Merge branch 'master' into feed_improvements

2015-04-30 14:46:20 +05:00 · 2015-04-30 14:46:20 +05:00 · 86b929328b
parent 4eaadc53ab d4755993c1
commit 86b929328b
340 changed files with 6543 additions and 3566 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -1,6 +1,6 @@
 language: ruby
 rvm:
-  - 2.2.0
+  - 2.2.2
 bundler_args: --without development
 env:
  - SPEC_GROUP=controllers
--- a/90
+++ b/90
@ -1,43 +1,42 @@
 source 'https://rubygems.org'
-gem 'rails', '4.0.13'
+gem 'rails', '4.1.10'
 gem 'activeadmin',                      github: 'activeadmin'
-gem 'pg', '~> 0.17.1'
+gem 'pg'
 gem 'schema_plus', '~> 1.5'
 ########
 gem 'protected_attributes'
 ########
-gem 'devise', '~> 3.3'
+gem 'devise'
 gem 'omniauth'
 gem 'omniauth-facebook'
 gem 'omniauth-google-oauth2'
 gem 'omniauth-github'
 # gem 'omniauth-openid', '~> 1.0.1'
-# gem 'cancan', '1.6.10'
+gem 'pundit'
 gem 'cancan', git: 'git://github.com/rosa-abf/cancan.git', tag: '1.6.10-abf'
-gem 'ancestry', '~> 2.1'
+gem 'ancestry'
-gem 'paperclip', '~> 4.2'
+gem 'paperclip'
-gem 'resque', '~> 1.25'
+gem 'resque'
-gem 'resque-status', '~> 0.4'
+gem 'resque-status'
-gem 'resque_mailer', '~> 2.2'
+gem 'resque_mailer'
 gem 'resque-scheduler', '~> 2.5.4'
 gem 'perform_later', git: 'git://github.com/KensoDev/perform_later.git' # should be after resque_mailer
-gem 'russian', '~> 0.6.0'
+gem 'russian'
 gem 'highline', '~> 1.6.20'
-gem 'state_machine', '~> 1.2'
+gem 'state_machines-activerecord'
-gem 'redis-rails', '~> 4.0'
+gem 'redis-rails'
 gem 'grack', git: 'git://github.com/rosa-abf/grack.git', require: 'git_http'
-gem 'grit', git: 'git://github.com/rosa-abf/grit.git', tag: '2.6.16'
+gem 'grit', git: 'git://github.com/rosa-abf/grit.git', tag: '2.6.17'
-gem 'charlock_holmes', '~> 0.7'
+gem 'charlock_holmes'
 gem 'github-linguist', '3.1.5', require: 'linguist'
-gem 'diff-display', '~> 0.0.1'
+gem 'diff-display'
 # Wiki
-gem "gollum-lib", '~> 3.0'
+gem 'gollum-lib', '~> 3.0'
-gem "redcarpet", '~> 3.1'
+gem 'redcarpet', '~> 3.2'
 gem 'creole'
 gem 'rdiscount'
 # gem 'org-ruby'
@ -45,37 +44,37 @@ gem 'RedCloth'
 gem 'wikicloth'
 gem 'newrelic_rpm'
-gem 'whenever', '~> 0.9.0', require: false
+gem 'whenever', require: false
-gem 'jbuilder', '~> 2.2'
+gem 'jbuilder'
 gem 'rails3-jquery-autocomplete'
-gem 'sprockets', '2.11.0'
+gem 'sprockets'
-gem 'will_paginate', '~> 3.0'
+gem 'will_paginate'
-gem 'meta-tags', '~> 2.0', require: 'meta_tags'
+gem 'meta-tags', require: 'meta_tags'
-gem "haml-rails", '~> 0.5'
+gem 'haml-rails'
-gem 'jquery-rails', '~> 2.3'
+gem 'jquery-rails'
 gem 'jquery-migrate-rails'
-gem 'ruby-haml-js', '~> 0.0.5'
+gem 'ruby-haml-js'
 gem 'slim'
 gem 'simple_form', '3.1.0.rc2'
-gem 'friendly_id', '~> 5.0'
+gem 'friendly_id'
 gem 'rack-throttle', '~> 0.3.0'
-gem 'rest-client', '~> 1.7'
+gem 'rest-client'
 gem 'ohm', '~> 1.3.2' # Ohm 2 breaks the compatibility with previous versions.
 gem 'ohm-expire', '~> 0.1.3'
-gem 'ffi', '~> 1.9.3'
+gem 'ffi'
-gem 'attr_encrypted', '~> 1.3'
+gem 'attr_encrypted'
-gem "gemoji", "~> 2.1"
+gem 'gemoji'
 # AngularJS related stuff
 gem 'underscore-rails'
-gem 'angularjs-rails', '~> 1.2.15'
+gem 'angularjs-rails'
 gem 'ng-rails-csrf'
 gem 'momentjs-rails'
-gem 'angular-i18n', '0.1.2'
+gem 'angular-i18n'
 gem 'js-routes'
 gem 'soundmanager-rails'
 gem 'angular-ui-bootstrap-rails'
@ -84,23 +83,28 @@ gem 'ngmin-rails'
 gem 'time_diff'
-gem 'sass-rails', '~> 4.0'
+gem 'sass-rails'
-gem 'coffee-rails', '~> 4.1'
+gem 'coffee-rails'
-gem 'bootstrap-sass', '~> 3.3'
+gem 'bootstrap-sass'
-gem 'font-awesome-rails', '~> 4.2'
+gem 'font-awesome-rails'
-gem 'zeroclipboard-rails', '~> 0.1.0'
+gem 'zeroclipboard-rails'
-gem 'compass-rails', '~> 2.0'
+gem 'compass-rails'
-gem 'uglifier', '~> 2.5'
+gem 'uglifier'
-gem 'therubyracer', '~> 0.12.1', platforms: [:mri, :rbx]
+gem 'therubyracer', platforms: [:mri, :rbx]
-gem 'therubyrhino', '~> 2.0', platforms: :jruby
+gem 'therubyrhino', platforms: :jruby
 gem 'sitemap_generator'
 gem 'codemirror-rails', '~> 4.5'
 source 'https://rails-assets.org' do
  gem 'rails-assets-notifyjs'
 end
 gem 'rack-utf8_sanitizer'
 group :production do
-  gem "airbrake", '~> 3.1'
+  gem 'airbrake'
  #gem 'bluepill', '~> 0.0.60', require: false
  gem 'puma'
 end
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -10,7 +10,7 @@ GIT
 GIT
  remote: git://github.com/activeadmin/activeadmin.git
-  revision: ed1fbca8c64af827616c58f274d7be256ca513b6
+  revision: e27ccba8a7ea1f7f3085748decec1f6911f6d5d2
  specs:
    activeadmin (1.0.0.pre)
      arbre (~> 1.0, >= 1.0.2)
@ -26,13 +26,6 @@ GIT
      ransack (~> 1.3)
      sass-rails
 GIT
  remote: git://github.com/rosa-abf/cancan.git
  revision: fe1089b70c08d3ed11bac4f8e69ecb3d1d9adc29
  tag: 1.6.10-abf
  specs:
    cancan (1.6.10)
 GIT
  remote: git://github.com/rosa-abf/grack.git
  revision: 020be3fef3fb308b9d214252522aa5945bf6584a
@ -41,8 +34,8 @@ GIT
 GIT
  remote: git://github.com/rosa-abf/grit.git
-  revision: a9548c92188cc307e7af1dd41a733e7000a783a9
+  revision: b733f0ceefb44b18a9dec8f509ba5493dab59e4e
-  tag: 2.6.16
+  tag: 2.6.17
  specs:
    grit (2.5.0)
      diff-lcs (~> 1.1)
@ -51,34 +44,37 @@ GIT
 GEM
  remote: https://rubygems.org/
  remote: https://rails-assets.org/
  specs:
    RedCloth (4.2.9)
-    actionmailer (4.0.13)
+    actionmailer (4.1.10)
-      actionpack (= 4.0.13)
+      actionpack (= 4.1.10)
      actionview (= 4.1.10)
      mail (~> 2.5, >= 2.5.4)
-    actionpack (4.0.13)
+    actionpack (4.1.10)
-      activesupport (= 4.0.13)
+      actionview (= 4.1.10)
-      builder (~> 3.1.0)
+      activesupport (= 4.1.10)
      erubis (~> 2.7.0)
      rack (~> 1.5.2)
      rack-test (~> 0.6.2)
-    activemodel (4.0.13)
+    actionview (4.1.10)
-      activesupport (= 4.0.13)
+      activesupport (= 4.1.10)
-      builder (~> 3.1.0)
+      builder (~> 3.1)
-    activerecord (4.0.13)
+      erubis (~> 2.7.0)
-      activemodel (= 4.0.13)
+    activemodel (4.1.10)
-      activerecord-deprecated_finders (~> 1.0.2)
+      activesupport (= 4.1.10)
-      activesupport (= 4.0.13)
+      builder (~> 3.1)
-      arel (~> 4.0.0)
+    activerecord (4.1.10)
-    activerecord-deprecated_finders (1.0.3)
+      activemodel (= 4.1.10)
-    activesupport (4.0.13)
+      activesupport (= 4.1.10)
      arel (~> 5.0.0)
    activesupport (4.1.10)
      i18n (~> 0.6, >= 0.6.9)
-      minitest (~> 4.2)
+      json (~> 1.7, >= 1.7.7)
-      multi_json (~> 1.3)
+      minitest (~> 5.1)
      thread_safe (~> 0.1)
-      tzinfo (~> 0.3.37)
+      tzinfo (~> 1.1)
    addressable (2.3.7)
-    airbrake (3.2.1)
+    airbrake (4.1.0)
      builder
      multi_json
    ancestry (2.1.0)
@ -89,13 +85,13 @@ GEM
      sprockets
      tilt
    angular-ui-bootstrap-rails (0.12.0)
-    angularjs-rails (1.2.26)
+    angularjs-rails (1.3.14)
    arbre (1.0.3)
      activesupport (>= 3.0.0)
-    arel (4.0.2)
+    arel (5.0.1.20140414130214)
    attr_encrypted (1.3.3)
      encryptor (>= 1.3.0)
-    autoprefixer-rails (5.1.5)
+    autoprefixer-rails (5.1.7)
      execjs
      json
    bcrypt (3.1.10)
@ -108,10 +104,10 @@ GEM
    bootstrap-sass (3.3.3)
      autoprefixer-rails (>= 5.0.0.1)
      sass (>= 3.2.19)
-    bourbon (4.2.0)
+    bourbon (4.2.1)
      sass (~> 3.4)
      thor
-    builder (3.1.4)
+    builder (3.2.2)
    callsite (0.0.11)
    cape (1.8.0)
    capistrano (2.15.5)
@ -126,9 +122,9 @@ GEM
    chunky_png (1.3.4)
    climate_control (0.0.3)
      activesupport (>= 3.0)
-    cocaine (0.5.5)
+    cocaine (0.5.7)
      climate_control (>= 0.0.3, < 1.0)
-    codemirror-rails (4.8)
+    codemirror-rails (4.13)
      railties (>= 3.0, < 5)
    coderay (1.1.0)
    coffee-rails (4.1.0)
@ -168,6 +164,8 @@ GEM
      warden (~> 1.2.3)
    diff-display (0.0.1)
    diff-lcs (1.2.5)
    domain_name (0.5.24)
      unf (>= 0.0.5, < 1.0.0)
    encryptor (1.3.0)
    erubis (2.7.0)
    escape_utils (1.0.1)
@ -203,7 +201,7 @@ GEM
      diff-lcs (~> 1.1)
      mime-types (~> 1.15)
      posix-spawn (~> 0.3)
-    gli (2.12.2)
+    gli (2.13.0)
    gollum-lib (3.0.0)
      github-markup (~> 1.1.0)
      gitlab-grit (~> 2.6.5)
@ -231,17 +229,19 @@ GEM
      haml (~> 4.0.0)
      nokogiri (~> 1.6.0)
      ruby_parser (~> 3.5)
    http-cookie (1.0.2)
      domain_name (~> 0.5)
    i18n (0.7.0)
    inherited_resources (1.6.0)
      actionpack (>= 3.2, < 5)
      has_scope (~> 0.6.0.rc)
      railties (>= 3.2, < 5)
      responders
-    jbuilder (2.2.7)
+    jbuilder (2.2.9)
      activesupport (>= 3.0.0, < 5)
      multi_json (~> 1.2)
    jquery-migrate-rails (1.2.1)
-    jquery-rails (2.3.0)
+    jquery-rails (3.1.2)
      railties (>= 3.0, < 5.0)
      thor (>= 0.14, < 2.0)
    jquery-ui-rails (5.0.3)
@ -250,7 +250,7 @@ GEM
      railties (>= 3.2)
      sprockets-rails
    json (1.8.2)
-    jwt (1.2.1)
+    jwt (1.3.0)
    kaminari (0.16.3)
      actionpack (>= 3.0.0)
      activesupport (>= 3.0.0)
@ -280,12 +280,12 @@ GEM
      railties (>= 3.0.0, < 5.0.0)
    mime-types (1.25.1)
    mini_portile (0.6.2)
-    minitest (4.7.5)
+    minitest (5.6.0)
    mock_redis (0.14.0)
    momentjs-rails (2.9.0)
      railties (>= 3.1)
    mono_logger (1.1.0)
-    multi_json (1.10.1)
+    multi_json (1.11.0)
    multi_xml (0.5.5)
    multipart-post (2.0.0)
    nest (1.1.2)
@ -297,7 +297,7 @@ GEM
    net-ssh (2.9.2)
    net-ssh-gateway (1.2.0)
      net-ssh (>= 2.6.5)
-    netrc (0.10.2)
+    netrc (0.10.3)
    newrelic_rpm (3.10.0.279)
    ng-rails-csrf (0.1.0)
    ngmin-rails (0.4.0)
@ -319,7 +319,7 @@ GEM
    omniauth (1.2.2)
      hashie (>= 1.2, < 4)
      rack (~> 1.0)
-    omniauth-facebook (2.0.0)
+    omniauth-facebook (2.0.1)
      omniauth-oauth2 (~> 1.2)
    omniauth-github (1.1.2)
      omniauth (~> 1.0)
@ -338,14 +338,16 @@ GEM
      activesupport (>= 3.0.0)
      cocaine (~> 0.5.3)
      mime-types
-    pg (0.17.1)
+    pg (0.18.1)
    polyamorous (1.1.0)
      activerecord (>= 3.0)
    posix-spawn (0.3.10)
-    protected_attributes (1.0.8)
+    protected_attributes (1.0.9)
      activemodel (>= 4.0.1, < 5.0)
    puma (2.11.1)
      rack (>= 1.1, < 2.0)
    pundit (0.3.0)
      activesupport (>= 3.0.0)
    pygments.rb (0.6.2)
      posix-spawn (~> 0.3.6)
      yajl-ruby (~> 1.2.0)
@ -358,21 +360,26 @@ GEM
      rack (>= 1.0)
    rack-throttle (0.3.0)
      rack (>= 1.0.0)
-    rails (4.0.13)
+    rack-utf8_sanitizer (1.3.0)
-      actionmailer (= 4.0.13)
+      rack (~> 1.0)
-      actionpack (= 4.0.13)
+    rails (4.1.10)
-      activerecord (= 4.0.13)
+      actionmailer (= 4.1.10)
-      activesupport (= 4.0.13)
+      actionpack (= 4.1.10)
      actionview (= 4.1.10)
      activemodel (= 4.1.10)
      activerecord (= 4.1.10)
      activesupport (= 4.1.10)
      bundler (>= 1.3.0, < 2.0)
-      railties (= 4.0.13)
+      railties (= 4.1.10)
      sprockets-rails (~> 2.0)
    rails-assets-notifyjs (0.3.2)
    rails3-generators (1.0.0)
      railties (>= 3.0.0)
    rails3-jquery-autocomplete (1.0.15)
      rails (>= 3.2)
-    railties (4.0.13)
+    railties (4.1.10)
-      actionpack (= 4.0.13)
+      actionpack (= 4.1.10)
-      activesupport (= 4.0.13)
+      activesupport (= 4.1.10)
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
    rake (10.4.2)
@ -386,7 +393,7 @@ GEM
    rb-inotify (0.9.5)
      ffi (>= 0.5.0)
    rdiscount (2.1.8)
-    redcarpet (3.2.2)
+    redcarpet (3.2.3)
    redis (3.0.7)
    redis-actionpack (4.0.0)
      actionpack (~> 4)
@ -424,28 +431,29 @@ GEM
      resque (~> 1.19)
    resque_mailer (2.2.7)
      actionmailer (>= 3.0)
-    rest-client (1.7.2)
+    rest-client (1.8.0)
      http-cookie (>= 1.0.2, < 2.0)
      mime-types (>= 1.16, < 3.0)
      netrc (~> 0.7)
    rouge (1.3.4)
    rr (1.1.2)
-    rspec-core (3.2.0)
+    rspec-core (3.2.1)
      rspec-support (~> 3.2.0)
    rspec-expectations (3.2.0)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.2.0)
-    rspec-mocks (3.2.0)
+    rspec-mocks (3.2.1)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.2.0)
-    rspec-rails (3.2.0)
+    rspec-rails (3.2.1)
-      actionpack (>= 3.0, <= 4.2)
+      actionpack (>= 3.0, < 4.3)
-      activesupport (>= 3.0, <= 4.2)
+      activesupport (>= 3.0, < 4.3)
-      railties (>= 3.0, <= 4.2)
+      railties (>= 3.0, < 4.3)
      rspec-core (~> 3.2.0)
      rspec-expectations (~> 3.2.0)
      rspec-mocks (~> 3.2.0)
      rspec-support (~> 3.2.0)
-    rspec-support (3.2.1)
+    rspec-support (3.2.2)
    ruby-haml-js (0.0.5)
      execjs
      sprockets (>= 2.0.0)
@ -461,17 +469,19 @@ GEM
    safe_yaml (1.0.4)
    sanitize (2.1.0)
      nokogiri (>= 1.4.4)
-    sass (3.4.12)
+    sass (3.4.13)
-    sass-rails (4.0.1)
+    sass-rails (5.0.1)
      railties (>= 4.0.0, < 5.0)
-      sass (>= 3.1.10)
+      sass (~> 3.1)
-      sprockets-rails (~> 2.0.0)
+      sprockets (>= 2.8, < 4.0)
      sprockets-rails (>= 2.0, < 4.0)
      tilt (~> 1.1)
    schema_plus (1.8.7)
      activerecord (>= 3.2, < 4.3)
      valuable
    scrivener (0.0.3)
    sexp_processor (4.4.5)
-    shotgun (0.9)
+    shotgun (0.9.1)
      rack (>= 1.0)
    shoulda (3.5.0)
      shoulda-context (~> 1.0, >= 1.0.1)
@ -497,20 +507,26 @@ GEM
      temple (~> 0.7.3)
      tilt (>= 1.3.3, < 2.1)
    soundmanager-rails (1.0.1)
-    sprockets (2.11.0)
+    sprockets (2.12.3)
      hike (~> 1.2)
      multi_json (~> 1.0)
      rack (~> 1.0)
      tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.0.1)
+    sprockets-rails (2.2.4)
      actionpack (>= 3.0)
      activesupport (>= 3.0)
-      sprockets (~> 2.8)
+      sprockets (>= 2.8, < 4.0)
    sqlite3 (1.3.10)
-    state_machine (1.2.0)
+    state_machines (0.2.2)
    state_machines-activemodel (0.1.2)
      activemodel (~> 4.1)
      state_machines (~> 0.2.0)
    state_machines-activerecord (0.2.0)
      activerecord (~> 4.1)
      state_machines-activemodel (~> 0.1.0)
    stringex (2.5.2)
    temple (0.7.5)
-    test_after_commit (0.4.0)
+    test_after_commit (0.4.1)
      activerecord (>= 3.2)
    therubyracer (0.12.1)
      libv8 (~> 3.16.14.0)
@ -520,20 +536,21 @@ GEM
      eventmachine (>= 0.12.6)
      rack (>= 1.0.0)
    thor (0.19.1)
-    thread_safe (0.3.4)
+    thread_safe (0.3.5)
    tilt (1.4.1)
    time_diff (0.3.0)
      activesupport
      i18n
-    timecop (0.7.1)
+    timecop (0.7.3)
    tmp_cache (0.1.1)
    twitter-text (1.11.0)
      unf (~> 0.1.0)
-    tzinfo (0.3.43)
+    tzinfo (1.2.2)
-    uglifier (2.7.0)
+      thread_safe (~> 0.1)
    uglifier (2.7.1)
      execjs (>= 0.3.0)
      json (>= 1.8.0)
-    underscore-rails (1.7.0)
+    underscore-rails (1.8.2)
    unf (0.1.4)
      unf_ext
    unf_ext (0.0.6)
@ -563,46 +580,45 @@ PLATFORMS
 DEPENDENCIES
  RedCloth
  activeadmin!
