Merge remote-tracking branch 'origin/master' into ci-commit-as-pipeline

9 files changed, 104 insertions, 15 deletions

diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index d76b46b8836..60b9f5e0ece 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -212,7 +212,7 @@ module API
       expose :note, as: :body
       expose :attachment_identifier, as: :attachment
       expose :author, using: Entities::UserBasic
-      expose :created_at
+      expose :created_at, :updated_at
       expose :system?, as: :system
       expose :noteable_id, :noteable_type
       # upvote? and downvote? are deprecated, always return false
@@ -263,14 +263,19 @@ module API
       expose :id, :path, :kind
     end
 
-    class ProjectAccess < Grape::Entity
+    class Member < Grape::Entity
       expose :access_level
-      expose :notification_level
+      expose :notification_level do |member, options|
+        if member.notification_setting
+          NotificationSetting.levels[member.notification_setting.level]
+        end
+      end
     end
 
-    class GroupAccess < Grape::Entity
-      expose :access_level
-      expose :notification_level
+    class ProjectAccess < Member
+    end
+
+    class GroupAccess < Member
     end
 
     class ProjectService < Grape::Entity
@@ -301,6 +306,7 @@ module API
 
     class Label < Grape::Entity
       expose :name, :color, :description
+      expose :open_issues_count, :closed_issues_count, :open_merge_requests_count
     end
 
     class Compare < Grape::Entity
diff --git a/lib/api/groups.rb b/lib/api/groups.rb
index c165de21a75..91e420832f3 100644
--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
@@ -23,8 +23,10 @@ module API
       # Create group. Available only for users who can create groups.
       #
       # Parameters:
-      #   name (required) - The name of the group
-      #   path (required) - The path of the group
+      #   name (required)             - The name of the group
+      #   path (required)             - The path of the group
+      #   description (optional)      - The description of the group
+      #   visibility_level (optional) - The visibility level of the group
       # Example Request:
       #   POST /groups
       post do
@@ -42,6 +44,28 @@ module API
         end
       end
 
+      # Update group. Available only for users who can administrate groups.
+      #
+      # Parameters:
+      #   id (required)               - The ID of a group
+      #   path (optional)             - The path of the group
+      #   description (optional)      - The description of the group
+      #   visibility_level (optional) - The visibility level of the group
+      # Example Request:
+      #   PUT /groups/:id
+      put ':id' do
+        group = find_group(params[:id])
+        authorize! :admin_group, group
+
+        attrs = attributes_for_keys [:name, :path, :description, :visibility_level]
+
+        if ::Groups::UpdateService.new(group, current_user, attrs).execute
+          present group, with: Entities::GroupDetail
+        else
+          render_validation_error!(group)
+        end
+      end
+
       # Get a single group, with containing projects
       #
       # Parameters:
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 4921ae99e78..96af7d7675c 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -91,8 +91,7 @@ module API
       if can?(current_user, :read_group, group)
         group
       else
-        forbidden!("#{current_user.username} lacks sufficient "\
-        "access to #{group.name}")
+        not_found!('Group')
       end
     end
 
diff --git a/lib/api/issues.rb b/lib/api/issues.rb
index c4ea05ee6cf..850e99981ff 100644
--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
@@ -195,6 +195,29 @@ module API
         end
       end
 
+      # Move an existing issue
+      #
+      # Parameters:
+      #  id (required)            - The ID of a project
+      #  issue_id (required)      - The ID of a project issue
+      #  to_project_id (required) - The ID of the new project
+      # Example Request:
+      #   POST /projects/:id/issues/:issue_id/move
+      post ':id/issues/:issue_id/move' do
+        required_attributes! [:to_project_id]
+
+        issue = user_project.issues.find(params[:issue_id])
+        new_project = Project.find(params[:to_project_id])
+
+        begin
+          issue = ::Issues::MoveService.new(user_project, current_user).execute(issue, new_project)
+          present issue, with: Entities::Issue, current_user: current_user
+        rescue ::Issues::MoveService::MoveError => error
+          render_api_error!(error.message, 400)
+        end
+      end
+
+      #
       # Delete a project issue
       #
       # Parameters:
diff --git a/lib/api/milestones.rb b/lib/api/milestones.rb
index 0f3f505fa05..84b4d4cdd6d 100644
--- a/lib/api/milestones.rb
+++ b/lib/api/milestones.rb
@@ -21,6 +21,7 @@ module API
       #   state (optional) - Return "active" or "closed" milestones
       # Example Request:
       #   GET /projects/:id/milestones
+      #   GET /projects/:id/milestones?iid=42
       #   GET /projects/:id/milestones?state=active
       #   GET /projects/:id/milestones?state=closed
       get ":id/milestones" do
@@ -28,6 +29,7 @@ module API
 
