Merge branch 'api-ability-to-backdate-newly-created-issues-12628' into 'master'

Back dating of issues when creating through the API

Closes #12628 

See merge request !3408

4 files changed, 23 insertions, 6 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 7e9a447a8f6..ea780ddf784 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,6 +4,7 @@ v 8.7.0 (unreleased)
   - Don't attempt to look up an avatar in repo if repo directory does not exist (Stan hu)
   - Preserve time notes/comments have been updated at when moving issue
   - Make HTTP(s) label consistent on clone bar (Stan Hu)
+  - Allow back dating on issues when created through the API 
   - Fix avatar stretching by providing a cropping feature
   - Add links to CI setup documentation from project settings and builds pages
   - Implement 'Groups View' as an option for dashboard preferences !3379 (Elias W.)
diff --git a/doc/api/issues.md b/doc/api/issues.md
index 18d64c41986..cc6355d34ef 100644
--- a/doc/api/issues.md
+++ b/doc/api/issues.md
@@ -237,6 +237,7 @@ POST /projects/:id/issues
 | `assignee_id`   | integer | no  | The ID of a user to assign issue |
 | `milestone_id`  | integer | no  | The ID of a milestone to assign issue |
 | `labels`        | string  | no  | Comma-separated label names for an issue  |
+| `created_at`    | string  | no  | Date time string, ISO 8601 formatted, e.g. `2016-03-11T03:45:40Z` |
 
 ```bash
 curl -X POST -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/4/issues?title=Issues%20with%20auth&labels=bug
diff --git a/lib/api/issues.rb b/lib/api/issues.rb
index e5ae88eb96f..1fee1dee1a6 100644
--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
@@ -111,17 +111,21 @@ module API
       # Create a new project issue
       #
       # Parameters:
-      #   id (required) - The ID of a project
-      #   title (required) - The title of an issue
-      #   description (optional) - The description of an issue
-      #   assignee_id (optional) - The ID of a user to assign issue
+      #   id (required)           - The ID of a project
+      #   title (required)        - The title of an issue
+      #   description (optional)  - The description of an issue
+      #   assignee_id (optional)  - The ID of a user to assign issue
       #   milestone_id (optional) - The ID of a milestone to assign issue
-      #   labels (optional) - The labels of an issue
+      #   labels (optional)       - The labels of an issue
+      #   created_at (optional)   - The date
       # Example Request:
       #   POST /projects/:id/issues
       post ":id/issues" do
         required_attributes! [:title]
-        attrs = attributes_for_keys [:title, :description, :assignee_id, :milestone_id]
+
+        keys = [:title, :description, :assignee_id, :milestone_id]
+        keys << :created_at if current_user.admin? || user_project.owner == current_user
+        attrs = attributes_for_keys(keys)
 
         # Validate label names in advance
         if (errors = validate_label_params(params)).any?
diff --git a/spec/requests/api/issues_spec.rb b/spec/requests/api/issues_spec.rb
index ce55cb7b0ae..822d3ad3017 100644
--- a/spec/requests/api/issues_spec.rb
+++ b/spec/requests/api/issues_spec.rb
@@ -318,6 +318,17 @@ describe API::API, api: true  do
         'is too long (maximum is 255 characters)'
       ])
     end
+
+    context 'when an admin or owner makes the request' do
+      it "accepts the creation date to be set" do
+        post api("/projects/#{project.id}/issues", user),
+          title: 'new issue', labels: 'label, label2', created_at: 2.weeks.ago
+
+        expect(response.status).to eq(201)
+        # this take about a second, so probably not equal
+        expect(Time.parse(json_response['created_at'])).to be <= 2.weeks.ago
+      end
+    end
   end
 
   describe 'POST /projects/:id/issues with spam filtering' do