Merge branch 'ee-resolve-lib-differences' into 'master'

Resolve CE to EE differences in the lib/api directory

Closes #9505

See merge request gitlab-org/gitlab-ee!9633

ee/lib/api/managed_licenses.rb

@@ -29,7 +29,7 @@ module API
 
     resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
       desc 'Get project software license policies' do
-        success Entities::ManagedLicense
+        success EE::API::Entities::ManagedLicense
       end
       route_setting :skip_authentication, true
       params do
@@ -39,21 +39,21 @@ module API
         authorize_can_read!
 
         software_license_policies = user_project.software_license_policies
-        present paginate(software_license_policies), with: Entities::ManagedLicense
+        present paginate(software_license_policies), with: EE::API::Entities::ManagedLicense
       end
 
       desc 'Get a specific software license policy from a project' do
-        success Entities::ManagedLicense
+        success EE::API::Entities::ManagedLicense
       end
       get ':id/managed_licenses/:managed_license_id', requirements: { managed_license_id: /.*/ } do
         authorize_can_read!
         break not_found!('SoftwareLicensePolicy') unless software_license_policy
 
-        present software_license_policy, with: Entities::ManagedLicense
+        present software_license_policy, with: EE::API::Entities::ManagedLicense
       end
 
       desc 'Create a new software license policy in a project' do
-        success Entities::ManagedLicense
+        success EE::API::Entities::ManagedLicense
       end
       params do
         requires :name, type: String, desc: 'The name of the license'
@@ -73,14 +73,14 @@ module API
         created_software_license_policy = result[:software_license_policy]
 
         if result[:status] == :success
-          present created_software_license_policy, with: Entities::ManagedLicense
+          present created_software_license_policy, with: EE::API::Entities::ManagedLicense
         else
           render_api_error!(result[:message], result[:http_status])
         end
       end
 
       desc 'Update an existing software license policy from a project' do
-        success Entities::ManagedLicense
+        success EE::API::Entities::ManagedLicense
       end
       params do
         optional :name, type: String, desc: 'The name of the license'
@@ -101,7 +101,7 @@ module API
         ).execute(@software_license_policy)
 
         if result[:status] == :success
-          present @software_license_policy, with: Entities::ManagedLicense
+          present @software_license_policy, with: EE::API::Entities::ManagedLicense
         else
           render_api_error!(result[:message], result[:http_status])
         end
@@ -109,7 +109,7 @@ module API
       # rubocop: enable CodeReuse/ActiveRecord
 
       desc 'Delete an existing software license policy from a project' do
-        success Entities::ManagedLicense
+        success EE::API::Entities::ManagedLicense
       end
       delete ':id/managed_licenses/:managed_license_id', requirements: { managed_license_id: /.*/ } do
         authorize_can_admin!

ee/lib/ee/api/endpoints.rb

@@ -26,6 +26,16 @@ module EE
         mount ::API::NpmPackages
         mount ::API::Packages
         mount ::API::PackageFiles
+        mount ::API::ManagedLicenses
+        mount ::API::ProjectApprovals
+
+        version 'v3', using: :path do
+          # Although the following endpoints are kept behind V3 namespace,
+          # they're not deprecated neither should be removed when V3 get
+          # removed.  They're needed as a layer to integrate with Jira
+          # Development Panel.
+          mount ::API::V3::Github
+        end
       end
     end
   end

ee/lib/ee/api/entities.rb

@@ -6,6 +6,21 @@ module EE
       #######################
       # Entities extensions #
       #######################
+      module Entities
+        extend ActiveSupport::Concern
+
+        class_methods do
+          def prepend_entity(klass, with: nil)
+            if with.nil?
+              raise ArgumentError, 'You need to pass either the :with or :namespace option!'
+            end
+
+            klass.descendants.each { |descendant| descendant.prepend(with) }
+            klass.prepend(with)
+          end
+        end
+      end
+
       module UserPublic
         extend ActiveSupport::Concern
 
@@ -63,6 +78,14 @@ module EE
         end
       end
 
+      module ProtectedBranch
+        extend ActiveSupport::Concern
+
+        prepended do
+          expose :unprotect_access_levels, using: ::API::Entities::ProtectedRefAccess
+        end
+      end
+
       module IssueBasic
         extend ActiveSupport::Concern
 
@@ -666,6 +689,10 @@ module EE
         expose :file_name, :size
         expose :file_md5, :file_sha1
       end
+
+      class ManagedLicense < Grape::Entity
+        expose :id, :name, :approval_status
+      end
     end
   end
 end

