Add API support for filtering confidential issues

3 files changed, 53 insertions, 0 deletions

diff --git a/doc/api/issues.md b/doc/api/issues.md
index 0571f280d2a..cb5789e76b7 100644
--- a/doc/api/issues.md
+++ b/doc/api/issues.md
@@ -32,6 +32,7 @@ GET /issues?author_id=5
 GET /issues?assignee_id=5
 GET /issues?my_reaction_emoji=star
 GET /issues?search=foo&in=title
+GET /issues?confidential=true
 ```
 
 | Attribute           | Type             | Required   | Description                                                                                                                                         |
@@ -52,6 +53,7 @@ GET /issues?search=foo&in=title
 | `created_before`    | datetime         | no         | Return issues created on or before the given time                                                                                                   |
 | `updated_after`     | datetime         | no         | Return issues updated on or after the given time                                                                                                    |
 | `updated_before`    | datetime         | no         | Return issues updated on or before the given time                                                                                                   |
+| `confidential `     | Boolean          | no        | Filter confidential or public issues.                                                                                                                |
 
 ```bash
 curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/issues
@@ -148,6 +150,7 @@ GET /groups/:id/issues?search=issue+title+or+description
 GET /groups/:id/issues?author_id=5
 GET /groups/:id/issues?assignee_id=5
 GET /groups/:id/issues?my_reaction_emoji=star
+GET /groups/:id/issues?confidential=true
 ```
 
 | Attribute           | Type             | Required   | Description                                                                                                                   |
@@ -168,6 +171,7 @@ GET /groups/:id/issues?my_reaction_emoji=star
 | `created_before`    | datetime         | no         | Return issues created on or before the given time                                                                             |
 | `updated_after`     | datetime         | no         | Return issues updated on or after the given time                                                                              |
 | `updated_before`    | datetime         | no         | Return issues updated on or before the given time                                                                             |
+| `confidential `     | Boolean          | no         | Filter confidential or public issues.                                                                                         |
 
 ```bash
 curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/4/issues
@@ -264,6 +268,7 @@ GET /projects/:id/issues?search=issue+title+or+description
 GET /projects/:id/issues?author_id=5
 GET /projects/:id/issues?assignee_id=5
 GET /projects/:id/issues?my_reaction_emoji=star
+GET /projects/:id/issues?confidential=true
 ```
 
 | Attribute           | Type             | Required   | Description                                                                                                                   |
@@ -284,6 +289,8 @@ GET /projects/:id/issues?my_reaction_emoji=star
 | `created_before`    | datetime         | no         | Return issues created on or before the given time                                                                             |
 | `updated_after`     | datetime         | no         | Return issues updated on or after the given time                                                                              |
 | `updated_before`    | datetime         | no         | Return issues updated on or before the given time                                                                             |
+| `confidential `     | Boolean          | no         | Filter confidential or public issues.                                                                                         |
+
 
 ```bash
 curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/4/issues
diff --git a/lib/api/issues.rb b/lib/api/issues.rb
index 94ed9ac6fb1..3862c29d841 100644
--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
@@ -15,6 +15,14 @@ module API
 
       params :issue_params_ee do
       end
+
+      def convert_confidential_param(args)
+        confidential = args.delete(:confidential)
+        return args if confidential.nil?
+
+        args[:confidential] = confidential ? 'yes' : 'no'
+        args
+      end
     end
 
     helpers do
@@ -26,6 +34,7 @@ module API
         args[:milestone_title] = args.delete(:milestone)
         args[:label_name] = args.delete(:labels)
         args[:scope] = args[:scope].underscore if args[:scope]
+        args = convert_confidential_param(args)
 
         issues = IssuesFinder.new(current_user, args).execute
           .preload(:assignees, :labels, :notes, :timelogs, :project, :author, :closed_by)
@@ -54,6 +63,7 @@ module API
         optional :scope, type: String, values: %w[created-by-me assigned-to-me created_by_me assigned_to_me all],
                          desc: 'Return issues for the given scope: `created_by_me`, `assigned_to_me` or `all`'
         optional :my_reaction_emoji, type: String, desc: 'Return issues reacted by the authenticated user by the given emoji'
+        optional :confidential, type: Boolean, desc: 'Filter confidential or public issues'
         use :pagination
 
         use :issues_params_ee
diff --git a/spec/requests/api/issues_spec.rb b/spec/requests/api/issues_spec.rb
index d10ee6cc320..1a4be2bd30f 100644
--- a/spec/requests/api/issues_spec.rb
+++ b/spec/requests/api/issues_spec.rb
@@ -183,6 +183,18 @@ describe API::Issues do
         expect_paginated_array_response([issue.id, confidential_issue.id, closed_issue.id])
       end
 
+      it 'returns only confidential issues' do
+        get api('/issues', user), params: { confidential: true, scope: 'all' }
+
+        expect_paginated_array_response(confidential_issue.id)
+      end
+
+      it 'returns only public issues' do
+        get api('/issues', user), params: { confidential: false }
+
+        expect_paginated_array_response([issue.id, closed_issue.id])
+      end
+
       it 'returns issues reacted by the authenticated user' do
         issue2 = create(:issue, project: project, author: user, assignees: [user])
         create(:award_emoji, awardable: issue2, user: user2, name: 'star')
@@ -557,6 +569,18 @@ describe API::Issues do
         expect_paginated_array_response([group_confidential_issue.id, group_issue.id])
       end
 
+      it 'returns only confidential issues' do
+        get api(base_url, user), params: { confidential: true }
+
+        expect_paginated_array_response(group_confidential_issue.id)
+      end
+
+      it 'returns only public issues' do
+        get api(base_url, user), params: { confidential: false }
+
+        expect_paginated_array_response([group_closed_issue.id, group_issue.id])
+      end
+
       it 'returns an array of labeled group issues' do
         get api(base_url, user), params: { labels: group_label.title }
 
@@ -782,6 +806,18 @@ describe API::Issues do
       expect_paginated_array_response([issue.id, confidential_issue.id, closed_issue.id])
     end
 
+    it 'returns only confidential issues' do
+      get api("#{base_url}/issues", author), params: { confidential: true }
+
+      expect_paginated_array_response(confidential_issue.id)
+    end
+
+    it 'returns only public issues' do
+      get api("#{base_url}/issues", author), params: { confidential: false }
+
+      expect_paginated_array_response([issue.id, closed_issue.id])
+    end
+
     it 'returns project confidential issues for assignee' do
       get api("#{base_url}/issues", assignee)