse NotFound()
@@ -86,32 +87,9 @@ trait AdminAuthenticator { self: ControllerBase =>
 }
 
 /**
- * Allows only collaborators and administrators.
+ * Allows only guests and signed in users who can access the repository.
  */
-trait CollaboratorsAuthenticator { self: ControllerBase with RepositoryService =>
+trait ReferrerAuthenticator { self: ControllerBase with RepositoryService with AccountService =>
-  protected def collaboratorsOnly(action: (RepositoryInfo) => Any) = { authenticate(action) }
-  protected def collaboratorsOnly[T](action: (T, RepositoryInfo) => Any) = (form: T) => { authenticate(action(form, _)) }
-
-  private def authenticate(action: (RepositoryInfo) => Any) = {
-    {
-      defining(request.paths){ paths =>
-        getRepository(paths(0), paths(1)).map { repository =>
-          context.loginAccount match {
-            case Some(x) if(x.isAdmin) => action(repository)
-            case Some(x) if(paths(0) == x.userName) => action(repository)
-            case Some(x) if(getCollaborators(paths(0), paths(1)).contains(x.userName)) => action(repository)
-            case _ => Unauthorized()
-          }
-        } getOrElse NotFound()
-      }
-    }
-  }
-}
-
-/**
- * Allows only the repository owner (or manager for group repository) and administrators.
- */
-trait ReferrerAuthenticator { self: ControllerBase with RepositoryService =>
   protected def referrersOnly(action: (RepositoryInfo) => Any) = { authenticate(action) }
   protected def referrersOnly[T](action: (T, RepositoryInfo) => Any) = (form: T) => { authenticate(action(form, _)) }
 
@@ -125,7 +103,8 @@ trait ReferrerAuthenticator { self: ControllerBase with RepositoryService =>
             context.loginAccount match {
               case Some(x) if(x.isAdmin) => action(repository)
               case Some(x) if(paths(0) == x.userName) => action(repository)
-              case Some(x) if(getCollaborators(paths(0), paths(1)).contains(x.userName)) => action(repository)
+              case Some(x) if(getGroupMembers(repository.owner).exists(_.userName == x.userName)) => action(repository)
+              case Some(x) if(getCollaboratorUserNames(paths(0), paths(1)).contains(x.userName)) => action(repository)
               case _ => Unauthorized()
             }
           }
@@ -136,9 +115,9 @@ trait ReferrerAuthenticator { self: ControllerBase with RepositoryService =>
 }
 
 /**
- * Allows only signed in users which can access the repository.
+ * Allows only signed in users who have read permission for the repository.
  */
-trait ReadableUsersAuthenticator { self: ControllerBase with RepositoryService =>
+trait ReadableUsersAuthenticator { self: ControllerBase with RepositoryService with AccountService =>
   protected def readableUsersOnly(action: (RepositoryInfo) => Any) = { authenticate(action) }
   protected def readableUsersOnly[T](action: (T, RepositoryInfo) => Any) = (form: T) => { authenticate(action(form, _)) }
 
@@ -150,7 +129,32 @@ trait ReadableUsersAuthenticator { self: ControllerBase with RepositoryService =
             case Some(x) if(x.isAdmin) => action(repository)
             case Some(x) if(!repository.repository.isPrivate) => action(repository)
             case Some(x) if(paths(0) == x.userName) => action(repository)
-            case Some(x) if(getCollaborators(paths(0), paths(1)).contains(x.userName)) => action(repository)
+            case Some(x) if(getGroupMembers(repository.owner).exists(_.userName == x.userName)) => action(repository)
+            case Some(x) if(getCollaboratorUserNames(paths(0), paths(1)).contains(x.userName)) => action(repository)
+            case _ => Unauthorized()
+          }
+        } getOrElse NotFound()
+      }
+    }
+  }
+}
+
+/**
+ * Allows only signed in users who have write permission for the repository.
+ */
+trait WritableUsersAuthenticator { self: ControllerBase with RepositoryService with AccountService =>
+  protected def writableUsersOnly(action: (RepositoryInfo) => Any) = { authenticate(action) }
+  protected def writableUsersOnly[T](action: (T, RepositoryInfo) => Any) = (form: T) => { authenticate(action(form, _)) }
+
+  private def authenticate(action: (RepositoryInfo) => Any) = {
+    {
+      defining(request.paths){ paths =>
+        getRepository(paths(0), paths(1)).map { repository =>
+          context.loginAccount match {
+            case Some(x) if(x.isAdmin) => action(repository)
+            case Some(x) if(paths(0) == x.userName) => action(repository)
+            case Some(x) if(getGroupMembers(repository.owner).exists(_.userName == x.userName)) => action(repository)
+            case Some(x) if(getCollaboratorUserNames(paths(0), paths(1), Seq(Role.ADMIN, Role.DEVELOPER)).contains(x.userName)) => action(repository)
             case _ => Unauthorized()
           }
         } getOrElse NotFound()

src/main/scala/gitbucket/core/util/DatabaseConfig.scala

@@ -17,6 +17,11 @@ object DatabaseConfig {
           |  url = "jdbc:h2:${DatabaseHome};MVCC=true"
           |  user = "sa"
           |  password = "sa"
+          |#  connectionTimeout = 30000
+          |#  idleTimeout = 600000
+          |#  maxLifetime = 1800000
+          |#  minimumIdle = 10
+          |#  maximumPoolSize = 10
           |}
           |""".stripMargin, "UTF-8")
     }
@@ -28,12 +33,21 @@ object DatabaseConfig {
   def url(directory: Option[String]): String =
     dbUrl.replace("${DatabaseHome}", directory.getOrElse(DatabaseHome))
 
-  lazy val url: String = url(None)
+  lazy val url                : String = url(None)
-  lazy val user: String = config.getString("db.user")
+  lazy val user               : String = config.getString("db.user")
-  lazy val password: String = config.getString("db.password")
+  lazy val password           : String = config.getString("db.password")
-  lazy val jdbcDriver: String = DatabaseType(url).jdbcDriver
+  lazy val jdbcDriver         : String = DatabaseType(url).jdbcDriver
-  lazy val slickDriver: slick.driver.JdbcProfile = DatabaseType(url).slickDriver
+  lazy val slickDriver        : slick.driver.JdbcProfile = DatabaseType(url).slickDriver
-  lazy val liquiDriver: AbstractJdbcDatabase = DatabaseType(url).liquiDriver
+  lazy val liquiDriver        : AbstractJdbcDatabase     = DatabaseType(url).liquiDriver
+  lazy val connectionTimeout  : Option[Long]   = getOptionValue("db.connectionTimeout", config.getLong)
+  lazy val idleTimeout        : Option[Long]   = getOptionValue("db.idleTimeout"      , config.getLong)
+  lazy val maxLifetime        : Option[Long]   = getOptionValue("db.maxLifetime"      , config.getLong)
+  lazy val minimumIdle        : Option[Int]    = getOptionValue("db.minimumIdle"      , config.getInt)
+  lazy val maximumPoolSize    : Option[Int]    = getOptionValue("db.maximumPoolSize"  , config.getInt)
+
+  private def getOptionValue[T](path: String, f: String => T): Option[T] = {
+    if(config.hasPath(path)) Some(f(path)) else None
+  }
 
 }
 

src/main/scala/gitbucket/core/util/Implicits.scala

@@ -85,12 +85,6 @@ object Implicits {
   }
 
   implicit class RichSession(session: HttpSession){
-
-    def putAndGet[T](key: String, value: T): T = {
-      session.setAttribute(key, value)
-      value
-    }
-
     def getAndRemove[T](key: String): Option[T] = {
       val value = session.getAttribute(key).asInstanceOf[T]
       if(value == null){

src/main/scala/gitbucket/core/util/JDBCUtil.scala

@@ -3,16 +3,16 @@ package gitbucket.core.util
 import java.io._
 import java.sql._
 import java.text.SimpleDateFormat
-import javax.xml.stream.{XMLStreamConstants, XMLInputFactory, XMLOutputFactory}
 import ControlUtil._
-import scala.StringBuilder
 import scala.annotation.tailrec
-import scala.collection.mutable
 import scala.collection.mutable.ListBuffer
 
 /**
  * Provides implicit class which extends java.sql.Connection.
- * This is used in automatic migration in [[servlet.AutoUpdateListener]].
+ * This is used in following points:
+ *
+ * - Automatic migration in [[gitbucket.core.servlet.InitializeListener]]
+ * - Data importing / exporting in [[gitbucket.core.controller.SystemSettingsController]] and [[gitbucket.core.controller.FileUploadController]]
  */
 object JDBCUtil {
 
@@ -64,65 +64,38 @@ object JDBCUtil {
       }
     }
 
-    def importAsXML(in: InputStream): Unit = {
+    def importAsSQL(in: InputStream): Unit = {
       conn.setAutoCommit(false)
       try {
-        val factory = XMLInputFactory.newInstance()
+        using(in){ in =>
-        using(factory.createXMLStreamReader(in, "UTF-8")){ reader =>
+          var out = new ByteArrayOutputStream()
-          // stateful objects
-          var elementName   = ""
-          var insertTable   = ""
-          var insertColumns = Map.empty[String, (String, String)]
 
-          while(reader.hasNext){
+          var length = 0
-            reader.next()
+          val bytes = new scala.Array[Byte](1024 * 8)
+          var stringLiteral = false
 
-            reader.getEventType match {
+          while({ length = in.read(bytes); length != -1 }){
-              case XMLStreamConstants.START_ELEMENT =>
+            for(i <- 0 to length - 1){
-                elementName = reader.getName.getLocalPart
+              val c = bytes(i)
-                if(elementName == "insert"){
+              if(c == '\''){
-                  insertTable = reader.getAttributeValue(null, "table")
+                stringLiteral = !stringLiteral
-                } else if(elementName == "delete"){
-                  val tableName = reader.getAttributeValue(null, "table")
-                  conn.update(s"DELETE FROM ${tableName}")
-                } else if(elementName == "column"){
-                  val columnName  = reader.getAttributeValue(null, "name")
-                  val columnType  = reader.getAttributeValue(null, "type")
-                  val columnValue = reader.getElementText
-                  insertColumns = insertColumns + (columnName -> (columnType, columnValue))
               }
-              case XMLStreamConstants.END_ELEMENT =>
+              if(c == ';' && !stringLiteral){
-                // Execute insert statement
+                val sql = new String(out.toByteArray, "UTF-8")
-                reader.getName.getLocalPart match {
+                conn.update(sql.trim)
-                  case "insert" => {
+                out = new ByteArrayOutputStream()
-                    val sb = new StringBuilder()
-                    sb.append(s"INSERT INTO ${insertTable} (")
-                    sb.append(insertColumns.map { case (columnName, _) => columnName }.mkString(", "))
-                    sb.append(") VALUES (")
-                    sb.append(insertColumns.map { case (_, (columnType, columnValue)) =>
-                      if(columnType == null || columnValue == null){
-                        "NULL"
-                      } else if(columnType == "string"){
-                        "'" + columnValue.replace("'", "''") + "'"
-                      } else if(columnType == "timestamp"){
-                        "'" + columnValue + "'"
               } else {
-                        columnValue.toString
+                out.write(c)
-                      }
-                    }.mkString(", "))
-                    sb.append(")")
-
-                    conn.update(sb.toString)
-
-                    insertColumns = Map.empty[String, (String, String)] // Clear column information
-                  }
-                  case _ => // Nothing to do
-                }
-              case _ => // Nothing to do
               }
             }
           }
 
