gitlab-org--gitlab-foss/lib/api/branches.rb

require 'mime/types'

module API
  class Branches < Grape::API
    include PaginationParams

    before { authorize! :download_code, user_project }

    params do
      requires :id, type: String, desc: 'The ID of a project'
    end
    resource :projects, requirements: { id: %r{[^/]+} } do
      desc 'Get a project repository branches' do
        success Entities::RepoBranch
      end
      params do
        use :pagination
      end
      get ":id/repository/branches" do
        branches = ::Kaminari.paginate_array(user_project.repository.branches.sort_by(&:name))

        present paginate(branches), with: Entities::RepoBranch, project: user_project
      end

      desc 'Get a single branch' do
        success Entities::RepoBranch
      end
      params do
        requires :branch, type: String, desc: 'The name of the branch'
      end
      get ':id/repository/branches/:branch', requirements: { branch: /.+/ } do
        branch = user_project.repository.find_branch(params[:branch])
        not_found!("Branch") unless branch

        present branch, with: Entities::RepoBranch, project: user_project
      end

      # Note: The internal data model moved from `developers_can_{merge,push}` to `allowed_to_{merge,push}`
      # in `gitlab-org/gitlab-ce!5081`. The API interface has not been changed (to maintain compatibility),
      # but it works with the changed data model to infer `developers_can_merge` and `developers_can_push`.
      desc 'Protect a single branch' do
        success Entities::RepoBranch
      end
      params do
        requires :branch, type: String, desc: 'The name of the branch'
        optional :developers_can_push, type: Boolean, desc: 'Flag if developers can push to that branch'
        optional :developers_can_merge, type: Boolean, desc: 'Flag if developers can merge to that branch'
      end
      put ':id/repository/branches/:branch/protect', requirements: { branch: /.+/ } do
        authorize_admin_project

        branch = user_project.repository.find_branch(params[:branch])
        not_found!('Branch') unless branch

        protected_branch = user_project.protected_branches.find_by(name: branch.name)

        protected_branch_params = {
          name: branch.name,
          developers_can_push: params[:developers_can_push],
          developers_can_merge: params[:developers_can_merge]
        }

        service_args = [user_project, current_user, protected_branch_params]

        protected_branch = if protected_branch
                             ProtectedBranches::ApiUpdateService.new(*service_args).execute(protected_branch)
                           else
                             ProtectedBranches::ApiCreateService.new(*service_args).execute
                           end

        if protected_branch.valid?
          present branch, with: Entities::RepoBranch, project: user_project
        else
          render_api_error!(protected_branch.errors.full_messages, 422)
        end
      end

      desc 'Unprotect a single branch' do
        success Entities::RepoBranch
      end
      params do
        requires :branch, type: String, desc: 'The name of the branch'
      end
      put ':id/repository/branches/:branch/unprotect', requirements: { branch: /.+/ } do
        authorize_admin_project

        branch = user_project.repository.find_branch(params[:branch])
        not_found!("Branch") unless branch
        protected_branch = user_project.protected_branches.find_by(name: branch.name)
        protected_branch&.destroy

        present branch, with: Entities::RepoBranch, project: user_project
      end

      desc 'Create branch' do
        success Entities::RepoBranch
      end
      params do
        requires :branch, type: String, desc: 'The name of the branch'
        requires :ref, type: String, desc: 'Create branch from commit sha or existing branch'
      end
      post ":id/repository/branches" do
        authorize_push_project

        result = CreateBranchService.new(user_project, current_user)
                 .execute(params[:branch], params[:ref])

        if result[:status] == :success
          present result[:branch],
                  with: Entities::RepoBranch,
                  project: user_project
        else
          render_api_error!(result[:message], 400)
        end
      end

      desc 'Delete a branch'
      params do
        requires :branch, type: String, desc: 'The name of the branch'
      end
      delete ":id/repository/branches/:branch", requirements: { branch: /.+/ } do
        authorize_push_project

        result = DeleteBranchService.new(user_project, current_user)
                 .execute(params[:branch])

        if result[:status] != :success
          render_api_error!(result[:message], result[:return_code])
        end
      end

      desc 'Delete all merged branches'
      delete ":id/repository/merged_branches" do
        DeleteMergedBranchesService.new(user_project, current_user).async_execute

        accepted!
      end
    end
  end
end
Move branches api to separate class Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-31 09:31:53 -04:00			`require 'mime/types'`

