1. It makes sense to reuse these constants since we had them duplicated
   in the previous enum implementation. This also simplifies our
   `check_access` implementation, because we can use
   `project.team.max_member_access` directly.

2. Use `accepts_nested_attributes_for` to create push/merge access
   levels. This was a bit fiddly to set up, but this simplifies our code
   by quite a large amount. We can even get rid of
   `ProtectedBranches::BaseService`.

3. Move API handling back into the API (previously in
   `ProtectedBranches::BaseService#translate_api_params`.

4. The protected branch services now return a `ProtectedBranch` rather
   than `true/false`.

5. Run `load_protected_branches` on-demand in the `create` action, to
   prevent it being called unneccessarily.

6. "Masters" is pre-selected as the default option for "Allowed to Push"
   and "Allowed to Merge".

7. These changes were based on a review from @rymai in !5081.

1. Remove the `developers_can_push` and `developers_can_merge` boolean
   columns.

2. Add two new tables, `protected_branches_push_access`, and
   `protected_branches_merge_access`. Each row of these 'access' tables is
   linked to a protected branch, and uses a `access_level` column to
   figure out settings for the protected branch.

3. The `access_level` column is intended to be used with rails' `enum`,
   with `:masters` at index 0 and `:developers` at index 1.

4. Doing it this way has a few advantages:

   - Cleaner path to planned EE features where a protected branch is
     accessible only by certain users or groups.

   - Rails' `enum` doesn't allow a declaration like this due to the
     duplicates. This approach doesn't have this problem.

       enum can_be_pushed_by: [:masters, :developers]
       enum can_be_merged_by: [:masters, :developers]

Signed-off-by: NRémy Coutable <remy@rymai.me>

same time and writes tests accordingly

changes schema.db

removes duplicate field inside CHANGELOG

fix db/schema

* This method previously iterated over all services in a project.  Now it
will directly query the ExternalWikiService for the project and filter
by active state.
* The presence of an external wiki is also cached
* When an external wiki is added or removed, the cached value is updated

Refactor and rename `restricted_signup_domains` to `domain_whitelist` to better conform to its behavior and newly introduced behavior.

- This was introduced (at some point) while rebasing `master` against
  the "developers can merge" feature branch.

- https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5310#note_13139705

This reverts commit 530f5158.

See !4892.
Signed-off-by: NRémy Coutable <remy@rymai.me>

This reverts commit c3935699.

This reverts commit 9ca633eb, reversing
changes made to fb229bbf.

1. When a merge request is being merged, save the merge commit SHA in
   the `in_progress_merge_commit_sha` database column.

2. The `pre-receive` hook looks for any locked (in progress) merge
   request with `in_progress_merge_commit_sha` matching the `newrev` it
   is passed.

3. If it finds a matching MR, the merge is legitimate.

4. Update `git_access_spec` to test the behaviour we added here. Also
   refactored this spec a bit to make it easier to add more contexts / conditions.

- Cherry-picked from `mvestergaard:branch-protection-dev-merge`
- https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4220

As requested by the issue #14508 this adds an option in the application
settings to set newly registered users by default as external. The
default setting is set to false to stay backward compatible.

Signed-off-by: NRémy Coutable <remy@rymai.me>

Feedback:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4964#note_12741046

https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4093#note_12571602
and
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4093#note_12571670

This reverts commit 13e37a3e.

Signed-off-by: NRémy Coutable <remy@rymai.me>