Add API branch protection endpoint (#9311)

* add API branch protection endpoint

* lint

* Change to use team names instead of ids.

* Status codes.

* fix

* Fix

* Add new branch protection options (BlockOnRejectedReviews, DismissStaleApprovals, RequireSignedCommits)

* Do xorm query directly

* fix xorm GetUserNamesByIDs

* Add some tests

* Improved GetTeamNamesByID

* http status created for CreateBranchProtection

* Correct status code in integration test

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>

1 files changed, 68 insertions, 0 deletions

diff --git a/integrations/api_branch_test.go b/integrations/api_branch_test.go
index 037a42deec..3fe7f23229 100644
--- a/integrations/api_branch_test.go
+++ b/integrations/api_branch_test.go
@@ -30,6 +30,54 @@ func testAPIGetBranch(t *testing.T, branchName string, exists bool) {
 	assert.EqualValues(t, branchName, branch.Name)
 }
 
+func testAPIGetBranchProtection(t *testing.T, branchName string, expectedHTTPStatus int) {
+	session := loginUser(t, "user2")
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/repos/user2/repo1/branch_protections/%s?token=%s", branchName, token)
+	resp := session.MakeRequest(t, req, expectedHTTPStatus)
+
+	if resp.Code == 200 {
+		var branchProtection api.BranchProtection
+		DecodeJSON(t, resp, &branchProtection)
+		assert.EqualValues(t, branchName, branchProtection.BranchName)
+	}
+}
+
+func testAPICreateBranchProtection(t *testing.T, branchName string, expectedHTTPStatus int) {
+	session := loginUser(t, "user2")
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo1/branch_protections?token="+token, &api.BranchProtection{
+		BranchName: branchName,
+	})
+	resp := session.MakeRequest(t, req, expectedHTTPStatus)
+
+	if resp.Code == 201 {
+		var branchProtection api.BranchProtection
+		DecodeJSON(t, resp, &branchProtection)
+		assert.EqualValues(t, branchName, branchProtection.BranchName)
+	}
+}
+
+func testAPIEditBranchProtection(t *testing.T, branchName string, body *api.BranchProtection, expectedHTTPStatus int) {
+	session := loginUser(t, "user2")
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestWithJSON(t, "PATCH", "/api/v1/repos/user2/repo1/branch_protections/"+branchName+"?token="+token, body)
+	resp := session.MakeRequest(t, req, expectedHTTPStatus)
+
+	if resp.Code == 200 {
+		var branchProtection api.BranchProtection
+		DecodeJSON(t, resp, &branchProtection)
+		assert.EqualValues(t, branchName, branchProtection.BranchName)
+	}
+}
+
+func testAPIDeleteBranchProtection(t *testing.T, branchName string, expectedHTTPStatus int) {
+	session := loginUser(t, "user2")
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "DELETE", "/api/v1/repos/user2/repo1/branch_protections/%s?token=%s", branchName, token)
+	session.MakeRequest(t, req, expectedHTTPStatus)
+}
+
 func TestAPIGetBranch(t *testing.T) {
 	for _, test := range []struct {
 		BranchName string
@@ -43,3 +91,23 @@ func TestAPIGetBranch(t *testing.T) {
 		testAPIGetBranch(t, test.BranchName, test.Exists)
 	}
 }
+
+func TestAPIBranchProtection(t *testing.T) {
+	defer prepareTestEnv(t)()
+
+	// Branch protection only on branch that exist
+	testAPICreateBranchProtection(t, "master/doesnotexist", http.StatusNotFound)
+	// Get branch protection on branch that exist but not branch protection
+	testAPIGetBranchProtection(t, "master", http.StatusNotFound)
+
+	testAPICreateBranchProtection(t, "master", http.StatusCreated)
+	// Can only create once
+	testAPICreateBranchProtection(t, "master", http.StatusForbidden)
+
+	testAPIGetBranchProtection(t, "master", http.StatusOK)
+	testAPIEditBranchProtection(t, "master", &api.BranchProtection{
+		EnablePush: true,
+	}, http.StatusOK)
+
+	testAPIDeleteBranchProtection(t, "master", http.StatusNoContent)
+}