ee/lib/ee/api/groups.rb

+# frozen_string_literal: true
+
+module EE
+  module API
+    module Groups
+      extend ActiveSupport::Concern
+
+      prepended do
+        helpers do
+          extend ::Gitlab::Utils::Override
+
+          override :find_groups
+          # rubocop: disable CodeReuse/ActiveRecord
+          def find_groups(params, parent_id = nil)
+            super.preload(:ldap_group_links)
+          end
+          # rubocop: enable CodeReuse/ActiveRecord
+
+          override :create_group
+          def create_group
+            ldap_link_attrs = {
+              cn: params.delete(:ldap_cn),
+              group_access: params.delete(:ldap_access)
+            }
+
+            authenticated_as_admin! if params[:shared_runners_minutes_limit]
+
+            group = super
+
+            # NOTE: add backwards compatibility for single ldap link
+            if group.persisted? && ldap_link_attrs[:cn].present?
+              group.ldap_group_links.create(
+                cn: ldap_link_attrs[:cn],
+                group_access: ldap_link_attrs[:group_access]
+              )
+            end
+
+            group
+          end
+
+          override :update_group
+          def update_group(group)
+            if params[:shared_runners_minutes_limit].present? &&
+                group.shared_runners_minutes_limit.to_i !=
+                    params[:shared_runners_minutes_limit].to_i
+              authenticated_as_admin!
+            end
+
+            params.delete(:file_template_project_id) unless
+              group.feature_available?(:custom_file_templates_for_namespace)
+
+            super
+          end
+        end
+
+        resource :groups, requirements: ::API::API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
+          desc 'Sync a group with LDAP.'
+          post ":id/ldap_sync" do
+            not_found! unless ::Gitlab::Auth::LDAP::Config.group_sync_enabled?
+
+            group = find_group!(params[:id])
+            authorize! :admin_group, group
+
+            if group.pending_ldap_sync
+              ::LdapGroupSyncWorker.perform_async(group.id)
+            end
+
+            status 202
+          end
+        end
+      end
+    end
+  end
+end

ee/lib/ee/api/helpers.rb

@@ -66,6 +66,70 @@ module EE
             ::Gitlab::CurrentSettings.current_application_settings
               .allow_group_owners_to_manage_ldap
       end
+
+      override :find_project!
+      def find_project!(id)
+        project = find_project(id)
+
+        # CI job token authentication:
+        # this method grants limited privileged for admin users
+        # admin users can only access project if they are direct member
+        ability = job_token_authentication? ? :build_read_project : :read_project
+
+        if can?(current_user, ability, project)
+          project
+        else
+          not_found!('Project')
+        end
+      end
+
+      override :find_group!
+      def find_group!(id)
+        # CI job token authentication:
+        # currently we do not allow any group access for CI job token
+        if job_token_authentication?
+          not_found!('Group')
+        else
+          super
+        end
+      end
+
+      override :find_project_issue
+      # rubocop: disable CodeReuse/ActiveRecord
+      def find_project_issue(iid, project_id = nil)
+        project = project_id ? find_project!(project_id) : user_project
+
+        ::IssuesFinder.new(current_user, project_id: project.id).find_by!(iid: iid)
+      end
+      # rubocop: enable CodeReuse/ActiveRecord
+
+      private
+
+      def private_token
+        params[::APIGuard::PRIVATE_TOKEN_PARAM] || env[::APIGuard::PRIVATE_TOKEN_HEADER]
+      end
+
+      def job_token_authentication?
+        initial_current_user && @job_token_authentication # rubocop:disable Gitlab/ModuleWithInstanceVariables
+      end
+
+      def warden
+        env['warden']
+      end
+
+      # Check if the request is GET/HEAD, or if CSRF token is valid.
+      def verified_request?
+        ::Gitlab::RequestForgeryProtection.verified?(env)
+      end
+
+      # Check the Rails session for valid authentication details
+      def find_user_from_warden
+        warden.try(:authenticate) if verified_request?
+      end
+
+      def geo_token
+        ::Gitlab::Geo.current_node.system_hook.token
+      end
     end
   end
 end

ee/lib/ee/api/helpers/discussions_helpers.rb

+# frozen_string_literal: true
+
+module EE
+  module API
+    module Helpers
+      module DiscussionsHelpers
+        extend ActiveSupport::Concern
+
+        class_methods do
+          extend ::Gitlab::Utils::Override
+
+          override :noteable_types
+          def noteable_types
+            [::Epic, *super]
+          end
+        end
+      end
+    end
+  end
+end

ee/lib/ee/api/helpers/notes_helpers.rb

@@ -4,6 +4,17 @@ module EE
   module API
     module Helpers
       module NotesHelpers
+        extend ActiveSupport::Concern
+
+        class_methods do
+          extend ::Gitlab::Utils::Override
+
+          override :noteable_types
+          def noteable_types
+            [::Epic, *super]
+          end
+        end
+
         def find_group_epic(id)
           finder_params = { group_id: user_group.id }
           EpicsFinder.new(current_user, finder_params).find(id)

ee/lib/ee/api/helpers/resource_label_events_helpers.rb

+# frozen_string_literal: true
+
+module EE
+  module API
+    module Helpers
+      module ResourceLabelEventsHelpers
+        extend ActiveSupport::Concern
+
+        class_methods do
+          extend ::Gitlab::Utils::Override
+
+          override :eventable_types
+          def eventable_types
+            [::Epic, *super]
+          end
+        end
+      end
+    end
+  end
+end

