Add latest changes from gitlab-org/gitlab@master

2 files changed, 6 insertions, 2 deletions

diff --git a/lib/api/import_github.rb b/lib/api/import_github.rb
index 493cc038f46..ee678ee1981 100644
--- a/lib/api/import_github.rb
+++ b/lib/api/import_github.rb
@@ -2,6 +2,8 @@
 
 module API
   class ImportGithub < ::API::Base
+    before { authenticate! }
+
     feature_category :importers
     urgency :low
 
diff --git a/lib/api/resource_access_tokens.rb b/lib/api/resource_access_tokens.rb
index 2ba109b7092..1735e63c566 100644
--- a/lib/api/resource_access_tokens.rb
+++ b/lib/api/resource_access_tokens.rb
@@ -4,6 +4,8 @@ module API
   class ResourceAccessTokens < ::API::Base
     include PaginationParams
 
+    ALLOWED_RESOURCE_ACCESS_LEVELS = Gitlab::Access.options_with_owner.freeze
+
     before { authenticate! }
 
     feature_category :authentication_and_authorization
@@ -79,8 +81,8 @@ module API
         params do
           requires :id, type: String, desc: "The #{source_type} ID"
           requires :name, type: String, desc: "Resource access token name"
-          requires :scopes, type: Array[String], desc: "The permissions of the token"
-          optional :access_level, type: Integer, desc: "The access level of the token in the #{source_type}"
+          requires :scopes, type: Array[String], values: ::Gitlab::Auth.resource_bot_scopes.map(&:to_s), desc: "The permissions of the token"
+          optional :access_level, type: Integer, values: ALLOWED_RESOURCE_ACCESS_LEVELS.values, default: Gitlab::Access::MAINTAINER, desc: "The access level of the token in the #{source_type}"
           optional :expires_at, type: Date, desc: "The expiration date of the token"
         end
         post ':id/access_tokens' do