Allow editing of commit messages on unprotected branches using the REST API
As part of &4983 (closed) and gitlab-com/gl-infra&351 (closed) we need the ability to edit commit messages. The Gitaly issue gitaly#3324 (closed) discusses the parts we need in Gitaly to make this a possibility.
When those parts are in place, we need to extend the GitLab REST API to support editing of commits on unprotected branches. The API is scoped per project, and takes as input:
- The SHA of the commit to edit
- The branch the commit resides on (e.g. for merge requests this will be the source branch)
- The project to edit the commit for (e.g. for merge requests this will be the source project)
Editing of commits on protected branches is not allowed. Any attempt to do so using the API should lead to an error. A user can only edit their own commits, not those of others. Enforcing this likely requires that we match the commit author Email to a verified Email address of the user trying to edit it. Commits signed using GPG can't be edited, as this would result in the loss of the signature.
The output will then be the new commit's details, including the new message (basically the same format as when viewing a single commit). This way, any client using this API to rewrite a commit message doesn't need an additional API call to view the new state.
This feature should be hidden behind a feature flag that is disabled by default, and can be enabled on a per-project basis.