ee/lib/ee/api/helpers/search_helpers.rb

+# frozen_string_literal: true
+
+module EE
+  module API
+    module Helpers
+      module SearchHelpers
+        extend ActiveSupport::Concern
+
+        class_methods do
+          extend ::Gitlab::Utils::Override
+
+          override :global_search_scopes
+          def global_search_scopes
+            ['wiki_blobs', 'blobs', 'commits', *super]
+          end
+
+          override :group_search_scopes
+          def group_search_scopes
+            ['wiki_blobs', 'blobs', 'commits', *super]
+          end
+        end
+      end
+    end
+  end
+end

ee/lib/ee/api/helpers/services_helpers.rb

+# frozen_string_literal: true
+
+module EE
+  module API
+    module Helpers
+      module ServicesHelpers
+        extend ActiveSupport::Concern
+
+        class_methods do
+          extend ::Gitlab::Utils::Override
+
+          override :services
+          def services
+            super.merge(
+              'github' => [
+                {
+                  required: true,
+                  name: :token,
+                  type: String,
+                  desc: 'GitHub API token with repo:status OAuth scope'
+                },
+                {
+                  required: true,
+                  name: :repository_url,
+                  type: String,
+                  desc: "GitHub repository URL"
+                }
+              ],
+              'jenkins' => [
+                {
+                  required: true,
+                  name: :jenkins_url,
+                  type: String,
+                  desc: 'Jenkins root URL like https://jenkins.example.com'
+                },
+                {
+                  required: true,
+                  name: :project_name,
+                  type: String,
+                  desc: 'The URL-friendly project name. Example: my_project_name'
+                },
+                {
+                  required: false,
+                  name: :username,
+                  type: String,
+                  desc: 'A user with access to the Jenkins server, if applicable'
+                },
+                {
+                  required: false,
+                  name: :password,
+                  type: String,
+                  desc: 'The password of the user'
+                }
+              ],
+              'jenkins-deprecated' => [
+                {
+                  required: true,
+                  name: :project_url,
+                  type: String,
+                  desc: 'Jenkins project URL like http://jenkins.example.com/job/my-project/'
+                },
+                {
+                  required: false,
+                  name: :pass_unstable,
+                  type: ::API::Services::Boolean,
+                  desc: 'Multi-project setup enabled?'
+                },
+                {
+                  required: false,
+                  name: :multiproject_enabled,
+                  type: ::API::Services::Boolean,
+                  desc: 'Should unstable builds be treated as passing?'
+                }
+              ]
+            )
+          end
+
+          override :service_classes
+          def service_classes
+            [
+              ::GithubService,
+              ::JenkinsService,
+              ::JenkinsDeprecatedService,
+              *super
+            ]
+          end
+        end
+      end
+    end
+  end
+end

ee/lib/ee/api/internal.rb

+# frozen_string_literal: true
+
+module EE
+  module API
+    module Internal
+      extend ActiveSupport::Concern
+
+      prepended do
+        helpers do
+          extend ::Gitlab::Utils::Override
+
+          override :lfs_authentication_url
+          def lfs_authentication_url(project)
+            project.lfs_http_url_to_repo(params[:operation])
+          end
+        end
+      end
+    end
+  end
+end

ee/lib/ee/api/merge_requests.rb

@@ -6,6 +6,12 @@ module EE
       extend ActiveSupport::Concern
 
       prepended do
+        # For reasons unknown, this API must be mounted before we mount
+        # API::MergeRequests. Mounting this API later on (using
+        # EE::API::Endpoints) for example will result in various merge request
+        # approval related tests failing.
+        ::API::API.mount(::API::MergeRequestApprovals)
+
         helpers do
           params :optional_params_ee do
             optional :approvals_before_merge, type: Integer, desc: 'Number of approvals required before this can be merged'

ee/lib/ee/api/search.rb

+# frozen_string_literal: true
+
+module EE
+  module API
+    module Search
+      extend ActiveSupport::Concern
+
+      prepended do
+        helpers do
+          extend ::Gitlab::Utils::Override
+
+          ELASTICSEARCH_SCOPES = %w(wiki_blobs blobs commits).freeze
+
+          override :verify_search_scope!
+          def verify_search_scope!
+            if ELASTICSEARCH_SCOPES.include?(params[:scope]) && !elasticsearch?
+              render_api_error!({ error: 'Scope not supported without Elasticsearch!' }, 400)
+            end
+          end
+
+          def elasticsearch?
+            ::Gitlab::CurrentSettings.elasticsearch_search?
+          end
+
+          override :process_results
+          def process_results(results)
+            return [] if results.empty?
+
+            if results.is_a?(::Elasticsearch::Model::Response::Response)
+              return paginate(results).map { |blob| ::Gitlab::Elastic::SearchResults.parse_search_result(blob) }
+            end
+
+            super
+          end
+        end
+      end
+    end
+  end
+end

ee/lib/ee/api/services.rb

+# frozen_string_literal: true
+
+module EE
+  module API
+    module Services
+      extend ActiveSupport::Concern
+
+      prepended do
+        desc "Trigger a global slack command" do
+          detail 'Added in GitLab 9.4'
+        end
+        post 'slack/trigger' do
+          if result = SlashCommands::GlobalSlackHandler.new(params).trigger
+            status result[:status] || 200
+            present result
+          else
+            not_found!
+          end
+        end
+      end
+    end
+  end
+end

