Merge remote-tracking branch 'upstream/master' into qa-add-more-key-tests

* upstream/master: (86 commits)
  Fix unassign slash command preview
  Add CHANGELOG entry
  Show Runner's description on job's page
  Fix an N+1 for MRs from forks on the MR index page
  Improve documentation of SSRF protection
  Replace find file project spinach tests with RSpec
  Fix docs typo for ci/lint
  [Backport] Burndown chart for group milestone
  Bump lograge to 0.10.0 and remove monkey patch
  Add Capybara debugging methods to docs
  Update CHANGELOG.md for 10.7.1
  Add missing changelog entry
  Resolve "Avatar URLs are wrong when using a CDN path and Object Storage"
  Fix users not seeing labels from private groups when being a member of a child project
  Update doorkeeper for:
  Update links to /ci/lint with ones to project ci/lint
  Resolve "Namespace factory is problematic"
  Auth::User classes refactor adds should_save?
  Replace define_method with alias_method in Omniauth Controllers
  Describe workaround when restore fails because of `Errno::EBUSY`
  ...

3 files changed, 12 insertions, 4 deletions

diff --git a/lib/api/helpers/notes_helpers.rb b/lib/api/helpers/notes_helpers.rb
index cd91df1ecd8..b74b8149834 100644
--- a/lib/api/helpers/notes_helpers.rb
+++ b/lib/api/helpers/notes_helpers.rb
@@ -64,8 +64,10 @@ module API
         authorize! :create_note, noteable
 
         parent = noteable_parent(noteable)
+
         if opts[:created_at]
-          opts.delete(:created_at) unless current_user.admin? || parent.owner == current_user
+          opts.delete(:created_at) unless
+            current_user.admin? || parent.owned_by?(current_user)
         end
 
         project = parent if parent.is_a?(Project)
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index 51b3b0459f3..8871792060b 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -74,6 +74,11 @@ module API
 
         present options[:with].prepare_relation(projects, options), options
       end
+
+      def translate_params_for_compatibility(params)
+        params[:builds_enabled] = params.delete(:jobs_enabled) if params.key?(:jobs_enabled)
+        params
+      end
     end
 
     resource :users, requirements: API::PROJECT_ENDPOINT_REQUIREMENTS do
@@ -123,7 +128,7 @@ module API
       end
       post do
         attrs = declared_params(include_missing: false)
-        attrs[:builds_enabled] = attrs.delete(:jobs_enabled) if attrs.key?(:jobs_enabled)
+        attrs = translate_params_for_compatibility(attrs)
         project = ::Projects::CreateService.new(current_user, attrs).execute
 
         if project.saved?
@@ -155,6 +160,7 @@ module API
         not_found!('User') unless user
 
         attrs = declared_params(include_missing: false)
+        attrs = translate_params_for_compatibility(attrs)
         project = ::Projects::CreateService.new(user, attrs).execute
 
         if project.saved?
@@ -276,7 +282,7 @@ module API
         authorize! :rename_project, user_project if attrs[:name].present?
         authorize! :change_visibility_level, user_project if attrs[:visibility].present?
 
-        attrs[:builds_enabled] = attrs.delete(:jobs_enabled) if attrs.key?(:jobs_enabled)
+        attrs = translate_params_for_compatibility(attrs)
 
         result = ::Projects::UpdateService.new(user_project, current_user, attrs).execute
 
diff --git a/lib/api/users.rb b/lib/api/users.rb
index 3920171205f..14b8a796c8e 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -77,7 +77,7 @@ module API
         authenticated_as_admin! if params[:external].present? || (params[:extern_uid].present? && params[:provider].present?)
 
         unless current_user&.admin?
-          params.except!(:created_after, :created_before, :order_by, :sort)
+          params.except!(:created_after, :created_before, :order_by, :sort, :two_factor)
         end
 
         users = UsersFinder.new(current_user, params).execute