Protected packages: Add minimum_access_level_for_delete to REST API

• Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

What does this MR do and why?

Protected packages: Add minimum_access_level_for_delete to REST API

The attribute minimum_access_level_for_delete that was introduced in the MR: !179739 (merged) .

This commit makes the attribute minimum_access_level_for_delete available in the REST API also updates the documentation.

Changelog: added

🛠️ with ❤️ at Siemens

References

Please include cross links to any resources that are relevant to this MR This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

MR Checklist (@gerardo-navarro)

• Changelog entry added, if necessary
• Documentation created/updated via this MR
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Tested in all supported browsers
• Conforms to the code review guidelines
• Conforms to the style guides
• Conforms to the javascript style guides
• Conforms to the database guides
• Conforms to the merge request performance guidelines

Screenshots or screen recordings

Extending the REST API to allow setting the newly introduced attributed minimum_access_level_for_delete.

How to set up and validate locally

1. Start the rails server
2. Send a POST REST API call to create a package protection rule with the attribute minium_access_level_for_delete

curl -i --request POST \
  --url http://gdk.test:3000/api/v4/projects/7/packages/protection/rules \
  --header 'PRIVATE-TOKEN: {{patWithoutAdminScope}}' \
  --header 'content-type: application/json' \
  --data '{
      "package_name_pattern": "@my-new-scope/my-package-*",
      "package_type": "npm",
      "minimum_access_level_for_delete": "owner",
      "minimum_access_level_for_push": "maintainer"
}'

3. Get the latest current package protection rules associated to the project => you should see the newly created rule

curl -i --request GET \
  --url http://gdk.test:3000/api/v4/projects/7/packages/protection/rules \
  --header 'PRIVATE-TOKEN: {{patWithoutAdminScope}}'

4. Update the attribute minium_access_level_for_delete and set it to NULL

curl -i --request PATCH \
  --url http://gdk.test:3000/api/v4/projects/7/packages/protection/rules/2014 \
  --header 'PRIVATE-TOKEN: {{patWithoutAdminScope}}' \
  --header 'content-type: application/json' \
  --data '{
      "package_name_pattern": "@my-new-scope/my-package-*",
      "package_type": "npm",
      "minimum_access_level_for_delete": null,
      "minimum_access_level_for_push": "maintainer"
}'

5. Get the latest current package protection rules associated to the project => you should see the attribute minimum_access_level_for_delete has been set to NULL for the package rule

curl -i --request GET \
  --url http://gdk.test:3000/api/v4/projects/7/packages/protection/rules \
  --header 'PRIVATE-TOKEN: {{patWithoutAdminScope}}'

Related to #457512 (closed)