+          val remain = out.toByteArray
+          if(remain.length != 0){
+            val sql = new String(remain, "UTF-8")
+            conn.update(sql.trim)
+          }
+        }
         conn.commit()
 
       } catch {
@@ -133,68 +106,6 @@ object JDBCUtil {
       }
     }
 
-    def exportAsXML(targetTables: Seq[String]): File = {
-      val dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss")
-      val file = File.createTempFile("gitbucket-export-", ".xml")
-
-      val factory = XMLOutputFactory.newInstance()
-      using(factory.createXMLStreamWriter(new FileOutputStream(file), "UTF-8")){ writer =>
-        val dbMeta = conn.getMetaData
-        val allTablesInDatabase = allTablesOrderByDependencies(dbMeta)
-
-        writer.writeStartDocument("UTF-8", "1.0")
-        writer.writeStartElement("tables")
-
-        println(allTablesInDatabase.mkString(", "))
-
-        allTablesInDatabase.reverse.foreach { tableName =>
-          if (targetTables.contains(tableName)) {
-            writer.writeStartElement("delete")
-            writer.writeAttribute("table", tableName)
-            writer.writeEndElement()
-          }
-        }
-
-        allTablesInDatabase.foreach { tableName =>
-          if (targetTables.contains(tableName)) {
-            select(s"SELECT * FROM ${tableName}") { rs =>
-              writer.writeStartElement("insert")
-              writer.writeAttribute("table", tableName)
-              val rsMeta = rs.getMetaData
-              (1 to rsMeta.getColumnCount).foreach { i =>
-                val columnName = rsMeta.getColumnName(i)
-                val (columnType, columnValue) = if(rs.getObject(columnName) == null){
-                  (null, null)
-                } else {
-                  rsMeta.getColumnType(i) match {
-                    case Types.BOOLEAN | Types.BIT => ("boolean", rs.getBoolean(columnName))
-                    case Types.VARCHAR | Types.CLOB | Types.CHAR | Types.LONGVARCHAR => ("string", rs.getString(columnName))
-                    case Types.INTEGER => ("int", rs.getInt(columnName))
-                    case Types.TIMESTAMP => ("timestamp", dateFormat.format(rs.getTimestamp(columnName)))
-                  }
-                }
-                writer.writeStartElement("column")
-                writer.writeAttribute("name", columnName)
-                if(columnType != null){
-                  writer.writeAttribute("type", columnType)
-                }
-                if(columnValue != null){
-                  writer.writeCharacters(columnValue.toString)
-                }
-                writer.writeEndElement()
-              }
-              writer.writeEndElement()
-            }
-          }
-        }
-
-        writer.writeEndElement()
-        writer.writeEndDocument()
-      }
-
-      file
-    }
-
     def exportAsSQL(targetTables: Seq[String]): File = {
       val dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss")
       val file = File.createTempFile("gitbucket-export-", ".sql")

src/main/scala/gitbucket/core/util/JGitUtil.scala

@@ -5,6 +5,7 @@ import org.eclipse.jgit.api.Git
 import Directory._
 import StringUtil._
 import ControlUtil._
+
 import scala.annotation.tailrec
 import scala.collection.JavaConverters._
 import org.eclipse.jgit.lib._
@@ -16,7 +17,11 @@ import org.eclipse.jgit.diff.DiffEntry.ChangeType
 import org.eclipse.jgit.errors.{ConfigInvalidException, MissingObjectException}
 import org.eclipse.jgit.transport.RefSpec
 import java.util.Date
-import org.eclipse.jgit.api.errors.{JGitInternalException, InvalidRefNameException, RefAlreadyExistsException, NoHeadException}
+import java.util.concurrent.TimeUnit
+import java.util.function.Consumer
+
+import org.cache2k.{Cache2kBuilder, CacheEntry}
+import org.eclipse.jgit.api.errors.{InvalidRefNameException, JGitInternalException, NoHeadException, RefAlreadyExistsException}
 import org.eclipse.jgit.dircache.DirCacheEntry
 import org.slf4j.LoggerFactory
 
@@ -32,14 +37,11 @@ object JGitUtil {
    *
    * @param owner the user name of the repository owner
    * @param name the repository name
-   * @param commitCount the commit count. If the repository has over 1000 commits then this property is 1001.
    * @param branchList the list of branch names
    * @param tags the list of tags
    */
-  case class RepositoryInfo(owner: String, name: String, commitCount: Int, branchList: List[String], tags: List[TagInfo]){
+  case class RepositoryInfo(owner: String, name: String, branchList: List[String], tags: List[TagInfo]){
-    def this(owner: String, name: String) = {
+    def this(owner: String, name: String) = this(owner, name, Nil, Nil)
-      this(owner, name, 0, Nil, Nil)
-    }
   }
 
   /**
@@ -170,19 +172,53 @@ object JGitUtil {
     revCommit
   }
 
+  private val cache = new Cache2kBuilder[String, Int]() {}
+    .name("commit-count")
+    .expireAfterWrite(24, TimeUnit.HOURS)
+    .entryCapacity(10000)
+    .build()
+
+  def removeCache(git: Git): Unit = {
+    val dir = git.getRepository.getDirectory
+    val keyPrefix = dir.getAbsolutePath + "@"
+
+    cache.forEach(new Consumer[CacheEntry[String, Int]] {
+      override def accept(entry: CacheEntry[String, Int]): Unit = {
+        if(entry.getKey.startsWith(keyPrefix)){
+          cache.remove(entry.getKey)
+        }
+      }
+    })
+  }
+
+  /**
+   * Returns the number of commits in the specified branch or commit.
+   * If the specified branch has over 10000 commits, this method returns 100001.
+   */
+  def getCommitCount(owner: String, repository: String, branch: String): Int = {
+    val dir = getRepositoryDir(owner, repository)
+    val key = dir.getAbsolutePath + "@" + branch
+    val entry = cache.getEntry(key)
+
+    if(entry == null) {
+      using(Git.open(dir)) { git =>
+        val commitId = git.getRepository.resolve(branch)
+        val commitCount = git.log.add(commitId).call.iterator.asScala.take(10001).size
+        cache.put(key, commitCount)
+        commitCount
+      }
+    } else {
+      entry.getValue
+    }
+  }
+
   /**
    * Returns the repository information. It contains branch names and tag names.
    */
   def getRepositoryInfo(owner: String, repository: String): RepositoryInfo = {
     using(Git.open(getRepositoryDir(owner, repository))){ git =>
       try {
-        // get commit count
+        RepositoryInfo(owner, repository,
-        val commitCount = git.log.all.call.iterator.asScala.map(_ => 1).take(10001).sum
-
-        RepositoryInfo(
-          owner, repository,
-          // commit count
-          commitCount,
           // branches
           git.branchList.call.asScala.map { ref =>
             ref.getName.stripPrefix("refs/heads/")
@@ -195,9 +231,7 @@ object JGitUtil {
         )
       } catch {
         // not initialized
-        case e: NoHeadException => RepositoryInfo(
+        case e: NoHeadException => RepositoryInfo(owner, repository, Nil, Nil)
-          owner, repository, 0, Nil, Nil)
-
       }
     }
   }
@@ -213,7 +247,7 @@ object JGitUtil {
   def getFileList(git: Git, revision: String, path: String = "."): List[FileInfo] = {
     using(new RevWalk(git.getRepository)){ revWalk =>
       val objectId = git.getRepository.resolve(revision)
-      if(objectId==null) return Nil
+      if(objectId == null) return Nil
       val revCommit = revWalk.parseCommit(objectId)
 
       def useTreeWalk(rev:RevCommit)(f:TreeWalk => Any): Unit = if (path == ".") {
@@ -255,14 +289,14 @@ object JGitUtil {
                           revIterator:java.util.Iterator[RevCommit]): List[(ObjectId, FileMode, String, Option[String], RevCommit)] ={
         if(restList.isEmpty){
           result
-        }else if(!revIterator.hasNext){ // maybe, revCommit has only 1 log. other case, restList be empty
+        } else if(!revIterator.hasNext){ // maybe, revCommit has only 1 log. other case, restList be empty
-          result ++ restList.map{ case (tuple, map) => tupleAdd(tuple, map.values.headOption.getOrElse(revCommit)) }
+          result ++ restList.map { case (tuple, map) => tupleAdd(tuple, map.values.headOption.getOrElse(revCommit)) }
-        }else{
+        } else {
           val newCommit = revIterator.next
-          val (thisTimeChecks,skips) = restList.partition{ case (tuple, parentsMap) => parentsMap.contains(newCommit) }
+          val (thisTimeChecks,skips) = restList.partition { case (tuple, parentsMap) => parentsMap.contains(newCommit) }
           if(thisTimeChecks.isEmpty){
             findLastCommits(result, restList, revIterator)
-          }else{
+          } else {
             var nextRest = skips
             var nextResult = result
             // Map[(name, oid), (tuple, parentsMap)]
@@ -270,20 +304,20 @@ object JGitUtil {
             lazy val newParentsMap = newCommit.getParents.map(_ -> newCommit).toMap
             useTreeWalk(newCommit){ walk =>
               while(walk.next){
-                rest.remove(walk.getNameString -> walk.getObjectId(0)).map{ case (tuple, _) =>
+                rest.remove(walk.getNameString -> walk.getObjectId(0)).map { case (tuple, _) =>
                   if(newParentsMap.isEmpty){
                     nextResult +:= tupleAdd(tuple, newCommit)
-                  }else{
+                  } else {
                     nextRest +:= tuple -> newParentsMap
                   }
                 }
               }
             }
-            rest.values.map{ case (tuple, parentsMap) =>
+            rest.values.map { case (tuple, parentsMap) =>
               val restParentsMap = parentsMap - newCommit
               if(restParentsMap.isEmpty){
                 nextResult +:= tupleAdd(tuple, parentsMap(newCommit))
-              }else{
+              } else {
                 nextRest +:= tuple -> restParentsMap
               }
             }
@@ -295,7 +329,7 @@ object JGitUtil {
       var fileList: List[(ObjectId, FileMode, String, Option[String])] = Nil
       useTreeWalk(revCommit){ treeWalk =>
         while (treeWalk.next()) {
-          val linkUrl =if (treeWalk.getFileMode(0) == FileMode.GITLINK) {
+          val linkUrl = if (treeWalk.getFileMode(0) == FileMode.GITLINK) {
             getSubmodules(git, revCommit.getTree).find(_.path == treeWalk.getPathString).map(_.url)
           } else None
           fileList +:= (treeWalk.getObjectId(0), treeWalk.getFileMode(0), treeWalk.getNameString, linkUrl)
@@ -345,7 +379,7 @@ object JGitUtil {
   def getTreeId(git: Git, revision: String): Option[String] = {
     using(new RevWalk(git.getRepository)){ revWalk =>
       val objectId  = git.getRepository.resolve(revision)
-      if(objectId==null) return None
+      if(objectId == null) return None
       val revCommit = revWalk.parseCommit(objectId)
       Some(revCommit.getTree.name)
     }
@@ -357,7 +391,7 @@ object JGitUtil {
   def getAllFileListByTreeId(git: Git, treeId: String): List[String] = {
     using(new RevWalk(git.getRepository)){ revWalk =>
       val objectId  = git.getRepository.resolve(treeId+"^{tree}")
-      if(objectId==null) return Nil
+      if(objectId == null) return Nil
       using(new TreeWalk(git.getRepository)){ treeWalk =>
         treeWalk.addTree(objectId)
         treeWalk.setRecursive(true)
@@ -705,6 +739,8 @@ object JGitUtil {
     refUpdate.setNewObjectId(newHeadId)
     refUpdate.update()
 
