Add API branch protection endpoint (#9311)

* add API branch protection endpoint * lint * Change to use team names instead of ids. * Status codes. * fix * Fix * Add new branch protection options (BlockOnRejectedReviews, DismissStaleApprovals, RequireSignedCommits) * Do xorm query directly * fix xorm GetUserNamesByIDs * Add some tests * Improved GetTeamNamesByID * http status created for CreateBranchProtection * Correct status code in integration test Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
2020-02-13 00:19:35 +01:00 · 2020-02-13 00:19:35 +01:00 · 9ff4e1d2d9
commit 9ff4e1d2d9
parent 908f8952be
10 changed files with 1352 additions and 28 deletions
--- a/modules/convert/convert.go
+++ b/modules/convert/convert.go
@ -30,28 +30,86 @@ func ToEmail(email *models.EmailAddress) *api.Email {
 }

 // ToBranch convert a git.Commit and git.Branch to an api.Branch
-func ToBranch(repo *models.Repository, b *git.Branch, c *git.Commit, bp *models.ProtectedBranch, user *models.User) *api.Branch {
+func ToBranch(repo *models.Repository, b *git.Branch, c *git.Commit, bp *models.ProtectedBranch, user *models.User, isRepoAdmin bool) *api.Branch {
 	if bp == nil {
 		return &api.Branch{
-			Name:                b.Name,
-			Commit:              ToCommit(repo, c),
-			Protected:           false,
-			RequiredApprovals:   0,
-			EnableStatusCheck:   false,
-			StatusCheckContexts: []string{},
-			UserCanPush:         true,
-			UserCanMerge:        true,
+			Name:                          b.Name,
+			Commit:                        ToCommit(repo, c),
+			Protected:                     false,
+			RequiredApprovals:             0,
+			EnableStatusCheck:             false,
+			StatusCheckContexts:           []string{},
+			UserCanPush:                   true,
+			UserCanMerge:                  true,
+			EffectiveBranchProtectionName: "",
 		}
 	}
+	branchProtectionName := ""
+	if isRepoAdmin {
+		branchProtectionName = bp.BranchName
+	}
+
 	return &api.Branch{
-		Name:                b.Name,
-		Commit:              ToCommit(repo, c),
-		Protected:           true,
-		RequiredApprovals:   bp.RequiredApprovals,
-		EnableStatusCheck:   bp.EnableStatusCheck,
-		StatusCheckContexts: bp.StatusCheckContexts,
-		UserCanPush:         bp.CanUserPush(user.ID),
-		UserCanMerge:        bp.IsUserMergeWhitelisted(user.ID),
+		Name:                          b.Name,
+		Commit:                        ToCommit(repo, c),
+		Protected:                     true,
+		RequiredApprovals:             bp.RequiredApprovals,
+		EnableStatusCheck:             bp.EnableStatusCheck,
