1 files changed, 27 insertions, 9 deletions

diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 2d8a4f60e2a..632717e1b73 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -124,12 +124,22 @@ module API
     def find_project!(id)
       project = find_project(id)
 
+      return forbidden! unless authorized_project_scope?(project)
+
       return project if can?(current_user, :read_project, project)
       return unauthorized! if authenticate_non_public?
 
       not_found!('Project')
     end
 
+    def authorized_project_scope?(project)
+      return true unless job_token_authentication?
+      return true unless route_authentication_setting[:job_token_scope] == :project
+
+      ::Feature.enabled?(:ci_job_token_scope, project, default_enabled: :yaml) &&
+        current_authenticated_job.project == project
+    end
+
     # rubocop: disable CodeReuse/ActiveRecord
     def find_group(id)
       if id.to_s =~ /^\d+$/
@@ -308,7 +318,7 @@ module API
 
     def verify_workhorse_api!
       Gitlab::Workhorse.verify_api_request!(request.headers)
-    rescue => e
+    rescue StandardError => e
       Gitlab::ErrorTracking.track_exception(e)
 
       forbidden!
@@ -549,7 +559,7 @@ module API
       return unless Feature.enabled?(feature_name)
 
       Gitlab::UsageDataCounters.count(event_name)
-    rescue => error
+    rescue StandardError => error
       Gitlab::AppLogger.warn("Redis tracking event failed for event: #{event_name}, message: #{error.message}")
     end
 
@@ -559,7 +569,7 @@ module API
       return unless values.present?
 
       Gitlab::UsageDataCounters::HLLRedisCounter.track_event(event_name, values: values)
-    rescue => error
+    rescue StandardError => error
       Gitlab::AppLogger.warn("Redis tracking event failed for event: #{event_name}, message: #{error.message}")
     end
 
@@ -582,18 +592,26 @@ module API
 
     def project_finder_params_ce
       finder_params = project_finder_params_visibility_ce
+
+      finder_params.merge!(
+        params
+          .slice(:search,
+                 :custom_attributes,
+                 :last_activity_after,
+                 :last_activity_before,
+                 :repository_storage)
+          .symbolize_keys
+          .compact
+      )
+
       finder_params[:with_issues_enabled] = true if params[:with_issues_enabled].present?
       finder_params[:with_merge_requests_enabled] = true if params[:with_merge_requests_enabled].present?
       finder_params[:without_deleted] = true
-      finder_params[:search] = params[:search] if params[:search]
       finder_params[:search_namespaces] = true if params[:search_namespaces].present?
       finder_params[:user] = params.delete(:user) if params[:user]
-      finder_params[:custom_attributes] = params[:custom_attributes] if params[:custom_attributes]
       finder_params[:id_after] = sanitize_id_param(params[:id_after]) if params[:id_after]
       finder_params[:id_before] = sanitize_id_param(params[:id_before]) if params[:id_before]
-      finder_params[:last_activity_after] = params[:last_activity_after] if params[:last_activity_after]
-      finder_params[:last_activity_before] = params[:last_activity_before] if params[:last_activity_before]
-      finder_params[:repository_storage] = params[:repository_storage] if params[:repository_storage]
+      finder_params[:tag] = params[:topic] if params[:topic].present?
       finder_params
     end
 
@@ -700,4 +718,4 @@ module API
   end
 end
 
-API::Helpers.prepend_if_ee('EE::API::Helpers')
+API::Helpers.prepend_mod_with('API::Helpers')