2 files changed, 10 insertions, 3 deletions

diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index 2e397643ed1..3fde7aa989f 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -423,6 +423,7 @@ module API
     class RunnerDetails < Runner
       expose :tag_list
       expose :run_untagged
+      expose :locked
       expose :version, :revision, :platform, :architecture
       expose :contacted_at
       expose :token, if: lambda { |runner, options| options[:current_user].is_admin? || !runner.is_shared? }
diff --git a/lib/api/runners.rb b/lib/api/runners.rb
index 4faba9dc87b..ecc8f2fc5a2 100644
--- a/lib/api/runners.rb
+++ b/lib/api/runners.rb
@@ -49,7 +49,7 @@ module API
         runner = get_runner(params[:id])
         authenticate_update_runner!(runner)
 
-        attrs = attributes_for_keys [:description, :active, :tag_list, :run_untagged]
+        attrs = attributes_for_keys [:description, :active, :tag_list, :run_untagged, :locked]
         if runner.update(attrs)
           present runner, with: Entities::RunnerDetails, current_user: current_user
         else
@@ -96,9 +96,14 @@ module API
 
         runner = get_runner(params[:runner_id])
         authenticate_enable_runner!(runner)
-        Ci::RunnerProject.create(runner: runner, project: user_project)
 
-        present runner, with: Entities::Runner
+        runner_project = runner.assign_to(user_project)
+
+        if runner_project.persisted?
+          present runner, with: Entities::Runner
+        else
+          conflict!("Runner was already enabled for this project")
+        end
       end
 
       # Disable project's runner
@@ -163,6 +168,7 @@ module API
 
       def authenticate_enable_runner!(runner)
         forbidden!("Runner is shared") if runner.is_shared?
+        forbidden!("Runner is locked") if runner.locked?
         return if current_user.is_admin?
         forbidden!("No access granted") unless user_can_access_runner?(runner)
       end