Ability to update access levels from Protected Branch API
Release notes
So far, it was only possible to update access levels of protected branches via the UI. To do this via the API, you had to first unprotect the branch and then protect it again with the new setting.
Now, you can programmatically change which users or groups are allowed_to_push
, allowed_to_merge
, and allowed_to_unprotect
and change more settings. This way it is much less likely that bots that change such settings accidentally leave branches unprotected.
https://docs.gitlab.com/ee/api/protected_branches.html#update-a-protected-branch
What
- PUT endpoint on protected branch API
- Alternatively a new API for protected branches access levels, so that they can be set per user/group individually
Why
It is not currently possible to update protected branch settings through the API without first unprotecting it. This is partly because CE and EE differ because EE allows access levels to be set per user/group.
Related
- https://gitlab.com/gitlab-org/gitlab-ce/issues/35867
- https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/12756#note_35838570
- https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/12756#note_34698248
Proposed solution
We can follow the convention that is introduced for Protected Environments API. It follows the same conventions as Rails Nested Attributes:
- If
id
is specified, then the attribute is updated - If
_destroy
field is specified, then the record is removed
After the PATCH endpoint is generalized and id attribute is exposed, we should:
- Allow
id
and_destroy
params, similar to https://gitlab.com/gitlab-org/gitlab/blob/0acba2ab515f263a86718583ffaa7932fbf11b3b/ee/lib/api/protected_environments.rb#L19 - Make sure that
_attributes
are not prefilled with defaults when empty params are send - Update the documentation https://docs.gitlab.com/ee/api/protected_branches.html