7 files changed, 95 insertions, 31 deletions

diff --git a/lib/api/branches.rb b/lib/api/branches.rb
index b32a4aa7bc2..4db5f61dd28 100644
--- a/lib/api/branches.rb
+++ b/lib/api/branches.rb
@@ -80,9 +80,17 @@ module API
       #   POST /projects/:id/repository/branches
       post ":id/repository/branches" do
         authorize_push_project
-        @branch = CreateBranchService.new.execute(user_project, params[:branch_name], params[:ref], current_user)
-
-        present @branch, with: Entities::RepoObject, project: user_project
+        result = CreateBranchService.new.execute(user_project,
+                                                 params[:branch_name],
+                                                 params[:ref],
+                                                 current_user)
+        if result[:status] == :success
+          present result[:branch],
+                  with: Entities::RepoObject,
+                  project: user_project
+        else
+          render_api_error!(result[:message], 400)
+        end
       end
 
       # Delete branch
@@ -99,7 +107,7 @@ module API
         if result[:state] == :success
           true
         else
-          render_api_error!(result[:message], 405)
+          render_api_error!(result[:message], result[:return_code])
         end
       end
     end
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index d36b29a00b1..6af0f6d1b25 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -114,17 +114,21 @@ module API
 
     # Helper method for validating all labels against its names
     def validate_label_params(params)
+      errors = {}
+
       if params[:labels].present?
         params[:labels].split(',').each do |label_name|
           label = user_project.labels.create_with(
             color: Label::DEFAULT_COLOR).find_or_initialize_by(
               title: label_name.strip)
+
           if label.invalid?
-            return true
+            errors[label.title] = label.errors
           end
         end
       end
-      false
+
+      errors
     end
 
     # error helpers
diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index 5850892df07..5f484f63418 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -12,7 +12,9 @@ module API
       #   ref - branch name
       #   forced_push - forced_push
       #
-      get "/allowed" do
+      post "/allowed" do
+        status 200
+
         # Check for *.wiki repositories.
         # Strip out the .wiki from the pathname before finding the
         # project. This applies the correct project permissions to
@@ -34,10 +36,7 @@ module API
           actor,
           params[:action],
           project,
-          params[:ref],
-          params[:oldrev],
-          params[:newrev],
-          params[:forced_push]
+          params[:changes]
         )
       end
 
diff --git a/lib/api/issues.rb b/lib/api/issues.rb
index 055529ccbd8..5369149cdfc 100644
--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
@@ -3,13 +3,41 @@ module API
   class Issues < Grape::API
     before { authenticate! }
 
+    helpers do
+      def filter_issues_state(issues, state = nil)
+        case state
+        when 'opened' then issues.opened
+        when 'closed' then issues.closed
+        else issues
+        end
+      end
+
+      def filter_issues_labels(issues, labels)
+        issues.includes(:labels).where("labels.title" => labels.split(','))
+      end
+    end
+
     resource :issues do
       # Get currently authenticated user's issues
       #
-      # Example Request:
+      # Parameters:
+      #   state (optional) - Return "opened" or "closed" issues
+      #   labels (optional) - Comma-separated list of label names
+
+      # Example Requests:
       #   GET /issues
+      #   GET /issues?state=opened
+      #   GET /issues?state=closed
+      #   GET /issues?labels=foo
+      #   GET /issues?labels=foo,bar
+      #   GET /issues?labels=foo,bar&state=opened
       get do
-        present paginate(current_user.issues), with: Entities::Issue
+        issues = current_user.issues
+        issues = filter_issues_state(issues, params[:state]) unless params[:state].nil?
+        issues = filter_issues_labels(issues, params[:labels]) unless params[:labels].nil?
+        issues = issues.order('issues.id DESC')
+
+        present paginate(issues), with: Entities::Issue
       end
     end
 
@@ -18,10 +46,24 @@ module API
       #
       # Parameters:
       #   id (required) - The ID of a project
-      # Example Request:
+      #   state (optional) - Return "opened" or "closed" issues
+      #   labels (optional) - Comma-separated list of label names
+      #
+      # Example Requests:
       #   GET /projects/:id/issues
+      #   GET /projects/:id/issues?state=opened
+      #   GET /projects/:id/issues?state=closed
+      #   GET /projects/:id/issues
+      #   GET /projects/:id/issues?labels=foo
+      #   GET /projects/:id/issues?labels=foo,bar
+      #   GET /projects/:id/issues?labels=foo,bar&state=opened
       get ":id/issues" do
-        present paginate(user_project.issues), with: Entities::Issue
+        issues = user_project.issues
+        issues = filter_issues_state(issues, params[:state]) unless params[:state].nil?
+        issues = filter_issues_labels(issues, params[:labels]) unless params[:labels].nil?
+        issues = issues.order('issues.id DESC')
+
+        present paginate(issues), with: Entities::Issue
       end
 