+		StatusCheckContexts:           bp.StatusCheckContexts,
+		UserCanPush:                   bp.CanUserPush(user.ID),
+		UserCanMerge:                  bp.IsUserMergeWhitelisted(user.ID),
+		EffectiveBranchProtectionName: branchProtectionName,
+	}
+}
+
+// ToBranchProtection convert a ProtectedBranch to api.BranchProtection
+func ToBranchProtection(bp *models.ProtectedBranch) *api.BranchProtection {
+	pushWhitelistUsernames, err := models.GetUserNamesByIDs(bp.WhitelistUserIDs)
+	if err != nil {
+		log.Error("GetUserNamesByIDs (WhitelistUserIDs): %v", err)
+	}
+	mergeWhitelistUsernames, err := models.GetUserNamesByIDs(bp.MergeWhitelistUserIDs)
+	if err != nil {
+		log.Error("GetUserNamesByIDs (MergeWhitelistUserIDs): %v", err)
+	}
+	approvalsWhitelistUsernames, err := models.GetUserNamesByIDs(bp.ApprovalsWhitelistUserIDs)
+	if err != nil {
+		log.Error("GetUserNamesByIDs (ApprovalsWhitelistUserIDs): %v", err)
+	}
+	pushWhitelistTeams, err := models.GetTeamNamesByID(bp.WhitelistTeamIDs)
+	if err != nil {
+		log.Error("GetTeamNamesByID (WhitelistTeamIDs): %v", err)
+	}
+	mergeWhitelistTeams, err := models.GetTeamNamesByID(bp.MergeWhitelistTeamIDs)
+	if err != nil {
+		log.Error("GetTeamNamesByID (MergeWhitelistTeamIDs): %v", err)
+	}
+	approvalsWhitelistTeams, err := models.GetTeamNamesByID(bp.ApprovalsWhitelistTeamIDs)
+	if err != nil {
+		log.Error("GetTeamNamesByID (ApprovalsWhitelistTeamIDs): %v", err)
+	}
+
+	return &api.BranchProtection{
+		BranchName:                  bp.BranchName,
+		EnablePush:                  bp.CanPush,
+		EnablePushWhitelist:         bp.EnableWhitelist,
+		PushWhitelistUsernames:      pushWhitelistUsernames,
+		PushWhitelistTeams:          pushWhitelistTeams,
+		PushWhitelistDeployKeys:     bp.WhitelistDeployKeys,
+		EnableMergeWhitelist:        bp.EnableMergeWhitelist,
+		MergeWhitelistUsernames:     mergeWhitelistUsernames,
+		MergeWhitelistTeams:         mergeWhitelistTeams,
+		EnableStatusCheck:           bp.EnableStatusCheck,
+		StatusCheckContexts:         bp.StatusCheckContexts,
+		RequiredApprovals:           bp.RequiredApprovals,
+		EnableApprovalsWhitelist:    bp.EnableApprovalsWhitelist,
+		ApprovalsWhitelistUsernames: approvalsWhitelistUsernames,
+		ApprovalsWhitelistTeams:     approvalsWhitelistTeams,
+		BlockOnRejectedReviews:      bp.BlockOnRejectedReviews,
+		DismissStaleApprovals:       bp.DismissStaleApprovals,
+		RequireSignedCommits:        bp.RequireSignedCommits,
+		Created:                     bp.CreatedUnix.AsTime(),
+		Updated:                     bp.UpdatedUnix.AsTime(),
 	}
 }

