6 files changed, 14 insertions, 7 deletions

diff --git a/lib/api/v3/builds.rb b/lib/api/v3/builds.rb
index f493fd7c7ec..fa0bef39602 100644
--- a/lib/api/v3/builds.rb
+++ b/lib/api/v3/builds.rb
@@ -169,7 +169,7 @@ module API
           authorize_update_builds!
 
           build = get_build!(params[:build_id])
-          authorize!(:update_build, build)
+          authorize!(:erase_build, build)
           return forbidden!('Build is not erasable!') unless build.erasable?
 
           build.erase(erased_by: current_user)
diff --git a/lib/api/v3/commits.rb b/lib/api/v3/commits.rb
index ed206a6def0..0ef26aa696a 100644
--- a/lib/api/v3/commits.rb
+++ b/lib/api/v3/commits.rb
@@ -106,7 +106,7 @@ module API
           commit = user_project.commit(params[:sha])
 
           not_found! 'Commit' unless commit
-          notes = Note.where(commit_id: commit.id).order(:created_at)
+          notes = commit.notes.order(:created_at)
 
           present paginate(notes), with: ::API::Entities::CommitNote
         end
@@ -169,10 +169,12 @@ module API
           if params[:path]
             commit.raw_diffs(limits: false).each do |diff|
               next unless diff.new_path == params[:path]
+
               lines = Gitlab::Diff::Parser.new.parse(diff.diff.each_line)
 
               lines.each do |line|
                 next unless line.new_pos == params[:line] && line.type == params[:line_type]
+
                 break opts[:line_code] = Gitlab::Git.diff_line_code(diff.new_path, line.new_pos, line.old_pos)
               end
 
diff --git a/lib/api/v3/entities.rb b/lib/api/v3/entities.rb
index afdd7b83998..c17b6f45ed8 100644
--- a/lib/api/v3/entities.rb
+++ b/lib/api/v3/entities.rb
@@ -172,8 +172,8 @@ module API
         expose :id
         expose :default_projects_limit
         expose :signup_enabled
-        expose :password_authentication_enabled
-        expose :password_authentication_enabled, as: :signin_enabled
+        expose :password_authentication_enabled_for_web, as: :password_authentication_enabled
+        expose :password_authentication_enabled_for_web, as: :signin_enabled
         expose :gravatar_enabled
         expose :sign_in_text
         expose :after_sign_up_text
diff --git a/lib/api/v3/runners.rb b/lib/api/v3/runners.rb
index faa265f3314..c6d9957d452 100644
--- a/lib/api/v3/runners.rb
+++ b/lib/api/v3/runners.rb
@@ -51,6 +51,7 @@ module API
       helpers do
         def authenticate_delete_runner!(runner)
           return if current_user.admin?
+
           forbidden!("Runner is shared") if runner.is_shared?
           forbidden!("Runner associated with more than one project") if runner.projects.count > 1
           forbidden!("No access granted") unless user_can_access_runner?(runner)
diff --git a/lib/api/v3/settings.rb b/lib/api/v3/settings.rb
index 202011cfcbe..9b4ab7630fb 100644
--- a/lib/api/v3/settings.rb
+++ b/lib/api/v3/settings.rb
@@ -44,8 +44,8 @@ module API
           requires :domain_blacklist, type: String, desc: 'Users with e-mail addresses that match these domain(s) will NOT be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com'
         end
         optional :after_sign_up_text, type: String, desc: 'Text shown after sign up'
-        optional :password_authentication_enabled, type: Boolean, desc: 'Flag indicating if password authentication is enabled'
-        optional :signin_enabled, type: Boolean, desc: 'Flag indicating if password authentication is enabled'
+        optional :password_authentication_enabled, type: Boolean, desc: 'Flag indicating if password authentication is enabled for the web interface'
+        optional :signin_enabled, type: Boolean, desc: 'Flag indicating if password authentication is enabled for the web interface'
         mutually_exclusive :password_authentication_enabled, :signin_enabled
         optional :require_two_factor_authentication, type: Boolean, desc: 'Require all users to setup Two-factor authentication'
         given require_two_factor_authentication: ->(val) { val } do
@@ -131,7 +131,9 @@ module API
         attrs = declared_params(include_missing: false)
 
         if attrs.has_key?(:signin_enabled)
-          attrs[:password_authentication_enabled] = attrs.delete(:signin_enabled)
+          attrs[:password_authentication_enabled_for_web] = attrs.delete(:signin_enabled)
+        elsif attrs.has_key?(:password_authentication_enabled)
+          attrs[:password_authentication_enabled_for_web] = attrs.delete(:password_authentication_enabled)
         end
 
         if current_settings.update_attributes(attrs)
diff --git a/lib/api/v3/snippets.rb b/lib/api/v3/snippets.rb
index 0762fc02d70..126ec72248e 100644
--- a/lib/api/v3/snippets.rb
+++ b/lib/api/v3/snippets.rb
@@ -91,6 +91,7 @@ module API
         put ':id' do
           snippet = snippets_for_current_user.find_by(id: params.delete(:id))
           return not_found!('Snippet') unless snippet
+
           authorize! :update_personal_snippet, snippet
 
           attrs = declared_params(include_missing: false)
@@ -113,6 +114,7 @@ module API
         delete ':id' do
           snippet = snippets_for_current_user.find_by(id: params.delete(:id))
           return not_found!('Snippet') unless snippet
+
           authorize! :destroy_personal_snippet, snippet
           snippet.destroy
           no_content!