+    removeCache(git)
+
     newHeadId
   }
 
@@ -830,14 +866,16 @@ object JGitUtil {
     existIds.toSeq
   }
 
-  def processTree(git: Git, id: ObjectId)(f: (String, CanonicalTreeParser) => Unit) = {
+  def processTree[T](git: Git, id: ObjectId)(f: (String, CanonicalTreeParser) => T): Seq[T] = {
     using(new RevWalk(git.getRepository)){ revWalk =>
       using(new TreeWalk(git.getRepository)){ treeWalk =>
         val index = treeWalk.addTree(revWalk.parseTree(id))
         treeWalk.setRecursive(true)
+        val result = new collection.mutable.ListBuffer[T]()
         while(treeWalk.next){
-          f(treeWalk.getPathString, treeWalk.getTree(index, classOf[CanonicalTreeParser]))
+          result += f(treeWalk.getPathString, treeWalk.getTree(index, classOf[CanonicalTreeParser]))
         }
+        result.toSeq
       }
     }
   }
@@ -875,6 +913,7 @@ object JGitUtil {
 
   /**
    * Returns the last modified commit of specified path
+   *
    * @param git the Git object
    * @param startCommit the search base commit id
    * @param path the path of target file or directory
@@ -957,6 +996,7 @@ object JGitUtil {
 
   /**
    * Returns sha1
+   *
    * @param owner repository owner
    * @param name  repository name
    * @param revstr  A git object references expression

src/main/scala/gitbucket/core/util/Notifier.scala

@@ -22,8 +22,10 @@ trait Notifier extends RepositoryService with AccountService with IssuesService
     (
         // individual repository's owner
         issue.userName ::
+        // group members of group repository
+        getGroupMembers(issue.userName).map(_.userName) :::
         // collaborators
-        getCollaborators(issue.userName, issue.repositoryName) :::
+        getCollaboratorUserNames(issue.userName, issue.repositoryName) :::
         // participants
         issue.openedUserName ::
         getComments(issue.userName, issue.repositoryName, issue.issueId).map(_.commentedUserName)
@@ -107,6 +109,9 @@ class Mailer(private val smtp: Smtp) extends Notifier {
     }
     smtp.ssl.foreach { ssl =>
       email.setSSLOnConnect(ssl)
+      if(ssl == true) {
+        email.setSslSmtpPort(smtp.port.get.toString)
+      }
     }
     smtp.fromAddress
       .map (_ -> smtp.fromName.getOrElse(context.loginAccount.get.userName))

src/main/scala/gitbucket/core/util/StringUtil.scala

@@ -86,8 +86,9 @@ object StringUtil {
    *@param message the message which may contains issue id
    * @return the iterator of issue id
    */
-  def extractIssueId(message: String): Iterator[String] =
+  def extractIssueId(message: String): Seq[String] =
-    "(^|\\W)#(\\d+)(\\W|$)".r.findAllIn(message).matchData.map(_.group(2))
+    "(^|\\W)#(\\d+)(\\W|$)".r
+      .findAllIn(message).matchData.map(_.group(2)).toSeq.distinct
 
   /**
    * Extract close issue id like ```close #issueId ``` from the given message.
@@ -95,7 +96,8 @@ object StringUtil {
    * @param message the message which may contains close command
    * @return the iterator of issue id
    */
-  def extractCloseId(message: String): Iterator[String] =
+  def extractCloseId(message: String): Seq[String] =
-    "(?i)(?<!\\w)(?:fix(?:e[sd])?|resolve[sd]?|close[sd]?)\\s+#(\\d+)(?!\\w)".r.findAllIn(message).matchData.map(_.group(1))
+    "(?i)(?<!\\w)(?:fix(?:e[sd])?|resolve[sd]?|close[sd]?)\\s+#(\\d+)(?!\\w)".r
+      .findAllIn(message).matchData.map(_.group(1)).toSeq.distinct
 
 }

src/main/scala/gitbucket/core/view/LinkConverter.scala

@@ -37,7 +37,7 @@ trait LinkConverter { self: RequestCache =>
       // convert username/project@SHA to link
       .replaceBy("(?<=(^|\\W))([a-zA-Z0-9\\-_]+)/([a-zA-Z0-9\\-_\\.]+)@([a-f0-9]{40})(?=(\\W|$))".r){ m =>
         getAccountByUserName(m.group(2)).map { _ =>
-          s"""<a href="${context.path}/${m.group(2)}/${m.group(3)}/commit/${m.group(4)}">${m.group(2)}/${m.group(3)}@${m.group(4).substring(0, 7)}</a>"""
+          s"""<code><a href="${context.path}/${m.group(2)}/${m.group(3)}/commit/${m.group(4)}">${m.group(2)}/${m.group(3)}@${m.group(4).substring(0, 7)}</a></code>"""
         }
       }
 
@@ -56,7 +56,7 @@ trait LinkConverter { self: RequestCache =>
       // convert username@SHA to link
       .replaceBy( ("(?<=(^|\\W))([a-zA-Z0-9\\-_]+)@([a-f0-9]{40})(?=(\\W|$))").r ) { m =>
         getAccountByUserName(m.group(2)).map { _ =>
-          s"""<a href="${context.path}/${m.group(2)}/${repository.name}/commit/${m.group(3)}">${m.group(2)}@${m.group(3).substring(0, 7)}</a>"""
+          s"""<code><a href="${context.path}/${m.group(2)}/${repository.name}/commit/${m.group(3)}">${m.group(2)}@${m.group(3).substring(0, 7)}</a></code>"""
         }
       }
 
@@ -73,7 +73,7 @@ trait LinkConverter { self: RequestCache =>
       }
 
       // convert issue id to link
-      .replaceBy(("(?<=(^|\\W))(GH-|" + issueIdPrefix + ")([0-9]+)(?=(\\W|$))").r){ m =>
+      .replaceBy(("(?<=(^|\\W))(GH-|(?<!&)" + issueIdPrefix + ")([0-9]+)(?=(\\W|$))").r){ m =>
         val prefix = if(m.group(2) == "issue:") "#" else m.group(2)
         getIssue(repository.owner, repository.name, m.group(3)) match {
           case Some(issue) if(issue.isPullRequest) =>
@@ -93,6 +93,8 @@ trait LinkConverter { self: RequestCache =>
       }
 
       // convert commit id to link
-      .replaceAll("(?<=(^|[^\\w/@]))([a-f0-9]{40})(?=(\\W|$))", s"""<a href="${context.path}/${repository.owner}/${repository.name}/commit/$$2">$$2</a>""")
+      .replaceBy("(?<=(^|[^\\w/@]))([a-f0-9]{40})(?=(\\W|$))".r){ m =>
+        Some(s"""<code><a href="${context.path}/${repository.owner}/${repository.name}/commit/${m.group(2)}">${m.group(2).substring(0, 7)}</a></code>""")
+      }
   }
 }

src/main/scala/gitbucket/core/view/Markdown.scala

@@ -44,7 +44,8 @@ object Markdown {
     val renderer = new GitBucketMarkedRenderer(options, repository,
       enableWikiLink, enableRefsLink, enableAnchor, enableTaskList, hasWritePermission, pages)
 
-    helpers.decorateHtml(Marked.marked(source, options, renderer), repository)
+    //helpers.decorateHtml(Marked.marked(source, options, renderer), repository)
+    Marked.marked(source, options, renderer)
   }
 
   /**
@@ -109,11 +110,10 @@ object Markdown {
     override def text(text: String): String = {
       // convert commit id and username to link.
       val t1 = if(enableRefsLink) convertRefsLinks(text, repository, "#", false) else text
-
       // convert task list to checkbox.
       val t2 = if(enableTaskList) convertCheckBox(t1, hasWritePermission) else t1
-
+      // decorate by TextDecorator plugins
-      t2
+      helpers.decorateHtml(t2, repository)
     }
 
     override def link(href: String, title: String, text: String): String = {
@@ -147,21 +147,23 @@ object Markdown {
     }
 
     private def fixUrl(url: String, isImage: Boolean = false): String = {
+      lazy val urlWithRawParam: String = url + (if(isImage && !url.endsWith("?raw=true")) "?raw=true" else "")
+
       if(url.startsWith("http://") || url.startsWith("https://") || url.startsWith("/")){
         url
       } else if(url.startsWith("#")){
         ("#" + generateAnchorName(url.substring(1)))
       } else if(!enableWikiLink){
         if(context.currentPath.contains("/blob/")){
-          url + (if(isImage) "?raw=true" else "")
+          urlWithRawParam
         } else if(context.currentPath.contains("/tree/")){
           val paths = context.currentPath.split("/")
           val branch = if(paths.length > 3) paths.drop(4).mkString("/") else repository.repository.defaultBranch
-          repository.httpUrl.replaceFirst("/git/", "/").stripSuffix(".git") + "/blob/" + branch + "/" + url + (if(isImage) "?raw=true" else "")
+          repository.httpUrl.replaceFirst("/git/", "/").stripSuffix(".git") + "/blob/" + branch + "/" + urlWithRawParam
         } else {
           val paths = context.currentPath.split("/")
           val branch = if(paths.length > 3) paths.last else repository.repository.defaultBranch
-          repository.httpUrl.replaceFirst("/git/", "/").stripSuffix(".git") + "/blob/" + branch + "/" + url + (if(isImage) "?raw=true" else "")
+          repository.httpUrl.replaceFirst("/git/", "/").stripSuffix(".git") + "/blob/" + branch + "/" + urlWithRawParam
         }
       } else {
         repository.httpUrl.replaceFirst("/git/", "/").stripSuffix(".git") + "/wiki/_blob/" + url

src/main/twirl/gitbucket/core/account/application.scala.html

@@ -19,8 +19,8 @@
           </div>
           <a href="@context.path/@account.userName/_personalToken/delete/@token.accessTokenId" class="btn btn-sm btn-danger pull-right">Delete</a>
           <div style="width: 50%;">
-            @gitbucket.core.helper.html.copy("generated-token-copy", tokenString){
+            @gitbucket.core.helper.html.copy("generated-token", "generated-token-copy", tokenString){
-              <input type="text" value="@tokenString" class="form-control input-sm" readonly>
+              <input type="text" value="@tokenString" class="form-control input-sm" id="generated-token" readonly>
             }
           </div>
           <hr style="margin-top: 10px;">

src/main/twirl/gitbucket/core/account/group.scala.html

@@ -31,7 +31,7 @@
             <label class="strong">Members</label>
             <ul id="member-list" class="collaborator">
             </ul>
-            @gitbucket.core.helper.html.account("memberName", 200)
+            @gitbucket.core.helper.html.account("memberName", 200, true, false)
             <input type="button" class="btn btn-default" value="Add" id="addMember"/>
             <input type="hidden" id="members" name="members" value="@members.map(member => member.userName + ":" + member.isManager).mkString(",")"/>
             <div>
@@ -43,10 +43,10 @@
       <fieldset class="border-top">
         @if(account.isDefined){
           <div class="pull-right">
-            <a href="@helpers.url(account.get.userName)/_deletegroup" id="delete" class="btn btn-danger">Delete Group</a>
+            <a href="@helpers.url(account.get.userName)/_deletegroup" id="delete" class="btn btn-danger">Delete group</a>
           </div>
         }
-        <input type="submit" class="btn btn-success" value="@if(account.isEmpty){Create Group} else {Update Group}"/>
+        <input type="submit" class="btn btn-success" value="@if(account.isEmpty){Create group} else {Update group}"/>
         @if(account.isDefined){
           <a href="@helpers.url(account.get.userName)" class="btn btn-default">Cancel</a>
         }
@@ -80,10 +80,9 @@ $(function(){
     }
 