       # Get a single project issue
@@ -52,8 +94,8 @@ module API
         attrs = attributes_for_keys [:title, :description, :assignee_id, :milestone_id]
 
         # Validate label names in advance
-        if validate_label_params(params)
-          return render_api_error!('Label names invalid', 405)
+        if (errors = validate_label_params(params)).any?
+          render_api_error!({ labels: errors }, 400)
         end
 
         issue = ::Issues::CreateService.new(user_project, current_user, attrs).execute
@@ -90,8 +132,8 @@ module API
         attrs = attributes_for_keys [:title, :description, :assignee_id, :milestone_id, :state_event]
 
         # Validate label names in advance
-        if validate_label_params(params)
-          return render_api_error!('Label names invalid', 405)
+        if (errors = validate_label_params(params)).any?
+          render_api_error!({ labels: errors }, 400)
         end
 
         issue = ::Issues::UpdateService.new(user_project, current_user, attrs).execute(issue)
@@ -99,7 +141,8 @@ module API
         if issue.valid?
           # Find or create labels and attach to issue. Labels are valid because
           # we already checked its name, so there can't be an error here
-          if params[:labels].present?
+          unless params[:labels].nil?
+            issue.remove_labels
             # Create and add labels to the new created issue
             issue.add_labels_by_names(params[:labels].split(','))
           end
diff --git a/lib/api/labels.rb b/lib/api/labels.rb
index d1684b2293c..2fdf53ffec2 100644
--- a/lib/api/labels.rb
+++ b/lib/api/labels.rb
@@ -39,7 +39,7 @@ module API
         if label.valid?
           present label, with: Entities::Label
         else
-          render_api_error!(label.errors.full_messages.join(', '), 405)
+          render_api_error!(label.errors.full_messages.join(', '), 400)
         end
       end
 
@@ -95,7 +95,7 @@ module API
         if label.update(attrs)
           present label, with: Entities::Label
         else
-          render_api_error!(label.errors.full_messages.join(', '), 405)
+          render_api_error!(label.errors.full_messages.join(', '), 400)
         end
       end
     end
diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb
index 0d765f9280e..8726379bf3c 100644
--- a/lib/api/merge_requests.rb
+++ b/lib/api/merge_requests.rb
@@ -78,8 +78,8 @@ module API
         attrs = attributes_for_keys [:source_branch, :target_branch, :assignee_id, :title, :target_project_id, :description]
 
         # Validate label names in advance
-        if validate_label_params(params)
-          return render_api_error!('Label names invalid', 405)
+        if (errors = validate_label_params(params)).any?
+          render_api_error!({ labels: errors }, 400)
         end
 
         merge_request = ::MergeRequests::CreateService.new(user_project, current_user, attrs).execute
@@ -117,15 +117,16 @@ module API
         authorize! :modify_merge_request, merge_request
 
         # Validate label names in advance
-        if validate_label_params(params)
-          return render_api_error!('Label names invalid', 405)
+        if (errors = validate_label_params(params)).any?
+          render_api_error!({ labels: errors }, 400)
         end
 
         merge_request = ::MergeRequests::UpdateService.new(user_project, current_user, attrs).execute(merge_request)
 
         if merge_request.valid?
           # Find or create labels and attach to issue
-          if params[:labels].present?
+          unless params[:labels].nil?
+            merge_request.remove_labels
             merge_request.add_labels_by_names(params[:labels].split(","))
           end
 
diff --git a/lib/api/repositories.rb b/lib/api/repositories.rb
index 42068bb343d..07c29aa7b4c 100644
--- a/lib/api/repositories.rb
+++ b/lib/api/repositories.rb
@@ -32,14 +32,23 @@ module API
       #   id (required) - The ID of a project
       #   tag_name (required) - The name of the tag
       #   ref (required) - Create tag from commit sha or branch
+      #   message (optional) - Specifying a message creates an annotated tag.
       # Example Request:
       #   POST /projects/:id/repository/tags
       post ':id/repository/tags' do
         authorize_push_project
-        @tag = CreateTagService.new.execute(user_project, params[:tag_name],
-                                            params[:ref], current_user)
-
-        present @tag, with: Entities::RepoObject, project: user_project
+        message = params[:message] || nil
+        result = CreateTagService.new.execute(user_project, params[:tag_name],
+                                              params[:ref], message,
+                                              current_user)
+
+        if result[:status] == :success
+          present result[:tag],
+                  with: Entities::RepoObject,
+                  project: user_project
+        else
+          render_api_error!(result[:message], 400)
+        end
       end
 
       # Get a project repository tree