-  airbrake (~> 3.1)
+  airbrake
-  ancestry (~> 2.1)
+  ancestry
-  angular-i18n (= 0.1.2)
+  angular-i18n
  angular-rails-templates
  angular-ui-bootstrap-rails
-  angularjs-rails (~> 1.2.15)
+  angularjs-rails
-  attr_encrypted (~> 1.3)
+  attr_encrypted
  better_errors
  binding_of_caller
-  bootstrap-sass (~> 3.3)
+  bootstrap-sass
  cancan!
  cape
  capistrano
  capistrano_colors
-  charlock_holmes (~> 0.7)
+  charlock_holmes
  codemirror-rails (~> 4.5)
-  coffee-rails (~> 4.1)
+  coffee-rails
-  compass-rails (~> 2.0)
+  compass-rails
  creole
-  devise (~> 3.3)
+  devise
-  diff-display (~> 0.0.1)
+  diff-display
  factory_girl_rails
-  ffi (~> 1.9.3)
+  ffi
-  font-awesome-rails (~> 4.2)
+  font-awesome-rails
-  friendly_id (~> 5.0)
+  friendly_id
-  gemoji (~> 2.1)
+  gemoji
  github-linguist (= 3.1.5)
  gollum-lib (~> 3.0)
  grack!
  grit!
-  haml-rails (~> 0.5)
+  haml-rails
  highline (~> 1.6.20)
  hirb
-  jbuilder (~> 2.2)
+  jbuilder
  jquery-migrate-rails
-  jquery-rails (~> 2.3)
+  jquery-rails
  js-routes
  localeapp
  mailcatcher
-  meta-tags (~> 2.0)
+  meta-tags
  meta_request
  mock_redis
  momentjs-rails
@ -615,30 +631,33 @@ DEPENDENCIES
  omniauth-facebook
  omniauth-github
  omniauth-google-oauth2
-  paperclip (~> 4.2)
+  paperclip
  perform_later!
-  pg (~> 0.17.1)
+  pg
  protected_attributes
  puma
  pundit
  rack-throttle (~> 0.3.0)
-  rails (= 4.0.13)
+  rack-utf8_sanitizer
  rails (= 4.1.10)
  rails-assets-notifyjs!
  rails3-generators
  rails3-jquery-autocomplete
  rake
  rdiscount
-  redcarpet (~> 3.1)
+  redcarpet (~> 3.2)
-  redis-rails (~> 4.0)
+  redis-rails
-  resque (~> 1.25)
+  resque
  resque-scheduler (~> 2.5.4)
-  resque-status (~> 0.4)
+  resque-status
-  resque_mailer (~> 2.2)
+  resque_mailer
-  rest-client (~> 1.7)
+  rest-client
  rr
  rspec-rails
-  ruby-haml-js (~> 0.0.5)
+  ruby-haml-js
-  russian (~> 0.6.0)
+  russian
  rvm-capistrano
-  sass-rails (~> 4.0)
+  sass-rails
  schema_plus (~> 1.5)
  shotgun
  shoulda
@ -648,17 +667,17 @@ DEPENDENCIES
  skype
  slim
  soundmanager-rails
-  sprockets (= 2.11.0)
+  sprockets
-  state_machine (~> 1.2)
+  state_machines-activerecord
  test_after_commit
-  therubyracer (~> 0.12.1)
+  therubyracer
-  therubyrhino (~> 2.0)
+  therubyrhino
  time_diff
  timecop
-  uglifier (~> 2.5)
+  uglifier
  underscore-rails
  webmock
-  whenever (~> 0.9.0)
+  whenever
  wikicloth
-  will_paginate (~> 3.0)
+  will_paginate
-  zeroclipboard-rails (~> 0.1.0)
+  zeroclipboard-rails
--- a/README.md
+++ b/README.md
@ -23,3 +23,4 @@ A ruby translation project managed on [Locale](http://www.localeapp.com/) that's
 - The maintainer will then pull translations from the Locale project and push to Github.
 Happy translating!
 test 1
--- a/vendor/assets/audios/garbage_shattering.wav
+++ b/vendor/assets/audios/garbage_shattering.wav
--- a/app/assets/javascripts/angularjs/build_lists/build_lists_controller.js.erb
+++ b/app/assets/javascripts/angularjs/build_lists/build_lists_controller.js.erb
@ -1,6 +1,6 @@
 RosaABF.controller('BuildListsController',
-  ['$scope', '$http', '$location', '$timeout', 'datepickerPopupConfig', '$cookies',
+  ['$scope', '$http', '$location', '$timeout', '$cookies',
-   function($scope, $http, $location, $timeout, datepickerPopupConfig, $cookies) {
+   function($scope, $http, $location, $timeout, $cookies) {
  $scope.params         = null;
  $scope.first_run      = true;
@ -8,8 +8,8 @@ RosaABF.controller('BuildListsController',
  $scope.build_lists    = [];
  $scope.isRequest      = false; // Disable 'Search' button
  $scope.pages          = [];
  $scope.opened         = {};
  $scope.map_priorities = {
    <%=BuildList::WAITING_FOR_RESPONSE%>: 13,
    <%=BuildList::BUILD_PENDING%>: 12,
@ -26,13 +26,6 @@ RosaABF.controller('BuildListsController',
    <%=BuildList::FAILED_PUBLISH%>: 1,
    <%=BuildList::REJECTED_PUBLISH%>: 0
  };
  $scope.minDate = new Date(2010, 1, 1);
  $scope.maxDate = moment().add(1, 'months').calendar();
  $scope.today = function() {
    $scope.dt = new Date();
  };
  $scope.today();
  $scope.clear = function () {
    //$scope.dt     = null;
@ -42,42 +35,22 @@ RosaABF.controller('BuildListsController',
                    };
  };
  // Disable weekend selection
  $scope.disabled = function(date, mode) {
    return ( mode === 'day' && ( date.getDay() === 0 || date.getDay() === 6 ) );
  };
  $scope.toggleMin = function() {
    $scope.minDate = $scope.minDate ? null : new Date();
  };
  $scope.toggleMin();
  $scope.dateOptions = {
    formatYear: 'yy',
    startingDay: <%=  I18n.locale == :ru ? 1 : 0 %>,
    'show-weeks': false
  };
  $scope.initDate = $scope.today();
  $scope.format = 'mediumDate';
  <% if I18n.locale == :ru %>
    // TRANSLATION
    datepickerPopupConfig.currentText = 'Сегодня';
    datepickerPopupConfig.clearText = 'Очистить';
    datepickerPopupConfig.weeksText = 'Недели';
    datepickerPopupConfig.closeText = 'Закрыть';
  <% end %>
  datepickerPopupConfig.appendToBody = 'true';
  $scope.init = function init() {
-    $scope.isOpenServerStatus = $cookies.isOpenServerStatus === 'true' ? true : false;
+    $scope.name_with_owner = $('#name_with_owner').val();
    if ($scope.name_with_owner) {
      $scope.build_lists_path = Routes.project_build_lists_path($scope.name_with_owner, {format: 'json'});
    }
    else {
      $scope.build_lists_path = Routes.build_lists_path({format: 'json'});
    }
    //$scope.isOpenServerStatus = $cookies.isOpenServerStatus === 'true' ? true : false;
    $scope.isOpenFilters      = $cookies.isOpenFilters === 'true' ? true : false;
  };
-  $scope.$watch('isOpenServerStatus', function(){
+  // $scope.$watch('isOpenServerStatus', function(){
-      $cookies.isOpenServerStatus =  $scope.isOpenServerStatus.toString();
+  //     $cookies.isOpenServerStatus =  $scope.isOpenServerStatus.toString();
-  }, true);
+  // }, true);
  $scope.$watch('isOpenFilters', function(){
      $cookies.isOpenFilters =  $scope.isOpenFilters.toString();
@ -88,9 +61,9 @@ RosaABF.controller('BuildListsController',
    $scope.isRequest = true;
-    $http.get(Routes.build_lists_path({format: 'json'}), {params: $location.search()}).success(function(results) {
+    $http.get($scope.build_lists_path, {params: $location.search()}).success(function(results) {
      // Render Server status
-      $scope.server_status  = results.server_status;
+      $scope.$parent.server_status  = results.server_status;
      // TMP fields
      var dictionary  = results.dictionary;
--- a/app/assets/javascripts/angularjs/comments/comment.js.coffee
+++ b/app/assets/javascripts/angularjs/comments/comment.js.coffee
@ -1,10 +1,17 @@
 commentService = ($http) ->
  getPath = (kind, project, commentable, id) ->
    if commentable.kind is 'issue' or commentable.kind is 'pull'
      if kind is 'remove' or kind is 'update'
        return Routes.project_issue_comment_path(project, commentable.id, id)
      else if kind is 'add'
        return Routes.project_issue_comments_path(project, commentable.id)
    else if commentable.kind is 'commit'
      if kind is 'remove' or kind is 'update'
        return Routes.project_commit_comment_path(project, commentable.id, id)
      else if kind is 'add'
        return Routes.project_commit_comments_path(project, commentable.id)
  {
    add: (project, commentable, body) ->
      path = getPath('add', project, commentable)
@ -24,7 +31,7 @@ commentService = ($http) ->
    update: (project, commentable, id) ->
      path = getPath('update', project, commentable, id)
      params = { comment: { body:  $('#comment-'+id+'-body').val() }}
-      $http.put(path, params)
+      $http.patch(path, params)
    remove: (project, commentable, id) ->
      path = getPath('remove', project, commentable, id)
--- a/app/assets/javascripts/angularjs/comments/comments_controller.js.coffee
+++ b/app/assets/javascripts/angularjs/comments/comments_controller.js.coffee
@ -57,7 +57,7 @@ CommentsController = (Comment, Preview, confirmMessage, $scope, compileHTML, $ro
    promise = Preview.get_preview(vm.project, body)
    promise.success( (response) ->
-      vm.preview_body  = response
+      vm.preview_body  = response.html
      Preview.old_text = body
    ).error( (response) ->
      vm.preview_body = 'Error :('
@ -75,15 +75,22 @@ CommentsController = (Comment, Preview, confirmMessage, $scope, compileHTML, $ro
    else
      false
-  vm.add = ->
+  vm.add = ($event)->
    $event.preventDefault()
    $event.stopPropagation()
    vm.processing = true
-    promise = Comment.add(vm.project, vm.commentable, vm.new_body)
+    Comment.add(vm.project, vm.commentable, vm.new_body)
-    promise.then (response) ->
+    .success (data) ->
-      element = compileHTML.run($scope, response.data.html)
+      element = compileHTML.run($scope, data.html)
      list.append(element)
      vm.new_body = ''
-      location.hash = "#comment" + response.data.id;
+      location.hash = "#comment" + data.id;
      vm.processing = false
      $.notify(data.message, 'success')
    .error (data) ->
      $.notify(data.message, 'error')
      vm.processing = false
    false
@ -91,8 +98,8 @@ CommentsController = (Comment, Preview, confirmMessage, $scope, compileHTML, $ro
  vm.remove = (id) ->
    return false unless confirmMessage.show()
    vm.processing = true
-    promise = Comment.remove(vm.project, vm.commentable, id)
+    Comment.remove(vm.project, vm.commentable, id)
-    promise.then () ->
+    .success (data)->
      parent = $('#comment'+id+',#diff-comment'+id).parents('tr.line-comments')
      if parent.find('.line-comment').length is 1
        # there is only one line comment, remove all line
@ -100,16 +107,21 @@ CommentsController = (Comment, Preview, confirmMessage, $scope, compileHTML, $ro
      else
        $('#comment'+id+',#diff-comment'+id+',#update-comment'+id).remove()
      $.notify(data.message, 'success')
      vm.processing = false
    .error (data)->
      $.notify(data.message, 'error')
      vm.processing = false
    false
  vm.update = (id) ->
    vm.processing = true
-    promise = Comment.update(vm.project, vm.commentable, id)
+    Comment.update(vm.project, vm.commentable, id)
-    promise.then (response) ->
+    .success (data) ->
-      form = $('#comment'+id+ ' .md_and_cm.cm-s-default').html(response.data.body)
+      form = $('#comment'+id+ ' .md_and_cm.cm-s-default').html(data.body)
      $.notify(data.message, 'success')
      vm.processing = false
      form = $('.open-comment.comment-'+id)
      if form.length is 1
@ -117,6 +129,9 @@ CommentsController = (Comment, Preview, confirmMessage, $scope, compileHTML, $ro
        return true
      else
        return false
    .error (data) ->
      $.notify(data.message, 'error')
      vm.processing = false
  vm.showInlineForm = ($event, params = {}) ->
    line_comments = findInlineComments($event, params)
@ -170,7 +185,7 @@ CommentsController = (Comment, Preview, confirmMessage, $scope, compileHTML, $ro
    vm.commentable = commentable
    vm.processing  = false
    vm.k = 10
-    if commentable.kind is 'issue'
+    if commentable.kind is 'issue' or commentable.kind is 'commit'
      list = $('#comments_list')
    else if commentable.kind is 'pull'
      list = $('#pull-activity')
--- a/app/assets/javascripts/angularjs/controllers/datepicker_controller.js.coffee.erb
+++ b/app/assets/javascripts/angularjs/controllers/datepicker_controller.js.coffee.erb
@ -0,0 +1,61 @@
 DatePickerController = ($scope, datepickerPopupConfig) ->
  vm = this
  vm.minDate = new Date(2010, 1, 1)
  vm.maxDate = moment().add(1, 'months').calendar()
  vm.today = ->
    vm.dt = new Date()
  vm.today()
  vm.clear = ->
    dt = null
  # Disable weekend selection
  vm.disabled = (date, mode)->
    mode is 'day' and ( date.getDay() is 0 or date.getDay() is 6 )
  vm.toggleMin = ->
    vm.minDate = vm.minDate ? null : new Date()
  vm.toggleMin()
  vm.open_updated_at_start = ($event)->
    $event.preventDefault()
    $event.stopPropagation()
    vm.updated_at_start_opened = true
  vm.open_updated_at_end = ($event)->
    $event.preventDefault()
    $event.stopPropagation()
    vm.updated_at_end_opened = true
  vm.dateOptions =
    formatYear: 'yy'
    startingDay: <%=  I18n.locale == :ru ? 1 : 0 %>
    'show-weeks': false
  vm.initDate = vm.today()
  vm.format = 'dd/MM/yyyy'
  <% if I18n.locale == :ru %>
  # TRANSLATION
  datepickerPopupConfig.currentText = 'Сегодня'
  datepickerPopupConfig.clearText = 'Очистить'
  datepickerPopupConfig.weeksText = 'Недели'
  datepickerPopupConfig.closeText = 'Закрыть'
  <% end %>
  #datepickerPopupConfig.appendToBody = 'true'
 angular
  .module("RosaABF")
  .controller "DatePickerController", DatePickerController
 DatePickerController.$inject = [
                                '$scope'
                                'datepickerPopupConfig'
                               ]
--- a/app/assets/javascripts/angularjs/issues/issue_controller.js.coffee
+++ b/app/assets/javascripts/angularjs/issues/issue_controller.js.coffee
@ -46,7 +46,7 @@ IssueController = (dataservice, $http, Issue, $rootScope, Preview, Label, confir
    promise = Preview.get_preview(vm.project, body)
    promise.success( (response) ->
-      vm.preview_body  = response
+      vm.preview_body  = response.html
      Preview.old_text = body
    ).error( (response) ->
      vm.preview_body = 'Error :('
--- a/app/assets/javascripts/angularjs/platforms/repository_projects_controller.js.coffee
+++ b/app/assets/javascripts/angularjs/platforms/repository_projects_controller.js.coffee
@ -1,4 +1,4 @@
-RosaABF.controller 'RepositoryProjectsController', ['$scope', '$http', '$location', ($scope, $http, $location) ->
+RosaABF.controller 'RepositoryProjectsController', ['$scope', '$http', '$location', 'confirmMessage', ($scope, $http, $location, confirmMessage) ->
  $scope.added          = $('#added').val()
  $scope.platform_id    = $('#platform_id').val()
@ -51,4 +51,13 @@ RosaABF.controller 'RepositoryProjectsController', ['$scope', '$http', '$locatio
  $scope.goToPage = (number) ->
    $location.search('page', number)
  $scope.removeProject = (project) ->
    return false unless confirmMessage.show()
    $http.delete(project.remove_path).success (data) ->
      $.notify(data.message, 'success')
    $scope.projects = _.reject($scope.projects, (pr) ->
      return pr.id is project.id
    )
    false
 ]
--- a/app/assets/javascripts/angularjs/projects/collaborators_controller.js.coffee
+++ b/app/assets/javascripts/angularjs/projects/collaborators_controller.js.coffee
@ -18,36 +18,51 @@ CollaboratorsController = (dataservice, Collaborator, $http, confirmMessage) ->
    vm.selected_new_collaborator = item
    false
-  vm.addCollaborator = ->
+  vm.addCollaborator = ($event) ->
-    promise = Collaborator.add(vm.name_with_owner,
+    $event.preventDefault()
    $event.stopPropagation()
    Collaborator.add(vm.name_with_owner,
                     vm.selected_new_collaborator,
                     vm.new_role,
                     vm.project_id)
-    promise.success (data) ->
+    .success (data) ->
      vm.collaborators.push data
      $.notify(data.message, 'success')
    .error (data) ->
      $.notify(data.message, 'error')
    vm.new_collaborator_uname    = null
    vm.selected_new_collaborator = null
    false
-  vm.removeCollaborator = (member) ->
+  vm.removeCollaborator = (member, need_confirm = true) ->
-    return false unless confirmMessage.show()
+    return false if need_confirm and !confirmMessage.show()
-    promise = Collaborator.remove(vm.name_with_owner, member.id)
+    Collaborator.remove(vm.name_with_owner, member.id)
-    promise.success (data) ->
+    .success (data) ->
      vm.collaborators = _.reject(vm.collaborators, (c) ->
        c.id is member.id
      )
      $.notify(data.message, 'success')
    .error (data) ->
      $.notify(data.message, 'error')
    false
  vm.removeCollaborators = ->
    return false unless confirmMessage.show()
    _.each(vm.collaborators, (c) ->
-      vm.removeCollaborator(c) if c.check_delete
+      vm.removeCollaborator(c, false) if c.check_delete
    )
    false
  vm.updateCollaborator = (member) ->
    return false unless confirmMessage.show()
    Collaborator.update(vm.name_with_owner, member)
    .success (data) ->
      $.notify(data.message, 'success')
    .error (data) ->
      $.notify(data.message, 'error')
    false
  init = (dataservice) ->
--- a/app/assets/javascripts/angularjs/pull_requests/pull_request_controller.js.coffee
+++ b/app/assets/javascripts/angularjs/pull_requests/pull_request_controller.js.coffee
@ -54,32 +54,49 @@ PullRequestController = (dataservice, $http, ApiPullRequest, ApiProject, DateTim
      vm.branch = branch
  vm.reopen = ->
    return false if vm.processing
    vm.processing = true
    vm.pull_resource.$update
      pull_request_action: "reopen"
    , ->
      vm.getPullRequest()
      vm.processing = false
  vm.close = ->
    return false if vm.processing
    vm.processing = true
    vm.pull_resource.$update
      pull_request_action: "close"
    , ->
      vm.getPullRequest()
      vm.processing = false
  vm.merge = ->
    return false if vm.processing
    vm.processing = true
    vm.pull_resource.$merge ->
      vm.getPullRequest()
      vm.processing = false
  vm.deleteBranch = ->
    return false if vm.processing
    vm.processing = true
    vm.project_resource.$delete_branch vm.branch_params(), (-> # success
      vm.branch = null
      vm.processing = false
    ), -> # error
      vm.getBranch()
      vm.processing = false
  vm.restoreBranch = ->
    return false if vm.processing
    vm.processing = true
    vm.project_resource.$restore_branch vm.branch_params(), (-> # success
      vm.getBranch()
      vm.processing = false
    ), -> # error
      vm.getBranch()
      vm.processing = false
  vm.branch_params = ->
    owner: vm.pull_params.owner
@ -108,9 +125,8 @@ PullRequestController = (dataservice, $http, ApiPullRequest, ApiProject, DateTim
    promise = ApiPullRequest.get_diff(vm.pull_params)
    promise.then (response) ->
      diff.html(null)
      #html = compileHTML.run($scope, response.data)
      #diff.html(html)
      $rootScope.$broadcast('compile_html', { element: diff, html: response.data })
      $('[data-toggle="tooltip"]').tooltip()
      vm.processing = false
      vm.is_diff_updated = true
    false