     // check existence
-    $.post('@context.path/_user/existence', {
+    $.post('@context.path/_user/existence', { 'userName': userName },
-      'userName': userName
+      function(data, status){
-    }, function(data, status){
+        if(data == 'user'){
-      if(data == 'true'){
           addMemberHTML(userName, false);
         } else {
           $('#error-members').text('User does not exist.');

src/main/twirl/gitbucket/core/account/main.scala.html

@@ -38,7 +38,7 @@
         @if(account.isGroupAccount){
           <li@if(active == "members"){ class="active"}><a href="@helpers.url(account.userName)?tab=members">Members</a></li>
         } else {
-          <li@if(active == "activity"){ class="active"}><a href="@helpers.url(account.userName)?tab=activity">Public Activity</a></li>
+          <li@if(active == "activity"){ class="active"}><a href="@helpers.url(account.userName)?tab=activity">Public activity</a></li>
         }
         @gitbucket.core.plugin.PluginRegistry().getProfileTabs.map { tab =>
           @tab(account, context).map { link =>
@@ -48,14 +48,14 @@
         @if(context.loginAccount.isDefined && context.loginAccount.get.userName == account.userName){
           <li class="pull-right">
             <div class="button-group">
-              <a href="@helpers.url(account.userName)/_edit" class="btn btn-default">Edit Your Profile</a>
+              <a href="@helpers.url(account.userName)/_edit" class="btn btn-default">Edit your profile</a>
             </div>
           </li>
         }
         @if(context.loginAccount.isDefined && account.isGroupAccount && isGroupManager){
           <li class="pull-right">
             <div class="button-group">
-              <a href="@helpers.url(account.userName)/_editgroup" class="btn btn-default">Edit Group</a>
+              <a href="@helpers.url(account.userName)/_editgroup" class="btn btn-default">Edit group</a>
             </div>
           </li>
         }

src/main/twirl/gitbucket/core/account/members.scala.html

@@ -1,13 +1,14 @@
-@(account: gitbucket.core.model.Account, members: List[String], isGroupManager: Boolean)(implicit context: gitbucket.core.controller.Context)
+@(account: gitbucket.core.model.Account, members: List[gitbucket.core.model.GroupMember], isGroupManager: Boolean)(implicit context: gitbucket.core.controller.Context)
 @import gitbucket.core.view.helpers
 @gitbucket.core.account.html.main(account, Nil, "members", isGroupManager){
   @if(members.isEmpty){
     No members
   } else {
-    @members.map { userName =>
+    @members.map { member =>
       <div class="block">
         <div class="block-header">
-          @helpers.avatar(userName, 20) <a href="@helpers.url(userName)">@userName</a>
+          @helpers.avatar(member.userName, 20) <a href="@helpers.url(member.userName)">@member.userName</a>
+          @if(member.isManager){ (Manager) }
         </div>
       </div>
     }

src/main/twirl/gitbucket/core/admin/data.scala.html

@@ -13,22 +13,12 @@
             </div>
           }
           <input type="submit" class="btn btn-success pull-right" value="Export">
-          <div class="radio pull-right" style="margin-right: 10px;">
-            <label>
-              <input type="radio" name="type" value="sql">SQL
-            </label>
-          </div>
-          <div class="radio pull-right" style="margin-right: 10px;">
-            <label>
-              <input type="radio" name="type" value="xml" checked>XML
-            </label>
-          </div>
         </form>
       </div>
     </div>
 
     <div class="panel panel-default">
-      <div class="panel-heading strong">Import (only XML)</div>
+      <div class="panel-heading strong">Import</div>
       <div class="panel-body">
         <form class="form form-horizontal" action="@context.path/upload/import" method="POST" enctype="multipart/form-data" id="import-form">
           <input type="file" name="file" id="file">
@@ -42,10 +32,10 @@
 $(function(){
   $('#import-form').submit(function(){
     if($('#file').val() == ''){
-      alert('Choose an import XML file.');
+      alert('Choose an import SQL file.');
       return false;
-    } else if(!$('#file').val().endsWith(".xml")){
+    } else if(!$('#file').val().endsWith(".sql")){
-      alert('Import is available for only the XML file.');
+      alert('Import is available for only the SQL file.');
       return false;
     }
     return confirm('All existing data is deleted before importing.\nAre you sure?');

src/main/twirl/gitbucket/core/admin/menu.scala.html

@@ -3,10 +3,10 @@
   <div class="sidebar">
     <ul class="sidebar-menu" id="system-admin-menu-container">
       <li@if(active=="users"){ class="active"}>
-        <a href="@context.path/admin/users">User Management</a>
+        <a href="@context.path/admin/users">User management</a>
       </li>
       <li@if(active=="system"){ class="active"}>
-        <a href="@context.path/admin/system">System Settings</a>
+        <a href="@context.path/admin/system">System settings</a>
       </li>
       <li@if(active=="plugins"){ class="active"}>
         <a href="@context.path/admin/plugins">Plugins</a>
@@ -15,7 +15,7 @@
         <a href="@context.path/admin/data">Data export / import</a>
       </li>
       <li>
-        <a href="@context.path/console/login.jsp" target="_blank">H2 Console</a>
+        <a href="@context.path/console/login.jsp" target="_blank">H2 console</a>
       </li>
       @gitbucket.core.plugin.PluginRegistry().getSystemSettingMenus.map { menu =>
         @menu(context).map { link =>

src/main/twirl/gitbucket/core/admin/plugins.scala.html

@@ -1,16 +1,16 @@
-@(plugins: List[(gitbucket.core.plugin.PluginInfo, String)])(implicit context: gitbucket.core.controller.Context)
+@(plugins: List[gitbucket.core.plugin.PluginInfo])(implicit context: gitbucket.core.controller.Context)
 @gitbucket.core.html.main("Plugins"){
   @gitbucket.core.admin.html.menu("plugins") {
     <h1>Installed plugins</h1>
 
     @if(plugins.size > 0) {
       <ul>
-      @plugins.map { case (plugin, migrationVersion) =>
+      @plugins.map { plugin =>
-        <li><a href="#@plugin.pluginId">@plugin.pluginId:@migrationVersion</a></li>
+        <li><a href="#@plugin.pluginId">@plugin.pluginId:@plugin.pluginVersion</a></li>
       }
       </ul>
 
-      @plugins.map { case (plugin, migrationVersion) =>
+      @plugins.map { plugin =>
         <div class="panel panel-default">
           <div class="panel-heading strong">@plugin.pluginName</div>
           <div class="panel-body">
@@ -20,7 +20,7 @@
             </div>
             <div class="row">
               <label class="col-md-2">Version</label>
-              <span class="col-md-10">@migrationVersion @if(plugin.pluginVersion != migrationVersion){ <span class="error">(Migration is failed, installed version is @plugin.pluginVersion)</span> }</span>
+              <span class="col-md-10">@plugin.pluginVersion</span>
             </div>
             <div class="row">
               <label class="col-md-2">Name</label>

src/main/twirl/gitbucket/core/admin/system.scala.html

@@ -1,10 +1,10 @@
 @(info: Option[Any])(implicit context: gitbucket.core.controller.Context)
-@gitbucket.core.html.main("System Settings"){
+@gitbucket.core.html.main("System settings"){
   @gitbucket.core.admin.html.menu("system"){
     @gitbucket.core.helper.html.information(info)
     <form action="@context.path/admin/system" method="POST" validate="true" class="form-horizontal">
       <div class="panel panel-default">
-        <div class="panel-heading strong">System Settings</div>
+        <div class="panel-heading strong">System settings</div>
         <div class="panel-body">
             <!--====================================================================-->
             <!-- System properties -->

src/main/twirl/gitbucket/core/admin/user.scala.html

@@ -1,5 +1,5 @@
 @(account: Option[gitbucket.core.model.Account], error: Option[Any] = None)(implicit context: gitbucket.core.controller.Context)
-@gitbucket.core.html.main(if(account.isEmpty) "New User" else "Update User"){
+@gitbucket.core.html.main(if(account.isEmpty) "New user" else "Update user"){
   @gitbucket.core.admin.html.menu("users"){
     @gitbucket.core.helper.html.error(error)
     <form method="POST" action="@if(account.isEmpty){@context.path/admin/users/_newuser} else {@context.path/admin/users/@account.get.userName/_edituser}" validate="true">
@@ -75,7 +75,7 @@
         </div>
       </div>
       <fieldset class="border-top">
-        <input type="submit" class="btn btn-success" value="@if(account.isEmpty){Create User} else {Update User}"/>
+        <input type="submit" class="btn btn-success" value="@if(account.isEmpty){Create user} else {Update user}"/>
         <a href="@context.path/admin/users" class="btn btn-default">Cancel</a>
       </fieldset>
     </form>

src/main/twirl/gitbucket/core/admin/usergroup.scala.html

@@ -1,5 +1,5 @@
 @(account: Option[gitbucket.core.model.Account], members: List[gitbucket.core.model.GroupMember])(implicit context: gitbucket.core.controller.Context)
-@gitbucket.core.html.main(if(account.isEmpty) "New Group" else "Update Group"){
+@gitbucket.core.html.main(if(account.isEmpty) "New group" else "Update group"){
   @gitbucket.core.admin.html.menu("users"){
     <form method="POST" action="@if(account.isEmpty){@context.path/admin/users/_newgroup} else {@context.path/admin/users/@account.get.userName/_editgroup}" validate="true">
       <div class="row">
@@ -34,7 +34,7 @@
             <label class="strong">Members</label>
             <ul id="member-list" class="collaborator">
             </ul>
-            @gitbucket.core.helper.html.account("memberName", 200)
+            @gitbucket.core.helper.html.account("memberName", 200, true, false)
             <input type="button" class="btn btn-default" value="Add" id="addMember"/>
             <input type="hidden" id="members" name="members" value="@members.map(member => member.userName + ":" + member.isManager).mkString(",")"/>
             <div>
@@ -44,7 +44,7 @@
         </div>
       </div>
       <fieldset class="border-top">
-        <input type="submit" class="btn btn-success" value="@if(account.isEmpty){Create Group} else {Update Group}"/>
+        <input type="submit" class="btn btn-success" value="@if(account.isEmpty){Create group} else {Update group}"/>
         <a href="@context.path/admin/users" class="btn btn-default">Cancel</a>
       </fieldset>
     </form>
@@ -75,11 +75,9 @@ $(function(){
     }
 
