[API] add protected info to /api/v1/repos/{owner}/{repo}/branches

[guillep2k]

• Gitea version (or commit ref): 1.10.0+dev-275-g72f6d5c88

Description

Currently, there's no way of knowing what branches are protected in a repo for simple users.

A PR is in the works (#7093) for configuring such information, but that is only for repo owner because it exposes whitelists and other sensitive information.

My proposal is to change /api/v1/repos/{owner}/{repo}/branches and add the last two fields (protected and required_approvals), so anyone with read permissions on the repo can access this information:

[
  {
    "commit": {
      "added": [
        "string"
      ],
      "author": {
        "email": "user@example.com",
        "name": "string",
        "username": "string"
      },
      "committer": {
        "email": "user@example.com",
        "name": "string",
        "username": "string"
      },
      "id": "string",
      "message": "string",
      "modified": [
        "string"
      ],
      "removed": [
        "string"
      ],
      "timestamp": "2019-09-11T19:38:32.417Z",
      "url": "string",
      "verification": {
        "payload": "string",
        "reason": "string",
        "signature": "string",
        "verified": true
      }
    },
    "name": "string",
    "protected": true,
    "required_approvals": 2
  }
]

[davidsvantesson]

Couldn't the whole GET API for protected branch be made available for persons with code (read or write) access to the repository? Looking at GitHubs API they state that admin or owner permissions is required to update branch protection, but they don't state anything for reading branch protection, so I suppose anyone with access to the repository can do that.

[guillep2k]

@davidsvantesson it's alright with me, can you check with the API for github.com/go-gitea/gitea?

[davidsvantesson]

This is what I can get out:
repos/go-gitea/gitea/branches/master:

...
  "protected": true,
  "protection": {
    "enabled": true,
    "required_status_checks": {
      "enforcement_level": "non_admins",
      "contexts": [
        "continuous-integration/drone/pr",
        "approvals/lgtm"
      ]
    }
  },
  "protection_url": "https://api.github.com/repos/go-gitea/gitea/branches/master/protection"

repos/go-gitea/gitea/branches/master/protection:
Not found

So apparently some restrictions for public access they have not documented. Can you see this information if member of the organization but not administrator/owner?
So it seem your suggestion is more close to how Github have restricted it.