--- a/app/assets/javascripts/angularjs/services/preview.js.coffee
+++ b/app/assets/javascripts/angularjs/services/preview.js.coffee
@ -4,14 +4,8 @@ previewService = ($http) ->
    old_text: old_text
    get_preview: (name_with_owner, text, old_text) ->
      return null if text is old_text
-      path = Routes.project_md_preview_path(
+      path = Routes.project_md_preview_path(name_with_owner)
-        {
+      $http.post(path, {text: text})
          name_with_owner: name_with_owner,
          text:            text
        }
      )
      $http.post(path)
  }
 angular
--- a/app/assets/javascripts/extra/diff.js.coffee
+++ b/app/assets/javascripts/extra/diff.js.coffee
@ -0,0 +1,6 @@
 $(document).ready ->
  $(document).on 'click', '#diff_header .panel-body li.list-group-item a', ->
    href = $(this).attr('href')
    $(".diff_data.collapse#"+href.slice(1)+"_content").collapse('show')
  return
--- a/app/assets/javascripts/extra/diff_chevrons.js.coffee
+++ b/app/assets/javascripts/extra/diff_chevrons.js.coffee
@ -0,0 +1,14 @@
 $(document).ready ->
  $(document).on 'hide.bs.collapse', '.file .diff_data.collapse', ->
    $(this).parent().find('.top button span.fa').removeClass('fa-chevron-down').addClass('fa-chevron-up')
  $(document).on 'show.bs.collapse', '.file .diff_data.collapse', ->
    $(this).parent().find('.top button span.fa').removeClass('fa-chevron-up').addClass('fa-chevron-down')
  $(document).on 'hide.bs.collapse', '#diff_header #collapseList', ->
    $(this).parent().find('.panel-title a span.fa').removeClass('fa-chevron-down').addClass('fa-chevron-up')
  $(document).on 'show.bs.collapse', '#diff_header #collapseList', ->
    $(this).parent().find('.panel-title a span.fa').removeClass('fa-chevron-up').addClass('fa-chevron-down')
  return
--- a/app/assets/javascripts/new_application.js
+++ b/app/assets/javascripts/new_application.js
@ -27,14 +27,19 @@
 //= require zeroclipboard
 //= require notifyjs
 //= require notifyjs/styles/bootstrap/notify-bootstrap
 //= require lib/Chart
 //= require lib/bootstrap-typeahead
 //= require lib/custom-bootstrap-typeahead
 //= require extra/highlight
 //= require extra/highlight
 //= require extra/pull
 //= require extra/scroller
 //= require extra/fork
 //= require extra/diff_chevrons
 //= require extra/diff
 //= require_self
--- a/app/assets/stylesheets/active_admin.css.scss
+++ b/app/assets/stylesheets/active_admin.css.scss
--- a/app/assets/stylesheets/custom_bootstrap.css.sass
+++ b/app/assets/stylesheets/custom_bootstrap.css.sass
@ -225,6 +225,9 @@ textarea.resize-vertical
 .update-label, .update-status, .pointer
  cursor: pointer
 .no-pointer
  cursor: default !important
 #scroller
  position: fixed
  bottom:   20px
--- a/app/assets/stylesheets/new_application.css.scss
+++ b/app/assets/stylesheets/new_application.css.scss
--- a/app/assets/stylesheets/views/blame.css.sass
+++ b/app/assets/stylesheets/views/blame.css.sass
--- a/app/assets/stylesheets/views/diff.css.sass
+++ b/app/assets/stylesheets/views/diff.css.sass
@ -3,7 +3,7 @@
  overflow-x: auto
 table.table.diff.inline
-  //border:     1px solid #DDD
+  margin-bottom: 0
  tr.changes
    pre
@ -66,17 +66,6 @@ table.table.diff.inline
  .line-comment, #new_inline_comment
    max-width: 700px
  td.diff-image
    text-align: center
    span.diff-image
      text-align: center
      margin: 0
      padding: 0
      img
        margin-top: 5px
 div.file div.top
  min-height: 28px
  background: #ededed
--- a/app/assets/stylesheets/views/error_pages.css.sass
+++ b/app/assets/stylesheets/views/error_pages.css.sass
--- a/app/assets/stylesheets/views/shared/log.css.sass
+++ b/app/assets/stylesheets/views/shared/log.css.sass
@ -1,3 +0,0 @@
 accordion .build-log
  height: 300px
  overflow-y: auto
--- a/app/assets/stylesheets/views/shared/log.sass
+++ b/app/assets/stylesheets/views/shared/log.sass
@ -0,0 +1,3 @@
 .build-log
  pre
    font-size: 11px
--- a/app/assets/stylesheets/views/statistics.css.sass
+++ b/app/assets/stylesheets/views/statistics.css.sass
--- a/app/controllers/advisories_controller.rb
+++ b/app/controllers/advisories_controller.rb
@ -1,11 +1,10 @@
 class AdvisoriesController < ApplicationController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user! if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user! if APP_CONFIG['anonymous_access']
  load_resource find_by: :advisory_id
  authorize_resource
  def index
-    @advisories = @advisories.includes(:platforms).search(params[:q]).uniq
+    authorize :advisories
    @advisories = Advisory.includes(:platforms).search(params[:q]).uniq
    @advisories_count = @advisories.count
    @advisories = @advisories.paginate(page: current_page, per_page: Advisory.per_page)
    respond_to do |format|
@ -16,10 +15,12 @@ class AdvisoriesController < ApplicationController
  end
  def show
    authorize @advisory = Advisory.find_by(advisory_id: params[:id])
    @packages_info = @advisory.fetch_packages_info
  end
  def search
    authorize :advisories
    @advisory = Advisory.by_update_type(params[:bl_type]).search_by_id(params[:query]).first
    if @advisory.nil?
      render nothing: true, status: 404
--- a/app/controllers/api/v1/advisories_controller.rb
+++ b/app/controllers/api/v1/advisories_controller.rb
@ -1,27 +1,26 @@
 class Api::V1::AdvisoriesController < Api::V1::BaseController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: %i(index show) if APP_CONFIG['anonymous_access']
-  load_resource :advisory, find_by: :advisory_id
+  before_action :load_advisory,           only: %i(show update)
-  before_filter :find_and_authorize_build_list, only: [:create, :update]
+  before_action :load_build_list,         only: %i(create update)
  authorize_resource :build_list, only: [:create, :update]
  def index
-    @advisories = @advisories.includes(:platforms, :projects).paginate(paginate_params)
+    authorize :advisory
-    respond_to :json
+    @advisories = Advisory.includes(:platforms, :projects).paginate(paginate_params)
  end
  def show
    @packages_info = @advisory.fetch_packages_info
    respond_to :json
  end
  def create
    authorize :advisory
    if @build_list.can_attach_to_advisory? &&
        @build_list.associate_and_create_advisory(params[:advisory]) &&
        @build_list.save
-      render_json_response @advisory, 'Advisory has been created successfully'
+      render_json_response @build_list.advisory, 'Advisory has been created successfully'
    else
-      render_validation_error @advisory, error_message(@build_list, 'Advisory has not been created')
+      render_validation_error @build_list.advisory, error_message(@build_list, 'Advisory has not been created')
    end
  end
@ -36,9 +35,14 @@ class Api::V1::AdvisoriesController < Api::V1::BaseController
  protected
-  def find_and_authorize_build_list
+  def load_build_list
    @build_list = BuildList.find params[:build_list_id]
-    authorize! :local_admin_manage, @build_list.save_to_platform
+    authorize @build_list.save_to_platform, :local_admin_manage?
  end
  def load_advisory
    @advisory = Advisory.find_by(advisory_id: params[:id]) if params[:id]
    authorize @advisory if @advisory
  end
 end
--- a/app/controllers/api/v1/arches_controller.rb
+++ b/app/controllers/api/v1/arches_controller.rb
@ -1,9 +1,9 @@
 class Api::V1::ArchesController < Api::V1::BaseController
-  before_filter :authenticate_user! unless APP_CONFIG['anonymous_access']
+  before_action :authenticate_user! unless APP_CONFIG['anonymous_access']
  def index
    authorize :arch
    @arches = Arch.order(:id).paginate(paginate_params)
    respond_to :json
  end
 end
--- a/app/controllers/api/v1/base_controller.rb
+++ b/app/controllers/api/v1/base_controller.rb
@ -4,7 +4,7 @@ class Api::V1::BaseController < ApplicationController
  helper_method :member_path
-  rescue_from CanCan::AccessDenied do |exception|
+  rescue_from Pundit::NotAuthorizedError do |exception|
    respond_to do |format|
      format.json { render json: {message: t('flash.exception_message')}.to_json, status: 403 }
      format.csv  { render text: t('flash.exception_message'), status: 403 }
@ -35,6 +35,7 @@ class Api::V1::BaseController < ApplicationController
  end
  def create_subject(subject)
    authorize subject, :create?
    class_name = subject.class.name
    if subject.save
      render_json_response subject, "#{class_name} has been created successfully"
@ -44,6 +45,7 @@ class Api::V1::BaseController < ApplicationController
  end
  def update_member_in_subject(subject, relation = :relations)
    authorize subject, :update_member?
    role = params[:role]
    class_name = subject.class.name.downcase
    if member.present? && role.present? && subject.respond_to?(:owner) && subject.owner != member &&
@ -55,6 +57,7 @@ class Api::V1::BaseController < ApplicationController
  end
  def add_member_to_subject(subject, role = 'admin')
    authorize subject, :add_member?
    class_name = subject.class.name.downcase
    if member.present? && subject.add_member(member, role)
      render_json_response subject, "#{member.class.to_s} '#{member.id}' has been added to #{class_name} successfully"
@ -64,6 +67,7 @@ class Api::V1::BaseController < ApplicationController
  end
  def remove_member_from_subject(subject)
    authorize subject, :remove_member?
    class_name = subject.class.name.downcase
    if member.present? && subject.remove_member(member)
      render_json_response subject, "#{member.class.to_s} '#{member.id}' has been removed from #{class_name} successfully"
@ -73,11 +77,13 @@ class Api::V1::BaseController < ApplicationController
  end
  def destroy_subject(subject)
    authorize subject, :destroy?
    subject.destroy # later with resque
    render_json_response subject, "#{subject.class.name} has been destroyed successfully"
  end
  def update_subject(subject)
    authorize subject, :update?
    class_name = subject.class.name
    if subject.update_attributes(params[class_name.underscore.to_sym] || {})
      render_json_response subject, "#{class_name} has been updated successfully"
@ -94,7 +100,7 @@ class Api::V1::BaseController < ApplicationController
        id: id,
        message: message
      }
-    }.to_json, status: status
+    }, status: status
  end
  def render_validation_error(subject, message)
--- a/app/controllers/api/v1/build_lists_controller.rb
+++ b/app/controllers/api/v1/build_lists_controller.rb
@ -1,17 +1,26 @@
 class Api::V1::BuildListsController < Api::V1::BaseController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:show, :index] if APP_CONFIG['anonymous_access']
+  before_action :load_build_list, only: %i(
-
+                                            cancel
-  load_and_authorize_resource :build_list, only: [:show, :create, :cancel, :publish, :reject_publish, :create_container, :publish_into_testing, :rerun_tests]
+                                            create_container
                                            publish
                                            publish_into_testing
                                            reject_publish
                                            rerun_tests
                                            show
                                          )
  skip_before_action :authenticate_user!, only: %i(show index) if APP_CONFIG['anonymous_access']
  def show
    authorize @build_list
    respond_to :json
  end
  def index
    authorize :build_list
    @project = Project.find(params[:project_id]) if params[:project_id].present?
-    authorize!(:show, @project) if @project
+    authorize @project, :show? if @project
-    filter = BuildList::Filter.new(@project, current_user, current_ability, params[:filter] || {})
+    filter = BuildList::Filter.new(@project, current_user, params[:filter] || {})
    @build_lists = filter.find.includes(:build_for_platform,
                                        :save_to_repository,
                                        :save_to_platform,
@ -36,34 +45,45 @@ class Api::V1::BuildListsController < Api::V1::BaseController
  end
  def cancel
    authorize @build_list
    render_json :cancel
  end
  def publish
    authorize @build_list
    @build_list.publisher = current_user
    render_json :publish
  end
  def reject_publish
    authorize @build_list
    @build_list.publisher = current_user
    render_json :reject_publish
  end
  def create_container
    authorize @build_list
    render_json :create_container, :publish_container
  end
  def rerun_tests
    authorize @build_list
    render_json :rerun_tests
  end
  def publish_into_testing
    authorize @build_list
    @build_list.publisher = current_user
    render_json :publish_into_testing
  end
  private
  # Private: before_action hook which loads BuidList.
  def load_build_list
    @build_list = BuildList.find params[:id]
  end
  def render_json(action_name, action_method = nil)
    if @build_list.try("can_#{action_name}?") && @build_list.send(action_method || action_name)
      render_json_response @build_list, t("layout.build_lists.#{action_name}_success")
--- a/app/controllers/api/v1/groups_controller.rb
+++ b/app/controllers/api/v1/groups_controller.rb
@ -1,23 +1,22 @@
 class Api::V1::GroupsController < Api::V1::BaseController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:show] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: [:show] if APP_CONFIG['anonymous_access']
-  load_and_authorize_resource
+  before_action :load_group, except: %i(index create)
  def index
-    # accessible_by(current_ability)
+    authorize :group
    @groups = current_user.groups.paginate(paginate_params)
    respond_to :json
  end
  def show
-    respond_to :json
+    authorize @group
  end
  def members
    authorize @group
    @members = @group.members.where('actor_id != ?', @group.owner_id)
                     .order('name').paginate(paginate_params)
    respond_to :json
  end
  def update
@ -48,4 +47,11 @@ class Api::V1::GroupsController < Api::V1::BaseController
    update_member_in_subject @group, :actors
  end
  private
  # Private: before_action hook which loads Group.
  def load_group
    @group = Group.find params[:id]
  end
 end
--- a/app/controllers/api/v1/issues_controller.rb
+++ b/app/controllers/api/v1/issues_controller.rb
@ -1,11 +1,13 @@
 class Api::V1::IssuesController < Api::V1::BaseController
-  before_filter :authenticate_user!
+  include Api::V1::Issueable
  skip_before_filter :authenticate_user!, only: [:index, :group_index, :show] if APP_CONFIG['anonymous_access']
-  load_and_authorize_resource :group, only: :group_index, find_by: :id, parent: false
+  before_action :authenticate_user!
-  load_and_authorize_resource :project
+  skip_before_action :authenticate_user!, only: %i(index group_index show) if APP_CONFIG['anonymous_access']
-  skip_load_and_authorize_resource :project, only: [:all_index, :user_index, :group_index]
+
-  load_and_authorize_resource :issue, through: :project, find_by: :serial_id, only: [:show, :update, :create, :index]
+  before_action :load_group,        only: :group_index
  before_action :load_project
  skip_before_action :load_project, only: %i(all_index user_index group_index)
  before_action :load_issue,        only: %i(show update index)
  def index
    @issues = @project.issues
@ -13,12 +15,14 @@ class Api::V1::IssuesController < Api::V1::BaseController
  end
  def all_index
-    project_ids = get_all_project_ids Project.accessible_by(current_ability, :membered).pluck(:id)
+    authorize :issue, :index?
    project_ids = get_all_project_ids membered_projects.pluck(:id)
    @issues = Issue.where(project_id: project_ids)
    render_issues_list
  end
  def user_index
    authorize :issue, :index?
    project_ids = get_all_project_ids current_user.projects.pluck(:id)
    @issues = Issue.where(project_id: project_ids)
    render_issues_list
@ -26,7 +30,7 @@ class Api::V1::IssuesController < Api::V1::BaseController
  def group_index
    project_ids = @group.projects.pluck(:id)
-    project_ids = Project.accessible_by(current_ability, :membered).where(id: project_ids).pluck(:id)
+    project_ids = membered_projects.where(id: project_ids).pluck(:id)
    @issues = Issue.where(project_id: project_ids)
    render_issues_list
  end
@ -40,13 +44,14 @@ class Api::V1::IssuesController < Api::V1::BaseController
  end
  def create
    @issue      = @project.issues.new(params[:issue])
    @issue.user = current_user
-    @issue.assignee = nil if cannot?(:write, @project)
+    @issue.assignee = nil unless policy(@project).write?
    create_subject @issue
  end
  def update
-    unless can?(:write, @project)
+    unless policy(@project).write?
      params.delete :update_labels
      [:assignee_id, :labelings, :labelings_attributes].each do |k|
        params[:issue].delete k
@ -94,7 +99,7 @@ class Api::V1::IssuesController < Api::V1::BaseController
    end
    if params[:labels].present?
-      labels = params[:labels].split(',').map {|e| e.strip}.select {|e| e.present?}
+      labels = params[:labels].split(',').map(&:strip).select(&:present?)
      @issues = @issues.where('labels.name IN (?)', labels)
    end
@ -110,13 +115,4 @@ class Api::V1::IssuesController < Api::V1::BaseController
    end
  end
  def get_all_project_ids default_project_ids
    project_ids = []
    if ['created', 'all'].include? params[:filter]
      # add own issues
      project_ids = Project.accessible_by(current_ability, :show).joins(:issues).
                            where(issues: {user_id: current_user.id}).pluck('projects.id')
    end
    project_ids |= default_project_ids
  end
 end
--- a/app/controllers/api/v1/jobs_controller.rb
+++ b/app/controllers/api/v1/jobs_controller.rb
@ -4,7 +4,8 @@ class Api::V1::JobsController < Api::V1::BaseController
  QUEUES = %w(rpm_worker_observer)
  QUEUE_CLASSES = %w(AbfWorker::RpmWorkerObserver)
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
  skip_after_action :verify_authorized
  def shift
    @build_list = BuildList.next_build(arch_ids, platform_ids) if current_user.system?
@ -21,8 +22,8 @@ class Api::V1::JobsController < Api::V1::BaseController
          @build_list ||= build_lists.external_nodes(:everything).first
        else
          @build_list   = build_lists.external_nodes(:owned).for_user(current_user).first
-          @build_list ||= build_lists.external_nodes(:everything).
+          @build_list ||= BuildListPolicy::Scope.new(current_user, build_lists).owned.
