5 files changed, 33 insertions, 17 deletions

diff --git a/lib/api/entities/bulk_imports/entity.rb b/lib/api/entities/bulk_imports/entity.rb
index e8c31256b17..142bfaf2149 100644
--- a/lib/api/entities/bulk_imports/entity.rb
+++ b/lib/api/entities/bulk_imports/entity.rb
@@ -8,7 +8,8 @@ module API
         expose :bulk_import_id
         expose :status_name, as: :status
         expose :source_full_path
-        expose :destination_name
+        expose :destination_name # deprecated
+        expose :destination_slug
         expose :destination_namespace
         expose :parent_id
         expose :namespace_id
diff --git a/lib/api/entities/group_detail.rb b/lib/api/entities/group_detail.rb
index e521de0d572..7b05984421a 100644
--- a/lib/api/entities/group_detail.rb
+++ b/lib/api/entities/group_detail.rb
@@ -7,7 +7,8 @@ module API
         SharedGroupWithGroup.represent(group.shared_with_group_links_visible_to_user(options[:current_user]))
       end
       expose :runners_token, if: ->(_, options) { options[:user_can_admin_group] }
-      expose :prevent_sharing_groups_outside_hierarchy, if: ->(group) { group.root? }
+      expose :prevent_sharing_groups_outside_hierarchy,
+        if: ->(group) { group.root? && group.namespace_settings.present? }
 
       expose :projects,
         if: ->(_, options) { options[:with_projects] },
diff --git a/lib/api/entities/merge_request_reviewer.rb b/lib/api/entities/merge_request_reviewer.rb
new file mode 100644
index 00000000000..3bf2ccc36aa
--- /dev/null
+++ b/lib/api/entities/merge_request_reviewer.rb
@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module API
+  module Entities
+    class MergeRequestReviewer < Grape::Entity
+      expose :reviewer, as: :user, using: Entities::UserBasic
+      expose :updated_state_by, using: Entities::UserBasic
+      expose :state
+      expose :created_at
+    end
+  end
+end
diff --git a/lib/api/entities/note.rb b/lib/api/entities/note.rb
index a597aa7bb4a..a92f534bbdc 100644
--- a/lib/api/entities/note.rb
+++ b/lib/api/entities/note.rb
@@ -26,6 +26,7 @@ module API
       expose :resolved_at, if: ->(note, options) { note.resolvable? }
 
       expose :confidential?, as: :confidential
+      expose :confidential?, as: :internal
 
       # Avoid N+1 queries as much as possible
       expose(:noteable_iid) { |note| note.noteable.iid if NOTEABLE_TYPES_WITH_IID.include?(note.noteable_type) }
diff --git a/lib/api/entities/project.rb b/lib/api/entities/project.rb
index 906c252d7f9..1739bdd639e 100644
--- a/lib/api/entities/project.rb
+++ b/lib/api/entities/project.rb
@@ -47,8 +47,9 @@ module API
       expose :visibility
       expose :owner, using: Entities::UserBasic, unless: ->(project, options) { project.group }
       expose :resolve_outdated_diff_discussions
-      expose :container_expiration_policy, using: Entities::ContainerExpirationPolicy,
-        if: -> (project, _) { project.container_expiration_policy }
+      expose :container_expiration_policy,
+             using: Entities::ContainerExpirationPolicy,
+             if: -> (project, _) { project.container_expiration_policy }
 
       # Expose old field names with the new permissions methods to keep API compatible
       # TODO: remove in API v5, replaced by *_access_level
@@ -67,18 +68,18 @@ module API
         Ability.allowed?(options[:current_user], :create_merge_request_in, project)
       end
 
-      expose(:issues_access_level) { |project, options| project.project_feature.string_access_level(:issues) }
-      expose(:repository_access_level) { |project, options| project.project_feature.string_access_level(:repository) }
-      expose(:merge_requests_access_level) { |project, options| project.project_feature.string_access_level(:merge_requests) }
-      expose(:forking_access_level) { |project, options| project.project_feature.string_access_level(:forking) }
-      expose(:wiki_access_level) { |project, options| project.project_feature.string_access_level(:wiki) }
-      expose(:builds_access_level) { |project, options| project.project_feature.string_access_level(:builds) }
-      expose(:snippets_access_level) { |project, options| project.project_feature.string_access_level(:snippets) }
-      expose(:pages_access_level) { |project, options| project.project_feature.string_access_level(:pages) }
-      expose(:operations_access_level) { |project, options| project.project_feature.string_access_level(:operations) }
-      expose(:analytics_access_level) { |project, options| project.project_feature.string_access_level(:analytics) }
-      expose(:container_registry_access_level) { |project, options| project.project_feature.string_access_level(:container_registry) }
-      expose(:security_and_compliance_access_level) { |project, options| project.project_feature.string_access_level(:security_and_compliance) }
+      expose(:issues_access_level) { |project, options| project_feature_string_access_level(project, :issues) }
+      expose(:repository_access_level) { |project, options| project_feature_string_access_level(project, :repository) }
+      expose(:merge_requests_access_level) { |project, options| project_feature_string_access_level(project, :merge_requests) }
+      expose(:forking_access_level) { |project, options| project_feature_string_access_level(project, :forking) }
+      expose(:wiki_access_level) { |project, options| project_feature_string_access_level(project, :wiki) }
+      expose(:builds_access_level) { |project, options| project_feature_string_access_level(project, :builds) }
+      expose(:snippets_access_level) { |project, options| project_feature_string_access_level(project, :snippets) }
+      expose(:pages_access_level) { |project, options| project_feature_string_access_level(project, :pages) }
+      expose(:operations_access_level) { |project, options| project_feature_string_access_level(project, :operations) }
+      expose(:analytics_access_level) { |project, options| project_feature_string_access_level(project, :analytics) }
+      expose(:container_registry_access_level) { |project, options| project_feature_string_access_level(project, :container_registry) }
+      expose(:security_and_compliance_access_level) { |project, options| project_feature_string_access_level(project, :security_and_compliance) }
 
       expose :emails_disabled
       expose :shared_runners_enabled
@@ -105,13 +106,13 @@ module API
       expose :ci_job_token_scope_enabled
       expose :ci_separated_caches
       expose :ci_opt_in_jwt
+      expose :ci_allow_fork_pipelines_to_run_in_parent_project
       expose :public_builds, as: :public_jobs
       expose :build_git_strategy, if: lambda { |project, options| options[:user_can_admin_project] } do |project, options|
         project.build_allow_git_fetch ? 'fetch' : 'clone'
       end
       expose :build_timeout
       expose :auto_cancel_pending_pipelines
-      expose :build_coverage_regex
       expose :ci_config_path, if: -> (project, options) { Ability.allowed?(options[:current_user], :download_code, project) }
       expose :shared_with_groups do |project, options|
         user = options[:current_user]