Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[API] add protected info to /api/v1/repos/{owner}/{repo}/branches #8154

Closed
guillep2k opened this issue Sep 11, 2019 · 3 comments · Fixed by #9031
Closed

[API] add protected info to /api/v1/repos/{owner}/{repo}/branches #8154

guillep2k opened this issue Sep 11, 2019 · 3 comments · Fixed by #9031
Labels
modifies/api This PR adds API routes or modifies them type/proposal The new feature has not been accepted yet but needs to be discussed first.

Comments

@guillep2k
Copy link
Member

  • Gitea version (or commit ref): 1.10.0+dev-275-g72f6d5c88

Description

Currently, there's no way of knowing what branches are protected in a repo for simple users.

A PR is in the works (#7093) for configuring such information, but that is only for repo owner because it exposes whitelists and other sensitive information.

My proposal is to change /api/v1/repos/{owner}/{repo}/branches and add the last two fields (protected and required_approvals), so anyone with read permissions on the repo can access this information:

[
  {
    "commit": {
      "added": [
        "string"
      ],
      "author": {
        "email": "[email protected]",
        "name": "string",
        "username": "string"
      },
      "committer": {
        "email": "[email protected]",
        "name": "string",
        "username": "string"
      },
      "id": "string",
      "message": "string",
      "modified": [
        "string"
      ],
      "removed": [
        "string"
      ],
      "timestamp": "2019-09-11T19:38:32.417Z",
      "url": "string",
      "verification": {
        "payload": "string",
        "reason": "string",
        "signature": "string",
        "verified": true
      }
    },
    "name": "string",
    "protected": true,
    "required_approvals": 2
  }
]
@techknowlogick techknowlogick added modifies/api This PR adds API routes or modifies them type/proposal The new feature has not been accepted yet but needs to be discussed first. labels Sep 11, 2019
@davidsvantesson
Copy link
Contributor

Couldn't the whole GET API for protected branch be made available for persons with code (read or write) access to the repository? Looking at GitHubs API they state that admin or owner permissions is required to update branch protection, but they don't state anything for reading branch protection, so I suppose anyone with access to the repository can do that.

@guillep2k
Copy link
Member Author

@davidsvantesson it's alright with me, can you check with the API for github.com/go-gitea/gitea?

@davidsvantesson
Copy link
Contributor

This is what I can get out:
repos/go-gitea/gitea/branches/master:

...
  "protected": true,
  "protection": {
    "enabled": true,
    "required_status_checks": {
      "enforcement_level": "non_admins",
      "contexts": [
        "continuous-integration/drone/pr",
        "approvals/lgtm"
      ]
    }
  },
  "protection_url": "https://api.github.com/repos/go-gitea/gitea/branches/master/protection"

repos/go-gitea/gitea/branches/master/protection:
Not found

So apparently some restrictions for public access they have not documented. Can you see this information if member of the organization but not administrator/owner?
So it seem your suggestion is more close to how Github have restricted it.

@davidsvantesson davidsvantesson mentioned this issue Nov 15, 2019
Merged
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
modifies/api This PR adds API routes or modifies them type/proposal The new feature has not been accepted yet but needs to be discussed first.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update branch API endpoint to show effective branch protection. davidsvantesson/gitea
3 participants
@davidsvantesson @techknowlogick @guillep2k