-            accessible_by(current_ability, :related).readonly(false).first
+            external_nodes(:everything).readonly(false).first
        end
        set_builder
      end
--- a/app/controllers/api/v1/maintainers_controller.rb
+++ b/app/controllers/api/v1/maintainers_controller.rb
@ -1,12 +1,11 @@
 class Api::V1::MaintainersController < Api::V1::BaseController
-  before_filter :authenticate_user! unless APP_CONFIG['anonymous_access']
+  before_action :authenticate_user! unless APP_CONFIG['anonymous_access']
  load_and_authorize_resource :platform
  def index
    authorize @platform = Platform.find(params[:platform_id]), :show?
    @maintainers = BuildList::Package.includes(:project)
                                     .actual.by_platform(@platform)
                                     .like_name(params[:package_name])
                                     .paginate(paginate_params)
    respond_to :json
  end
 end
--- a/app/controllers/api/v1/platforms_controller.rb
+++ b/app/controllers/api/v1/platforms_controller.rb
@ -1,10 +1,11 @@
 class Api::V1::PlatformsController < Api::V1::BaseController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: :allowed
+  skip_before_action :authenticate_user!, only: :allowed
-  skip_before_filter :authenticate_user!, only: [:show, :platforms_for_build, :members] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: [:show, :platforms_for_build, :members] if APP_CONFIG['anonymous_access']
-  load_and_authorize_resource except: :allowed
+  before_action :load_platform, except: [:index, :allowed, :platforms_for_build, :create]
  def allowed
    authorize :platform
    if request.authorization.present?
      token, pass = *ActionController::HttpAuthentication::Basic::user_name_and_password(request)
    end
@ -16,25 +17,24 @@ class Api::V1::PlatformsController < Api::V1::BaseController
  end
  def index
-    @platforms = @platforms.accessible_by(current_ability, :related)
+    authorize :platform
-                           .by_type(params[:type]).paginate(paginate_params)
+    @platforms = PlatformPolicy::Scope.new(current_user, Platform).show.
-    respond_to :json
+      by_type(params[:type]).paginate(paginate_params)
  end
  def show
    respond_to :json
  end
  def platforms_for_build
-    @platforms = Platform.availables_main_platforms(current_user, current_ability).paginate(paginate_params)
+    authorize :platform
-    respond_to do |format|
+    @platforms = Platform.availables_main_platforms(current_user).paginate(paginate_params)
-      format.json { render :index }
+    render :index
    end
  end
  def create
    platform_params = params[:platform] || {}
    owner = User.where(id: platform_params[:owner_id]).first
    @platform       = Platform.new platform_params
    @platform.owner = owner || get_owner
    create_subject @platform
  end
@ -48,7 +48,6 @@ class Api::V1::PlatformsController < Api::V1::BaseController
  def members
    @members = @platform.members.order('name').paginate(paginate_params)
    respond_to :json
  end
  def add_member
@ -79,4 +78,11 @@ class Api::V1::PlatformsController < Api::V1::BaseController
    destroy_subject @platform
  end
  private
  # Private: before_action hook which loads Platform.
  def load_platform
    authorize @platform = Platform.find(params[:id])
  end
 end
--- a/app/controllers/api/v1/product_build_lists_controller.rb
+++ b/app/controllers/api/v1/product_build_lists_controller.rb
@ -1,22 +1,23 @@
 class Api::V1::ProductBuildListsController < Api::V1::BaseController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access']
-  load_and_authorize_resource :product, only: :index
+  before_action :load_product,            only: :index
-  load_and_authorize_resource
+  before_action :load_product_build_list, except: [:index, :create]
  def index
-    @product_build_lists = if @product
+    @product_build_lists =
      if @product
        @product.product_build_lists
      else
-                             ProductBuildList.accessible_by current_ability, :read
+       PlatformPolicy::Scope.new(current_user, ProductBuildList.joins(product: :platform)).show
      end
    @product_build_lists = @product_build_lists.joins(:product, :project, :arch)
    @product_build_lists = @product_build_lists.recent.paginate(paginate_params)
    respond_to :json
  end
  def create
    @product_build_list = ProductBuildList.new(params[:product_build_list])
    @product_build_list.project ||= @product_build_list.try(:product).try(:project)
    @product_build_list.main_script ||= @product_build_list.try(:product).try(:main_script)
    @product_build_list.params ||= @product_build_list.try(:product).try(:params)
@ -25,7 +26,6 @@ class Api::V1::ProductBuildListsController < Api::V1::BaseController
  end
  def show
    respond_to :json
  end
  def update
@ -44,4 +44,16 @@ class Api::V1::ProductBuildListsController < Api::V1::BaseController
      render_validation_error @product_build_list, t("layout.product_build_lists.cancel_fail")
    end
  end
  private
  # Private: before_action hook which loads ProductBuildList.
  def load_product_build_list
    authorize @product_build_list = ProductBuildList.find(params[:id])
  end
  # Private: before_action hook which loads Product.
  def load_product
    authorize @product = Product.find(params[:product_id]), :show? if params[:product_id]
  end
 end
--- a/app/controllers/api/v1/products_controller.rb
+++ b/app/controllers/api/v1/products_controller.rb
@ -1,11 +1,11 @@
 class Api::V1::ProductsController < Api::V1::BaseController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access']
-  load_and_authorize_resource
+  before_action :load_product, except: :create
  def create
-    create_subject @product
+    create_subject @product = Product.new(params[:product])
  end
  def update
@ -13,10 +13,17 @@ class Api::V1::ProductsController < Api::V1::BaseController
  end
  def show
    respond_to :json
  end
  def destroy
    destroy_subject @product
  end
  private
  # Private: before_action hook which loads Product.
  def load_product
    authorize @product = Product.find(params[:id])
  end
 end
--- a/app/controllers/api/v1/projects_controller.rb
+++ b/app/controllers/api/v1/projects_controller.rb
@ -1,32 +1,25 @@
 class Api::V1::ProjectsController < Api::V1::BaseController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:get_id, :show, :refs_list] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: [:get_id, :show, :refs_list] if APP_CONFIG['anonymous_access']
-  load_and_authorize_resource :project
+  before_action :load_project, except: [:index, :create, :get_id]
  def index
-    @projects = Project.accessible_by(current_ability, :membered)
+    authorize :project
-                       .paginate(paginate_params)
+    @projects = ProjectPolicy::Scope.new(current_user, Project).
-    respond_to :json
+      membered.paginate(paginate_params)
  end
  def get_id
-    if @project = Project.find_by_owner_and_name(params[:owner], params[:name])
+    authorize @project = Project.find_by_owner_and_name!(params[:owner], params[:name])
      authorize! :show, @project
    else
      raise ActiveRecord::RecordNotFound
    end
    respond_to :json
  end
  def show
    respond_to :json
  end
  def refs_list
    @refs = @project.repo.branches + @project.repo.tags.select{ |t| t.commit }
    respond_to :json
  end
  def update
@ -38,21 +31,20 @@ class Api::V1::ProjectsController < Api::V1::BaseController
  end
  def create
    @project   = Project.new(params[:project])
    p_params   = params[:project] || {}
-    owner_type = p_params[:owner_type]
+    owner_type = %w(User Group).find{ |t| t == p_params[:owner_type] }
-    if owner_type.present? && %w(User Group).include?(owner_type)
+    if owner_type.present?
-      @project.owner = owner_type.constantize.
+      @project.owner = owner_type.constantize.find_by(id: p_params[:owner_id])
        where(id: p_params[:owner_id]).first
    else
      @project.owner = nil
    end
-    authorize! :write, @project.owner if @project.owner != current_user
+    authorize @project
    create_subject @project
  end
  def members
    @members = @project.collaborators.order('uname').paginate(paginate_params)
    respond_to :json
  end
  def add_member
@ -69,7 +61,9 @@ class Api::V1::ProjectsController < Api::V1::BaseController
  def fork(is_alias = false)
    owner = (Group.find params[:group_id] if params[:group_id].present?) || current_user
-    authorize! :write, owner if owner.class == Group
+    authorize @project, :show?
    authorize owner, :write? if owner.is_a?(Group)
    if forked = @project.fork(owner, new_name: params[:fork_name], is_alias: is_alias) and forked.valid?
      render_json_response forked, 'Project has been forked successfully'
    else
@ -78,6 +72,14 @@ class Api::V1::ProjectsController < Api::V1::BaseController
  end
  def alias
    authorize @project
    fork(true)
  end
  private
  # Private: before_action hook which loads Project.
  def load_project
    authorize @project = Project.find(params[:id])
  end
 end
--- a/app/controllers/api/v1/pull_requests_controller.rb
+++ b/app/controllers/api/v1/pull_requests_controller.rb
@ -1,13 +1,13 @@
 class Api::V1::PullRequestsController < Api::V1::BaseController
-  respond_to :json
+  include Api::V1::Issueable
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:show, :index, :group_index, :commits, :files] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: %i(show index group_index commits files) if APP_CONFIG['anonymous_access']
-  load_resource :group, only: :group_index, find_by: :id, parent: false
+  before_action :load_group,   only:   %i(group_index)
-  load_resource :project
+  before_action :load_project, except: %i(all_index user_index)
-  load_resource :issue, through: :project, find_by: :serial_id, parent: false, only: [:show, :index, :commits, :files, :merge, :update]
+  before_action :load_issue,   only:   %i(show index commits files merge update)
-  load_and_authorize_resource instance_name: :pull, through: :issue, singleton: true, only: [:show, :index, :commits, :files, :merge, :update]
+  before_action :load_pull,    only:   %i(show index commits files merge update)
  def index
    @pulls = @project.pull_requests
@ -16,13 +16,15 @@ class Api::V1::PullRequestsController < Api::V1::BaseController
  end
  def all_index
-    project_ids = get_all_project_ids Project.accessible_by(current_ability, :membered).pluck(:id)
+    authorize :pull_request, :index?
    project_ids = get_all_project_ids membered_projects.pluck(:id)
    @pulls = PullRequest.where('pull_requests.to_project_id IN (?)', project_ids)
    @pulls_url = api_v1_pull_requests_path format: :json
    render_pulls_list
  end
  def user_index
    authorize :pull_request, :index?
    project_ids = get_all_project_ids current_user.projects.pluck(:id)
    @pulls = PullRequest.where('pull_requests.to_project_id IN (?)', project_ids)
    @pulls_url = pull_requests_api_v1_user_path format: :json
@ -31,31 +33,31 @@ class Api::V1::PullRequestsController < Api::V1::BaseController
  def group_index
    project_ids = @group.projects.pluck(:id)
-    project_ids = Project.accessible_by(current_ability, :membered).where(id: project_ids).pluck(:id)
+    project_ids = membered_projects.where(id: project_ids).pluck(:id)
    @pulls = PullRequest.where(to_project_id: project_ids)
    @pulls_url = pull_requests_api_v1_group_path
    render_pulls_list
  end
  def show
-    redirect_to api_v1_project_issue_path(@project.id, @issue.serial_id) if @pull.nil?
+    redirect_to api_v1_project_issue_path(@project.id, @issue.serial_id) and return if @pull.nil?
    respond_to :json
  end
  def create
-    from_project = Project.find(pull_params[:from_project_id]) if pull_params[:from_project_id].present?
+    from_project   = Project.find_by(id: pull_params[:from_project_id])
    from_project ||= @project
-    authorize! :read, from_project
+    authorize from_project, :show?
-    @pull = @project.pull_requests.new
+    @pull = @project.pull_requests.build
    @pull.build_issue title: pull_params[:title], body: pull_params[:body]
    @pull.from_project            = from_project
    @pull.to_ref, @pull.from_ref  = pull_params[:to_ref], pull_params[:from_ref]
-    @pull.issue.assignee_id       = pull_params[:assignee_id] if can?(:write, @project)
+    @pull.issue.assignee_id       = pull_params[:assignee_id] if policy(@project).write?
    @pull.issue.user, @pull.issue.project = current_user, @project
    @pull.issue.new_pull_request  = true
    render_validation_error(@pull, "#{@pull.class.name} has not been created") && return unless @pull.valid?
    authorize @pull
    @pull.save # set pull id
    @pull.reload
    @pull.check(false) # don't make event transaction
@ -71,13 +73,13 @@ class Api::V1::PullRequestsController < Api::V1::BaseController
  def update
    @pull = @project.pull_requests.includes(:issue).where(issues: {serial_id: params[:id]}).first
-    authorize! :update, @pull
+    authorize @pull
    if pull_params.present?
      attrs = pull_params.slice(:title, :body)
-      attrs.merge!(assignee_id: pull_params[:assignee_id]) if can?(:write, @project)
+      attrs.merge!(assignee_id: pull_params[:assignee_id]) if policy(@project).write?
-      if (action = pull_params[:status]) && %w(close reopen).include?(pull_params[:status])
+      if action = %w(close reopen).find{ |s| s == pull_params[:status] }
        if @pull.send("can_#{action}?")
          @pull.set_user_and_time current_user
          need_check = true if action == 'reopen' && @pull.valid?
@ -96,16 +98,17 @@ class Api::V1::PullRequestsController < Api::V1::BaseController
  end
  def commits
    authorize @pull
    @commits = @pull.repo.commits_between(@pull.to_commit, @pull.from_commit).paginate(paginate_params)
    respond_to :json
  end
  def files
    authorize @pull
    @stats = @pull.diff_stats.zip(@pull.diff).paginate(paginate_params)
    respond_to :json
  end
  def merge
    authorize @pull
    class_name = @pull.class.name
    if @pull.merge!(current_user)
      render_json_response @pull, "#{class_name} has been merged successfully"
@ -116,6 +119,12 @@ class Api::V1::PullRequestsController < Api::V1::BaseController
  private
  # Private: before_action hook which loads PullRequest.
  def load_pull
    @pull = @issue.pull_request
    authorize @pull, :show? if @pull
  end
  def render_pulls_list
    @pulls = @pulls.includes(issue: [:user, :assignee])
    if params[:status] == 'closed'
@ -154,21 +163,8 @@ class Api::V1::PullRequestsController < Api::V1::BaseController
    @pulls = @pulls.where('issues.created_at >= to_timestamp(?)', params[:since]) if params[:since] =~ /\A\d+\z/
    @pulls = @pulls.paginate(paginate_params)
-    respond_to do |format|
+    render :index
      format.json { render :index }
  end
  end
  def get_all_project_ids default_project_ids
    project_ids = []
    if ['created', 'all'].include? params[:filter]
      # add own pulls
      project_ids = Project.accessible_by(current_ability, :show).joins(:issues).
                            where(issues: {user_id: current_user.id}).pluck('projects.id')
    end
    project_ids |= default_project_ids
  end
  def pull_params
    @pull_params ||= params[:pull_request] || {}
--- a/app/controllers/api/v1/repositories_controller.rb
+++ b/app/controllers/api/v1/repositories_controller.rb
@ -1,18 +1,15 @@
 class Api::V1::RepositoriesController < Api::V1::BaseController
  respond_to :csv, only: :packages
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:show, :projects] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: [:show, :projects] if APP_CONFIG['anonymous_access']
-
+  before_action :load_repository
  load_and_authorize_resource :repository, through: :platform, shallow: true
  def show
    respond_to :json
  end
  def projects
    @projects = @repository.projects.recent.paginate(paginate_params)
    respond_to :json
  end
  def update
@ -32,7 +29,6 @@ class Api::V1::RepositoriesController < Api::V1::BaseController
  end
  def key_pair
    respond_to :json
  end
  # Only one request per 15 minutes for each platform
@ -40,7 +36,7 @@ class Api::V1::RepositoriesController < Api::V1::BaseController
    key, now = [@repository.platform.id, :repository_packages], Time.zone.now
    last_request = Rails.cache.read(key)
    if last_request.present? && last_request + 15.minutes > now
-      raise CanCan::AccessDenied
+      raise Pundit::NotAuthorizedError
    else
      Rails.cache.write(key, now, expires_at: 15.minutes)
@ -77,7 +73,7 @@ class Api::V1::RepositoriesController < Api::V1::BaseController
  def add_project
    if project = Project.where(id: params[:project_id]).first
-      if can?(:read, project)
+      if policy(project).read?
        begin
          @repository.projects << project
          render_json_response @repository, "Project '#{project.id}' has been added to repository successfully"
@ -110,4 +106,11 @@ class Api::V1::RepositoriesController < Api::V1::BaseController
    end
  end
  private
  # Private: before_action hook which loads Repository.
  def load_repository
    authorize @repository = Repository.find(params[:id])
  end
 end
--- a/app/controllers/api/v1/search_controller.rb
+++ b/app/controllers/api/v1/search_controller.rb
@ -1,14 +1,12 @@
 class Api::V1::SearchController < Api::V1::BaseController
  before_filter :authenticate_user! unless APP_CONFIG['anonymous_access']
  def index
-    search    = Search.new(params[:query], current_ability, paginate_params)
+    authorize :search
    search    = Search.new(params[:query], current_user, paginate_params)
    types     = Search::TYPES.find{ |t| t == params[:type] } || Search::TYPES
    @results  = {}
    [types].flatten.each do |type|
      @results[type] = search.send(type)
    end
    respond_to :json
  end
 end
--- a/app/controllers/api/v1/users_controller.rb
+++ b/app/controllers/api/v1/users_controller.rb
@ -1,19 +1,16 @@
 class Api::V1::UsersController < Api::V1::BaseController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:show] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: [:show] if APP_CONFIG['anonymous_access']
-  load_and_authorize_resource :user, only: :show
+  before_action :load_user, only: %i(show)
-  before_filter :set_current_user, except: :show
+  before_action :set_current_user, except: :show
  def show
    @user = User.opened.find params[:id] # dont show system users
    respond_to :json
  end
  def show_current_user
-    respond_to do |format|
+    render :show
      format.json { render :show }
    end
  end
  def update
@ -37,15 +34,18 @@ class Api::V1::UsersController < Api::V1::BaseController
      else
        render_json_response @user, error_message(@user.notifier, 'User notification settings have not been updated'), 422
      end
    else
      respond_to :json
    end
  end
  protected
  def set_current_user
-    @user = current_user
+    authorize @user = current_user
  end
  # Private: before_action hook which loads User.
  def load_user
    authorize @user = User.find(params[:id])
  end
 end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,4 +1,7 @@
 class ApplicationController < ActionController::Base
  include StrongParams
  include Pundit
  AIRBRAKE_IGNORE = [
    ActionController::InvalidAuthenticityToken,
    AbstractController::ActionNotFound
@ -9,12 +12,15 @@ class ApplicationController < ActionController::Base
  layout :layout_by_resource
  # Hack to prevent token auth on all pages except atom feed:
-  prepend_before_filter -> { redirect_to(new_user_session_path) if params[:token] && params[:token].is_a?(String) && params[:format] != 'atom'}
+  prepend_before_action -> { redirect_to(new_user_session_path) if params[:token] && params[:token].is_a?(String) && params[:format] != 'atom'}
-  before_filter :set_locale
+  before_action :set_locale
-  before_filter -> { EventLog.current_controller = self },
+  before_action -> { EventLog.current_controller = self },
                only: [:create, :destroy, :open_id, :cancel, :publish, :change_visibility] # :update
-  after_filter -> { EventLog.current_controller = nil }
+  before_action :banned?
  after_action -> { EventLog.current_controller = nil }
  after_action      :verify_authorized, unless: :devise_controller?
  skip_after_action :verify_authorized, only: %i(render_500 render_404)
  helper_method :get_owner
@ -27,7 +33,7 @@ class ApplicationController < ActionController::Base
                AbstractController::ActionNotFound, with: :render_404
  end
-  rescue_from CanCan::AccessDenied do |exception|
+  rescue_from Pundit::NotAuthorizedError do |exception|
    redirect_to forbidden_url, alert: t("flash.exception_message")
  end
@ -40,6 +46,15 @@ class ApplicationController < ActionController::Base
  protected
  # Disables access to site for banned users
  def banned?
    if user_signed_in? && current_user.access_locked?
      sign_out current_user
      flash[:error] = I18n.t('devise.failure.locked')
      redirect_to root_path
    end
  end
  # For this example, we are simply using token authentication
  # via parameters. However, anyone could use Rails's token
  # authentication features to get the token from a header.
@ -75,6 +90,8 @@ class ApplicationController < ActionController::Base
    if Rails.env.production? && !AIRBRAKE_IGNORE.include?(e.class)
      notify_airbrake(e)
    end
    Rails.logger.error e.message
    Rails.logger.error e.backtrace.inspect
    render_error 500
  end
--- a/app/controllers/autocompletes_controller.rb
+++ b/app/controllers/autocompletes_controller.rb
@ -1,5 +1,6 @@
 class AutocompletesController < ApplicationController
-  before_filter :authenticate_user!