ee/lib/ee/api/settings.rb

+# frozen_string_literal: true
+
+module EE
+  module API
+    module Settings
+      extend ActiveSupport::Concern
+
+      prepended do
+        helpers do
+          extend ::Gitlab::Utils::Override
+
+          override :filter_attributes_using_license
+          # rubocop: disable CodeReuse/ActiveRecord
+          def filter_attributes_using_license(attrs)
+            unless ::License.feature_available?(:repository_mirrors)
+              attrs = attrs.except(*::EE::ApplicationSettingsHelper.repository_mirror_attributes)
+            end
+
+            unless ::License.feature_available?(:external_authorization_service)
+              attrs = attrs.except(
+                *::EE::ApplicationSettingsHelper.external_authorization_service_attributes
+              )
+            end
+
+            unless ::License.feature_available?(:email_additional_text)
+              attrs = attrs.except(:email_additional_text)
+            end
+
+            unless ::License.feature_available?(:custom_file_templates)
+              attrs = attrs.except(:file_template_project_id)
+            end
+
+            attrs
+          end
+          # rubocop: enable CodeReuse/ActiveRecord
+        end
+      end
+    end
+  end
+end

ee/lib/ee/api/variables.rb

+# frozen_string_literal: true
+
+module EE
+  module API
+    module Variables
+      extend ActiveSupport::Concern
+
+      prepended do
+        helpers do
+          extend ::Gitlab::Utils::Override
+
+          override :filter_variable_parameters
+          def filter_variable_parameters(params)
+            unless user_project.feature_available?(:variable_environment_scope)
+              params.delete(:environment_scope)
+            end
+
+            params
+          end
+        end
+      end
+    end
+  end
+end

lib/api/api.rb

@@ -29,13 +29,6 @@ module API
     prefix :api
 
     version 'v3', using: :path do
-      ## EE-specific API V3 endpoints START
-      # Although the following endpoints are kept behind V3 namespace, they're not
-      # deprecated neither should be removed when V3 get removed.
-      # They're needed as a layer to integrate with Jira Development Panel.
-      mount ::API::V3::Github
-      ## EE-specific API V3 endpoints END
-
       route :any, '*path' do
         error!('API V3 is no longer supported. Use API V4 instead.', 410)
       end
@@ -128,10 +121,8 @@ module API
     mount ::API::Keys
     mount ::API::Labels
     mount ::API::Lint
-    mount ::API::ManagedLicenses
     mount ::API::Markdown
     mount ::API::Members
-    mount ::API::MergeRequestApprovals
     mount ::API::MergeRequestDiffs
     mount ::API::MergeRequests
     mount ::API::Namespaces
@@ -142,7 +133,6 @@ module API
     mount ::API::PagesDomains
     mount ::API::Pipelines
     mount ::API::PipelineSchedules
-    mount ::API::ProjectApprovals
     mount ::API::ProjectClusters
     mount ::API::ProjectExport
     mount ::API::ProjectImport

lib/api/discussions.rb

@@ -7,9 +7,7 @@ module API
 
     before { authenticate! }
 
-    NOTEABLE_TYPES = [Issue, Snippet, Epic, MergeRequest, Commit].freeze
-
-    NOTEABLE_TYPES.each do |noteable_type|
+    Helpers::DiscussionsHelpers.noteable_types.each do |noteable_type|
       parent_type = noteable_type.parent_class.to_s.underscore
       noteables_str = noteable_type.to_s.underscore.pluralize
       noteables_path = noteable_type == Commit ? "repository/#{noteables_str}" : noteables_str

lib/api/entities.rb

@@ -504,7 +504,6 @@ module API
 
     class ProtectedRefAccess < Grape::Entity
       expose :access_level
-
       expose :access_level_description do |protected_ref_access|
         protected_ref_access.humanize
       end
@@ -514,7 +513,6 @@ module API
       expose :name
       expose :push_access_levels, using: Entities::ProtectedRefAccess
       expose :merge_access_levels, using: Entities::ProtectedRefAccess
-      expose :unprotect_access_levels, using: Entities::ProtectedRefAccess
     end
 
     class ProtectedTag < Grape::Entity
@@ -1540,19 +1538,6 @@ module API
       end
     end
 
-    def self.prepend_entity(klass, with: nil)
-      if with.nil?
-        raise ArgumentError, 'You need to pass either the :with or :namespace option!'
-      end
-
-      klass.descendants.each { |descendant| descendant.prepend(with) }
-      klass.prepend(with)
-    end
-
-    class ManagedLicense < Grape::Entity
-      expose :id, :name, :approval_status
-    end
-
     class ResourceLabelEvent < Grape::Entity
       expose :id
       expose :user, using: Entities::UserBasic
@@ -1614,6 +1599,7 @@ module API
   end
 end
 
+API::Entities.prepend(EE::API::Entities::Entities) # rubocop: disable Cop/InjectEnterpriseEditionModule
 API::Entities.prepend_entity(::API::Entities::ApplicationSetting, with: EE::API::Entities::ApplicationSetting)
 API::Entities.prepend_entity(::API::Entities::Board, with: EE::API::Entities::Board)
 API::Entities.prepend_entity(::API::Entities::Group, with: EE::API::Entities::Group)
@@ -1627,3 +1613,4 @@ API::Entities.prepend_entity(::API::Entities::ProtectedRefAccess, with: EE::API:
 API::Entities.prepend_entity(::API::Entities::UserPublic, with: EE::API::Entities::UserPublic)
 API::Entities.prepend_entity(::API::Entities::Variable, with: EE::API::Entities::Variable)
 API::Entities.prepend_entity(::API::Entities::Todo, with: EE::API::Entities::Todo)
+API::Entities.prepend_entity(::API::Entities::ProtectedBranch, with: EE::API::Entities::ProtectedBranch)

lib/api/group_boards.rb

@@ -24,7 +24,7 @@ module API
     resource :groups, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
       segment ':id/boards' do
         desc 'Find a group board' do
-          detail 'This feature was introduced in 10.4'
+          detail 'This feature was introduced in 10.6'
           success ::API::Entities::Board
         end
         get '/:board_id' do
@@ -32,7 +32,7 @@ module API
         end
 
         desc 'Get all group boards' do
-          detail 'This feature was introduced in 10.4'
+          detail 'This feature was introduced in 10.6'
           success Entities::Board
         end
         params do
@@ -48,7 +48,7 @@ module API
       end
       segment ':id/boards/:board_id' do
         desc 'Get the lists of a group board' do
-          detail 'Does not include backlog and closed lists. This feature was introduced in 10.4'
+          detail 'Does not include backlog and closed lists. This feature was introduced in 10.6'
           success Entities::List
         end
         params do
@@ -59,7 +59,7 @@ module API
         end
 
         desc 'Get a list of a group board' do
-          detail 'This feature was introduced in 10.4'
+          detail 'This feature was introduced in 10.6'
           success Entities::List
         end
         params do
@@ -70,7 +70,7 @@ module API
         end
 
         desc 'Create a new board list' do
-          detail 'This feature was introduced in 10.4'
+          detail 'This feature was introduced in 10.6'
           success Entities::List
         end
         params do
@@ -85,7 +85,7 @@ module API
         end
 
         desc 'Moves a board list to a new position' do
-          detail 'This feature was introduced in 10.4'
+          detail 'This feature was introduced in 10.6'
           success Entities::List
         end
         params do
@@ -101,7 +101,7 @@ module API
         end
 
         desc 'Delete a board list' do
-          detail 'This feature was introduced in 10.4'
+          detail 'This feature was introduced in 10.6'
           success Entities::List
         end
         params do

lib/api/groups.rb

@@ -57,8 +57,6 @@ module API
           find_params.fetch(:all_available, current_user&.full_private_access?)
 
         groups = GroupsFinder.new(current_user, find_params).execute
-        # EE-only
-        groups = groups.preload(:ldap_group_links)
         groups = groups.search(params[:search]) if params[:search].present?
         groups = groups.where.not(id: params[:skip_groups]) if params[:skip_groups].present?
         order_options = { params[:order_by] => params[:sort] }
@@ -69,6 +67,22 @@ module API
       end
       # rubocop: enable CodeReuse/ActiveRecord
 
+      def create_group
+        # This is a separate method so that EE can extend its behaviour, without
+        # having to modify this code directly.
+        ::Groups::CreateService
+          .new(current_user, declared_params(include_missing: false))
+          .execute
+      end
+
+      def update_group(group)
+        # This is a separate method so that EE can extend its behaviour, without
+        # having to modify this code directly.
+        ::Groups::UpdateService
+          .new(group, current_user, declared_params(include_missing: false))
+          .execute
+      end
+
       def find_group_projects(params)
         group = find_group!(params[:id])
         options = {
@@ -138,25 +152,9 @@ module API
           authorize! :create_group
         end
 
-        ldap_link_attrs = {
-          cn: params.delete(:ldap_cn),
-          group_access: params.delete(:ldap_access)
-        }
-
-        # EE
-        authenticated_as_admin! if params[:shared_runners_minutes_limit]
-
-        group = ::Groups::CreateService.new(current_user, declared_params(include_missing: false)).execute
+        group = create_group
 
         if group.persisted?
-          # NOTE: add backwards compatibility for single ldap link
-          if ldap_link_attrs[:cn].present?
-            group.ldap_group_links.create(
-              cn: ldap_link_attrs[:cn],
-              group_access: ldap_link_attrs[:group_access]
-            )
-          end
-
           present group, with: Entities::GroupDetail, current_user: current_user
         else
           render_api_error!("Failed to save group #{group.errors.messages}", 400)
@@ -183,18 +181,7 @@ module API
         group = find_group!(params[:id])
         authorize! :admin_group, group
 
-        # Begin EE-specific block
-        if params[:shared_runners_minutes_limit].present? &&
-            group.shared_runners_minutes_limit.to_i !=
-                params[:shared_runners_minutes_limit].to_i
-          authenticated_as_admin!
-        end
-
-        params.delete(:file_template_project_id) unless
-          group.feature_available?(:custom_file_templates_for_namespace)
-        # End EE-specific block
-
-        if ::Groups::UpdateService.new(group, current_user, declared_params(include_missing: false)).execute
+        if update_group(group)
           present group, with: Entities::GroupDetail, current_user: current_user
         else
           render_validation_error!(group)
@@ -223,8 +210,6 @@ module API
 
       desc 'Remove a group.'
       delete ":id" do
-        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ee/issues/4795')
-
         group = find_group!(params[:id])
         authorize! :admin_group, group
 
@@ -303,20 +288,8 @@ module API
           render_api_error!("Failed to transfer project #{project.errors.messages}", 400)
         end
       end
-
-      desc 'Sync a group with LDAP.'
-      post ":id/ldap_sync" do
-        not_found! unless Gitlab::Auth::LDAP::Config.group_sync_enabled?
-
-        group = find_group!(params[:id])
-        authorize! :admin_group, group
-
-        if group.pending_ldap_sync
-          LdapGroupSyncWorker.perform_async(group.id)
-        end
-
-        status 202
-      end
     end
   end
 end
+
+API::Groups.prepend(EE::API::Groups)

lib/api/helpers.rb

@@ -2,10 +2,7 @@
 
 module API
   module Helpers
-    prepend EE::API::Helpers # rubocop: disable Cop/InjectEnterpriseEditionModule
-
     include Gitlab::Utils
-    include Gitlab::Utils::StrongMemoize
     include Helpers::Pagination
 
     SUDO_HEADER = "HTTP_SUDO".freeze
@@ -119,12 +116,7 @@ module API
     def find_project!(id)
       project = find_project(id)
 
-      # CI job token authentication:
-      # this method grants limited privileged for admin users
-      # admin users can only access project if they are direct member
-      ability = job_token_authentication? ? :build_read_project : :read_project
-
-      if can?(current_user, ability, project)
+      if can?(current_user, :read_project, project)
         project
       else
         not_found!('Project')
@@ -142,10 +134,6 @@ module API
     # rubocop: enable CodeReuse/ActiveRecord
 
     def find_group!(id)
-      # CI job token authentication:
-      # currently we do not allow any group access for CI job token
-      not_found!('Group') if job_token_authentication?
-
       group = find_group(id)
 
       if can?(current_user, :read_group, group)
@@ -184,9 +172,8 @@ module API
     end
 
     # rubocop: disable CodeReuse/ActiveRecord
-    def find_project_issue(iid, project_id = nil)
-      project = project_id ? find_project!(project_id) : user_project
-      IssuesFinder.new(current_user, project_id: project.id).find_by!(iid: iid)
+    def find_project_issue(iid)
+      IssuesFinder.new(current_user, project_id: user_project.id).find_by!(iid: iid)
     end
     # rubocop: enable CodeReuse/ActiveRecord
 
@@ -471,34 +458,12 @@ module API
 
     private
 
-    def private_token
-      params[APIGuard::PRIVATE_TOKEN_PARAM] || env[APIGuard::PRIVATE_TOKEN_HEADER]
-    end
-
-    def job_token_authentication?
-      initial_current_user && @job_token_authentication # rubocop:disable Gitlab/ModuleWithInstanceVariables
-    end
-
-    def warden
-      env['warden']
-    end
-
-    # Check if the request is GET/HEAD, or if CSRF token is valid.
-    def verified_request?
-      Gitlab::RequestForgeryProtection.verified?(env)
-    end
-
-    # Check the Rails session for valid authentication details
-    def find_user_from_warden
-      warden.try(:authenticate) if verified_request?
-    end
-
     # rubocop:disable Gitlab/ModuleWithInstanceVariables
     def initial_current_user
-      return @initial_current_user if defined?(@initial_current_user) # rubocop:disable Gitlab/ModuleWithInstanceVariables
+      return @initial_current_user if defined?(@initial_current_user)
 
       begin
-        @initial_current_user = Gitlab::Auth::UniqueIpsLimiter.limit_user! { find_current_user! } # rubocop:disable Gitlab/ModuleWithInstanceVariables
+        @initial_current_user = Gitlab::Auth::UniqueIpsLimiter.limit_user! { find_current_user! }
       rescue Gitlab::Auth::UnauthorizedError
         unauthorized!
       end
@@ -534,10 +499,6 @@ module API
       Gitlab::Shell.secret_token
     end
 
-    def geo_token
-      Gitlab::Geo.current_node.system_hook.token
-    end
-
     def send_git_blob(repository, blob)
       env['api.format'] = :txt
       content_type 'text/plain'
@@ -580,3 +541,5 @@ module API
     end
   end
 end
+
+API::Helpers.prepend(EE::API::Helpers)

lib/api/helpers/discussions_helpers.rb

+# frozen_string_literal: true
+
+module API
+  module Helpers
+    module DiscussionsHelpers
+      def self.noteable_types
+        # This is a method instead of a constant, allowing EE to more easily
+        # extend it.
+        [Issue, Snippet, MergeRequest, Commit]
+      end
+    end
+  end
+end
+
+API::Helpers::DiscussionsHelpers.prepend(EE::API::Helpers::DiscussionsHelpers)

lib/api/helpers/notes_helpers.rb

@@ -3,7 +3,11 @@
 module API
   module Helpers
     module NotesHelpers
-      prepend EE::API::Helpers::NotesHelpers # rubocop: disable Cop/InjectEnterpriseEditionModule
+      def self.noteable_types
+        # This is a method instead of a constant, allowing EE to more easily
+        # extend it.
+        [Issue, MergeRequest, Snippet]
+      end
 
       def update_note(noteable, note_id)
         note = noteable.notes.find(params[:note_id])
@@ -113,3 +117,5 @@ module API
     end
   end
 end
+
+API::Helpers::NotesHelpers.prepend(EE::API::Helpers::NotesHelpers)

lib/api/helpers/resource_label_events_helpers.rb

+# frozen_string_literal: true
+
+module API
+  module Helpers
+    module ResourceLabelEventsHelpers
+      def self.eventable_types
+        # This is a method instead of a constant, allowing EE to more easily
+        # extend it.
+        [Issue, MergeRequest]
+      end
+    end
+  end
+end
+
+API::Helpers::ResourceLabelEventsHelpers.prepend(EE::API::Helpers::ResourceLabelEventsHelpers)

lib/api/helpers/search_helpers.rb

+# frozen_string_literal: true
+
+module API
+  module Helpers
+    module SearchHelpers
+      def self.global_search_scopes
+        # This is a separate method so that EE can redefine it.
+        %w(projects issues merge_requests milestones snippet_titles snippet_blobs)
+      end
+
+      def self.group_search_scopes
+        # This is a separate method so that EE can redefine it.
+        %w(projects issues merge_requests milestones)
+      end
+
+      def self.project_search_scopes
+        # This is a separate method so that EE can redefine it.
+        %w(issues merge_requests milestones notes wiki_blobs commits blobs)
+      end
+    end
+  end
+end
+
+API::Helpers::SearchHelpers.prepend(EE::API::Helpers::SearchHelpers)

lib/api/internal.rb

@@ -15,6 +15,12 @@ module API
         status code
         { status: success, message: message }.merge(extra_options).compact
       end
+
+      def lfs_authentication_url(project)
+        # This is a separate method so that EE can alter its behaviour more
+        # easily.
+        project.http_url_to_repo
+      end
     end
 
     namespace 'internal' do
@@ -113,7 +119,9 @@ module API
           raise ActiveRecord::RecordNotFound.new("No key_id or user_id passed!")
         end
 
-        Gitlab::LfsToken.new(actor).authentication_payload(project.lfs_http_url_to_repo(params[:operation]))
+        Gitlab::LfsToken
+          .new(actor)
+          .authentication_payload(lfs_authentication_url(project))
       end
       # rubocop: enable CodeReuse/ActiveRecord
 
@@ -276,3 +284,5 @@ module API
     end
   end
 end
+
+API::Internal.prepend(EE::API::Internal)

lib/api/notes.rb

@@ -7,9 +7,7 @@ module API
 
     before { authenticate! }
 
-    NOTEABLE_TYPES = [Issue, MergeRequest, Snippet, Epic].freeze
-
-    NOTEABLE_TYPES.each do |noteable_type|
+    Helpers::NotesHelpers.noteable_types.each do |noteable_type|
       parent_type = noteable_type.parent_class.to_s.underscore
       noteables_str = noteable_type.to_s.underscore.pluralize
 

lib/api/resource_label_events.rb

@@ -7,9 +7,7 @@ module API
 
     before { authenticate! }
 
-    EVENTABLE_TYPES = [Issue, Epic, MergeRequest].freeze
-
-    EVENTABLE_TYPES.each do |eventable_type|
+    Helpers::ResourceLabelEventsHelpers.eventable_types.each do |eventable_type|
       parent_type = eventable_type.parent_class.to_s.underscore
       eventables_str = eventable_type.to_s.underscore.pluralize
 

lib/api/search.rb

@@ -20,8 +20,6 @@ module API
         snippet_blobs: Entities::Snippet
       }.freeze
 
-      ELASTICSEARCH_SCOPES = %w(wiki_blobs blobs commits).freeze
-
       def search(additional_params = {})
         search_params = {
           scope: params[:scope],
@@ -37,12 +35,6 @@ module API
       end
 
       def process_results(results)
-        return [] if results.empty?
-
-        if results.is_a?(Elasticsearch::Model::Response::Response)
-          return paginate(results).map { |blob| Gitlab::Elastic::SearchResults.parse_search_result(blob) }
-        end
-
         paginate(results)
       end
 
@@ -54,14 +46,10 @@ module API
         SCOPE_ENTITY[params[:scope].to_sym]
       end
 
-      def check_elasticsearch_scope!
-        if ELASTICSEARCH_SCOPES.include?(params[:scope]) && !elasticsearch?
-          render_api_error!({ error: 'Scope not supported without Elasticsearch!' }, 400)
-        end
-      end
-
-      def elasticsearch?
-        Gitlab::CurrentSettings.elasticsearch_search?
+      def verify_search_scope!
+        # In EE we have additional validation requirements for searches.
+        # Defining this method here as a noop allows us to easily extend it in
+        # EE, without having to modify this file directly.
       end
     end
 
@@ -73,15 +61,12 @@ module API
         requires :search, type: String, desc: 'The expression it should be searched for'
         requires :scope,
           type: String,
-          desc: 'The scope of search, available scopes:
-            projects, issues, merge_requests, milestones, snippet_titles, snippet_blobs,
-            if Elasticsearch enabled: wiki_blobs, blobs, commits',
-          values: %w(projects issues merge_requests milestones snippet_titles snippet_blobs
-                     wiki_blobs blobs commits)
+          desc: 'The scope of the search',
+          values: Helpers::SearchHelpers.global_search_scopes
         use :pagination
       end
       get do
-        check_elasticsearch_scope!
+        verify_search_scope!
 
         present search, with: entity
       end
@@ -96,14 +81,12 @@ module API
         requires :search, type: String, desc: 'The expression it should be searched for'
         requires :scope,
           type: String,
-          desc: 'The scope of search, available scopes:
-            projects, issues, merge_requests, milestones,
-            if Elasticsearch enabled: wiki_blobs, blobs, commits',
-          values: %w(projects issues merge_requests milestones wiki_blobs blobs commits)
+          desc: 'The scope of the search',
+          values: Helpers::SearchHelpers.group_search_scopes
         use :pagination
       end
       get ':id/(-/)search' do
-        check_elasticsearch_scope!
+        verify_search_scope!
 
         present search(group_id: user_group.id), with: entity
       end
@@ -118,9 +101,8 @@ module API
         requires :search, type: String, desc: 'The expression it should be searched for'
         requires :scope,
           type: String,
-          desc: 'The scope of search, available scopes:
-            issues, merge_requests, milestones, notes, wiki_blobs, commits, blobs',
-          values: %w(issues merge_requests milestones notes wiki_blobs commits blobs)
+          desc: 'The scope of the search',
+          values: Helpers::SearchHelpers.project_search_scopes
         use :pagination
       end
       get ':id/(-/)search' do
@@ -129,3 +111,5 @@ module API
     end
   end
 end
+
+API::Search.prepend(EE::API::Search)

lib/api/settings.rb

@@ -9,6 +9,11 @@ module API
         @current_setting ||=
           (ApplicationSetting.current_without_cache || ApplicationSetting.create_from_defaults)
       end
+
+      def filter_attributes_using_license(attrs)
+        # This method will be redefined in EE.
+        attrs
+      end
     end
 
     desc 'Get the current application settings' do
@@ -165,7 +170,6 @@ module API
       optional(*optional_attributes)
       at_least_one_of(*optional_attributes)
     end
-    # rubocop: disable CodeReuse/ActiveRecord
     put "application/settings" do
       attrs = declared_params(include_missing: false)
 
@@ -187,23 +191,7 @@ module API
         attrs[:password_authentication_enabled_for_web] = attrs.delete(:password_authentication_enabled)
       end
 
-      ## EE-only START: Remove unlicensed attributes
-      unless ::License.feature_available?(:repository_mirrors)
-        attrs = attrs.except(*::EE::ApplicationSettingsHelper.repository_mirror_attributes)
-      end
-
-      unless ::License.feature_available?(:external_authorization_service)
-        attrs = attrs.except(*::EE::ApplicationSettingsHelper.external_authorization_service_attributes)
-      end
-
-      unless ::License.feature_available?(:email_additional_text)
-        attrs = attrs.except(:email_additional_text)
-      end
-
-      unless ::License.feature_available?(:custom_file_templates)
-        attrs = attrs.except(:file_template_project_id)
-      end
-      ## EE-only END: Remove unlicensed attributes
+      attrs = filter_attributes_using_license(attrs)
 
       if ApplicationSettings::UpdateService.new(current_settings, current_user, attrs).execute
         present current_settings, with: Entities::ApplicationSetting
@@ -211,6 +199,7 @@ module API
         render_validation_error!(current_settings)
       end
     end
-    # rubocop: enable CodeReuse/ActiveRecord
   end
 end
+
+API::Settings.prepend(EE::API::Settings)

lib/api/variables.rb

@@ -7,6 +7,14 @@ module API
     before { authenticate! }
     before { authorize! :admin_build, user_project }
 
+    helpers do
+      def filter_variable_parameters(params)
+        # This method exists so that EE can more easily filter out certain
+        # parameters, without having to modify the source code directly.
+        params
+      end
+    end
+
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
@@ -53,10 +61,7 @@ module API
       end
       post ':id/variables' do
         variable_params = declared_params(include_missing: false)
-
-        # EE
-        variable_params.delete(:environment_scope) unless
-            user_project.feature_available?(:variable_environment_scope)
+        variable_params = filter_variable_parameters(variable_params)
 
         variable = user_project.variables.create(variable_params)
 
@@ -85,10 +90,7 @@ module API
         break not_found!('Variable') unless variable
 
         variable_params = declared_params(include_missing: false).except(:key)
-
-        # EE
-        variable_params.delete(:environment_scope) unless
-            user_project.feature_available?(:variable_environment_scope)
+        variable_params = filter_variable_parameters(variable_params)
 
         if variable.update(variable_params)
           present variable, with: Entities::Variable
@@ -117,3 +119,5 @@ module API
     end
   end
 end
+
+API::Variables.prepend(EE::API::Variables)