			`module API`
			`class Branches < Grape::API`
Paginate all endpoints that return an array 2017-01-16 23:45:07 -05:00			`include PaginationParams`

Move branches api to separate class Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-31 09:31:53 -04:00			`before { authorize! :download_code, user_project }`

GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`params do`
			`requires :id, type: String, desc: 'The ID of a project'`
			`end`
Add `requirements: { id: %r{[^/]+} }` for all projects and groups namespaced API routes Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-03-15 14:09:24 -04:00			`resource :projects, requirements: { id: %r{[^/]+} } do`
GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`desc 'Get a project repository branches' do`
			`success Entities::RepoBranch`
			`end`
Paginate all endpoints that return an array 2017-01-16 23:45:07 -05:00			`params do`
			`use :pagination`
			`end`
Move branches api to separate class Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-31 09:31:53 -04:00			`get ":id/repository/branches" do`
Paginate all endpoints that return an array 2017-01-16 23:45:07 -05:00			`branches = ::Kaminari.paginate_array(user_project.repository.branches.sort_by(&:name))`
Simplify entities for branches and tags API 2016-07-19 07:30:23 -04:00
Paginate all endpoints that return an array 2017-01-16 23:45:07 -05:00			`present paginate(branches), with: Entities::RepoBranch, project: user_project`
Move branches api to separate class Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-31 09:31:53 -04:00			`end`

GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`desc 'Get a single branch' do`
			`success Entities::RepoBranch`
			`end`
			`params do`
Allow branch names with dots on API endpoint 2016-12-06 15:56:59 -05:00			`requires :branch, type: String, desc: 'The name of the branch'`
GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`end`
Allow branch names with dots on API endpoint 2016-12-06 15:56:59 -05:00			`get ':id/repository/branches/:branch', requirements: { branch: /.+/ } do`
GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`branch = user_project.repository.find_branch(params[:branch])`
			`not_found!("Branch") unless branch`
Simplify entities for branches and tags API 2016-07-19 07:30:23 -04:00
GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`present branch, with: Entities::RepoBranch, project: user_project`
Move branches api to separate class Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-31 09:31:53 -04:00			`end`

Have the `branches` API work with the new protected branches data model. 1. The new data model moves from `developers_can_{push,merge}` to `allowed_to_{push,merge}`. 2. The API interface has not been changed. It still accepts `developers_can_push` and `developers_can_merge` as options. These attributes are inferred from the new data model. 3. Modify the protected branch create/update services to translate from the API interface to our current data model. 2016-07-25 10:44:53 -04:00			# Note: The internal data model moved from `developers_can_{merge,push}` to `allowed_to_{merge,push}`
			# in `gitlab-org/gitlab-ce!5081`. The API interface has not been changed (to maintain compatibility),
			# but it works with the changed data model to infer `developers_can_merge` and `developers_can_push`.
GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`desc 'Protect a single branch' do`
			`success Entities::RepoBranch`
			`end`
			`params do`
Allow branch names with dots on API endpoint 2016-12-06 15:56:59 -05:00			`requires :branch, type: String, desc: 'The name of the branch'`
GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`optional :developers_can_push, type: Boolean, desc: 'Flag if developers can push to that branch'`
			`optional :developers_can_merge, type: Boolean, desc: 'Flag if developers can merge to that branch'`
			`end`
Allow branch names with dots on API endpoint 2016-12-06 15:56:59 -05:00			`put ':id/repository/branches/:branch/protect', requirements: { branch: /.+/ } do`
Move branches api to separate class Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-31 09:31:53 -04:00			`authorize_admin_project`

GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`branch = user_project.repository.find_branch(params[:branch])`
			`not_found!('Branch') unless branch`