+  before_action     :authenticate_user!
  skip_after_action :verify_authorized
  def autocomplete_user_uname
    results = User.opened.search(params[:query]).search_order.limit(5)
@ -13,7 +14,8 @@ class AutocompletesController < ApplicationController
  end
  def autocomplete_extra_build_list
-    bl = BuildList.for_extra_build_lists(params[:term], current_ability, save_to_platform).first
+    bl = BuildListPolicy::Scope.new(current_user, BuildList).read.
      for_extra_build_lists(params[:term], save_to_platform).first
    results << {  :id     => bl.id,
                  :value  => bl.id,
                  :label  => "#{bl.id} (#{bl.project.name} - #{bl.arch.name})",
@ -29,16 +31,16 @@ class AutocompletesController < ApplicationController
      value:  mb.id,
      label:  "#{mb.id} - #{mb.name}",
      path:   platform_mass_build_path(mb.save_to_platform, mb)
-    } if mb && can?(:show, mb)
+    } if mb && policy(mb).show?
    render json: results.to_json
  end
  def autocomplete_extra_repositories
    # Only personal and build for platform repositories can be attached to the build
-    Platform.includes(:repositories).search(params[:term]).search_order
+    platforms = PlatformPolicy::Scope.new(current_user, Platform).show.
-            .accessible_by(current_ability, :read).limit(5)
+      includes(:repositories).search(params[:term]).search_order.limit(5).
-            .where("platforms.platform_type = 'personal' OR platforms.id = ?",
+      where("platforms.platform_type = 'personal' OR platforms.id = ?", params[:build_for_platform_id])
-                    params[:build_for_platform_id].to_i).each do |platform|
+    platforms.each do |platform|
      platform.repositories.each do |repository|
        results <<
          {
@ -56,7 +58,7 @@ class AutocompletesController < ApplicationController
  protected
  def save_to_platform
-    @save_to_platform ||= Platform.find(params[:platform_id])
+    @save_to_platform ||= Platform.find_cached(params[:platform_id])
  end
  def results
--- a/app/controllers/concerns/api/v1/issueable.rb
+++ b/app/controllers/concerns/api/v1/issueable.rb
@ -0,0 +1,45 @@
 module Api
  module V1
    module Issueable
      extend ActiveSupport::Concern
      protected
      # Private: before_action hook which loads Group.
      def load_group
        authorize @group = Group.find(params[:id]), :show?
      end
      # Private: before_action hook which loads Project.
      def load_project
        authorize @project = Project.find(params[:project_id]), :show?
      end
      # Private: before_action hook which loads Issue.
      def load_issue
        authorize @issue = @project.issues.find_by!(serial_id: params[:id]), :show?
      end
      # Private: Get membered projects.
      #
      # Returns the ActiveRecord::Relation instance.
      def membered_projects
        @membered_projects ||= ProjectPolicy::Scope.new(current_user, Project).membered
      end
      # Private: Get project ids which available for current user.
      #
      # Returns the Array of project ids.
      def get_all_project_ids(default_project_ids)
        project_ids = []
        if %w(created all).include? params[:filter]
          # add own issues
          project_ids = Project.opened.joins(:issues).
                                where(issues: {user_id: current_user.id}).
                                pluck('projects.id')
        end
        project_ids | default_project_ids
      end
    end
  end
 end
--- a/app/controllers/concerns/strong_params.rb
+++ b/app/controllers/concerns/strong_params.rb
@ -0,0 +1,9 @@
 module StrongParams
  extend ActiveSupport::Concern
  protected
  def permit_params(param_name, *accessible)
    (params[param_name] || ActionController::Parameters.new).permit(*accessible.flatten)
  end
 end
--- a/app/controllers/contacts_controller.rb
+++ b/app/controllers/contacts_controller.rb
@ -1,4 +1,5 @@
 class ContactsController < ApplicationController
  skip_after_action :verify_authorized
  def new
    @form = Feedback.new(current_user)
--- a/app/controllers/groups/base_controller.rb
+++ b/app/controllers/groups/base_controller.rb
@ -1,9 +1,10 @@
 class Groups::BaseController < ApplicationController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  before_filter :find_group
+  before_action :find_group
  protected
  # Private: before_action hook which loads Group.
  def find_group
    if group_id = params[:uname] || params[:group_id] || params[:id]
      @group = Group.find_by_insensitive_uname! group_id
--- a/app/controllers/groups/members_controller.rb
+++ b/app/controllers/groups/members_controller.rb
@ -1,12 +1,12 @@
 class Groups::MembersController < Groups::BaseController
-  before_filter -> { authorize! :manage_members, @group }
+  before_action -> { authorize @group, :manage_members?  }
  def index
    @members = @group.members.order(:uname) - [@group.owner]
  end
  def update
-    raise CanCan::AccessDenied if @group.owner_id.to_s == params[:member_id]
+    raise Pundit::NotAuthorizedError if @group.owner_id.to_s == params[:member_id]
    relation   = @group.actors.where(actor_id: params[:member_id], actor_type: 'User').first
    relation ||= @group.actors.build(actor_id: params[:member_id], actor_type: 'User')
@ -25,7 +25,7 @@ class Groups::MembersController < Groups::BaseController
  end
  def add
-    @user = User.where(id: params[:member_id]).first
+    @user = User.find_by(id: params[:member_id])
    if !@user
      flash[:error] = t("flash.collaborators.wrong_user", uname: params[:user_uname])
    elsif @group.add_member(@user, params[:role])
--- a/app/controllers/groups/profile_controller.rb
+++ b/app/controllers/groups/profile_controller.rb
@ -2,15 +2,16 @@ class Groups::ProfileController < Groups::BaseController
  include AvatarHelper
  include PaginateHelper
-  load_and_authorize_resource class: Group, instance_name: 'group'
+  skip_before_action :authenticate_user!, only: :show if APP_CONFIG['anonymous_access']
  skip_before_filter :authenticate_user!, only: :show if APP_CONFIG['anonymous_access']
  def index
    authorize :group
    @groups = current_user.groups.paginate(page: params[:group_page]) # accessible_by(current_ability)
    @groups = @groups.search(params[:query]) if params[:query].present?
  end
  def show
    authorize @group
    respond_to do |format|
      format.html do
        @members = @group.members.order(:uname)
@ -21,9 +22,10 @@ class Groups::ProfileController < Groups::BaseController
        when 'open'
          @projects = @projects.opened
        when 'hidden'
-          @projects = @projects.by_visibilities('hidden').accessible_by(current_ability, :read)
+          @projects = @projects.by_visibilities('hidden')
          @projects = @projects.none unless policy(@group).reader?
        else
-          @projects = @projects.accessible_by(current_ability, :read)
+          @projects = @projects.opened unless policy(@group).reader?
        end
        @total_items  = @projects.count
        @projects     = @projects.paginate(paginate_params)
@ -33,13 +35,15 @@ class Groups::ProfileController < Groups::BaseController
  end
  def new
    authorize @group = current_user.own_groups.build
  end
  def edit
    authorize @group
  end
  def create
-    @group = current_user.own_groups.new params[:group]
+    authorize @group = current_user.own_groups.build(params[:group])
    if @group.save
      flash[:notice] = t('flash.group.saved')
      redirect_to group_path(@group)
@ -51,6 +55,7 @@ class Groups::ProfileController < Groups::BaseController
  end
  def update
    authorize @group
    if @group.update_attributes(params[:group])
      update_avatar(@group, params)
      flash[:notice] = t('flash.group.saved')
@ -62,12 +67,14 @@ class Groups::ProfileController < Groups::BaseController
  end
  def destroy
    authorize @group
    @group.destroy
    flash[:notice] = t("flash.group.destroyed")
    redirect_to groups_path
  end
  def remove_user
    authorize @group
    Relation.by_actor(current_user).by_target(@group).destroy_all
    redirect_to groups_path
  end
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@ -1,8 +1,11 @@
 class HomeController < ApplicationController
-  before_filter :authenticate_user!, only: [:activity, :issues, :pull_requests]
+  before_action :authenticate_user!, only: [:activity, :issues, :pull_requests]
  skip_after_action :verify_authorized
  def root
-    render 'pages/tour/abf-tour-project-description-1'
+    respond_to do |format|
      format.html { render 'pages/tour/abf-tour-project-description-1' }
    end
  end
  def activity
@ -23,7 +26,7 @@ class HomeController < ApplicationController
  def issues
    @created_issues  = current_user.issues
    @assigned_issues = Issue.where(assignee_id: current_user.id)
-    pr_ids = Project.accessible_by(current_ability, :membered).uniq.pluck(:id)
+    pr_ids = ProjectPolicy::Scope.new(current_user, Project).membered.uniq.pluck(:id)
    @all_issues = Issue.where(project_id: pr_ids)
    @created_issues, @assigned_issues, @all_issues =
      if action_name == 'issues'
--- a/app/controllers/pages_controller.rb
+++ b/app/controllers/pages_controller.rb
@ -1,4 +1,5 @@
 class PagesController < ApplicationController
  skip_after_action :verify_authorized
  def tour_inside
    @entries = case params[:id]
--- a/app/controllers/platforms/base_controller.rb
+++ b/app/controllers/platforms/base_controller.rb
@ -1,2 +1,11 @@
 class Platforms::BaseController < ApplicationController
  before_action :load_platform
 protected
  def load_platform
    return unless params[:platform_id]
    authorize @platform = Platform.find_cached(params[:platform_id]), :show?
  end
 end
--- a/app/controllers/platforms/contents_controller.rb
+++ b/app/controllers/platforms/contents_controller.rb
@ -1,10 +1,8 @@
 class Platforms::ContentsController < Platforms::BaseController
  include PaginateHelper
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: :index if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: :index if APP_CONFIG['anonymous_access']
  load_and_authorize_resource :platform
  def index
    respond_to do |format|
@ -22,7 +20,7 @@ class Platforms::ContentsController < Platforms::BaseController
  end
  def remove_file
-    authorize!(:remove_file, @platform)
+    authorize @platform
    PlatformContent.remove_file(@platform, params[:path])
    render nothing: true
  end
--- a/app/controllers/platforms/key_pairs_controller.rb
+++ b/app/controllers/platforms/key_pairs_controller.rb
@ -1,16 +1,14 @@
 class Platforms::KeyPairsController < Platforms::BaseController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
  load_and_authorize_resource :platform
  load_and_authorize_resource only: [:create, :destroy]
  def index
    @key_pair = KeyPair.new
  end
  def create
    @key_pair         = KeyPair.new params[:key_pair]
    @key_pair.user_id = current_user.id
-
+    authorize @key_pair
    if @key_pair.save
      flash[:notice] = t('flash.key_pairs.saved')
      redirect_to platform_key_pairs_path(@key_pair.repository.platform) and return
@ -21,6 +19,7 @@ class Platforms::KeyPairsController < Platforms::BaseController
  end
  def destroy
    authorize @key_pair = @platform.key_pairs.find(params[:id])
    if @key_pair.destroy
      flash[:notice] = t('flash.key_pairs.destroyed')
    else
--- a/app/controllers/platforms/maintainers_controller.rb
+++ b/app/controllers/platforms/maintainers_controller.rb
@ -1,7 +1,6 @@
-class Platforms::MaintainersController < ApplicationController
+class Platforms::MaintainersController < Platforms::BaseController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:index] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: [:index] if APP_CONFIG['anonymous_access']
  load_and_authorize_resource :platform
  def index
    @maintainer   = BuildList::Package.new(params[:build_list_package])
--- a/app/controllers/platforms/mass_builds_controller.rb
+++ b/app/controllers/platforms/mass_builds_controller.rb
@ -1,31 +1,33 @@
 class Platforms::MassBuildsController < Platforms::BaseController
  include DatatableHelper
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:index, :get_list] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: [:index, :get_list] if APP_CONFIG['anonymous_access']
  load_resource :platform
  load_and_authorize_resource :through  => :platform, :shallow  => true
  before_action :find_mass_build, only: %i(show publish cancel get_list)
  def new
    if params[:mass_build_id].present?
      @mass_build         = @platform.mass_builds.find(params[:mass_build_id]).dup
      @mass_build.arches  = Arch.where(name: @mass_build.arch_names.split(', ')).pluck(:id)
    end
    authorize @mass_build     ||= @platform.mass_builds.build
    @mass_build.arches        ||= @platform.platform_arch_settings.by_default.pluck(:arch_id)
    @mass_build.repositories  ||= []
    @mass_build.arches.map!(&:to_s)
  end
  def show
    authorize @platform.mass_builds.find(params[:id])
  end
  def create
    @mass_build                 = @platform.mass_builds.build(params[:mass_build])
    @mass_build.user            = current_user
    @mass_build.arches          = params[:arches] || []
    @mass_build.repositories  ||= params[:repositories] || []
    authorize @mass_build
    if @mass_build.save
      redirect_to(platform_mass_builds_path(@platform), notice: t("flash.platform.build_all_success"))
    else
@ -57,7 +59,6 @@ class Platforms::MassBuildsController < Platforms::BaseController
  end
  def get_list
    text =
      case params[:kind]
      when 'failed_builds_list', 'tests_failed_builds_list', 'success_builds_list'
@ -67,4 +68,11 @@ class Platforms::MassBuildsController < Platforms::BaseController
      end
    render text: text
  end
  private
  # Private: before_action hook which loads MassBuild.
  def find_mass_build
    authorize @mass_build = @platform.mass_builds.find(params[:id])
  end
 end
--- a/app/controllers/platforms/platforms_controller.rb
+++ b/app/controllers/platforms/platforms_controller.rb
@ -1,16 +1,16 @@
 class Platforms::PlatformsController < Platforms::BaseController
  include FileStoreHelper
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:advisories, :members, :show] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: [:advisories, :members, :show] if APP_CONFIG['anonymous_access']
  load_and_authorize_resource
  def index
    authorize :platform
    respond_to do |format|
      format.html {}
      format.json {
-        @platforms = @platforms.accessible_by(current_ability, :related)
+        @platforms = PlatformPolicy::Scope.new(current_user, Platform).related
        @platforms_count = @platforms.count
        @platforms = @platforms.paginate(page: current_page, per_page: Platform.per_page)
      }
@ -21,17 +21,19 @@ class Platforms::PlatformsController < Platforms::BaseController
  end
  def new
    authorize @platform = Platform.new
    @admin_uname  = current_user.uname
    @admin_id     = current_user.id
    @platform     = Platform.new
  end
  def edit
    authorize @platform
    @admin_id = @platform.owner.id
    @admin_uname = @platform.owner.uname
  end
  def create
    authorize @platform = Platform.new(params[:platform])
    @admin_id    = params[:admin_id]
    @admin_uname = params[:admin_uname]
    # FIXME: do not allow manipulate owner model, only platforms onwer_id and onwer_type
@ -47,6 +49,7 @@ class Platforms::PlatformsController < Platforms::BaseController
  end
  def update
    authorize @platform
    @admin_id = params[:admin_id]
    @admin_uname = params[:admin_uname]
@ -54,7 +57,6 @@ class Platforms::PlatformsController < Platforms::BaseController
    platform_params = platform_params.slice(:description, :platform_arch_settings_attributes, :released, :automatic_metadata_regeneration, :default_branch)
    platform_params[:owner] = User.find(@admin_id) if @admin_id.present?
    respond_to do |format|
      format.html do
        if @platform.update_attributes(platform_params)
@ -76,6 +78,7 @@ class Platforms::PlatformsController < Platforms::BaseController
  end
  def regenerate_metadata
    authorize @platform
    if @platform.regenerate
      flash[:notice] = I18n.t('flash.platform.saved')
    else
@ -85,6 +88,7 @@ class Platforms::PlatformsController < Platforms::BaseController
  end
  def change_visibility
    authorize @platform
    if @platform.change_visibility
      flash[:notice] = I18n.t("flash.platform.saved")
      redirect_to @platform
@ -96,12 +100,14 @@ class Platforms::PlatformsController < Platforms::BaseController
  end
  def clone
    authorize @platform
    @cloned = Platform.new
    @cloned.name = @platform.name + "_clone"
    @cloned.description = @platform.description + "_clone"
  end
  def make_clone
    authorize @platform
    @cloned = @platform.full_clone params[:platform].merge(owner: current_user)
    if @cloned.persisted?
      flash[:notice] = I18n.t("flash.platform.clone_success")
@ -113,16 +119,19 @@ class Platforms::PlatformsController < Platforms::BaseController
  end
  def destroy
    authorize @platform
    @platform.destroy # later with resque
    flash[:notice] = t("flash.platform.destroyed")
    redirect_to platforms_path
  end
  def members
    authorize @platform
    @members = @platform.members.order(:uname)
  end
  def remove_members
    authorize @platform
    User.where(id: params[:members]).each do |user|
      @platform.remove_member(user)
    end
@ -130,7 +139,8 @@ class Platforms::PlatformsController < Platforms::BaseController
  end
  def add_member
-    member = User.where(id: params[:member_id]).first
+    authorize @platform
    member = User.find_by(id: params[:member_id])
    if !member
      flash[:error] = t("flash.collaborators.wrong_user", uname: params[:member_id])
    elsif @platform.add_member(member)
@ -142,13 +152,22 @@ class Platforms::PlatformsController < Platforms::BaseController
  end
  def advisories
    authorize @platform
    @advisories = @platform.advisories.paginate(page: params[:page])
  end
  def clear
    authorize @platform
    @platform.clear
    flash[:notice] = t('flash.repository.clear')
    redirect_to edit_platform_path(@platform)
  end
  private
  # Private: before_action hook which loads Platform.
  def load_platform
    authorize @platform = Platform.find_cached(params[:id]), :show? if params[:id]
  end
 end
--- a/app/controllers/platforms/product_build_lists_controller.rb
+++ b/app/controllers/platforms/product_build_lists_controller.rb
@ -1,21 +1,20 @@
 class Platforms::ProductBuildListsController < Platforms::BaseController
  include FileStoreHelper
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:index, :show, :log] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: [:index, :show, :log] if APP_CONFIG['anonymous_access']
-  before_filter :redirect_to_full_path_if_short_url, only: [:show, :update]
+  before_action :redirect_to_full_path_if_short_url, only: [:show, :update]
-  load_and_authorize_resource :platform, except: :index
+
-  load_and_authorize_resource :product, through: :platform, except: :index
+  before_action :load_product,            except: :index
-  load_and_authorize_resource :product_build_list, through: :product, except: :index
+  before_action :load_product_build_list, except: [:index, :new, :create]
  load_and_authorize_resource only: [:index, :show, :log, :cancel, :update]
  def new
-    product = @product_build_list.product
+    @product_build_list                 = @product.product_build_lists.new
-    @product_build_list.params          = product.params
+    @product_build_list.params          = @product.params
-    @product_build_list.main_script     = product.main_script
+    @product_build_list.main_script     = @product.main_script
-    @product_build_list.time_living     = product.time_living
+    @product_build_list.time_living     = @product.time_living
-    @product_build_list.project_version = product.project_version
+    @product_build_list.project_version = @product.project_version
-    @product_build_list.project         = product.project
+    @product_build_list.project         = @product.project
    unless @product_build_list.project
      flash[:error] = t('flash.product_build_list.no_project')
      redirect_to edit_platform_product_path(@platform, @product)
@ -53,6 +52,7 @@ class Platforms::ProductBuildListsController < Platforms::BaseController
    pbl.user = current_user
    pbl.base_url = "http://#{request.host_with_port}"
    authorize pbl
    if pbl.save
      flash[:notice] = t('flash.product.build_started')
      redirect_to [@platform, @product]
@ -73,8 +73,11 @@ class Platforms::ProductBuildListsController < Platforms::BaseController
  end
  def index
    authorize :product_build_list
    @product_build_list = ProductBuildList.new(params[:product_build_list])
-    @product_build_list.status = nil if params[:product_build_list].blank?
