API Issue creation not allowing created_at for group owners

Summary

Unable to set the created_at field when creating an issue for a project within a group.

Steps to reproduce

1. Create a group and project
2. Add a user to the group as an owner (non-admin user)
3. Attempt to create an issue in the project with created_at field

curl -X POST -H token "http://gitlab/api/v4/projects/89/issues"  -H "Content-Type: application/json" -d '{"title":"stable", "created_at" : "2016-03-11T03:45:40Z2016-03-11T03:45:40Z"}'   | jq .created_at
"2018-07-18T10:26:10.302-06:00"

Issue seems to stem from: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/api/issues.rb#L173

unless current_user.admin? || user_project.owner == current_user
  params.delete(:created_at)
end

Project's in groups link their owner to the parent group:

user_project = Project.find <project_id>
=> #<Project id:89 project/project>

current_user = User.find_by username: 'user'
=> #<User id:7 @user>

user_project.owner == current_user
=> false
user_project.owner
=> #<Group id:60 @project>

# Potential Solution?
current_user.owned_projects.include? user_project
=> true

What is the current bug behavior?

created_at is ignored for non-admins for projects in groups.

What is the expected correct behavior?

Group ownership should be respected in group projects. Able to use the created_at

Possible fixes

 unless current_user.admin? || current_user.owned_projects.include?(user_project)
   params.delete(:created_at)
 end