         milestones = user_project.milestones
         milestones = filter_milestones_state(milestones, params[:state])
+        milestones = filter_by_iid(milestones, params[:iid]) if params[:iid].present?
 
         present paginate(milestones), with: Entities::Milestone
       end
diff --git a/lib/api/notes.rb b/lib/api/notes.rb
index 174473f5371..a1c98f5e8ff 100644
--- a/lib/api/notes.rb
+++ b/lib/api/notes.rb
@@ -112,6 +112,23 @@ module API
           end
         end
 
+        # Delete a +noteable+ note
+        #
+        # Parameters:
+        #   id (required) - The ID of a project
+        #   noteable_id (required) - The ID of an issue, MR, or snippet
+        #   node_id (required) - The ID of a note
+        # Example Request:
+        #   DELETE /projects/:id/issues/:noteable_id/notes/:note_id
+        #   DELETE /projects/:id/snippets/:noteable_id/notes/:node_id
+        delete ":id/#{noteables_str}/:#{noteable_id_str}/notes/:note_id" do
+          note = user_project.notes.find(params[:note_id])
+          authorize! :admin_note, note
+
+          ::Notes::DeleteService.new(user_project, current_user).execute(note)
+
+          present note, with: Entities::Note
+        end
       end
     end
   end
diff --git a/lib/api/project_members.rb b/lib/api/project_members.rb
index c756bb479fc..4aefdf319c6 100644
--- a/lib/api/project_members.rb
+++ b/lib/api/project_members.rb
@@ -93,12 +93,17 @@ module API
       # Example Request:
       #   DELETE /projects/:id/members/:user_id
       delete ":id/members/:user_id" do
-        authorize! :admin_project, user_project
         project_member = user_project.project_members.find_by(user_id: params[:user_id])
-        unless project_member.nil?
-          project_member.destroy
-        else
+
+        unless current_user.can?(:admin_project, user_project) ||
+                current_user.can?(:destroy_project_member, project_member)
+          forbidden!
+        end
+
+        if project_member.nil?
           { message: "Access revoked", id: params[:user_id].to_i }
+        else
+          project_member.destroy
         end
       end
     end
diff --git a/lib/api/repositories.rb b/lib/api/repositories.rb
index 0d0f0d4616d..62161aadb9a 100644
--- a/lib/api/repositories.rb
+++ b/lib/api/repositories.rb
@@ -98,7 +98,6 @@ module API
         authorize! :download_code, user_project
 
         begin
-          RepositoryArchiveCacheWorker.perform_async
           header *Gitlab::Workhorse.send_git_archive(user_project, params[:sha], params[:format])
         rescue
           not_found!('File')
diff --git a/lib/api/tags.rb b/lib/api/tags.rb
index 2d8a9e51bb9..d1a10479e44 100644
--- a/lib/api/tags.rb
+++ b/lib/api/tags.rb
@@ -16,6 +16,20 @@ module API
                 with: Entities::RepoTag, project: user_project
       end
 
+      # Get a single repository tag
+      #
+      # Parameters:
+      #   id (required)       - The ID of a project
+      #   tag_name (required) - The name of the tag
+      # Example Request:
+      #   GET /projects/:id/repository/tags/:tag_name
+      get ":id/repository/tags/:tag_name", requirements: { tag_name: /.+/ } do
+        tag = user_project.repository.find_tag(params[:tag_name])
+        not_found!('Tag') unless tag
+
+        present tag, with: Entities::RepoTag, project: user_project
+      end
+
       # Create tag
       #
       # Parameters: