Add latest changes from gitlab-org/gitlab@master

4 files changed, 25 insertions, 7 deletions

diff --git a/lib/api/entities/group.rb b/lib/api/entities/group.rb
index 1a1765c2e0a..14491c2396a 100644
--- a/lib/api/entities/group.rb
+++ b/lib/api/entities/group.rb
@@ -23,6 +23,7 @@ module API
       expose :full_name, :full_path
       expose :created_at
       expose :parent_id
+      expose :organization_id
       expose :shared_runners_setting
 
       expose :custom_attributes, using: 'API::Entities::CustomAttribute', if: :with_custom_attributes
diff --git a/lib/api/groups.rb b/lib/api/groups.rb
index 1ff64cd2ffd..7b755a76f29 100644
--- a/lib/api/groups.rb
+++ b/lib/api/groups.rb
@@ -213,11 +213,15 @@ module API
         requires :name, type: String, desc: 'The name of the group'
         requires :path, type: String, desc: 'The path of the group'
         optional :parent_id, type: Integer, desc: 'The parent group id for creating nested group'
+        optional :organization_id, type: Integer, desc: 'The organization id for the group'
 
         use :optional_params
       end
       post feature_category: :groups_and_projects, urgency: :low do
-        parent_group = find_group!(params[:parent_id]) if params[:parent_id].present?
+        organization = find_organization!(params[:organization_id]) if params[:organization_id].present?
+        authorize! :create_group, organization if organization
+
+        parent_group = find_group!(params[:parent_id], organization: organization) if params[:parent_id].present?
         if parent_group
           authorize! :create_subgroup, parent_group
         else
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 6cb9d19a2ad..a59734d643d 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -211,18 +211,25 @@ module API
       not_found!('Pipeline')
     end
 
+    def find_organization!(id)
+      organization = Organizations::Organization.find_by_id(id)
+      check_organization_access(organization)
+    end
+
     # rubocop: disable CodeReuse/ActiveRecord
-    def find_group(id)
+    def find_group(id, organization: nil)
+      collection = organization.present? ? Group.in_organization(organization) : Group.all
+
       if id.to_s =~ INTEGER_ID_REGEX
-        Group.find_by(id: id)
+        collection.find_by(id: id)
       else
-        Group.find_by_full_path(id)
+        collection.find_by_full_path(id)
       end
     end
     # rubocop: enable CodeReuse/ActiveRecord
 
-    def find_group!(id)
-      group = find_group(id)
+    def find_group!(id, organization: nil)
+      group = find_group(id, organization: organization)
       check_group_access(group)
     end
 
@@ -835,6 +842,12 @@ module API
       @sudo_identifier ||= params[SUDO_PARAM] || env[SUDO_HEADER]
     end
 
+    def check_organization_access(organization)
+      return organization if can?(current_user, :read_organization, organization)
+
+      not_found!('Organization')
+    end
+
     def secret_token
       Gitlab::Shell.secret_token
     end
diff --git a/lib/api/terraform/modules/v1/project_packages.rb b/lib/api/terraform/modules/v1/project_packages.rb
index ff330b8479f..c0a84c7b36c 100644
--- a/lib/api/terraform/modules/v1/project_packages.rb
+++ b/lib/api/terraform/modules/v1/project_packages.rb
@@ -171,7 +171,7 @@ module API
                       .new(authorized_user_project, current_user, create_package_file_params)
                       .execute
 
-                    render_api_error!(result[:message], result[:http_status]) if result[:status] == :error
+                    render_api_error!(result.message, result.reason) if result.error?
 
                     track_package_event('push_package', :terraform_module, project: authorized_user_project,
                       namespace: authorized_user_project.namespace)