     // check existence
-    $.post('@context.path/_user/existence', {
+    $.post('@context.path/_user/existence', { 'userName': userName },
-      'userName': userName,
+      function(data, status){
-      'userOnly': true
+        if(data == 'user'){
-    }, function(data, status){
-      if(data == 'true'){
           addMemberHTML(userName, false);
         } else {
           $('#error-members').text('User does not exist.');

src/main/twirl/gitbucket/core/admin/userlist.scala.html

@@ -3,8 +3,8 @@
 @gitbucket.core.html.main("Manage Users"){
   @gitbucket.core.admin.html.menu("users"){
     <div class="pull-right" style="margin-bottom: 4px;">
-      <a href="@context.path/admin/users/_newuser" class="btn btn-default">New User</a>
+      <a href="@context.path/admin/users/_newuser" class="btn btn-default">New user</a>
-      <a href="@context.path/admin/users/_newgroup" class="btn btn-default">New Group</a>
+      <a href="@context.path/admin/users/_newgroup" class="btn btn-default">New group</a>
     </div>
     <label for="includeRemoved">
       <input type="checkbox" id="includeRemoved" name="includeRemoved" @if(includeRemoved){checked}/>

src/main/twirl/gitbucket/core/dashboard/issues.scala.html

@@ -11,7 +11,7 @@
   @gitbucket.core.dashboard.html.sidebar(recentRepositories, userRepositories){
     @gitbucket.core.dashboard.html.tab("issues")
     <div class="container">
-      @gitbucket.core.dashboard.html.issuesnavi(filter, openCount, closedCount, condition)
+      @gitbucket.core.dashboard.html.issuesnavi("issues", filter, openCount, closedCount, condition)
       @gitbucket.core.dashboard.html.issueslist(issues, page, openCount, closedCount, condition, filter, groups)
     </div>
   }

src/main/twirl/gitbucket/core/dashboard/issuesnavi.scala.html

@@ -1,4 +1,5 @@
-@(filter: String,
+@(active: String,
+  filter: String,
   openCount: Int,
   closedCount: Int,
   condition: gitbucket.core.service.IssuesService.IssueSearchCondition)(implicit context: gitbucket.core.controller.Context)
@@ -9,15 +10,18 @@
   <li class="@(if(condition.state == "closed"){"active"})">
     <a href="@condition.copy(state = "closed").toURL">Closed <span class="badge">@closedCount</span></a>
   </li>
-  @*
-  <li class="@if(filter == "created_by"){active}">
-    <a href="@path/dashboard/@active/created_by@condition.copy(author = None, assigned = None).toURL">Created</a>
-  </li>
-  <li class="@if(filter == "assigned"){active}">
-    <a href="@path/dashboard/@active/assigned@condition.copy(author = None, assigned = None).toURL">Assigned</a>
-  </li>
-  <li class="@if(filter == "mentioned"){active}">
-    <a href="@path/dashboard/@active/mentioned@condition.copy(author = None, assigned = None).toURL">Mentioned</a>
-  </li>
-  *@
 </ul>
+
+<div class="btn-group pull-right" data-toggle="buttons">
+  <a class="switch btn btn-default @if(filter == "created_by"){active}" href="@context.path/dashboard/@active/created_by@condition.copy(author = None, assigned = None).toURL">Created</a>
+  <a class="switch btn btn-default @if(filter == "assigned"  ){active}" href="@context.path/dashboard/@active/assigned@condition.copy(author = None, assigned = None).toURL">Assigned</a>
+  <a class="switch btn btn-default @if(filter == "mentioned" ){active}" href="@context.path/dashboard/@active/mentioned@condition.copy(author = None, assigned = None).toURL">Mentioned</a>
+</div>
+
+<script>
+$(function(){
+  $('a.switch').click(function(){
+    location.href = $(this).attr('href');
+  });
+})
+</script>

src/main/twirl/gitbucket/core/dashboard/pulls.scala.html

@@ -7,11 +7,11 @@
   groups: List[String],
   recentRepositories: List[gitbucket.core.service.RepositoryService.RepositoryInfo],
   userRepositories: List[gitbucket.core.service.RepositoryService.RepositoryInfo])(implicit context: gitbucket.core.controller.Context)
-@gitbucket.core.html.main("Pull Requests"){
+@gitbucket.core.html.main("Pull requests"){
   @gitbucket.core.dashboard.html.sidebar(recentRepositories, userRepositories){
     @gitbucket.core.dashboard.html.tab("pulls")
     <div class="container">
-      @gitbucket.core.dashboard.html.issuesnavi(filter, openCount, closedCount, condition)
+      @gitbucket.core.dashboard.html.issuesnavi("pulls", filter, openCount, closedCount, condition)
       @gitbucket.core.dashboard.html.issueslist(issues, page, openCount, closedCount, condition, filter, groups)
     </div>
   }

src/main/twirl/gitbucket/core/dashboard/sidebar.scala.html

@@ -12,9 +12,9 @@
     @if(userRepositories.isEmpty){
       <li>No repositories</li>
     } else {
-      @defining(10){ max =>
+      <li><form class="sidebar-form"><input type="text" id="filter-box" class="form-control input-sm" placeholder="Find repository"/></form></li>
       @userRepositories.zipWithIndex.map { case (repository, i) =>
-        <li class="repo-link" style="@if(i > max - 1){display:none;}">
+        <li class="repo-link">
           @if(repository.owner == context.loginAccount.get.userName){
             <a href="@helpers.url(repository)">@gitbucket.core.helper.html.repositoryicon(repository, false) <span class="strong">@repository.name</span></a>
           } else {
@@ -22,30 +22,18 @@
           }
         </li>
       }
-        @if(userRepositories.size > max){
-          <li class="show-more">
-            <a href="javascript:void(0);" id="show-more-repos">Show @{userRepositories.size - max} more repositories...</a>
-          </li>
-        }
-      }
     }
   } else {
     <li class="header">Recent updated repositories</li>
     @if(recentRepositories.isEmpty){
       <li>No repositories</li>
     } else {
-      @defining(10){ max =>
+      <li><form class="sidebar-form"><input type="text" id="filter-box" class="form-control input-sm" placeholder="Find repository"/></form></li>
       @recentRepositories.zipWithIndex.map { case (repository, i) =>
-          <li class="repo-link" style="@if(i > max - 1){display:none;}">
+        <li class="repo-link">
           <a href="@helpers.url(repository)">@gitbucket.core.helper.html.repositoryicon(repository, false) @repository.owner/<span class="strong">@repository.name</span></a>
         </li>
       }
-        @if(recentRepositories.size > max){
-          <li class="show-more">
-            <a href="javascript:void(0);" id="show-more-recent-repos">Show @{recentRepositories.size - max} more repositories...</a>
-          </li>
-        }
-      }
     }
   }
   </ul>
@@ -58,9 +46,21 @@
 </div>
 <script>
 $(function(){
-  $('#show-more-repos, #show-more-recent-repos').click(function(e){
+  $('#filter-box').keyup(function(){
-    $(e.target).parents('ul').find('li.repo-link').show();
+    var inputVal = $('#filter-box').val();
-    $(e.target).parents('li.show-more').remove();
+    $.each($('li.repo-link a'), function(index, elem) {
+      console.log(inputVal);
+      console.log(elem.text.trim());
+      console.log(elem.text.trim().lastIndexOf(inputVal, 0));
+      if (!inputVal || !elem.text.trim() || elem.text.trim().indexOf(inputVal) >= 0) {
+        $(elem).parent().show();
+      } else {
+        $(elem).parent().hide();
+      }
+    });
+  });
+  $('form.sidebar-form').submit(function () {
+    return false;
   });
 });
 </script>

src/main/twirl/gitbucket/core/dashboard/tab.scala.html

@@ -1,8 +1,8 @@
 @(active: String = "")(implicit context: gitbucket.core.controller.Context)
 <ul class="nav nav-tabs" style="margin-bottom: 20px;">
-  <li @if(active == ""){ class="active"}><a href="@context.path/">News Feed</a></li>
+  <li @if(active == ""){ class="active"}><a href="@context.path/">News feed</a></li>
   @if(context.loginAccount.isDefined){
-    <li @if(active == "pulls" ){ class="active"}><a href="@context.path/dashboard/pulls">Pull Requests</a></li>
+    <li @if(active == "pulls" ){ class="active"}><a href="@context.path/dashboard/pulls">Pull requests</a></li>
     <li @if(active == "issues"){ class="active"}><a href="@context.path/dashboard/issues">Issues</a></li>
     @gitbucket.core.plugin.PluginRegistry().getDashboardTabs.map { tab =>
       @tab(context).map { link =>

src/main/twirl/gitbucket/core/error.scala.html

@@ -1,4 +1,8 @@
 @(title: String)(implicit context: gitbucket.core.controller.Context)
 @gitbucket.core.html.main("Error"){
+  <div class="content-wrapper main-center">
+    <div class="content body">
       <h1>@title</h1>
+    </div>
+  </div>
 }

src/main/twirl/gitbucket/core/goget.scala.html

@@ -0,0 +1,7 @@
+@(repository: gitbucket.core.service.RepositoryService.RepositoryInfo)(implicit context: gitbucket.core.controller.Context)
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta name="go-import" content="@context.baseUrl.replaceFirst("^https?://", "")/@repository.owner/@repository.name git @repository.httpUrl" />
+  </head>
+</html>

src/main/twirl/gitbucket/core/helper/account.scala.html

@@ -1,12 +1,19 @@
-@(id: String, width: Int)(implicit context: gitbucket.core.controller.Context)
+@(id: String, width: Int, user: Boolean, group: Boolean)(implicit context: gitbucket.core.controller.Context)
 <span style="margin-right: 0px;">
   <input type="text" name="@id" id="@id" class="form-control" autocomplete="off" style="width: @{width}px; margin-bottom: 0px; display: inline; vertical-align: middle;"/>
 </span>
 <script>
 $(function(){
   $('#@id').typeahead({
+//    highlighter: function(item) {
+//      var x = item.split(':');
+//      return $('<div><strong>' + x[0] + '</strong>' + (x[1] == 'true' ? ' (group)' : '') + '</div>');
+//    },
+//    updater: function (item) {
+//      return item.split(':')[0];
+//    },
     source: function (query, process) {
-      return $.get('@context.path/_user/proposals', { query: query },
+      return $.get('@context.path/_user/proposals', { query: query, user: @user, group: @group },
         function (data) {
           return process(data.options);
         });