+    @product_build_list.status = nil if params[:product_build_list].try(:[], :status).blank?
    @product_build_lists   = @platform.product_build_lists if @platform
    @product_build_lists ||= PlatformPolicy::Scope.new(current_user, ProductBuildList.joins(product: :platform)).show
    if @product_build_list.product_id.present?
      @product_build_lists = @product_build_lists.where(id: @product_build_list.product_id)
    else
@ -84,7 +87,7 @@ class Platforms::ProductBuildListsController < Platforms::BaseController
    end
    @product_build_lists = @product_build_lists.
      includes(:project, product: :platform).
-      recent.paginate(page: params[:page])
+      recent.paginate(page: current_page)
    @build_server_status = AbfWorkerStatusPresenter.new.products_status
  end
@ -98,4 +101,14 @@ class Platforms::ProductBuildListsController < Platforms::BaseController
    end
  end
  # Private: before_action hook which loads ProductBuildList.
  def load_product_build_list
    authorize @product_build_list = ProductBuildList.find(params[:id])
  end
  # Private: before_action hook which loads Product.
  def load_product
    authorize @product = Product.find(params[:product_id]), :show? if params[:product_id]
  end
 end
--- a/app/controllers/platforms/products_controller.rb
+++ b/app/controllers/platforms/products_controller.rb
@ -1,25 +1,25 @@
 class Platforms::ProductsController < Platforms::BaseController
  include GitHelper
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access']
-  load_and_authorize_resource :platform
+  before_action :load_product, except: %i(index new create autocomplete_project)
  load_and_authorize_resource :product, through: :platform, except: :autocomplete_project
  def index
-    @products = @products.paginate(page: params[:page])
+    authorize @platform.products.new
    @products = @platform.products.paginate(page: params[:page])
  end
  def new
-    @product = @platform.products.new
+    authorize @product = @platform.products.new
  end
  def edit
  end
  def create
    authorize @product = @platform.products.build(params[:product])
    if @product.save
      flash[:notice] = t('flash.product.saved')
      redirect_to platform_product_path(@platform, @product)
@ -53,9 +53,17 @@ class Platforms::ProductsController < Platforms::BaseController
  end
  def autocomplete_project
-    @items = Project.accessible_by(current_ability, :membered)
+    authorize :project
-                    .by_owner_and_name(params[:query]).limit(20)
+    @items = ProjectPolicy::Scope.new(current_user, Project).membered.
      by_owner_and_name(params[:query]).limit(20)
    #items.select! {|e| e.repo.branches.count > 0}
  end
  private
  # Private: before_action hook which loads Product.
  def load_product
    authorize @product = Product.find(params[:id])
  end
 end
--- a/app/controllers/platforms/repositories_controller.rb
+++ b/app/controllers/platforms/repositories_controller.rb
@ -4,14 +4,15 @@ class Platforms::RepositoriesController < Platforms::BaseController
  include RepositoriesHelper
  include PaginateHelper
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:index, :show, :projects_list] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: [:index, :show, :projects_list] if APP_CONFIG['anonymous_access']
-  load_and_authorize_resource :platform
+  before_action :load_repository, except: [:index, :create, :new]
-  load_and_authorize_resource :repository, through: :platform, shallow: true
+  before_action :set_members,     only:   [:edit, :update]
-  before_filter :set_members, only: [:edit, :update]
+  before_action -> { @repository = @platform.repositories.find(params[:id]) if params[:id] }
  def index
    @repositories = @platform.repositories
    @repositories = Repository.custom_sort(@repositories).paginate(page: current_page)
  end
@ -23,6 +24,7 @@ class Platforms::RepositoriesController < Platforms::BaseController
  end
  def update
    authorize @repository = @platform.repositories.build(params[:repository])
    if @repository.update_attributes params[:repository].slice(:description, :synchronizing_publications, :publish_builds_only_from_branch).merge(publish_without_qa: (params[:repository][:publish_without_qa] || @repository.publish_without_qa))
      flash[:notice] = I18n.t("flash.repository.updated")
      redirect_to platform_repository_path(@platform, @repository)
@ -34,14 +36,14 @@ class Platforms::RepositoriesController < Platforms::BaseController
  end
  def remove_members
-    User.where(id: params[:members]).each do |user|
+    User.where(id: params[:members]).find_each do |user|
      @repository.remove_member(user)
    end
    redirect_to edit_platform_repository_path(@platform, @repository)
  end
  def add_member
-    if member = User.where(id: params[:member_id]).first
+    if member = User.find_by(id: params[:member_id])
      if @repository.add_member(member)
        flash[:notice] = t('flash.repository.members.successfully_added', name: member.uname)
      else
@ -52,11 +54,12 @@ class Platforms::RepositoriesController < Platforms::BaseController
  end
  def new
-    @repository = Repository.new
+    authorize @repository = @platform.repositories.new
    @platform_id = params[:platform_id]
  end
  def destroy
    authorize @repository
    @repository.destroy
    flash[:notice] = t("flash.repository.destroyed")
@ -64,7 +67,7 @@ class Platforms::RepositoriesController < Platforms::BaseController
  end
  def create
-    @repository = @platform.repositories.build(params[:repository])
+    authorize @repository = @platform.repositories.build(params[:repository])
    if @repository.save
      flash[:notice] = t('flash.repository.saved')
      redirect_to platform_repository_path(@platform, @repository)
@ -75,6 +78,7 @@ class Platforms::RepositoriesController < Platforms::BaseController
  end
  def add_project
    authorize @repository
    if projects_list = params.try(:[], :repository).try(:[], :projects_list)
      @repository.add_projects projects_list, current_user
      redirect_to platform_repository_path(@platform, @repository), notice: t('flash.repository.projects_will_be_added')
@ -82,7 +86,7 @@ class Platforms::RepositoriesController < Platforms::BaseController
    end
    if params[:project_id].present?
      @project = Project.find(params[:project_id])
-      if can?(:read, @project)
+      if policy(@project).read?
        begin
          @repository.projects << @project
          flash[:notice] = t('flash.repository.project_added')
@ -140,12 +144,17 @@ class Platforms::RepositoriesController < Platforms::BaseController
    end
    if params[:project_id].present?
      ProjectToRepository.where(project_id: params[:project_id], repository_id: @repository.id).destroy_all
-      redirect_to platform_repository_path(@platform, @repository), notice: t('flash.repository.project_removed')
+      message = t('flash.repository.project_removed')
      respond_to do |format|
        format.html {redirect_to platform_repository_path(@platform, @repository), notice: message}
        format.json {render json: { message: message }}
      end
    end
  end
  def regenerate_metadata
-    if @repository.regenerate(params[:build_for_platform_id])
+    authorize @repository
    if @repository.regenerate(params[:repository].try :[], :build_for_platform_id)
      flash[:notice] = t('flash.repository.regenerate_in_queue')
    else
      flash[:error] = t('flash.repository.regenerate_already_in_queue')
@ -166,6 +175,11 @@ class Platforms::RepositoriesController < Platforms::BaseController
  protected
  # Private: before_action hook which loads Repository.
  def load_repository
    authorize @repository = @platform.repositories.find(params[:id])
  end
  def set_members
    @members = @repository.members.order('name')
  end
--- a/app/controllers/platforms/tokens_controller.rb
+++ b/app/controllers/platforms/tokens_controller.rb
@ -1,11 +1,10 @@
 class Platforms::TokensController < Platforms::BaseController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  load_resource :platform
+  before_action :load_token, except: [:index, :create, :new]
  load_and_authorize_resource :through  => :platform, :shallow  => true
  def index
-    authorize! :local_admin_manage, @platform
+    authorize @platform, :local_admin_manage?
    @tokens = @platform.tokens.includes(:creator, :updater)
                              .paginate(per_page: 20, page: params[:page])
  end
@ -24,11 +23,13 @@ class Platforms::TokensController < Platforms::BaseController
  end
  def new
    authorize @token = @platform.tokens.new
  end
  def create
    @token = @platform.tokens.build params[:token]
    @token.creator = current_user
    authorize @token
    if @token.save
      flash[:notice] = t('flash.tokens.saved')
      redirect_to platform_tokens_path(@platform)
@ -39,4 +40,11 @@ class Platforms::TokensController < Platforms::BaseController
    end
  end
  protected
  # Private: before_action hook which loads Repository.
  def load_token
    authorize @token = @platform.tokens.find(params[:id])
  end
 end
--- a/app/controllers/projects/base_controller.rb
+++ b/app/controllers/projects/base_controller.rb
@ -1,6 +1,6 @@
 class Projects::BaseController < ApplicationController
-  prepend_before_filter :find_project
+  prepend_before_action :authenticate_user_and_find_project
-  before_filter :init_statistics
+  before_action :init_statistics
  protected
@ -11,8 +11,10 @@ class Projects::BaseController < ApplicationController
    @users = @users.sort_by(&:uname).first(10)
  end
-  def find_project
+  def authenticate_user_and_find_project
-    @project = Project.find_by_owner_and_name! params[:name_with_owner] if params[:name_with_owner].present?
+    authenticate_user
    return if params[:name_with_owner].blank?
    authorize @project = Project.find_by_owner_and_name!(params[:name_with_owner]), :show?
  end
  def init_statistics
--- a/app/controllers/projects/build_lists_controller.rb
+++ b/app/controllers/projects/build_lists_controller.rb
@ -2,28 +2,23 @@ class Projects::BuildListsController < Projects::BaseController
  include FileStoreHelper
  include BuildListsHelper
-  NESTED_ACTIONS = [:index, :new, :create]
+  NESTED_ACTIONS = [:index, :new, :create, :list]
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:show, :index, :log] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: [:show, :index, :log] if APP_CONFIG['anonymous_access']
-  before_filter :find_build_list, only: [:show, :publish, :cancel, :update, :log, :create_container, :dependent_projects]
+  before_action :load_build_list, except: NESTED_ACTIONS
-  load_and_authorize_resource :project, only: [:new, :create]
+  before_action :create_from_build_list, only: :new
  load_resource :project, only: :index, parent: false
  load_and_authorize_resource :build_list, through: :project, only: NESTED_ACTIONS, shallow: true
  load_and_authorize_resource except: NESTED_ACTIONS
  before_filter :create_from_build_list, only: :new
  def index
-    authorize!(:show, @project) if @project
+    authorize :build_list
    params[:filter].each{|k,v| params[:filter].delete(k) if v.blank? } if params[:filter]
    respond_to do |format|
      format.html
      format.json do
-        @filter = BuildList::Filter.new(@project, current_user, current_ability, params[:filter] || {})
+        @filter = BuildList::Filter.new(@project, current_user, params[:filter] || {})
        params[:page] = params[:page].to_i == 0 ? nil : params[:page]
        params[:per_page] = if BuildList::Filter::PER_PAGE.include? params[:per_page].to_i
                              params[:per_page].to_i
@ -46,6 +41,7 @@ class Projects::BuildListsController < Projects::BaseController
  end
  def new
    authorize @build_list = @project.build_lists.build
    if params[:show] == 'inline' && params[:build_list_id].present?
      render json: new_build_list_data(@build_list, @project, params), layout: false
    else
@ -73,7 +69,8 @@ class Projects::BuildListsController < Projects::BaseController
        @build_list.priority = current_user.build_priority # User builds more priority than mass rebuild with zero priority
        flash_options = { project_version: @build_list.project_version, arch: arch.name, build_for_platform: build_for_platform.name }
-        if authorize!(:create, @build_list) && @build_list.save
+        authorize @build_list
        if @build_list.save
          build_lists << @build_list
          notices << t('flash.build_list.saved', flash_options)
        else
@ -125,8 +122,6 @@ class Projects::BuildListsController < Projects::BaseController
  end
  def dependent_projects
    raise CanCan::AccessDenied if @build_list.save_to_platform.personal?
    if request.post?
      prs = params[:build_list]
      if prs.present? && prs[:projects].present? && prs[:arches].present?
@ -211,6 +206,16 @@ class Projects::BuildListsController < Projects::BaseController
  protected
  # Private: before_action hook which loads BuidList.
  def load_build_list
    authorize @build_list =
      if @project
        @project.build_lists
      else
        BuildList
      end.find(params[:id])
  end
  def do_and_back(action, prefix, success = 'success', fail = 'fail')
    result  = @build_list.send("can_#{action}?") && @build_list.send(action)
    message = result ? success : fail
@ -218,10 +223,6 @@ class Projects::BuildListsController < Projects::BaseController
    redirect_to :back
  end
  def find_build_list
    @build_list = BuildList.find(params[:id])
  end
  def create_from_build_list
    return if params[:build_list_id].blank?
    build_list = @project.build_lists.find(params[:build_list_id])
--- a/app/controllers/projects/collaborators_controller.rb
+++ b/app/controllers/projects/collaborators_controller.rb
@ -1,12 +1,11 @@
 class Projects::CollaboratorsController < Projects::BaseController
  respond_to :html, :json
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  load_resource :project
+  before_action :authorize_collaborators
  before_filter :authorize_collaborators
-  before_filter :find_users
+  before_action :find_users
-  before_filter :find_groups
+  before_action :find_groups
  def index
    @collaborators = Collaborator.find_by_project(@project)
@ -29,26 +28,36 @@ class Projects::CollaboratorsController < Projects::BaseController
    @collaborator.project = @project
    respond_to do |format|
      if @collaborator.save
-        format.json { render partial: 'collaborator', locals: {collaborator: @collaborator} }
+        format.json { render partial: 'collaborator', locals: {collaborator: @collaborator, success: true} }
      else
-        format.json { render text: 'error', status: 422 }
+        format.json { render json: {message:t('flash.collaborators.error_in_adding')}, status: 422 }
      end
    end
  end
  def update
-    @c = Collaborator.find(params[:id])
+    cb = Collaborator.find(params[:id])
-    if @c.update_attributes(params[:collaborator])
+    respond_to do |format|
-      respond_with @c
+      if cb.update_attributes(params[:collaborator])
        format.json { render json: {message:t('flash.collaborators.successfully_updated', uname: cb.actor.uname)} }
      else
-      raise
+        format.json { render json: {message:t('flash.collaborators.error_in_updating')}, status: 422 }
      end
    end
  end
  def destroy
-    @cb = Collaborator.find(params[:id])
+    cb = Collaborator.find(params[:id])
-    @cb.destroy if @cb
+    respond_to do |format|
-    respond_with @cb
+      if cb.present? && cb.destroy
        format.json { render json: {message:t('flash.collaborators.successfully_removed', uname: cb.actor.uname)} }
      else
        format.json {
          render json: {message:t('flash.collaborators.error_in_removing', uname: cb.try(:actor).try(:uname))},
                 status: 422
        }
      end
    end
  end
  protected
@ -64,6 +73,6 @@ class Projects::CollaboratorsController < Projects::BaseController
  end
  def authorize_collaborators
-    authorize! :update, @project
+    authorize @project, :update?
  end
 end
--- a/app/controllers/projects/comments_controller.rb
+++ b/app/controllers/projects/comments_controller.rb
@ -1,9 +1,7 @@
 class Projects::CommentsController < Projects::BaseController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  load_and_authorize_resource :project
+  before_action :find_commentable
-  before_filter :find_commentable
+  before_action :find_or_build_comment
  before_filter :find_or_build_comment
  load_and_authorize_resource new: :new_line
  include CommentsHelper
@ -12,14 +10,14 @@ class Projects::CommentsController < Projects::BaseController
      if !@comment.set_additional_data params
        format.json {
                      render json: {
-                                     error:   I18n.t("flash.comment.save_error"),
+                                     message: I18n.t("flash.comment.save_error"),
-                                     message: @comment.errors.full_messages
+                                     error:   @comment.errors.full_messages
                                   }
                    }
      elsif @comment.save
        format.json {}
      else
-        format.json { render json: { error: I18n.t("flash.comment.save_error") }, status: 422 }
+        format.json { render json: { message: I18n.t("flash.comment.save_error") }, status: 422 }
      end
    end
  end
@ -28,17 +26,24 @@ class Projects::CommentsController < Projects::BaseController
  end
  def update
-    status, message = if @comment.update_attributes(params[:comment])
+    respond_to do |format|
-      [200, view_context.markdown(@comment.body)]
+      if @comment.update_attributes(params[:comment])
        format.json { render json: {message:t('flash.comment.updated'), body: view_context.markdown(@comment.body)} }
      else
-      [422, 'error']
+        format.json { render json: {message:t('flash.comment.error_in_updating')}, status: 422 }
      end
    end
    render json: {body: message}, status: status
  end
  def destroy
-    @comment.destroy
+    respond_to do |format|
-    render json: nil
+      if @comment.present? && @comment.destroy
        format.json { render json: {message: I18n.t('flash.comment.destroyed')} }
      else
        format.json {
          render json: {message: t('flash.comment.error_in_deleting')}, status: 422 }
      end
    end
  end
  protected
@ -51,5 +56,6 @@ class Projects::CommentsController < Projects::BaseController
  def find_or_build_comment
    @comment = params[:id].present? && Comment.where(automatic: false).find(params[:id]) ||
               current_user.comments.build(params[:comment]) {|c| c.commentable = @commentable; c.project = @project}
    authorize @comment
  end
 end
--- a/app/controllers/projects/commit_subscribes_controller.rb
+++ b/app/controllers/projects/commit_subscribes_controller.rb
@ -1,8 +1,6 @@
 class Projects::CommitSubscribesController < Projects::BaseController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  load_and_authorize_resource :project
+  before_action :find_commit
  before_filter :find_commit
  def create
    if Subscribe.subscribe_to_commit(@options)
--- a/app/controllers/projects/git/base_controller.rb
+++ b/app/controllers/projects/git/base_controller.rb
@ -1,13 +1,12 @@
 class Projects::Git::BaseController < Projects::BaseController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
  if APP_CONFIG['anonymous_access']
-    skip_before_filter :authenticate_user!, only: %i(show index blame raw archive diff tags branches)
+    skip_before_action :authenticate_user!, only: %i(show index blame raw archive diff tags branches)
-    before_filter :authenticate_user,       only: %i(show index blame raw archive diff tags branches)
+    before_action :authenticate_user,       only: %i(show index blame raw archive diff tags branches)
  end
-  load_and_authorize_resource :project
+  before_action :set_treeish_and_path
-  before_filter :set_treeish_and_path
+  before_action :set_branch_and_tree
  before_filter :set_branch_and_tree
  protected
--- a/app/controllers/projects/git/blobs_controller.rb
+++ b/app/controllers/projects/git/blobs_controller.rb
@ -1,6 +1,6 @@
 class Projects::Git::BlobsController < Projects::Git::BaseController
-  before_filter :set_blob
+  before_action :set_blob
-  before_filter -> {authorize! :write, @project}, only: [:edit, :update]
+  before_action -> {authorize @project, :write? }, only: [:edit, :update]
  def show
  end
--- a/app/controllers/projects/git/commits_controller.rb
+++ b/app/controllers/projects/git/commits_controller.rb
@ -14,7 +14,7 @@ class Projects::Git::CommitsController < Projects::Git::BaseController
    respond_to do |format|
      format.html
-      format.diff  { render text: (@commit.diffs.map(&:diff).join("\n") rescue ''), content_type: "text/plain" }
+      format.diff  { render text: (@commit.show.map(&:diff).join("\n") rescue ''), content_type: "text/plain" }
      format.patch { render text: (@commit.to_patch rescue ''), content_type: "text/plain" }
    end
  end
--- a/app/controllers/projects/git/trees_controller.rb
+++ b/app/controllers/projects/git/trees_controller.rb
@ -1,11 +1,12 @@
 class Projects::Git::TreesController < Projects::Git::BaseController
-  before_filter -> { redirect_to_project }, only: :show
+  skip_before_action :set_branch_and_tree,      only: :archive
-  skip_before_filter :set_branch_and_tree, :set_treeish_and_path, only: :archive
+  skip_before_action :set_treeish_and_path,     only: :archive
-  before_filter -> { raise Grit::NoSuchPathError if params[:treeish] != @branch.try(:name) }, only: [:branch, :destroy]
+  before_action      :redirect_to_project,      only: :show
  before_action      :resolve_treeish,          only: [:branch, :destroy]
-  skip_authorize_resource :project,                       only: [:destroy, :restore_branch, :create]
+  # skip_authorize_resource :project,                 only: [:destroy, :restore_branch, :create]
-  before_filter -> { authorize!(:write, @project) },  only: [:destroy, :restore_branch, :create]
+  before_action -> { authorize(@project, :show?)  },  only: [:show, :archive, :tags, :branches]
  def show
    unless request.xhr?