--- a/modules/structs/repo_branch.go
+++ b/modules/structs/repo_branch.go
@ -4,14 +4,88 @@

 package structs

+import (
+	"time"
+)
+
 // Branch represents a repository branch
 type Branch struct {
-	Name                string         `json:"name"`
-	Commit              *PayloadCommit `json:"commit"`
-	Protected           bool           `json:"protected"`
-	RequiredApprovals   int64          `json:"required_approvals"`
-	EnableStatusCheck   bool           `json:"enable_status_check"`
-	StatusCheckContexts []string       `json:"status_check_contexts"`
-	UserCanPush         bool           `json:"user_can_push"`
-	UserCanMerge        bool           `json:"user_can_merge"`
+	Name                          string         `json:"name"`
+	Commit                        *PayloadCommit `json:"commit"`
+	Protected                     bool           `json:"protected"`
+	RequiredApprovals             int64          `json:"required_approvals"`
+	EnableStatusCheck             bool           `json:"enable_status_check"`
+	StatusCheckContexts           []string       `json:"status_check_contexts"`
+	UserCanPush                   bool           `json:"user_can_push"`
+	UserCanMerge                  bool           `json:"user_can_merge"`
+	EffectiveBranchProtectionName string         `json:"effective_branch_protection_name"`
+}
+
+// BranchProtection represents a branch protection for a repository
+type BranchProtection struct {
+	BranchName                  string   `json:"branch_name"`
+	EnablePush                  bool     `json:"enable_push"`
+	EnablePushWhitelist         bool     `json:"enable_push_whitelist"`
+	PushWhitelistUsernames      []string `json:"push_whitelist_usernames"`
+	PushWhitelistTeams          []string `json:"push_whitelist_teams"`
+	PushWhitelistDeployKeys     bool     `json:"push_whitelist_deploy_keys"`
+	EnableMergeWhitelist        bool     `json:"enable_merge_whitelist"`
+	MergeWhitelistUsernames     []string `json:"merge_whitelist_usernames"`
+	MergeWhitelistTeams         []string `json:"merge_whitelist_teams"`
+	EnableStatusCheck           bool     `json:"enable_status_check"`
+	StatusCheckContexts         []string `json:"status_check_contexts"`
+	RequiredApprovals           int64    `json:"required_approvals"`
+	EnableApprovalsWhitelist    bool     `json:"enable_approvals_whitelist"`
+	ApprovalsWhitelistUsernames []string `json:"approvals_whitelist_username"`
+	ApprovalsWhitelistTeams     []string `json:"approvals_whitelist_teams"`
+	BlockOnRejectedReviews      bool     `json:"block_on_rejected_reviews"`
+	DismissStaleApprovals       bool     `json:"dismiss_stale_approvals"`
+	RequireSignedCommits        bool     `json:"require_signed_commits"`
+	// swagger:strfmt date-time
+	Created time.Time `json:"created_at"`
+	// swagger:strfmt date-time
+	Updated time.Time `json:"updated_at"`
+}
+
+// CreateBranchProtectionOption options for creating a branch protection
+type CreateBranchProtectionOption struct {
+	BranchName                  string   `json:"branch_name"`
+	EnablePush                  bool     `json:"enable_push"`
+	EnablePushWhitelist         bool     `json:"enable_push_whitelist"`
+	PushWhitelistUsernames      []string `json:"push_whitelist_usernames"`
+	PushWhitelistTeams          []string `json:"push_whitelist_teams"`
+	PushWhitelistDeployKeys     bool     `json:"push_whitelist_deploy_keys"`
+	EnableMergeWhitelist        bool     `json:"enable_merge_whitelist"`
+	MergeWhitelistUsernames     []string `json:"merge_whitelist_usernames"`
+	MergeWhitelistTeams         []string `json:"merge_whitelist_teams"`
+	EnableStatusCheck           bool     `json:"enable_status_check"`
+	StatusCheckContexts         []string `json:"status_check_contexts"`
+	RequiredApprovals           int64    `json:"required_approvals"`
+	EnableApprovalsWhitelist    bool     `json:"enable_approvals_whitelist"`
+	ApprovalsWhitelistUsernames []string `json:"approvals_whitelist_username"`
+	ApprovalsWhitelistTeams     []string `json:"approvals_whitelist_teams"`
+	BlockOnRejectedReviews      bool     `json:"block_on_rejected_reviews"`
+	DismissStaleApprovals       bool     `json:"dismiss_stale_approvals"`
+	RequireSignedCommits        bool     `json:"require_signed_commits"`
+}
+
+// EditBranchProtectionOption options for editing a branch protection
+type EditBranchProtectionOption struct {
+	EnablePush                  *bool    `json:"enable_push"`
+	EnablePushWhitelist         *bool    `json:"enable_push_whitelist"`
+	PushWhitelistUsernames      []string `json:"push_whitelist_usernames"`
+	PushWhitelistTeams          []string `json:"push_whitelist_teams"`
+	PushWhitelistDeployKeys     *bool    `json:"push_whitelist_deploy_keys"`
+	EnableMergeWhitelist        *bool    `json:"enable_merge_whitelist"`
+	MergeWhitelistUsernames     []string `json:"merge_whitelist_usernames"`
+	MergeWhitelistTeams         []string `json:"merge_whitelist_teams"`
+	EnableStatusCheck           *bool    `json:"enable_status_check"`
+	StatusCheckContexts         []string `json:"status_check_contexts"`
+	RequiredApprovals           *int64   `json:"required_approvals"`
+	EnableApprovalsWhitelist    *bool    `json:"enable_approvals_whitelist"`
+	ApprovalsWhitelistUsernames []string `json:"approvals_whitelist_username"`
+	ApprovalsWhitelistTeams     []string `json:"approvals_whitelist_teams"`
+	BlockOnRejectedReviews      *bool    `json:"block_on_rejected_reviews"`
+	DismissStaleApprovals       *bool    `json:"dismiss_stale_approvals"`
+	RequireSignedCommits        *bool    `json:"require_signed_commits"`
 }