src/main/twirl/gitbucket/core/helper/attached.scala.html

@@ -46,18 +46,11 @@ $(function(){
 
   @if(generateScript){
     try {
+      $([$('#@textareaId')[0]]).dropzone({
+        @dropzone(false, textareaId)
+      });
       $([$('#@textareaId').closest('div')[0], $('#@textareaId').next('div')[0]]).dropzone({
-        url: '@context.path/upload/file/@repository.owner/@repository.name',
+        @dropzone(true, textareaId)
-        maxFilesize: 10,
-        acceptedFiles: @Html(FileUtil.mimeTypeWhiteList.mkString("'", ",", "'")),
-        dictInvalidFileType: 'Unfortunately, we don\'t support that file type. Try again with a PNG, GIF, JPG, DOCX, PPTX, XLSX, TXT, or PDF.',
-        previewTemplate: "<div class=\"dz-preview\">\n  <div class=\"dz-progress\"><span class=\"dz-upload\" data-dz-uploadprogress>Uploading your files...</span></div>\n  <div class=\"dz-error-message\"><span data-dz-errormessage></span></div>\n</div>",
-        success: function(file, id) {
-          var attachFile = (file.type.match(/image\/.*/) ? '\n![' + file.name.split('.')[0] : '\n[' + file.name) +
-            '](@context.baseUrl/@repository.owner/@repository.name/_attached/' + id + ')';
-          $('#@textareaId').val($('#@textareaId').val() + attachFile);
-          $(file.previewElement).prevAll('div.dz-preview').addBack().remove();
-        }
       });
     } catch(e) {
       if (e.message !== "Dropzone already attached.") {
@@ -68,3 +61,17 @@ $(function(){
 });
 </script>
 }
+@dropzone(clickable: Boolean, textareaId: Option[String]) = {
+  url: '@context.path/upload/file/@repository.owner/@repository.name',
+  maxFilesize: 10,
+  clickable: @clickable,
+  acceptedFiles: @Html(FileUtil.mimeTypeWhiteList.mkString("'", ",", "'")),
+  dictInvalidFileType: 'Unfortunately, we don\'t support that file type. Try again with a PNG, GIF, JPG, DOCX, PPTX, XLSX, TXT, or PDF.',
+  previewTemplate: "<div class=\"dz-preview\">\n  <div class=\"dz-progress\"><span class=\"dz-upload\" data-dz-uploadprogress>Uploading your files...</span></div>\n  <div class=\"dz-error-message\"><span data-dz-errormessage></span></div>\n</div>",
+  success: function(file, id) {
+    var attachFile = (file.type.match(/image\/.*/) ? '\n![' + file.name.split('.')[0] : '\n[' + file.name) +
+        '](@context.baseUrl/@repository.owner/@repository.name/_attached/' + id + ')';
+    $('#@textareaId').val($('#@textareaId').val() + attachFile);
+    $(file.previewElement).prevAll('div.dz-preview').addBack().remove();
+  }
+}

src/main/twirl/gitbucket/core/helper/branchcontrol.scala.html

@@ -7,7 +7,7 @@
   prefix = if(branch.length == 40) "tree" else if(repository.branchList.contains(branch)) "branch" else "tree"
 ) {
   <li><div id="branch-control-title">Switch branches<button id="branch-control-close" class="pull-right">&times</button></div></li>
-  <li><input id="branch-control-input" type="text" class="form-control input-sm" placeholder="Find or create branch ..."/></li>
+  <li><input id="branch-control-input" type="text" class="form-control input-sm dropdown-filter-input" placeholder="Find or create branch ..."/></li>
   @body
   @if(hasWritePermission) {
     <li id="create-branch" style="display: none;">

src/main/twirl/gitbucket/core/helper/commitcomment.scala.html

@@ -8,20 +8,19 @@
     @if(comment.fileName.isDefined){filename="@comment.fileName.get"}
     @if(comment.newLine.isDefined){newline="@comment.newLine.get"}
     @if(comment.oldLine.isDefined){oldline="@comment.oldLine.get"}>
-  <div class="issue-avatar-image">@helpers.avatarLink(comment.commentedUserName, 48)</div>
   <div class="panel panel-default commit-comment-box commit-comment-@comment.commentId">
     <div class="panel-heading">
+      @helpers.avatar(comment.commentedUserName, 20)
       @helpers.user(comment.commentedUserName, styleClass="username strong")
         <span class="muted">
-          commented
+          commented on
           @if(comment.issueId.isDefined){
-            on this Pull Request
+            <a href="@helpers.url(repository)/pull/@comment.issueId">#@comment.issueId</a>
-          } else {
-            @if(comment.fileName.isDefined){
-              on @comment.fileName.get
           }
-            in <a href="@context.path/@repository.owner/@repository.name/commit/@comment.commitId">@comment.commitId.substring(0, 7)</a>
+          @comment.fileName.map { fileName =>
+            @fileName in
           }
+          <a href="@context.path/@repository.owner/@repository.name/commit/@comment.commitId">@comment.commitId.substring(0, 7)</a>
           @gitbucket.core.helper.html.datetimeago(comment.registeredDate)
         </span>
       <span class="pull-right">

src/main/twirl/gitbucket/core/helper/copy.scala.html

@@ -1,63 +1,48 @@
-@(id: String, value: String, style: String = "")(html: Html = Html(""))
+@(targetTextId: String, copyButtonId: String, value: String, style: String = "")(html: Html = Html(""))
 @if(html.body.nonEmpty){
   <div class="input-group" style="margin-bottom: 0px;">
     @html
     <span class="input-group-btn">
-      <span id="@id" class="btn btn-default" @if(style.nonEmpty){style="@style"}
+      <span id="@copyButtonId" class="btn btn-default" @if(style.nonEmpty){style="@style"}
         data-clipboard-text="@value" data-placement="bottom" title="copy to clipboard"><i class="octicon octicon-clippy"></i></span>
     </span>
   </div>
 } else {
-  <span id="@id" class="btn btn-default" @if(style.nonEmpty){style="@style"}
+  <span id="@copyButtonId" class="btn btn-default" @if(style.nonEmpty){style="@style"}
     data-clipboard-text="@value" data-placement="bottom" title="copy to clipboard"><i class="octicon octicon-clippy"></i></span>
 }
 <script>
 // copy to clipboard
 (function() {
-  // Check flash availablibity
+  // if document.execCommand('copy') is available, use it for copy.
-  var flashAvailable = false;
+  if (document.queryCommandSupported('copy')) {
-  try {
+    var title = $('#@copyButtonId').attr('title');
-    var flashObject = new ActiveXObject('ShockwaveFlash.ShockwaveFlash');
+    $('#@copyButtonId').tooltip({
-    if(flashObject) flashAvailable = true;
+      @* if default container is used then 2 lines tooltip text is displayd because tooptip width is narrow. *@
-  } catch (e) {
+      container: 'body'
-    if (navigator.mimeTypes
-        && navigator.mimeTypes['application/x-shockwave-flash'] != undefined
-        && navigator.mimeTypes['application/x-shockwave-flash'].enabledPlugin) {
-      flashAvailable = true;
-    }
-  }
-  // if flash is not available, remove the copy button.
-  if(!flashAvailable) {
-    $('#@id').remove();
-    return
-  }
-
-  // Find ZeroClipboard.swf file URI from ZeroClipboard JavaScript file path.
-  // NOTE(tanacasino) I think this way is wrong... but i don't know correct way.
-  var moviePath = (function() {
-    var zclipjs = "ZeroClipboard.min.js";
-    var scripts = document.getElementsByTagName("script");
-    var i = scripts.length;
-    while(i--) {
-      var match = scripts[i].src.match(zclipjs + "$");
-      if(match) {
-        return match.input.substr(0, match.input.length - 6) + 'swf';
-      }
-    }
-  })();
-  var clip = new ZeroClipboard($("#@id"), {
-    moviePath: moviePath
     });
-  var title = $('#@id').attr('title');
+    $('#@copyButtonId').on('click', function() {
-  $('#@id').removeAttr('title')
+      var target = document.getElementById('@targetTextId');
-  clip.htmlBridge = "#global-zeroclipboard-html-bridge";
+      if (!target) { @* target's id is incorrect. Fix argument's value *@
-  clip.on('complete', function(client, args) {
+        $('#@copyButtonId').attr('title', 'failed to copy').tooltip('fixTitle').tooltip('show');
-    $(clip.htmlBridge).attr('title', 'copied!').tooltip('fixTitle').tooltip('show');
+        return;
-    $(clip.htmlBridge).attr('title', title).tooltip('fixTitle');
+      }
-  });
+      if (typeof target.select === 'function') {
-  $(clip.htmlBridge).tooltip({
+        target.select();
-    title: title,
+      } else {
-    placement: $('#@id').attr('data-placement')
+        var range = document.createRange();
+        range.selectNodeContents(target);
+        var selection = window.getSelection();
+        selection.removeAllRanges();
+        selection.addRange(range);
+      }
+      document.execCommand('copy');
+      $('#@copyButtonId').attr('title', 'copied!').tooltip('fixTitle').tooltip('show');
+      $('#@copyButtonId').attr('title', title).tooltip('fixTitle');
     });
+  } else {
+    // if copy is not supported, remove the copy button
+    $('#@copyButtonId').remove();
+  }
 })();
 </script>

src/main/twirl/gitbucket/core/helper/diff.scala.html

@@ -146,24 +146,24 @@ $(function(){
   }
 
   // Render diffs as unified mode initially
-  if(("&"+location.search.substring(1)).indexOf("&w=1")!=-1){
+  if(("&" + location.search.substring(1)).indexOf("&w=1") != -1){
     $('.ignore-whitespace').prop('checked',true);
   }
-  window.viewType=1;
+  window.viewType = 1;
-  if(("&"+location.search.substring(1)).indexOf("&diff=split")!=-1){
+  if(("&" + location.search.substring(1)).indexOf("&diff=split") != -1){
     $('.container').removeClass('container').addClass('container-wide');
-    window.viewType=0;
+    window.viewType = 0;
   }
   renderDiffs();
 
   $('#btn-unified').click(function(){
-    window.viewType=1;
+    window.viewType = 1;
     $('.container-wide').removeClass('container-wide').addClass('container');
     renderDiffs();
   });
 
