Reenables the API /users to return `private-token` when sudo is either a parameter or passed as a header and the user is admin.

Closes #24537

See merge request !7615
Signed-off-by: Rémy Coutable <remy@rymai.me>

Fix project features default values

closes #23242

See merge request !7181
Signed-off-by: Rémy Coutable <remy@rymai.me>

API: Fix booleans not recognized as such when using the `to_boolean` helper

Fixes #22831
Fixes #23890

See merge request !7149

The practical effect of this commit is to make the API check the Rails session
cookie for authentication details. If the cookie is present and valid, it will
be used to authenticate.

The API now has several authentication options for users. They follow in this
order of precedence:

* Authentication token
* Personal access token
* OAuth2 Bearer token (Doorkeeper - application access)
* Rails session cookie

Closes #21043

This reverts commit 530f5158.

See !4892.
Signed-off-by: Rémy Coutable <remy@rymai.me>

This reverts commit 9ca633eb, reversing
changes made to fb229bbf.

1. Don't use case statements for dispatch anymore. This leads to a lot
   of duplication, and makes the logic harder to follow.

2. Remove duplicated logic.

    - For example, the `can_push_to_branch?` exists, but we also have a
      different way of checking the same condition within `change_access_check`.

    - This kind of duplication is removed, and the `can_push_to_branch?`
      method is used in both places.

3. Move checks returning true/false to `UserAccess`.

    - All public methods in `GitAccess` now return an instance of
      `GitAccessStatus`. Previously, some methods would return
      true/false as well, which was confusing.

    - It makes sense for these kinds of checks to be at the level of a
      user, so the `UserAccess` class was repurposed for this. The prior
      `UserAccess.allowed?` classmethod is converted into an instance
      method.

    - All external uses of these checks have been migrated to use the
      `UserAccess` class

4. Move the "change_access_check" into a separate class.

    - Create the `GitAccess::ChangeAccessCheck` class to run these
      checks, which are quite substantial.

    - `ChangeAccessCheck` returns an instance of `GitAccessStatus` as
      well.

5. Break out the boolean logic in `ChangeAccessCheck` into `if/else`
   chains - this seems more readable.

6. I can understand that this might look like overkill for !4892, but I
   think this is a good opportunity to clean it up.

    - http://martinfowler.com/bliki/OpportunisticRefactoring.html

- Makes the MR easier to read; this can go in a separate MR
- This is a (sort of) revert of 99bea01

- And fix all tests.

Rails Autoload find file to require is use , APIHelpers -> api_helpers.rb, not helpers.rb;

Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>

If we do not set a private token during the test, current_user will be
nil because the user is not found, not due to the access check.

Change-Id: I966bfd0ccc4b05925384ecab8c6cbe3c6ba3b667

Change-Id: I305266fe9acbbb5136adeeb52e7e4e1d6629a30a

-Specifying a header of SUDO or adding a :sudo with either user id, or username of the user will set the current_user to be that user if your identifying private_token/PRIVATE_TOKEN is an administrator token