### Release notes So far, it was only possible to update access levels of protected branches via the UI. To do this via the API, you had to first unprotect the branch and then protect it again with the new setting. Now, you can programmatically change which users or groups are `allowed_to_push`, `allowed_to_merge`, and `allowed_to_unprotect` and change more settings. This way it is much less likely that bots that change such settings accidentally leave branches unprotected. https://docs.gitlab.com/ee/api/protected_branches.html#update-a-protected-branch ## What - PUT endpoint on [protected branch API](https://docs.gitlab.com/ee/api/protected_branches.html#protected-branches-api) - Alternatively a new API for protected branches access levels, so that they can be set per user/group individually ## Why It is not currently possible to update protected branch settings through the API without first unprotecting it. This is partly because CE and EE differ because EE allows access levels to be set per user/group. ## Related - https://gitlab.com/gitlab-org/gitlab-ce/issues/35867 - https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/12756#note_35838570 - https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/12756#note_34698248 ## Proposed solution We can follow the convention that is introduced for [Protected Environments API](https://docs.gitlab.com/ee/api/protected_environments.html). It follows the same conventions as [Rails Nested Attributes](https://api.rubyonrails.org/classes/ActiveRecord/NestedAttributes/ClassMethods.html): - If `id` is specified, then the attribute is updated - If `_destroy` field is specified, then the record is removed After the PATCH endpoint is [generalized](https://gitlab.com/gitlab-org/gitlab/-/issues/377926) and id attribute is [exposed](https://gitlab.com/gitlab-org/gitlab/-/issues/377927), we should: - Allow `id` and `_destroy` params, similar to https://gitlab.com/gitlab-org/gitlab/blob/0acba2ab515f263a86718583ffaa7932fbf11b3b/ee/lib/api/protected_environments.rb#L19 - Make sure that [`_attributes`](https://gitlab.com/gitlab-org/gitlab/blob/0acba2ab515f263a86718583ffaa7932fbf11b3b/app/services/protected_branches/api_service.rb#L13-14) are not prefilled with [defaults](https://gitlab.com/gitlab-org/gitlab/blob/0acba2ab515f263a86718583ffaa7932fbf11b3b/app/services/protected_refs/access_level_params.rb#L19) when empty params are send - Update the documentation https://docs.gitlab.com/ee/api/protected_branches.html