   $('#btn-split').click(function(){
-    window.viewType=0;
+    window.viewType = 0;
     $('.container').removeClass('container').addClass('container-wide');
     renderDiffs();
   });
@@ -192,9 +192,10 @@ $(function(){
     $('#comment-list').children('.inline-comment').hide();
   }
   $('.diff-outside').on('click','table.diff .add-comment',function() {
-    var $this = $(this),
+    var $this  = $(this);
-    $tr = $this.closest('tr'),
+    var $tr    = $this.closest('tr');
-    $check = $this.closest('table:not(.diff)').find('.toggle-notes');
+    var $check = $this.closest('table:not(.diff)').find('.toggle-notes');
+    var url    = '';
     if (!$check.prop('checked')) {
       $check.prop('checked', true).trigger('change');
     }
@@ -216,12 +217,7 @@ $(function(){
       if (!isNaN(newLineNumber) && newLineNumber) {
         url += ('&newLineNumber=' + newLineNumber)
       }
-      $.get(
+      $.get(url, { dataType : 'html' }, function(responseContent) {
-        url,
-        {
-          dataType : 'html'
-        },
-        function(responseContent) {
         var tmp;
         if (!isNaN(oldLineNumber) && oldLineNumber) {
           if (!isNaN(newLineNumber) && newLineNumber) {
@@ -234,17 +230,16 @@ $(function(){
         }
         tmp.addClass('inline-comment-form').children('.comment-box-container').html(responseContent);
         $tr.nextAll(':not(.not-diff):first').before(tmp);
-        }
+      });
-      );
     }
   }).on('click', 'table.diff .btn-default', function() {
     $(this).closest('.inline-comment-form').remove();
   });
   function renderOneCommitCommentIntoDiff($v, diff){
-    var filename = $v.attr('filename'),
+    var filename = $v.attr('filename');
-    oldline = $v.attr('oldline'), newline = $v.attr('newline');
+    var oldline  = $v.attr('oldline');
+    var newline  = $v.attr('newline');
     var tmp;
-    var diff;
     if (typeof oldline !== 'undefined') {
       if (typeof newline !== 'undefined') {
         tmp = getInlineContainer();
@@ -252,38 +247,36 @@ $(function(){
         tmp = getInlineContainer('old');
       }
       tmp.children('td:first').html($v.clone().show());
-      diff.find('table.diff').find('.oldline[line-number=' + oldline  + ']')
+      diff.find('table.diff').find('.oldline[line-number=' + oldline  + ']').parent().nextAll(':not(.not-diff):first').before(tmp);
-      .parent().nextAll(':not(.not-diff):first').before(tmp);
     } else {
       tmp = getInlineContainer('new');
       tmp.children('td:last').html($v.clone().show());
-      diff.find('table.diff').find('.newline[line-number=' + newline  + ']')
+      diff.find('table.diff').find('.newline[line-number=' + newline  + ']').parent().nextAll(':not(.not-diff):first').before(tmp);
-      .parent().nextAll(':not(.not-diff):first').before(tmp);
     }
     if (!diff.find('.toggle-notes').prop('checked')) {
       tmp.hide();
     }
   }
-  function renderStatBar(add,del){
+  function renderStatBar(add, del){
-    if(add+del>5){
+    if(add + del > 5){
       if(add){
-        if(add<del){
+        if(add < del){
-          add = Math.floor(1 + (add * 4 / (add+del)));
+          add = Math.floor(1 + (add * 4 / (add + del)));
-        }else{
+        } else {
-          add = Math.ceil(1 + (add * 4 / (add+del)));
+          add = Math.ceil(1 + (add * 4 / (add + del)));
         }
       }
-      del = 5-add;
+      del = 5 - add;
     }
     var ret = $('<div class="diffstat-bar">');
-    for(var i=0;i<5;i++){
+    for(var i = 0; i < 5; i++){
       if(add){
         ret.append('<span class="text-diff-added">■</span>');
-        add --;
+        add--;
-      }else if(del){
+      } else if(del){
         ret.append('<span class="text-diff-deleted">■</span>');
-        del --;
+        del--;
-      }else{
+      } else {
         ret.append('■');
       }
     }
@@ -294,10 +287,12 @@ $(function(){
     var i = table.data("diff-id");
     var ignoreWhiteSpace = table.find('.ignore-whitespace').prop('checked');
     diffUsingJS('oldText-'+i, 'newText-'+i, diffText.attr('id'), viewType, ignoreWhiteSpace);
-    var add = diffText.find("table").attr("add")*1;
+    var add = diffText.find("table").attr("add") * 1;
-    var del = diffText.find("table").attr("del")*1;
+    var del = diffText.find("table").attr("del") * 1;
     table.find(".diffstat").text(add+del+" ").append(renderStatBar(add,del)).attr("title",add+" additions & "+del+" deletions").tooltip();
-    $('span.diffstat[data-diff-id="'+i+'"]').html('<span class="text-diff-added">+'+add+'</span><span class="text-diff-deleted">-'+del+'</span>').append(renderStatBar(add,del).attr('title',(add+del)+" lines changed").tooltip());
+    $('span.diffstat[data-diff-id="'+i+'"]')
+        .html('<span class="text-diff-added">+' + add + '</span><span class="text-diff-deleted">-' + del + '</span>')
+        .append(renderStatBar(add, del).attr('title', (add + del) + " lines changed").tooltip());
 
     @if(hasWritePermission) {
       diffText.find('.body').each(function(){ $('<b class="add-comment">+</b>').prependTo(this); });
@@ -305,14 +300,14 @@ $(function(){
     @if(showLineNotes){
       var fileName = table.attr('filename');
       $('.inline-comment').each(function(i, v) {
-        if($(this).attr('filename')==fileName){
+        if($(this).attr('filename') == fileName){
           renderOneCommitCommentIntoDiff($(this), table);
         }
       });
     }
   }
   function renderDiffs(){
-    var i=0, diffs = $('.diffText');
+    var i = 0, diffs = $('.diffText');
     function render(){
       if(diffs[i]){
         renderOneDiff($(diffs[i]), viewType);

src/main/twirl/gitbucket/core/helper/dropdown.scala.html

@@ -1,7 +1,8 @@
 @(value : String  = "",
   prefix: String  = "",
   style : String  = "",
-  right : Boolean = false)(body: Html)
+  right : Boolean = false,
+  filter: String = "")(body: Html)
 <div class="btn-group" @if(style.nonEmpty){style="@style"}>
   <button
       class="dropdown-toggle btn btn-default btn-sm" data-toggle="dropdown">
@@ -16,6 +17,28 @@
     <span class="caret"></span>
   </button>
   <ul class="dropdown-menu@if(right){ pull-right}">
+    @if(filter.nonEmpty) {
+      <li><input id="@filter-input" type="text" class="form-control input-sm dropdown-filter-input" placeholder="Filter"/></li>
+    }
     @body
   </ul>
 </div>
+@if(filter.nonEmpty) {
+<script>
+$(function(){
+  $('#@{filter}-input').parent().click(function(e) {
+    e.stopPropagation();
+  });
+  $('#@{filter}-input').keyup(function() {
+    var inputVal = $('#@{filter}-input').val();
+    $.each($('#@{filter}-input').parent().parent().find('a'), function(index, elem) {
+      if (!inputVal || !elem.text.trim() || elem.text.trim().lastIndexOf(inputVal, 0) >= 0) {
+        $(elem).parent().show();
+      } else {
+        $(elem).parent().hide();
+      }
+    });
+  });
+});
+</script>
+}

src/main/twirl/gitbucket/core/helper/preview.scala.html

@@ -30,7 +30,7 @@
       @gitbucket.core.helper.html.attached(
         repository        = repository,
         completionContext = completionContext,
-        generateScript    = enableWikiLink
+        generateScript    = !enableWikiLink
       )(textarea)
     </div>
     <div class="tab-pane" id="tab@(uid+1)">

src/main/twirl/gitbucket/core/issues/commentform.scala.html

@@ -1,12 +1,12 @@
 @(issue: gitbucket.core.model.Issue,
   reopenable: Boolean,
-  hasWritePermission: Boolean,
+  isEditable: Boolean,
+  isManageable: Boolean,
   repository: gitbucket.core.service.RepositoryService.RepositoryInfo)(implicit context: gitbucket.core.controller.Context)
 @import gitbucket.core.view.helpers
-@if(context.loginAccount.isDefined){
+@if(isEditable){
   <hr/><br/>
   <form method="POST" validate="true">
-    <div class="issue-avatar-image">@helpers.avatarLink(context.loginAccount.get.userName, 48)</div>
     <div class="panel panel-default issue-comment-box">
       <div class="panel-body">
         @gitbucket.core.helper.html.preview(
@@ -16,7 +16,7 @@
           enableRefsLink     = true,
           enableLineBreaks   = true,
           enableTaskList     = true,
-          hasWritePermission = hasWritePermission,
+          hasWritePermission = isEditable,
           completionContext  = "issues",
           style              = "",
           elastic            = true,
@@ -24,7 +24,7 @@
         )
         <div class="text-right">
           <input type="hidden" name="issueId" value="@issue.issueId"/>
-          @if((reopenable || !issue.closed) && (hasWritePermission || issue.openedUserName == context.loginAccount.get.userName)){
+          @if((reopenable || !issue.closed) && (isManageable || issue.openedUserName == context.loginAccount.get.userName)){
             <input type="submit" class="btn btn-default" tabindex="3" formaction="@helpers.url(repository)/issue_comments/state" value="@{if(issue.closed) "Reopen" else "Close"}" id="action"/>
           }
           <input type="submit" class="btn btn-success" tabindex="2" formaction="@helpers.url(repository)/issue_comments/new" value="Comment"/>

src/main/twirl/gitbucket/core/issues/commentlist.scala.html

@@ -1,17 +1,18 @@
 @(issue: Option[gitbucket.core.model.Issue],
   comments: List[gitbucket.core.model.Comment],
-  hasWritePermission: Boolean,
+  isManageable: Boolean,
   repository: gitbucket.core.service.RepositoryService.RepositoryInfo,
   pullreq: Option[gitbucket.core.model.PullRequest] = None)(implicit context: gitbucket.core.controller.Context)
 @import gitbucket.core.view.helpers
 @import gitbucket.core.model.CommitComment
 @if(issue.isDefined){
-  <div class="issue-avatar-image">@helpers.avatarLink(issue.get.openedUserName, 48)</div>
   <div class="panel panel-default issue-comment-box">
     <div class="panel-heading">
-      @helpers.user(issue.get.openedUserName, styleClass="username strong") <span class="muted">commented @gitbucket.core.helper.html.datetimeago(issue.get.registeredDate)</span>
+      @helpers.avatar(issue.get.openedUserName, 20)
+      @helpers.user(issue.get.openedUserName, styleClass="username strong")
+      <span class="muted">commented @gitbucket.core.helper.html.datetimeago(issue.get.registeredDate)</span>
       <span class="pull-right">
-        @if(hasWritePermission || context.loginAccount.map(_.userName == issue.get.openedUserName).getOrElse(false)){
+        @if(isManageable || context.loginAccount.map(_.userName == issue.get.openedUserName).getOrElse(false)){
           <a href="#" data-issue-id="@issue.get.issueId"><i class="octicon octicon-pencil" aria-label="Edit"></i></a>
         }
       </span>
@@ -24,7 +25,7 @@
         enableRefsLink = true,
         enableLineBreaks = true,
         enableTaskList = true,
-        hasWritePermission = hasWritePermission
+        hasWritePermission = isManageable
       )
     </div>
   </div>
@@ -35,9 +36,9 @@
   case comment: gitbucket.core.model.IssueComment => {
     @if(comment.action != "close" && comment.action != "reopen" && comment.action != "delete_branch"
       && comment.action != "commit" && comment.action != "refer"){
-      <div class="issue-avatar-image">@helpers.avatarLink(comment.commentedUserName, 48)</div>
       <div class="panel panel-default issue-comment-box" id="comment-@comment.commentId">
         <div class="panel-heading">
+          @helpers.avatar(comment.commentedUserName, 20)
           @helpers.user(comment.commentedUserName, styleClass="username strong")
           <span class="muted">
             @if(comment.action == "comment"){
@@ -48,7 +49,7 @@
             @gitbucket.core.helper.html.datetimeago(comment.registeredDate)
           </span>
           @if(comment.action != "commit" && comment.action != "merge" && comment.action != "refer"
-                && (hasWritePermission || context.loginAccount.map(_.userName == comment.commentedUserName).getOrElse(false))){
+                && (isManageable || context.loginAccount.map(_.userName == comment.commentedUserName).getOrElse(false))){
             <span class="pull-right">
               <a href="#" data-comment-id="@comment.commentId"><i class="octicon octicon-pencil" aria-label="Edit"></i></a>&nbsp;
               <a href="#" data-comment-id="@comment.commentId"><i class="octicon octicon-x" aria-label="Remove"></i></a>
@@ -63,7 +64,7 @@
             enableRefsLink = true,
             enableLineBreaks = true,
             enableTaskList = true,
-            hasWritePermission = hasWritePermission
+            hasWritePermission = isManageable
           )
         </div>
       </div>
@@ -166,7 +167,7 @@
     }
   }
   case comment: CommitComment => {
-    @gitbucket.core.helper.html.commitcomment(comment, hasWritePermission, repository, pullreq.map(_.commitIdTo))
+    @gitbucket.core.helper.html.commitcomment(comment, isManageable, repository, pullreq.map(_.commitIdTo))
   }
 }
 <script>