@ -53,16 +54,19 @@ class Projects::Git::TreesController < Projects::Git::BaseController
  end
  def restore_branch
    authorize @project, :write?
    status = @project.create_branch(@treeish, params[:sha], current_user) ? 200 : 422
    render nothing: true, status: status
  end
  def create
    authorize @project, :write?
    status = @project.create_branch(params[:new_ref], params[:from_ref], current_user) ? 200 : 422
    render nothing: true, status: status
  end
  def destroy
    authorize @project, :write?
    status = @branch && @project.delete_branch(@branch, current_user) ? 200 : 422
    render nothing: true, status: status
  end
@ -81,6 +85,10 @@ class Projects::Git::TreesController < Projects::Git::BaseController
  protected
  def resolve_treeish
    raise Grit::NoSuchPathError if params[:treeish] != @branch.try(:name)
  end
  def redirect_to_project
    if params[:treeish] == @project.resolve_default_branch && params[:path].blank? && !request.xhr?
      redirect_to @project
--- a/app/controllers/projects/hooks_controller.rb
+++ b/app/controllers/projects/hooks_controller.rb
@ -1,22 +1,23 @@
 class Projects::HooksController < Projects::BaseController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  load_and_authorize_resource :project
+  before_action -> { authorize @project, :update? }
-  load_and_authorize_resource :hook, through: :project
+  before_action :load_hook, except: %i(index new create)
  def index
    authorize! :edit, @project
    @name = params[:name]
    @hooks = @project.hooks.for_name(@name).order('name asc, created_at desc')
    render(:show) if @name.present?
  end
  def new
    @hook = @project.hooks.build
  end
  def edit
  end
  def create
    authorize @hook = @project.hooks.build(params[:hook])
    if @hook.save
      redirect_to project_hooks_path(@project, name: @hook.name), notice: t('flash.hook.created')
    else
@ -41,4 +42,11 @@ class Projects::HooksController < Projects::BaseController
    redirect_to project_hooks_path(@project, name: @hook.name)
  end
  private
  # Private: before_action hook which loads Hook.
  def load_hook
    authorize @hook = @project.hooks.find(params[:id])
  end
 end
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@ -1,15 +1,15 @@
 class Projects::IssuesController < Projects::BaseController
-  NON_RESTFUL_ACTION = [:create_label, :update_label, :destroy_label]
+  before_action :authenticate_user!
-  before_filter :authenticate_user!
+  skip_before_action :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access']
-  skip_before_filter :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access']
+  before_action :load_issue,               only: %i(show edit update destroy)
-  load_resource :project
+  before_action :load_and_authorize_label, only: %i(create_label update_label destroy_label)
-  load_and_authorize_resource :issue, through: :project, find_by: :serial_id, only: [:show, :edit, :update, :destroy, :new, :create, :index]
+  before_action :find_collaborators,       only: :search_collaborators
  before_filter :load_and_authorize_label, only: NON_RESTFUL_ACTION
  before_filter :find_collaborators, only: [:new, :create, :show, :search_collaborators]
  layout false, only: [:update, :search_collaborators]
  def index
    raise Pundit::NotAuthorizedError unless @project.has_issues?
    params[:kind]      = params[:kind] == 'pull_requests' ? 'pull_requests' : 'issues'
    params[:filter]    = params[:filter].in?(['created', 'assigned']) ? params[:filter] : 'all'
    params[:sort]      = params[:sort] == 'submitted' ? 'submitted' : 'updated'
@ -22,10 +22,11 @@ class Projects::IssuesController < Projects::BaseController
    respond_to do |format|
      format.html { render 'index' }
      format.json do
        all_issues =
          if params[:kind] == 'pull_requests'
-          all_issues = @project.issues.joins(:pull_request)
+            @project.issues.joins(:pull_request)
          else
-          all_issues = @project.issues.without_pull_requests
+            @project.issues.without_pull_requests
          end
        @all_issues        = all_issues
@ -74,15 +75,18 @@ class Projects::IssuesController < Projects::BaseController
  end
  def new
    authorize @issue = @project.issues.build
  end
  def create
    @issue         = @project.issues.build(params[:issue])
    @issue.user_id = current_user.id
-    unless can?(:write, @project)
+    unless policy(@project).write?
      @issue.assignee_id  = nil
      @issue.labelings    = []
    end
    authorize @issue
    if @issue.save
      @issue.subscribe_creator(current_user.id)
      flash[:notice] = I18n.t("flash.issue.saved")
@ -104,7 +108,7 @@ class Projects::IssuesController < Projects::BaseController
      format.json {
        status = 200
-        unless can?(:write, @project)
+        unless policy(@project).write?
          params.delete :update_labels
          [:assignee_id, :labelings, :labelings_attributes].each do |k|
            params[:issue].delete k
@ -165,8 +169,14 @@ class Projects::IssuesController < Projects::BaseController
  private
  # Private: before_action hook which loads Issue.
  def load_issue
    authorize @issue = @project.issues.find_by!(serial_id: params[:id])
  end
  # Private: before_action hook which loads Label.
  def load_and_authorize_label
-    authorize! :write, @project
+    authorize @project, :write?
-    @label = Label.find(params[:label_id]) if params[:label_id]
+    @label = @project.labels.find(params[:label_id]) if params[:label_id]
  end
 end
--- a/app/controllers/projects/projects_controller.rb
+++ b/app/controllers/projects/projects_controller.rb
@ -2,12 +2,12 @@ class Projects::ProjectsController < Projects::BaseController
  include DatatableHelper
  include ProjectsHelper
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  load_and_authorize_resource id_param: :name_with_owner # to force member actions load
+  before_action :who_owns, only: [:new, :create, :mass_import, :run_mass_import]
  before_filter :who_owns, only: [:new, :create, :mass_import, :run_mass_import]
  def index
-    @projects = Project.accessible_by(current_ability, :membered).search(params[:search])
+    authorize :project
    @projects = ProjectPolicy::Scope.new(current_user, Project).membered.search(params[:search])
    respond_to do |format|
      format.html {
        @groups = current_user.groups
@ -24,18 +24,19 @@ class Projects::ProjectsController < Projects::BaseController
  end
  def new
    authorize :project
    @project = Project.new
  end
  def mass_import
    authorize :project
    @project = Project.new(mass_import: true)
  end
  def run_mass_import
    @project = Project.new params[:project]
    @project.owner = choose_owner
-    authorize! :write, @project.owner if @project.owner.class == Group
+    authorize @project
    authorize! :add_project, Repository.find(params[:project][:add_to_repository_id])
    @project.valid?
    @project.errors.messages.slice! :url
    if @project.errors.messages.blank? # We need only url validation
@ -48,15 +49,14 @@ class Projects::ProjectsController < Projects::BaseController
  end
  def edit
-    @project_aliases = Project.where.not(id: @project.id).
+    authorize @project
-      where('alias_from_id IN (:ids) OR id IN (:ids)', { ids: [@project.alias_from_id, @project.id] }).
+    @project_aliases = Project.project_aliases(@project).paginate(page: current_page)
      paginate(page: current_page)
  end
  def create
    @project = Project.new params[:project]
    @project.owner = choose_owner
-    authorize! :write, @project.owner if @project.owner.class == Group
+    authorize @project
    if @project.save
      flash[:notice] = t('flash.project.saved')
@ -69,6 +69,7 @@ class Projects::ProjectsController < Projects::BaseController
  end
  def update
    authorize @project
    params[:project].delete(:maintainer_id) if params[:project][:maintainer_id].blank?
    respond_to do |format|
      format.html do
@ -84,18 +85,19 @@ class Projects::ProjectsController < Projects::BaseController
      end
      format.json do
        if @project.update_attributes(params[:project])
-          render json: { notice: I18n.t('flash.project.saved') }.to_json
+          render json: { notice: I18n.t('flash.project.saved') }
        else
-          render json: { error: I18n.t('flash.project.save_error') }.to_json, status: 422
+          render json: { error: I18n.t('flash.project.save_error') }, status: 422
        end
      end
    end
  end
  def schedule
    authorize @project
    p_to_r = @project.project_to_repositories.where(repository_id: params[:repository_id]).first
    unless p_to_r.repository.publish_without_qa
-      authorize! :local_admin_manage, p_to_r.repository.platform
+      authorize p_to_r.repository.platform, :local_admin_manage?
    end
    p_to_r.user_id      = current_user.id
    p_to_r.enabled      = params[:enabled].present?
@ -109,6 +111,7 @@ class Projects::ProjectsController < Projects::BaseController
  end
  def destroy
    authorize @project
    @project.destroy
    flash[:notice] = t("flash.project.destroyed")
    redirect_to @project.owner
@ -116,8 +119,7 @@ class Projects::ProjectsController < Projects::BaseController
  def fork(is_alias = false)
    owner = (Group.find params[:group] if params[:group].present?) || current_user
-    authorize! :write, owner if owner.class == Group
+    authorize owner, :write?
    if forked = @project.fork(owner, new_name: params[:fork_name], is_alias: is_alias) and forked.valid?
      redirect_to forked, notice: t("flash.project.forked")
    else
@ -128,15 +130,18 @@ class Projects::ProjectsController < Projects::BaseController
  end
  def alias
    authorize @project
    fork(true)
  end
  def possible_forks
    authorize @project
    render partial: 'projects/git/base/forks', layout: false,
      locals: { owner: current_user, name: (params[:name].presence || @project.name) }
  end
  def sections
    authorize @project, :update?
    if request.patch?
      if @project.update_attributes(params[:project])
        flash[:notice] = t('flash.project.saved')
@ -149,6 +154,7 @@ class Projects::ProjectsController < Projects::BaseController
  end
  def remove_user
    authorize @project
    @project.relations.by_actor(current_user).destroy_all
    respond_to do |format|
      format.html do
@ -160,6 +166,7 @@ class Projects::ProjectsController < Projects::BaseController
  end
  def autocomplete_maintainers
    authorize @project
    term, limit = params[:query], params[:limit] || 10
    items = User.member_of_project(@project)
                .where("users.name ILIKE ? OR users.uname ILIKE ?", "%#{term}%", "%#{term}%")
@ -168,10 +175,15 @@ class Projects::ProjectsController < Projects::BaseController
  end
  def preview
-    render inline: view_context.markdown(params[:text]), layout: false
+    authorize @project
    respond_to do |format|
      format.json {}
      format.html {render inline: view_context.markdown(params[:text]), layout: false}
    end
  end
  def refs_list
    authorize @project
    refs = @project.repo.branches_and_tags.map(&:name)
    @selected   = params[:selected] if refs.include?(params[:selected])
    @selected ||= @project.resolve_default_branch
--- a/app/controllers/projects/pull_requests_controller.rb
+++ b/app/controllers/projects/pull_requests_controller.rb
@ -1,20 +1,19 @@
 class Projects::PullRequestsController < Projects::BaseController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access']
  load_and_authorize_resource :project
-  load_resource :issue, through: :project, find_by: :serial_id, parent: false, except: [:index, :autocomplete_to_project]
+  before_action :load_issue,         except: %i(index autocomplete_to_project new create)
-  load_and_authorize_resource instance_name: :pull, through: :issue, singleton: true, except: [:index, :autocomplete_to_project]
+  before_action :load_pull,          except: %i(index autocomplete_to_project new create)
  before_filter :find_collaborators, only: [:new, :create, :show]
  def new
    to_project = find_destination_project(false)
-    authorize! :read, to_project
+    authorize to_project, :show?
    @pull  = to_project.pull_requests.new
-    @pull.issue = to_project.issues.new
+    @issue = @pull.issue = to_project.issues.new
    set_attrs
    authorize @pull
    if PullRequest.check_ref(@pull, 'to', @pull.to_ref) && PullRequest.check_ref(@pull, 'from', @pull.from_ref) || @pull.uniq_merge
      flash.now[:warning] = @pull.errors.full_messages.join('. ')
    else
@ -33,15 +32,17 @@ class Projects::PullRequestsController < Projects::BaseController
      redirect :back
    end
    to_project = find_destination_project
-    authorize! :read, to_project
+    authorize to_project, :show?
    @pull  = to_project.pull_requests.new pull_params
-    @pull.issue.assignee_id = (params[:issue] || {})[:assignee_id] if can?(:write, to_project)
+    @issue = @pull.issue
    @pull.issue.assignee_id = (params[:issue] || {})[:assignee_id] if policy(to_project).write?
    @pull.issue.user, @pull.issue.project, @pull.from_project = current_user, to_project, @project
    @pull.from_project_owner_uname  = @pull.from_project.owner.uname
    @pull.from_project_name         = @pull.from_project.name
    @pull.issue.new_pull_request    = true
    authorize @pull
    if @pull.valid? # FIXME more clean/clever logics
      @pull.save # set pull id
      @pull.reload
@ -67,11 +68,13 @@ class Projects::PullRequestsController < Projects::BaseController
  end
  def merge
    authorize @pull
    status = @pull.merge!(current_user) ? 200 : 422
    render nothing: true, status: status
  end
  def update
    authorize @pull
    status = 422
    if (action = params[:pull_request_action]) && %w(close reopen).include?(params[:pull_request_action])
      if @pull.send("can_#{action}?")
@ -106,7 +109,7 @@ class Projects::PullRequestsController < Projects::BaseController
    term = params[:query].to_s.strip.downcase
    [ Project.where(id: @project.pull_requests.last.try(:to_project_id)),
      @project.ancestors,
-      Project.accessible_by(current_ability, :membered)
+      ProjectPolicy::Scope.new(current_user, Project).membered
    ].each do |p|
      items.concat p.by_owner_and_name(term)
    end
@ -116,6 +119,17 @@ class Projects::PullRequestsController < Projects::BaseController
  protected
  # Private: before_action hook which loads Issue.
  def load_issue
    @issue = @project.issues.find_by!(serial_id: params[:id])
  end
  # Private: before_action hook which loads PullRequest.
  def load_pull
    @pull = @issue.pull_request
    authorize @pull, :show? if @pull
  end
  def pull_params
    @pull_params ||= params[:pull_request].presence
  end
--- a/app/controllers/projects/subscribes_controller.rb
+++ b/app/controllers/projects/subscribes_controller.rb
@ -1,12 +1,10 @@
 class Projects::SubscribesController < Projects::BaseController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  load_and_authorize_resource :project
+  before_action :load_issue
  load_and_authorize_resource :issue, through: :project, find_by: :serial_id
  load_and_authorize_resource :subscribe, through: :issue, find_by: :user_id
  def create
-    @subscribe = @issue.subscribes.build(user_id: current_user.id)
+    authorize @subscribe = @issue.subscribes.build(user_id: current_user.id)
    if @subscribe.save
      flash[:notice] = I18n.t("flash.subscribe.saved")
      redirect_to :back
@ -17,9 +15,17 @@ class Projects::SubscribesController < Projects::BaseController
  end
  def destroy
    authorize @subscribe = @issue.subscribes.find_by(user_id: current_user.id)
    @subscribe.destroy
    flash[:notice] = t("flash.subscribe.destroyed")
    redirect_to :back
  end
  private
  # Private: before_action hook which loads Issue.
  def load_issue
    authorize @issue = @project.issues.find_by!(serial_id: params[:issue_id]), :show?
  end
 end
--- a/app/controllers/projects/wiki_controller.rb
+++ b/app/controllers/projects/wiki_controller.rb
@ -4,13 +4,12 @@ require 'cgi'
 class Projects::WikiController < Projects::BaseController
  WIKI_OPTIONS = {}
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  skip_before_filter :authenticate_user!, only: [:show, :index, :git, :compare, :compare_wiki, :history, :wiki_history, :search, :pages] if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: [:show, :index, :git, :compare, :compare_wiki, :history, :wiki_history, :search, :pages] if APP_CONFIG['anonymous_access']
  load_resource :project
-  before_filter :authorize_read_actions,  only: [:index, :show, :git, :compare, :compare_wiki, :history, :wiki_history, :search, :pages]
+  before_action :authorize_read_actions,  only: [:index, :show, :git, :compare, :compare_wiki, :history, :wiki_history, :search, :pages]
-  before_filter :authorize_write_actions, only: [:edit, :update, :new, :create, :destroy, :revert, :revert_wiki, :preview]
+  before_action :authorize_write_actions, only: [:edit, :update, :new, :create, :destroy, :revert, :revert_wiki, :preview]
-  before_filter :get_wiki
+  before_action :get_wiki
  def index
    @name = 'Home'
@ -262,11 +261,11 @@ class Projects::WikiController < Projects::BaseController
    def show_or_create_page
      if @page
        @content = @page.formatted_data
-        @editable = can?(:write, @project)
+        @editable = policy(@project).write?
        render :show
      elsif file = @wiki.file(@name)
        render text: file.raw_data, content_type: file.mime_type
-      elsif can? :write, @project
+      elsif policy(@project).write?
        @new = true
        render :new
      else
@ -279,11 +278,10 @@ class Projects::WikiController < Projects::BaseController
    end
    def authorize_read_actions
-      authorize! :show, @project
+      authorize @project, :show?
    end
    def authorize_write_actions
-      authorize! :write, @project
+      authorize @project, :write?
    end
 end
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@ -1,13 +1,13 @@
 class SearchController < ApplicationController
  include PaginateHelper
-  before_filter :authenticate_user! unless APP_CONFIG['anonymous_access']
+  before_action :authenticate_user! unless APP_CONFIG['anonymous_access']
-  # load_and_authorize_resource
+  skip_after_action :verify_authorized
  def index
    @type       = Search::TYPES.find{ |t| t == params[:type] } || Search::TYPES.first
    @query      = params[:query]
-    @search     = Search.new(@query, current_ability, paginate_params)
+    @search     = Search.new(@query, current_user, paginate_params)
    @collection = @search.send(@type)
  end
 end
--- a/app/controllers/sitemap_controller.rb
+++ b/app/controllers/sitemap_controller.rb
@ -1,4 +1,5 @@
 class SitemapController < ApplicationController
  skip_after_action :verify_authorized
  def show
    redirect_to "/sitemaps/#{request.host_with_port.gsub(/www./, '')}/sitemap.xml.gz"
--- a/app/controllers/statistics_controller.rb
+++ b/app/controllers/statistics_controller.rb
@ -11,6 +11,7 @@ class StatisticsController < ApplicationController
  ]
  def index
    authorize :statistic
    respond_to do |format|
      format.html
      format.json do
--- a/app/controllers/users/base_controller.rb
+++ b/app/controllers/users/base_controller.rb
@ -1,6 +1,6 @@
 class Users::BaseController < ApplicationController
-  before_filter :authenticate_user!
+  before_action :authenticate_user!
