Protect repository branches ignores passed arguments

Summary

When protecting a new branch, the parameters for push access level & merge access level are ignored, and the default values are used.

Steps to reproduce

Simply simply put your gitlab token, the gitlab base url and project id.

curl                                                                    \
    --request POST                                                      \
    --header "Private-Token: ${GITLAB_TOKEN}"                           \
    ${GITLAB_URL}/api/v4/projects/${PROJECT_ID}/protected_branches?name=*-stable&push_access_level=30&merge_access_level=30

This request is directly taken from the CE documentation. https://docs.gitlab.com/ce/api/protected_branches.html#protect-repository-branches

Example Project

Version: 11.0.4 gitlab-ce@edb037cbc85225261e8ede5455be4aad771ba3bb

What is the current bug behavior?

{"name":"*-stable","push_access_levels":[{"access_level":40,"access_level_description":"Maintainers"}],"merge_access_levels":[{"access_level":40,"access_level_description":"Maintainers"}]}

What is the expected correct behavior?

Push & Merge level should be set to 30.

Edited Jun 23, 2025 by 🤖 GitLab Bot 🤖