6 files changed, 57 insertions, 4 deletions

diff --git a/lib/api/api.rb b/lib/api/api.rb
index 073471b4c4d..5139e869c71 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -154,6 +154,7 @@ module API
     mount ::API::ProjectHooks
     mount ::API::Projects
     mount ::API::ProjectMilestones
+    mount ::API::ProjectSnapshots
     mount ::API::ProjectSnippets
     mount ::API::ProtectedBranches
     mount ::API::Repositories
diff --git a/lib/api/helpers/notes_helpers.rb b/lib/api/helpers/notes_helpers.rb
index cd91df1ecd8..b74b8149834 100644
--- a/lib/api/helpers/notes_helpers.rb
+++ b/lib/api/helpers/notes_helpers.rb
@@ -64,8 +64,10 @@ module API
         authorize! :create_note, noteable
 
         parent = noteable_parent(noteable)
+
         if opts[:created_at]
-          opts.delete(:created_at) unless current_user.admin? || parent.owner == current_user
+          opts.delete(:created_at) unless
+            current_user.admin? || parent.owned_by?(current_user)
         end
 
         project = parent if parent.is_a?(Project)
diff --git a/lib/api/helpers/project_snapshots_helpers.rb b/lib/api/helpers/project_snapshots_helpers.rb
new file mode 100644
index 00000000000..94798a8cb51
--- /dev/null
+++ b/lib/api/helpers/project_snapshots_helpers.rb
@@ -0,0 +1,25 @@
+module API
+  module Helpers
+    module ProjectSnapshotsHelpers
+      def authorize_read_git_snapshot!
+        authenticated_with_full_private_access!
+      end
+
+      def send_git_snapshot(repository)
+        header(*Gitlab::Workhorse.send_git_snapshot(repository))
+      end
+
+      def snapshot_project
+        user_project
+      end
+
+      def snapshot_repository
+        if to_boolean(params[:wiki])
+          snapshot_project.wiki.repository
+        else
+          snapshot_project.repository
+        end
+      end
+    end
+  end
+end
diff --git a/lib/api/project_snapshots.rb b/lib/api/project_snapshots.rb
new file mode 100644
index 00000000000..71005acc587
--- /dev/null
+++ b/lib/api/project_snapshots.rb
@@ -0,0 +1,19 @@
+module API
+  class ProjectSnapshots < Grape::API
+    helpers ::API::Helpers::ProjectSnapshotsHelpers
+
+    before { authorize_read_git_snapshot! }
+
+    resource :projects do
+      desc 'Download a (possibly inconsistent) snapshot of a repository' do
+        detail 'This feature was introduced in GitLab 10.7'
+      end
+      params do
+        optional :wiki, type: Boolean, desc: 'Set to true to receive the wiki repository'
+      end
+      get ':id/snapshot' do
+        send_git_snapshot(snapshot_repository)
+      end
+    end
+  end
+end
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index 51b3b0459f3..8871792060b 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -74,6 +74,11 @@ module API
 
         present options[:with].prepare_relation(projects, options), options
       end
+
+      def translate_params_for_compatibility(params)
+        params[:builds_enabled] = params.delete(:jobs_enabled) if params.key?(:jobs_enabled)
+        params
+      end
     end
 
     resource :users, requirements: API::PROJECT_ENDPOINT_REQUIREMENTS do
@@ -123,7 +128,7 @@ module API
       end
       post do
         attrs = declared_params(include_missing: false)
-        attrs[:builds_enabled] = attrs.delete(:jobs_enabled) if attrs.key?(:jobs_enabled)
+        attrs = translate_params_for_compatibility(attrs)
         project = ::Projects::CreateService.new(current_user, attrs).execute
 
         if project.saved?
@@ -155,6 +160,7 @@ module API
         not_found!('User') unless user
 
         attrs = declared_params(include_missing: false)
+        attrs = translate_params_for_compatibility(attrs)
         project = ::Projects::CreateService.new(user, attrs).execute
 
         if project.saved?
@@ -276,7 +282,7 @@ module API
         authorize! :rename_project, user_project if attrs[:name].present?
         authorize! :change_visibility_level, user_project if attrs[:visibility].present?
 
-        attrs[:builds_enabled] = attrs.delete(:jobs_enabled) if attrs.key?(:jobs_enabled)
+        attrs = translate_params_for_compatibility(attrs)
 
         result = ::Projects::UpdateService.new(user_project, current_user, attrs).execute
 
diff --git a/lib/api/users.rb b/lib/api/users.rb
index 3920171205f..14b8a796c8e 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -77,7 +77,7 @@ module API
         authenticated_as_admin! if params[:external].present? || (params[:extern_uid].present? && params[:provider].present?)
 
         unless current_user&.admin?
-          params.except!(:created_after, :created_before, :order_by, :sort)
+          params.except!(:created_after, :created_before, :order_by, :sort, :two_factor)
         end
 
         users = UsersFinder.new(current_user, params).execute