-  before_filter :find_user
+  before_action :find_user
  protected
--- a/app/controllers/users/omniauth_callbacks_controller.rb
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
@ -32,7 +32,7 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def find_for_ouath(auth, resource=nil)
    provider, uid   = auth['provider'], auth['uid']
-    authentication  = Authentication.find_or_initialize_by_provider_and_uid(provider, uid)
+    authentication  = Authentication.find_or_initialize_by(provider: provider, uid: uid)
    if authentication.new_record?
      if user_signed_in? # New authentication method for current_user
        authentication.user = current_user
--- a/app/controllers/users/profile_controller.rb
+++ b/app/controllers/users/profile_controller.rb
@ -1,9 +1,10 @@
 class Users::ProfileController < Users::BaseController
  include PaginateHelper
-  skip_before_filter :authenticate_user!, only: :show if APP_CONFIG['anonymous_access']
+  skip_before_action :authenticate_user!, only: :show if APP_CONFIG['anonymous_access']
  def show
    authorize @user
    respond_to do |format|
      format.html do
        @groups = @user.groups.order(:uname)
@ -14,9 +15,9 @@ class Users::ProfileController < Users::BaseController
        when 'open'
          @projects = @projects.opened
        when 'hidden'
-          @projects = @projects.by_visibilities('hidden').accessible_by(current_ability, :read)
+          @projects = ProjectPolicy::Scope.new(current_user, @projects.by_visibilities('hidden')).read
        else
-          @projects = @projects.accessible_by(current_ability, :read)
+          @projects = ProjectPolicy::Scope.new(current_user, @projects).read
        end
        @total_items  = @projects.count
        @projects     = @projects.paginate(paginate_params)
--- a/app/controllers/users/register_requests_controller.rb
+++ b/app/controllers/users/register_requests_controller.rb
@ -1,5 +1,5 @@
 class Users::RegisterRequestsController < ApplicationController
-  before_filter :user_choose_locale
+  before_action :user_choose_locale
  layout 'invite'
  def new
--- a/app/controllers/users/registrations_controller.rb
+++ b/app/controllers/users/registrations_controller.rb
@ -1,5 +1,5 @@
 class Users::RegistrationsController < Devise::RegistrationsController
-  before_filter :update_sanitized_params, if: :devise_controller?
+  before_action :update_sanitized_params, if: :devise_controller?
  # POST /resource
  def create
--- a/app/controllers/users/settings_controller.rb
+++ b/app/controllers/users/settings_controller.rb
@ -1,7 +1,8 @@
 class Users::SettingsController < Users::BaseController
  include AvatarHelper
-  before_filter :set_current_user
+  before_action :set_current_user
  before_action -> { authorize @user, :update? }
  def profile
    if request.patch?
--- a/app/controllers/users/ssh_keys_controller.rb
+++ b/app/controllers/users/ssh_keys_controller.rb
@ -1,5 +1,7 @@
 class Users::SshKeysController < Users::BaseController
-  before_filter :set_current_user
+  before_action :set_current_user
  before_action -> { authorize current_user, :update? }
  skip_before_action :find_user
  def index
    @ssh_key  = SshKey.new
@ -10,12 +12,11 @@ class Users::SshKeysController < Users::BaseController
    if @ssh_key.save
      flash[:notice] = t 'flash.ssh_keys.saved'
      redirect_to ssh_keys_path
    else
      flash[:error] = t 'flash.ssh_keys.save_error'
-      # flash[:warning] = @ssh_key.errors.full_messages.join('. ') unless @ssh_key.errors.blank?
+      flash[:warning] = @ssh_key.errors.full_messages.join('. ') unless @ssh_key.errors.blank?
      render :index
    end
    redirect_to ssh_keys_path
  end
  def destroy
--- a/app/controllers/users/users_controller.rb
+++ b/app/controllers/users/users_controller.rb
@ -1,16 +1,18 @@
 class Users::UsersController < Users::BaseController
-  skip_before_filter :authenticate_user!, only: [:allowed, :check, :discover]
+  skip_before_action :authenticate_user!, only: [:allowed, :check, :discover]
-  before_filter :find_user_by_key, only: [:allowed, :discover]
+  skip_after_action :verify_authorized
  before_action :find_user_by_key, only: [:allowed, :discover]
  def allowed
    project = Project.find_by_owner_and_name! params[:project]
-    action = case params[:action_type]
+    pp      = ProjectPolicy.new(@user, project)
    can     = case params[:action_type]
              when 'git-upload-pack'
-                    then :read
+                pp.read?
              when 'git-receive-pack'
-                    then :write
+                pp.write?
              end
-    render inline: (!@user.access_locked? && Ability.new(@user).can?(action, project)).to_s
+    render inline: (!@user.access_locked? && can).to_s
  end
  def check
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -93,7 +93,7 @@ module ApplicationHelper
  end
  def alert_class(type)
-    case type.to_s
+    case type
    when 'error', 'alert'
      'alert-danger'
    when 'notice'
--- a/app/helpers/build_lists_helper.rb
+++ b/app/helpers/build_lists_helper.rb
@ -20,7 +20,7 @@ module BuildListsHelper
  end
  def availables_main_platforms
-    Platform.availables_main_platforms current_user, current_ability
+    Platform.availables_main_platforms current_user
  end
  def dependent_projects(package)
@ -294,8 +294,9 @@ module BuildListsHelper
  end
  def default_extra_repos(project)
-    project.repositories.joins(:platform).accessible_by(current_ability, :read)
+    scope = project.repositories.joins(:platform).where(platforms: { platform_type: 'personal' })
-           .where(platforms: { platform_type: 'personal' }).map do |extra|
+    scope = PlatformPolicy::Scope.new(current_user, scope).show
    scope.map do |extra|
      {
        id:              extra.id,
        platform_id:     extra.platform.id,
--- a/app/helpers/commit_helper.rb
+++ b/app/helpers/commit_helper.rb
@ -1,23 +1,31 @@
 module CommitHelper
  MAX_FILES_WITHOUT_COLLAPSE = 25
-  def render_commit_stats(stats)
+  def render_commit_stats(options = {})
-    res = ["<table class='table table-responsive boffset0'>"]
+    stats         = options[:stats]
    diff          = options[:diff]
    repo          = options[:repo]
    commit        = options[:commit]
    parent_commit = commit.parents.try(:first)
    res = ["<ul class='list-group boffset0'>"]
    ind=0
    stats.files.each do |filename, adds, deletes, total|
-      res << "<tr>"
+      file_name = get_filename_in_diff(diff[ind], filename)
-      res << "<td><a href='#diff-#{ind}'>#{h(filename.rtruncate 120)}</a></td>"
+      file_status = t "layout.projects.diff.#{get_file_status_in_diff(diff[ind])}"
-      res << "<td class='diffstat'>"
+      res << "<li class='list-group-item'>"
-      res << I18n.t("layout.projects.inline_changes_count", count: total).strip +
+        res << "<div class='row'>"
-             " (" +
+          res << "<div class='col-sm-8'>"
-             I18n.t("layout.projects.inline_additions_count", count: adds).strip +
+            res << "<a href='#diff-#{ind}' data-toggle='tooltip' data-placement='top' title='#{file_status}'>"
-             ", " +
+              res << "#{diff_file_icon(diff[ind])} #{h(file_name)}"
-             I18n.t("layout.projects.inline_deletions_count", count: deletes).strip +
+            res << "</a></div>"
-             ")"
+          res << render_file_changes(diff: diff[ind], adds: adds, deletes: deletes, total: total,
-      res << "</td>"
+                                     repo: repo, commit: commit, parent_commit: parent_commit, file_status: file_status)
        res << "</div"
      res << "</li>"
      ind +=1
    end
-    res << "</table>"
+    res << "</ul>"
    wrap_commit_header_list(stats, res)
  end
@ -29,7 +37,8 @@ module CommitHelper
        res << "<div class='panel-heading' role='tab' id='heading'>"
          res << "<h4 class='panel-title'>"
            res << "<a data-toggle='collapse' data-parent='#diff_header' href='#collapseList' aria-expanded='true' aria-controls='collapseList'>"
-            res << "#{diff_commit_header_message(stats)}</a>"
+            res << "<span class='fa fa-chevron-#{is_stats_open ? 'down' : 'up'}'></span>"
            res << " #{diff_commit_header_message(stats)}</a>"
          res << "</h4>"
        res << "</div>"
        res << "<div id='collapseList' class='panel-collapse collapse #{is_stats_open}' role='tabpanel' aria-labelledby='collapseList'>"
@ -72,9 +81,116 @@ module CommitHelper
    Russian.p(commits_count, *commits_pluralization_arr)
  end
  def is_file_open_in_diff(blob, diff)
    return true if blob.binary? && blob.render_as == :image
    return true if diff.diff.blank? && diff.a_mode != diff.b_mode
    diff.diff.present? && diff.diff.split("\n").count <= DiffHelper::MAX_LINES_WITHOUT_COLLAPSE
  end
  def file_blob_in_diff(repo, commit_id, diff)
    return if repo.nil? || commit_id.nil? || diff.nil?
    tree = repo.tree(commit_id)
    blob = diff.renamed_file ? (tree / diff.b_path) : (tree / (diff.a_path || diff.b_path))
    blob || diff.a_blob || diff.b_blob
  end
  def get_commit_id_for_file(diff, commit, parent_commit)
    diff.deleted_file ? parent_commit.id : commit.id
  end
  def get_file_status_in_diff(diff)
    if diff.renamed_file
      :renamed_file
    elsif diff.new_file
      :new_file
    elsif diff.deleted_file
      :deleted_file
    else
      :changed_file
    end
  end
  def get_filename_in_diff(diff, filename)
    if diff.renamed_file
      "#{diff.a_path.rtruncate 50} => #{diff.b_path.rtruncate 50}"
    else
      filename.rtruncate(100)
    end
  end
  protected
  def commits_pluralization_arr
    pluralize ||=  t('layout.commits.pluralize').map {|base, title| title.to_s}
  end
  def render_file_changes(options = {})
    diff        = options[:diff]
    adds        = options[:adds]
    deletes     = options[:deletes]
    total       = options[:total]
    repo        = options[:repo]
    file_status = options[:file_status]
    commit_id   = get_commit_id_for_file(diff, options[:commit], options[:parent_commit])
    blob        = file_blob_in_diff(repo, commit_id, diff)
    res = ''
    res << "<div class='col-sm-3'>"
      res << "<div class='pull-right'>"
        if blob.binary?
          res << "<strong class='text-primary'>#{t 'layout.projects.diff.binary'} #{file_status}</strong>"
        elsif total > 0
          res << "<strong class='text-success'>+#{adds}</strong> <strong class='text-danger'>-#{deletes}</strong>"
        else # total == 0
          res << "<strong class='text-primary'>#{t 'layout.projects.diff.without_changes'}</strong>"
        end
      res << "</div>"
    res << "</div>"
    res << "<div class='col-sm-1'>"
      res << render_progress_bar(adds, deletes, total, blob)
    res << "</div>"
  end
  def render_progress_bar(adds, deletes, total, blob)
    res = ''
    pluses  = 0
    minuses = 0
    if total > 0
      pluses  = ((adds/(adds+deletes).to_f)*100).round
      minuses = 100 - pluses
    end
    title = if total >0
              t 'layout.projects.inline_changes_count', count: total
            elsif !blob.binary?
              t 'layout.projects.diff.without_changes'
            else
              'BIN'
            end
    res << "<div class='progress' style='margin-bottom: 0' data-toggle='tooltip' data-placement='top' title='#{title}'>"
      res << "<div class='progress-bar progress-bar-success' style='width: #{pluses}%'></div>"
      res << "<div class='progress-bar progress-bar-danger' style='width: #{minuses}%'></div>"
    res << "</div>"
    res
  end
  def diff_file_icon(diff)
    icon = case get_file_status_in_diff(diff)
           when :renamed_file
             'fa-caret-square-o-right text-info'
           when :new_file
             'fa-plus-square text-success'
           when :deleted_file
             'fa-minus-square text-danger'
           when :changed_file
             'fa-pencil-square text-primary'
           else
             'fa-exclamation-circle text-danger'
           end
    "<i class='fa #{icon}'></i>"
  end
 end
--- a/app/helpers/diff_helper.rb
+++ b/app/helpers/diff_helper.rb
@ -1,35 +1,49 @@
 module DiffHelper
-  MAX_FILES_WITHOUT_COLLAPSE = 25
+  include CommitHelper
  MAX_LINES_WITHOUT_COLLAPSE = 50
-  def render_diff_stats(stats)
+  def render_diff_stats(options = {})
-    path = @pull.try(:id) ? polymorphic_path([@project, @pull]) : ''
+    stats         = options[:stats]
    diff          = options[:diff]
    repo          = options[:repo]
    commit        = options[:commit]
    parent_commit = options[:common_ancestor]
-    res = ["<table class='table table-responsive boffset0'>"]
+    res = ["<ul class='list-group boffset0'>"]
    stats.each_with_index do |stat, ind|
-      res << "<tr>"
+      adds        = stat.additions
-      res << "<td>#{link_to stat.filename.rtruncate(120), "#{path}#diff-#{ind}"}</td>"
+      deletes     = stat.deletions
-      res << "<td class='diffstat'>"
+      total       = adds + deletes
-      res << I18n.t("layout.projects.inline_changes_count", count: stat.additions + stat.deletions).strip +
+      file_name   = get_filename_in_diff(diff[ind], stat.filename)
-             " (" +
+      file_status = t "layout.projects.diff.#{get_file_status_in_diff(diff[ind])}"
-             I18n.t("layout.projects.inline_additions_count", count: stat.additions).strip +
+
-             ", " +
+      res << "<li class='list-group-item'>"
-             I18n.t("layout.projects.inline_deletions_count", count: stat.deletions).strip +
+        res << "<div class='row'>"
-             ")"
+          res << "<div class='col-sm-8'>"
-      res << "</td>"
+            res << "<a href='#diff-#{ind}' data-toggle='tooltip' data-placement='top' title='#{file_status}'>"
              res << "#{diff_file_icon(diff[ind])} #{h(file_name)}"
            res << "</a></div>"
          res << render_file_changes(diff: diff[ind], adds: adds, deletes: deletes, total: total,
                                     repo: repo, commit: commit, parent_commit: parent_commit, file_status: file_status)
        res << "</div"
      res << "</li>"
      ind +=1
    end
-    res << '</table>'
+    res << "</ul>"
-    wrap_header_list(stats, res)
+
    wrap_diff_header_list(stats, res)
  end
-  def wrap_header_list(stats, list)
+  def wrap_diff_header_list(stats, list)
    is_stats_open = stats.count <= MAX_FILES_WITHOUT_COLLAPSE ? 'in' : ''
    res = ["<div class='panel-group' id='diff_header' role='tablist' aria-multiselectable='false'>"]
      res << "<div class='panel panel-default'>"
        res << "<div class='panel-heading' role='tab' id='heading'>"
          res << "<h4 class='panel-title'>"
            res << "<a data-toggle='collapse' data-parent='#diff_header' href='#collapseList' aria-expanded='true' aria-controls='collapseList'>"
-            res << "#{diff_header_message(stats)}</a>"
+            res << "<span class='fa fa-chevron-#{is_stats_open ? 'down' : 'up'}'></span>"
            res << " #{diff_header_message(stats)}</a>"
          res << "</h4>"
        res << "</div>"
        res << "<div id='collapseList' class='panel-collapse collapse #{is_stats_open}' role='tabpanel' aria-labelledby='collapseList'>"
--- a/app/helpers/markdown_helper.rb
+++ b/app/helpers/markdown_helper.rb
@ -153,7 +153,7 @@ module MarkdownHelper
  end
  def reference_issue(identifier)
-    if issue = Issue.find_by_hash_tag(identifier, current_ability, @project)
+    if issue = Issue.find_by_hash_tag(identifier, current_user, @project)
      if issue.pull_request
        title = "#{PullRequest.model_name.human}: #{issue.title}"
        url = project_pull_request_path(issue.project, issue.pull_request)
--- a/app/helpers/mass_build_helper.rb
+++ b/app/helpers/mass_build_helper.rb
@ -3,7 +3,7 @@ module MassBuildHelper
  def link_to_list platform, mass_build, which
    link_to t("layout.mass_builds.#{which}"),
      get_list_platform_mass_build_path(platform, mass_build, kind: which, format: :txt),
-      target: "_blank" if can?(:get_list, mass_build)
+      target: "_blank" if policy(mass_build).get_list?
  end
  def link_to_mass_build(mass_build)
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@ -17,7 +17,7 @@ module ProjectsHelper
  def available_project_to_repositories(project)
    project.project_to_repositories.includes(repository: :platform).select do |p_to_r|
-      p_to_r.repository.publish_without_qa ? true : can?(:local_admin_manage, p_to_r.repository.platform)
+      p_to_r.repository.publish_without_qa ? true : policy(p_to_r.repository.platform).local_admin_manage?
    end.sort_by do |p_to_r|
      "#{p_to_r.repository.platform.name}/#{p_to_r.repository.name}"
    end.map do |p_to_r|
@ -33,8 +33,8 @@ module ProjectsHelper
  def mass_import_repositories_for_group_select
    groups = {}
-    Platform.accessible_by(current_ability, :related).order(:name).each do |platform|
+    PlatformPolicy::Scope.new(current_user, Platform).related.order(:name).each do |platform|
-      next unless can?(:local_admin_manage, platform)
+      next unless policy(platform).local_admin_manage?
      groups[platform.name] = Repository.custom_sort(platform.repositories).map{ |r| [r.name, r.id] }
    end
    groups.to_a
@ -70,7 +70,9 @@ module ProjectsHelper
  end
  def alone_member?(project)
-    Relation.by_target(project).by_actor(current_user).size > 0
+    Rails.cache.fetch(['ProjectsHelper#alone_member?', project, current_user]) do
      Relation.by_target(project).by_actor(current_user).exists?
    end
  end
  def participant_path(participant)
--- a/app/helpers/pull_request_helper.rb
+++ b/app/helpers/pull_request_helper.rb
@ -8,7 +8,7 @@ module PullRequestHelper
  end
  def pull_status_label pull_status, options = {}
-    statuses = {'ready' => 'success', 'closed' => 'important', 'merged' => 'important', 'blocked' => 'warning'}
+    statuses = {'ready' => 'success', 'closed' => 'default', 'merged' => 'info', 'blocked' => 'warning'}
    options[:class] = "#{options[:class]} label label-#{statuses[pull_status]}"
    content_tag :span, t("projects.pull_requests.statuses.#{pull_status}"), options
  end
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@ -15,6 +15,7 @@ module UsersHelper
  end
  def gravatar_url(email, size = 30)
-    "https://secure.gravatar.com/avatar/#{Digest::MD5.hexdigest(email.downcase)}?s=#{size}&r=pg"
+    hex = email.present? ? Digest::MD5.hexdigest(email.try :downcase) : ''
    "https://secure.gravatar.com/avatar/#{}?s=#{size}&r=pg"
  end
 end
--- a/app/jobs/abf_worker/rpm_worker_observer.rb
+++ b/app/jobs/abf_worker/rpm_worker_observer.rb
@ -14,7 +14,7 @@ module AbfWorker
    end
    def perform
-      return if restart_task
+      return if subject.valid? && restart_task
      if options['feedback_from_user']
        user = User.find options['feedback_from_user']
        return if !user.system? && subject.builder != user
--- a/app/jobs/build_lists/dependent_packages_job.rb
+++ b/app/jobs/build_lists/dependent_packages_job.rb
@ -6,13 +6,12 @@ module BuildLists
      build_list  = BuildList.find(build_list_id)
      return if build_list.save_to_platform.personal?
      user        = User.find(user_id)
      ability     = Ability.new(user)
-      return unless ability.can?(:show, build_list)
+      return unless BuildListPolicy.new(user, build_list).show?
      arches = Arch.where(id: arch_ids).to_a
      Project.where(id: project_ids).to_a.each do |project|
-        next unless ability.can?(:write, project)
+        next unless ProjectPolicy.new(user, project).write?
        build_for_platform  = save_to_platform = build_list.build_for_platform
        save_to_repository  = save_to_platform.repositories.find{ |r| r.projects.exists?(project.id) }
@ -48,7 +47,7 @@ module BuildLists
            use_extra_tests
          ).each { |field| bl.send("#{field}=", options[field]) }
-          ability.can?(:create, bl) && bl.save
+          BuildListPolicy.new(user, bl).create? && bl.save
        end
      end
    end
--- a/Show More
+++ b/Show More