			`protected_branch = user_project.protected_branches.find_by(name: branch.name)`
Use `Gitlab::Access` to protected branch access levels. 1. It makes sense to reuse these constants since we had them duplicated in the previous enum implementation. This also simplifies our `check_access` implementation, because we can use `project.team.max_member_access` directly. 2. Use `accepts_nested_attributes_for` to create push/merge access levels. This was a bit fiddly to set up, but this simplifies our code by quite a large amount. We can even get rid of `ProtectedBranches::BaseService`. 3. Move API handling back into the API (previously in `ProtectedBranches::BaseService#translate_api_params`. 4. The protected branch services now return a `ProtectedBranch` rather than `true/false`. 5. Run `load_protected_branches` on-demand in the `create` action, to prevent it being called unneccessarily. 6. "Masters" is pre-selected as the default option for "Allowed to Push" and "Allowed to Merge". 7. These changes were based on a review from @rymai in !5081. 2016-07-29 02:13:07 -04:00
Implement review comments from @DouweM. 2016-09-22 11:08:05 -04:00			`protected_branch_params = {`
GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`name: branch.name,`
			`developers_can_push: params[:developers_can_push],`
			`developers_can_merge: params[:developers_can_merge]`
Have the `branches` API work with the new protected branches data model. 1. The new data model moves from `developers_can_{push,merge}` to `allowed_to_{push,merge}`. 2. The API interface has not been changed. It still accepts `developers_can_push` and `developers_can_merge` as options. These attributes are inferred from the new data model. 3. Modify the protected branch create/update services to translate from the API interface to our current data model. 2016-07-25 10:44:53 -04:00			`}`

