* upstream/master: (622 commits)
  won't -> want
  Change location of slash commands in notes widget
  Fix docs not rendering the pipe symbol
  Change location of slash commands docs
  Conform to doc styleguide on new features
  Add changelog items to protected branches docs
  Document the new behavior of protected branches
  Don't have factories trip a validation
  Use snake_case for Ruby variables
  Make Rubocop happy
  Pluralize dropdown label
  Add comments explaining methods functionality
  Remove irrelevant comment
  Display error message if user load fails.
  Use Object.keys instead of underscore allKeys method
  Improve dropdown $wrap definition
  Use previously defined constants to compare level types
  Improve selector to get dropdown related input
  Use typeof instead of _.isFunction
  Provide accessLevel to instante dropdown classes
  ...

typo: won't -> want



See merge request !680

Doc slash commands loc



See merge request !678

Additional documentation on protected branches for EE



See merge request !677

Restrict pushes / merges to a protected branch to specific people

# Relevant Issues

- Closes #674 
- Related to #179 

# Screenshots

![2016-08-04_16-19-12](/uploads/c81032fe262949f3084974c4e622e9eb/2016-08-04_16-19-12.png)
![](https://gitlab.com/gitlab-org/gitlab-ee/uploads/342f06078b07b39c2c817b12c81b30fe/Screen_Shot_2016-07-27_at_6.50.56_PM.png)
![](https://gitlab.com/gitlab-org/gitlab-ee/uploads/52fe1ae3027d491270ea4845ae7ce54b/Screen_Shot_2016-07-27_at_6.51.02_PM.png)

# Tasks

- [ ]  ee#674 !581 Restrict merges to specific people
    - [x]  Implementation
        - [x]  Model changes
            - [x]  Protected branch `has_many` access levels
        - [x]  Frontend
            - [x]  How to add new users / roles?
            - [x]  Dropdown should include users
            - [x]  Dropdown shouldn't include users / roles that have already been selected
            - [x]  Allow removing users / roles
        - [x]  Removing a user from the project should remove their access (?)
    - [x]  Test/refactor
        - [x]  Extract common from {Merge,Push}AccessLevel models
        - [x]  Clean up code that's removing users/roles that are already selected
        - [x]  AccessLevelController?
        - [x]  Fix build
        - [x]  Add more tests
    - [x]  Non `:push_code` users can't push even if added to an access level
    - [x]  Remove access levels when a user is removed from a project
    - [x]  Rebase off EE master instead of the "no one can push" feature branch
        - [x]  Fix create for roles
        - [x]  Fix update for roles
        - [x]  Fix delete
        - [x]  Fix create for users
        - [x]  Fix update for users
        - [x]  Fix defaults
    - [x]  Verify
        - [x]  API
            - [x]  For a developer user
                - [x]  When they are granted access specifically to
                    - [x]  Merge
                    - [x]  Push
            - [x]  For a reporter user
                - [x]  When they are granted access specifically to
                    - [x]  Merge
                    - [x]  Push
        - [x]  Default branch protection
    - [x]  CHANGELOG
    - [x]  Screenshots
    - [x]  Only show `:push_code` users in the dropdown
    - [x]  Send email when user is added/removed from a protected branch
    - [x]  Assign to {mini,end}boss
    - [x]  Fix build
    - [x]  Implement @dbalexandre's review comments
    - [x]  EE should _add_ to CE
    - [x]  Wait for [build](https://gitlab.com/gitlab-org/gitlab-ee/commit/61edf43d31452a0b972dc880e277c825d59f764f/builds) to pass
    - [x]  Test by hand
    - [x]  Assign to endboss
    - [x]  Create CE MR to backport changes
    - [x]  Implement @Douwe's comments
        - [x]  access_level#humanize
        - [x]  Blank line in _protected_branch.html.haml
        - [x]  move stuff into shared partials? (_protected_branch_ee.html.haml)
        - [x]  Can we move stuff into shared partials? (_create_protected_branch_ee.html.haml)
        - [x]  The CE version has a bunch of extra attributes here, do we need those?
        - [x]  We can't indent this section just in EE (protected_branches/show.html.haml)
        - [x]  In EE, try not to add stuff to existing views. (protected_branches/show.html.haml)
        - [x]  If we're gonna change multiline blocks to single-line blocks, we need to so in CE too. (factory)
        - [x]  Split up `ProtectedBranches#show`
    - [x]  Wait for [build](https://gitlab.com/gitlab-org/gitlab-ee/commit/3943254d5f92c9be520f685044d23bf75282d42a/builds)
    - [x]  Implement Douwe's suggestions
    - [x]  Add uniqueness validation
    - [x]  Wait for @alfredo's UI enhancements
    - [x]  Remove `show` page access controls
    - [x]  Add more feature specs
    - [ ]  Wait for review for @alfredo's work
    - [ ]  Wait for merge


See merge request !581

Fix Projects::UpdateMirrorService to allow tags pointing to blob objects

After the release of https://gitlab.com/gitlab-org/gitlab_git/merge_requests/103 we changed the way we return the target of tag objects, now it's a Commit object if there is some and nil in any other case, like when a tag points to a Blob object.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/21040

See merge request !673

1. EE access control specs are significantly different, so this is a way
   to reduce potential merge conflicts. EE and CE specs go in separate files.

1. Previously, we had a separate test for each and every possible role,
   and another test for access by user, each multiplied by the access
   types (merge and push), and further multiplied by the type of CRUD
   operation (create or update).

2. Since we allow selecting multiple access levels at once, it makes
   sense to collapse a lot of these tests. Now, in single test, we check
   access levels for all roles and 5 different users. Multiply that by
   4 (as mentioned above), and we only have 4 tests total (that still
   test everything the previous tests did).

3. Use a shared example to reduce potential conflicts in the future,
   since CE access control specs are significantly different.

1. This has been moved to the `#index` page.

1. For a user-based access level, don't validate `access_level`
2. For a role-based access level, don't look at `access_level` of user-based access levels

Add tests supporting this behavior.

1. A validation restricts a protected branch so it can only have a
   single access level for a given role or user.

2. More context:

    - https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/581#note_14051822
    - https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/581#note_14052756
    - https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/581#note_14056066
    - https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/581#note_14058676