src/main/twirl/gitbucket/core/issues/create.scala.html

@@ -1,7 +1,7 @@
 @(collaborators: List[String],
   milestones: List[gitbucket.core.model.Milestone],
   labels: List[gitbucket.core.model.Label],
-  hasWritePermission: Boolean,
+  isManageable: Boolean,
   repository: gitbucket.core.service.RepositoryService.RepositoryInfo)(implicit context: gitbucket.core.controller.Context)
 @import gitbucket.core.view.helpers
 @gitbucket.core.html.main(s"New Issue - ${repository.owner}/${repository.name}", Some(repository)){
@@ -18,7 +18,7 @@
             enableRefsLink     = true,
             enableLineBreaks   = true,
             enableTaskList     = true,
-            hasWritePermission = hasWritePermission,
+            hasWritePermission = isManageable,
             completionContext  = "issues",
             style              = "height: 200px; max-height: 250px;",
             elastic            = true
@@ -28,7 +28,7 @@
           </div>
         </div>
         <div class="col-md-3">
-          @gitbucket.core.issues.html.issueinfo(None, Nil, Nil, collaborators, milestones.map(x => (x, 0, 0)), labels, hasWritePermission, repository)
+          @gitbucket.core.issues.html.issueinfo(None, Nil, Nil, collaborators, milestones.map(x => (x, 0, 0)), labels, isManageable, repository)
         </div>
       </div>
     </form>

src/main/twirl/gitbucket/core/issues/issue.scala.html

@@ -4,17 +4,20 @@
   collaborators: List[String],
   milestones: List[(gitbucket.core.model.Milestone, Int, Int)],
   labels: List[gitbucket.core.model.Label],
-  hasWritePermission: Boolean,
+  isEditable: Boolean,
+  isManageable: Boolean,
   repository: gitbucket.core.service.RepositoryService.RepositoryInfo)(implicit context: gitbucket.core.controller.Context)
 @import gitbucket.core.view.helpers
 @gitbucket.core.html.main(s"${issue.title} - Issue #${issue.issueId} - ${repository.owner}/${repository.name}", Some(repository)){
   @gitbucket.core.html.menu("issues", repository){
     <div>
       <div class="show-title pull-right">
-        @if(hasWritePermission || context.loginAccount.map(_.userName == issue.openedUserName).getOrElse(false)){
+        @if(isManageable || context.loginAccount.map(_.userName == issue.openedUserName).getOrElse(false)){
           <a class="btn btn-default" href="#" id="edit">Edit</a>
         }
+        @if(isEditable){
           <a class="btn btn-success" href="@helpers.url(repository)/issues/new">New issue</a>
+        }
       </div>
       <div class="edit-title pull-right" style="display: none;">
         <a class="btn btn-success" href="#" id="update">Save</a>  <a class="btn btn-default" href="#" id="cancel">Cancel</a>
@@ -47,11 +50,11 @@
     <hr>
     <div style="margin-top: 15px;">
       <div class="col-md-9">
-        @gitbucket.core.issues.html.commentlist(Some(issue), comments, hasWritePermission, repository)
+        @gitbucket.core.issues.html.commentlist(Some(issue), comments, isManageable, repository)
-        @gitbucket.core.issues.html.commentform(issue, true, hasWritePermission, repository)
+        @gitbucket.core.issues.html.commentform(issue, true, isEditable, isManageable, repository)
       </div>
       <div class="col-md-3">
-        @gitbucket.core.issues.html.issueinfo(Some(issue), comments, issueLabels, collaborators, milestones, labels, hasWritePermission, repository)
+        @gitbucket.core.issues.html.issueinfo(Some(issue), comments, issueLabels, collaborators, milestones, labels, isManageable, repository)
       </div>
     </div>
   }

src/main/twirl/gitbucket/core/issues/issueinfo.scala.html

@@ -4,14 +4,14 @@
   collaborators: List[String],
   milestones: List[(gitbucket.core.model.Milestone, Int, Int)],
   labels: List[gitbucket.core.model.Label],
-  hasWritePermission: Boolean,
+  isManageable: Boolean,
   repository: gitbucket.core.service.RepositoryService.RepositoryInfo)(implicit context: gitbucket.core.controller.Context)
 @import gitbucket.core.view.helpers
 <div style="margin-bottom: 14px;">
   <span class="muted small strong">Labels</span>
-  @if(hasWritePermission){
+  @if(isManageable){
     <div class="pull-right">
-      @gitbucket.core.helper.html.dropdown("Edit", right = true) {
+      @gitbucket.core.helper.html.dropdown("Edit", right = true, filter = "labels") {
         @labels.map { label =>
           <li>
             <a href="#" class="toggle-label" data-label-id="@label.labelId">
@@ -34,9 +34,9 @@
 <hr/>
 <div style="margin-bottom: 14px;">
   <span class="muted small strong">Milestone</span>
-  @if(hasWritePermission){
+  @if(isManageable){
     <div class="pull-right">
-      @gitbucket.core.helper.html.dropdown("Edit", right = true) {
+      @gitbucket.core.helper.html.dropdown("Edit", right = true, filter = "milestone") {
         <li><a href="javascript:void(0);" class="milestone" data-id=""><i class="octicon octicon-x"></i> Clear this milestone</a></li>
         @milestones.filter(_._1.closedDate.isEmpty).map { case (milestone, _, _) =>
           <li>
@@ -74,7 +74,7 @@
 <span id="label-milestone">
   @issue.flatMap(_.milestoneId).map { milestoneId =>
     @milestones.collect { case (milestone, _, _) if(milestone.milestoneId == milestoneId) =>
-      <span class="strong small">@milestone.title</span>
+      <a class="strong small username" href="@helpers.url(repository)/issues?milestone=@helpers.urlEncode(milestone.title)&state=open">@milestone.title</a>
     }
   }.getOrElse {
     <span class="muted small">No milestone</span>
@@ -86,9 +86,9 @@
 <hr/>
 <div style="margin-bottom: 14px;">
   <span class="muted small strong">Assignee</span>
-  @if(hasWritePermission){
+  @if(isManageable){
     <div class="pull-right">
-      @gitbucket.core.helper.html.dropdown("Edit", right = true) {
+      @gitbucket.core.helper.html.dropdown("Edit", right = true, filter = "assignee") {
         <li><a href="javascript:void(0);" class="assign" data-name=""><i class="octicon octicon-x"></i> Clear assignee</a></li>
         @collaborators.map { collaborator =>
           <li>
@@ -210,7 +210,8 @@ $(function(){
       $('#label-milestone').html($('<span class="muted small">').text('No milestone'));
       $('#milestone-progress-area').empty();
     } else {
-      $('#label-milestone').html($('<span class="strong small">').text(title));
+      $('#label-milestone').html($('<a class="strong small username">').text(title)
+        .attr('href', '@helpers.url(repository)/issues?milestone=' + encodeURIComponent(title) + '&state=open'));
       if(progress){
         $('#milestone-progress-area').html(progress);
       }

src/main/twirl/gitbucket/core/issues/list.scala.html

@@ -8,7 +8,8 @@
   closedCount: Int,
   condition: gitbucket.core.service.IssuesService.IssueSearchCondition,
   repository: gitbucket.core.service.RepositoryService.RepositoryInfo,
-  hasWritePermission: Boolean)(implicit context: gitbucket.core.controller.Context)
+  isEditable: Boolean,
+  isManageable: Boolean)(implicit context: gitbucket.core.controller.Context)
 @import gitbucket.core.view.helpers
 @gitbucket.core.html.main((if(target == "issues") "Issues" else "Pull requests") + s" - ${repository.owner}/${repository.name}", Some(repository)){
   @gitbucket.core.html.menu(target, repository){
@@ -20,8 +21,15 @@
         <a href="@condition.copy(state = "closed").toURL">Closed <span class="badge">@closedCount</span></a>
       </li>
     </ul>
-    <form method="GET" id="search-filter-form" class="form-inline pull-right">
+    <form method="GET" action="@helpers.url(repository)/search" id="search-filter-form" class="form-inline pull-right">
-    @if(context.loginAccount.isDefined){
+      <div class="input-group">
+        <input type="text" class="form-control" name="q" placeholder="Search..."/>
+        <input type="hidden" name="type" value="issue"/>
+        <span class="input-group-btn">
+          <button type="submit" id="search-btn" class="btn btn-default"><i class="fa fa-search"></i></button>
+        </span>
+      </div>
+      @if(isEditable){
         @if(target == "issues"){
           <a class="btn btn-success" href="@helpers.url(repository)/issues/new">New issue</a>
         }
@@ -30,8 +38,8 @@
         }
       }
     </form>
-    @gitbucket.core.issues.html.listparts(target, issues, page, openCount, closedCount, condition, collaborators, milestones, labels, Some(repository), hasWritePermission)
+    @gitbucket.core.issues.html.listparts(target, issues, page, openCount, closedCount, condition, collaborators, milestones, labels, Some(repository), isManageable)
-    @if(hasWritePermission){
+    @if(isManageable){
       <form id="batcheditForm" method="POST">
         <input type="hidden" name="value"/>
         <input type="hidden" name="checked"/>
@@ -40,7 +48,7 @@
     }
   }
 }
-@if(hasWritePermission){
+@if(isManageable){
 <script>
 $(function(){
   $('a.header-link').mouseover(function(e){