Rename query parameter to `membership`28865-filter-by-authorized-projects-in-v4

The query parameter `membership` should be more self-explaining.

6 files changed, 19 insertions, 14 deletions

diff --git a/changelogs/unreleased/28865-filter-by-authorized-projects-in-v4.yml b/changelogs/unreleased/28865-filter-by-authorized-projects-in-v4.yml
index 8615c17666e..7c64783cbd0 100644
--- a/changelogs/unreleased/28865-filter-by-authorized-projects-in-v4.yml
+++ b/changelogs/unreleased/28865-filter-by-authorized-projects-in-v4.yml
@@ -1,4 +1,4 @@
 ---
-title: Add filter param for authorized projects for current_user for V4
+title: Add filter param for project membership for current_user in API v4
 merge_request:
 author:
diff --git a/doc/api/projects.md b/doc/api/projects.md
index 6805e7d67e9..6062c5ccd71 100644
--- a/doc/api/projects.md
+++ b/doc/api/projects.md
@@ -34,10 +34,10 @@ Parameters:
 | `visibility` | string | no | Limit by visibility `public`, `internal`, or `private` |
 | `order_by` | string | no | Return projects ordered by `id`, `name`, `path`, `created_at`, `updated_at`, or `last_activity_at` fields. Default is `created_at` |
 | `sort` | string | no | Return projects sorted in `asc` or `desc` order. Default is `desc` |
-| `search` | string | no | Return list of authorized projects matching the search criteria |
+| `search` | string | no | Return list of projects matching the search criteria |
 | `simple` | boolean | no | Return only the ID, URL, name, and path of each project |
 | `owned` | boolean | no | Limit by projects owned by the current user |
-| `authorized` | boolean | no | Limit by projects authorized for the current user |
+| `membership` | boolean | no | Limit by projects that the current user is a member of |
 | `starred` | boolean | no | Limit by projects starred by the current user |
 
 ```json
diff --git a/doc/api/v3_to_v4.md b/doc/api/v3_to_v4.md
index 92f2e02405d..42deccba0a6 100644
--- a/doc/api/v3_to_v4.md
+++ b/doc/api/v3_to_v4.md
@@ -28,7 +28,12 @@ changes are in V4:
   - `/dockerfiles/:key`
 - Moved `/projects/fork/:id` to `/projects/:id/fork` [!8940](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8940)
 - Moved `DELETE /todos` to `POST /todos/mark_as_done` and `DELETE /todos/:todo_id` to `POST /todos/:todo_id/mark_as_done` [!9410](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9410)
-- Endpoints `/projects/owned`, `/projects/visible`, `/projects/starred` & `/projects/all` are consolidated into `/projects` using query parameters [!8962](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8962)
+- Project filters are no longer available as `GET /projects/foo`, but as `GET /projects?foo=true` instead [!8962](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8962)
+  - `GET /projects/visible` & `GET /projects/all` are consolidated into `GET /projects` and can be used with or without authorization
+  - `GET /projects/owned` moved to `GET /projects?owned=true`
+  - `GET /projects/starred` moved to `GET /projects?starred=true`
+- `GET /projects` returns all projects visible to current user, even if the user is not a member [!9674](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9674)
+  - To get projects the user is a member of, use `/projects?membership=true`
 - Return pagination headers for all endpoints that return an array [!8606](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8606)
 - Added `POST /environments/:environment_id/stop` to stop an environment [!8808](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8808)
 - Removed `DELETE projects/:id/deploy_keys/:key_id/disable`. Use `DELETE projects/:id/deploy_keys/:key_id` instead [!9366](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9366)
@@ -53,4 +58,3 @@ changes are in V4:
 - Remove `GET /groups/owned`. Use `GET /groups?owned=true` instead [!9505](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9505)
 - Return 202 with JSON body on async removals on V4 API (DELETE `/projects/:id/repository/merged_branches` and DELETE `/projects/:id`) [!9449](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9449)
 - `projects/:id/milestones?iid[]=x&iid[]=y` array filter has been renamed to `iids` [!9096](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9096)
-- Enable filtering user's authorized projects with boolean param `authorized` on `/projects` endpoint [!9674](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9674)
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index cf57cb1b825..9c41146f1e3 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -252,7 +252,7 @@ module API
     # project helpers
 
     def filter_projects(projects)
-      if params[:authorized]
+      if params[:membership]
         projects = projects.merge(current_user.authorized_projects)
       end
 
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index f302496c12b..63a4cdd5954 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -46,9 +46,10 @@ module API
           optional :archived, type: Boolean, default: false, desc: 'Limit by archived status'
           optional :visibility, type: String, values: Gitlab::VisibilityLevel.string_values,
                                 desc: 'Limit by visibility'
-          optional :search, type: String, desc: 'Return list of authorized projects matching the search criteria'
+          optional :search, type: String, desc: 'Return list of projects matching the search criteria'
           optional :owned, type: Boolean, default: false, desc: 'Limit by owned by authenticated user'
           optional :starred, type: Boolean, default: false, desc: 'Limit by starred status'
+          optional :membership, type: Boolean, default: false, desc: 'Limit by projects that the current user is a member of'
         end
 
         params :statistics_params do
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb
index eb2380620e2..03cae074803 100644
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -143,9 +143,9 @@ describe API::Projects, api: true  do
         end
       end
 
-      context 'and authorized=true' do
+      context 'and membership=true' do
         it_behaves_like 'projects response' do
-          let(:filter) { { authorized: true } }
+          let(:filter) { { membership: true } }
           let(:current_user) { user }
           let(:projects) { [project, project2, project3] }
         end
@@ -235,7 +235,7 @@ describe API::Projects, api: true  do
         end
 
         context 'including owned filter' do
-          it 'returns only projects that satify all query parameters' do
+          it 'returns only projects that satisfy all query parameters' do
             get api('/projects', user), { visibility: 'public', owned: true, starred: true, search: 'gitlab' }
 
             expect(response).to have_http_status(200)
@@ -246,7 +246,7 @@ describe API::Projects, api: true  do
           end
         end
 
-        context 'including authorized filter' do
+        context 'including membership filter' do
           before do
             create(:project_member,
                    user: user,
@@ -254,14 +254,14 @@ describe API::Projects, api: true  do
                    access_level: ProjectMember::MASTER)
           end
 
-          it 'returns only projects that satify all query parameters' do
-            get api('/projects', user), { visibility: 'public', authorized: true, starred: true, search: 'gitlab' }
+          it 'returns only projects that satisfy all query parameters' do
+            get api('/projects', user), { visibility: 'public', membership: true, starred: true, search: 'gitlab' }
 
             expect(response).to have_http_status(200)
             expect(response).to include_pagination_headers
             expect(json_response).to be_an Array
             expect(json_response.size).to eq(2)
-            expect(json_response.map { |project| project.fetch('id') }).to contain_exactly(project5.id, project7.id)
+            expect(json_response.map { |project| project['id'] }).to contain_exactly(project5.id, project7.id)
           end
         end
       end