Implement second round of review comments from @DouweM. - Pass `developers_and_merge` and `developers_can_push` in `params` instead of using keyword arguments. - Refactor a slightly complex boolean check to a simple `nil?` check. 2016-09-30 03:44:46 -04:00			`service_args = [user_project, current_user, protected_branch_params]`
Use `Gitlab::Access` to protected branch access levels. 1. It makes sense to reuse these constants since we had them duplicated in the previous enum implementation. This also simplifies our `check_access` implementation, because we can use `project.team.max_member_access` directly. 2. Use `accepts_nested_attributes_for` to create push/merge access levels. This was a bit fiddly to set up, but this simplifies our code by quite a large amount. We can even get rid of `ProtectedBranches::BaseService`. 3. Move API handling back into the API (previously in `ProtectedBranches::BaseService#translate_api_params`. 4. The protected branch services now return a `ProtectedBranch` rather than `true/false`. 5. Run `load_protected_branches` on-demand in the `create` action, to prevent it being called unneccessarily. 6. "Masters" is pre-selected as the default option for "Allowed to Push" and "Allowed to Merge". 7. These changes were based on a review from @rymai in !5081. 2016-07-29 02:13:07 -04:00
Fix branch protection API. 1. Previously, we were not removing existing access levels before creating new ones. This is not a problem for EE, but _is_ for CE, since we restrict the number of access levels in CE to 1. 2. The correct approach is: CE -> delete all access levels before updating a protected branch EE -> delete developer access levels if "developers_can_{merge,push}" is switched off 3. The dispatch is performed by checking if a "length: 1" validation is present on the access levels or not. 4. Another source of problems was that we didn't put multiple queries in a transaction. If the `destroy_all` passes, but the `update` fails, we should have a rollback. 5. Modifying the API to provide users direct access to CRUD access levels will make things a lot simpler. 6. Create `create/update` services separately for this API, which perform the necessary data translation, before calling the regular `create/update` services. The translation code was getting too large for the API endpoint itself, so this move makes sense. 2016-09-06 01:05:34 -04:00			`protected_branch = if protected_branch`
			`ProtectedBranches::ApiUpdateService.new(*service_args).execute(protected_branch)`
			`else`
			`ProtectedBranches::ApiCreateService.new(*service_args).execute`
			`end`
API: Expose 'developers_can_push' for branches 2016-07-12 10:31:55 -04:00
Fix branch protection API. 1. Previously, we were not removing existing access levels before creating new ones. This is not a problem for EE, but _is_ for CE, since we restrict the number of access levels in CE to 1. 2. The correct approach is: CE -> delete all access levels before updating a protected branch EE -> delete developer access levels if "developers_can_{merge,push}" is switched off 3. The dispatch is performed by checking if a "length: 1" validation is present on the access levels or not. 4. Another source of problems was that we didn't put multiple queries in a transaction. If the `destroy_all` passes, but the `update` fails, we should have a rollback. 5. Modifying the API to provide users direct access to CRUD access levels will make things a lot simpler. 6. Create `create/update` services separately for this API, which perform the necessary data translation, before calling the regular `create/update` services. The translation code was getting too large for the API endpoint itself, so this move makes sense. 2016-09-06 01:05:34 -04:00			`if protected_branch.valid?`
GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`present branch, with: Entities::RepoBranch, project: user_project`
Use `Gitlab::Access` to protected branch access levels. 1. It makes sense to reuse these constants since we had them duplicated in the previous enum implementation. This also simplifies our `check_access` implementation, because we can use `project.team.max_member_access` directly. 2. Use `accepts_nested_attributes_for` to create push/merge access levels. This was a bit fiddly to set up, but this simplifies our code by quite a large amount. We can even get rid of `ProtectedBranches::BaseService`. 3. Move API handling back into the API (previously in `ProtectedBranches::BaseService#translate_api_params`. 4. The protected branch services now return a `ProtectedBranch` rather than `true/false`. 5. Run `load_protected_branches` on-demand in the `create` action, to prevent it being called unneccessarily. 6. "Masters" is pre-selected as the default option for "Allowed to Push" and "Allowed to Merge". 7. These changes were based on a review from @rymai in !5081. 2016-07-29 02:13:07 -04:00			`else`
Fix branch protection API. 1. Previously, we were not removing existing access levels before creating new ones. This is not a problem for EE, but _is_ for CE, since we restrict the number of access levels in CE to 1. 2. The correct approach is: CE -> delete all access levels before updating a protected branch EE -> delete developer access levels if "developers_can_{merge,push}" is switched off 3. The dispatch is performed by checking if a "length: 1" validation is present on the access levels or not. 4. Another source of problems was that we didn't put multiple queries in a transaction. If the `destroy_all` passes, but the `update` fails, we should have a rollback. 5. Modifying the API to provide users direct access to CRUD access levels will make things a lot simpler. 6. Create `create/update` services separately for this API, which perform the necessary data translation, before calling the regular `create/update` services. The translation code was getting too large for the API endpoint itself, so this move makes sense. 2016-09-06 01:05:34 -04:00			`render_api_error!(protected_branch.errors.full_messages, 422)`
Use `Gitlab::Access` to protected branch access levels. 1. It makes sense to reuse these constants since we had them duplicated in the previous enum implementation. This also simplifies our `check_access` implementation, because we can use `project.team.max_member_access` directly. 2. Use `accepts_nested_attributes_for` to create push/merge access levels. This was a bit fiddly to set up, but this simplifies our code by quite a large amount. We can even get rid of `ProtectedBranches::BaseService`. 3. Move API handling back into the API (previously in `ProtectedBranches::BaseService#translate_api_params`. 4. The protected branch services now return a `ProtectedBranch` rather than `true/false`. 5. Run `load_protected_branches` on-demand in the `create` action, to prevent it being called unneccessarily. 6. "Masters" is pre-selected as the default option for "Allowed to Push" and "Allowed to Merge". 7. These changes were based on a review from @rymai in !5081. 2016-07-29 02:13:07 -04:00			`end`
Move branches api to separate class Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-31 09:31:53 -04:00			`end`

GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`desc 'Unprotect a single branch' do`
			`success Entities::RepoBranch`
			`end`
			`params do`
Allow branch names with dots on API endpoint 2016-12-06 15:56:59 -05:00			`requires :branch, type: String, desc: 'The name of the branch'`
GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`end`
Allow branch names with dots on API endpoint 2016-12-06 15:56:59 -05:00			`put ':id/repository/branches/:branch/unprotect', requirements: { branch: /.+/ } do`
Move branches api to separate class Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-31 09:31:53 -04:00			`authorize_admin_project`

GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`branch = user_project.repository.find_branch(params[:branch])`
			`not_found!("Branch") unless branch`
			`protected_branch = user_project.protected_branches.find_by(name: branch.name)`
Update Rubocop to ruby 2.3 2017-02-07 09:16:46 -05:00			`protected_branch&.destroy`
Move branches api to separate class Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-31 09:31:53 -04:00
GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`present branch, with: Entities::RepoBranch, project: user_project`
Move branches api to separate class Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-31 09:31:53 -04:00			`end`
Create branch via API Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-04-01 03:39:53 -04:00
GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`desc 'Create branch' do`
			`success Entities::RepoBranch`
			`end`
			`params do`
Change branch_name param to branch throughout V4 API 2017-02-02 09:24:30 -05:00			`requires :branch, type: String, desc: 'The name of the branch'`
GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`requires :ref, type: String, desc: 'Create branch from commit sha or existing branch'`
			`end`
Create branch via API Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-04-01 03:39:53 -04:00			`post ":id/repository/branches" do`
			`authorize_push_project`
Allow unauthenticated access to some Branch API GET endpoints Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-03-20 04:37:14 -04:00
Enable Style/DotPosition Rubocop :cop: 2017-06-21 09:48:12 -04:00			`result = CreateBranchService.new(user_project, current_user)`
			`.execute(params[:branch], params[:ref])`
API delete branch: render branch name json instead of true Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-10-30 11:28:59 -04:00
Validate branch-names and references in WebUI, API Add specs for GitRefValidator 2014-07-27 10:40:00 -04:00			`if result[:status] == :success`
			`present result[:branch],`
Simplify entities for branches and tags API 2016-07-19 07:30:23 -04:00			`with: Entities::RepoBranch,`
Validate branch-names and references in WebUI, API Add specs for GitRefValidator 2014-07-27 10:40:00 -04:00			`project: user_project`
			`else`
			`render_api_error!(result[:message], 400)`
			`end`
Create branch via API Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-04-01 03:39:53 -04:00			`end`
Api call to remove branch Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-05-22 07:39:50 -04:00
GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`desc 'Delete a branch'`
			`params do`
Allow branch names with dots on API endpoint 2016-12-06 15:56:59 -05:00			`requires :branch, type: String, desc: 'The name of the branch'`
GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00			`end`
Allow branch names with dots on API endpoint 2016-12-06 15:56:59 -05:00			`delete ":id/repository/branches/:branch", requirements: { branch: /.+/ } do`
Api call to remove branch Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-05-22 07:39:50 -04:00			`authorize_push_project`
GrapeDSL for branches endpoints 2016-09-13 14:28:29 -04:00
Enable Style/DotPosition Rubocop :cop: 2017-06-21 09:48:12 -04:00			`result = DeleteBranchService.new(user_project, current_user)`
			`.execute(params[:branch])`
Improve branch deletion via API Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-05-23 08:34:02 -04:00
Return 204 for delete endpoints 2017-02-20 13:18:12 -05:00			`if result[:status] != :success`
Validate branch-names and references in WebUI, API Add specs for GitRefValidator 2014-07-27 10:40:00 -04:00			`render_api_error!(result[:message], result[:return_code])`
Improve branch deletion via API Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-05-23 08:34:02 -04:00			`end`
Api call to remove branch Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-05-22 07:39:50 -04:00			`end`
Add button to delete all merged branches It adds a button to the branches page that the user can use to delete all the branches that are already merged. This can be used to clean up all the branches that were forgotten to delete while merging MRs. Fixes #21076. 2016-09-21 10:15:12 -04:00
Grapify last endpoint of the branches API 2017-01-24 14:24:59 -05:00			`desc 'Delete all merged branches'`
Add button to delete all merged branches It adds a button to the branches page that the user can use to delete all the branches that are already merged. This can be used to clean up all the branches that were forgotten to delete while merging MRs. Fixes #21076. 2016-09-21 10:15:12 -04:00			`delete ":id/repository/merged_branches" do`
			`DeleteMergedBranchesService.new(user_project, current_user).async_execute`

Return 202 with JSON body on async removals on V4 API 2017-02-22 12:37:13 -05:00			`accepted!`
Add button to delete all merged branches It adds a button to the branches page that the user can use to delete all the branches that are already merged. This can be used to clean up all the branches that were forgotten to delete while merging MRs. Fixes #21076. 2016-09-21 10:15:12 -04:00			`end`
Move branches api to separate class Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-31 09:31:53 -04:00			`end`
			`end`
			`end`