github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-18 06:03:09 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

[API] add protected info to /api/v1/repos/{owner}/{repo}/branches #3938

New Issue
Closed
opened 2025-11-02 05:31:10 -06:00 by GiteaMirror · 3 comments
GiteaMirror commented 2025-11-02 05:31:10 -06:00
Owner
Copy Link

Originally created by @guillep2k on GitHub (Sep 11, 2019).

  • Gitea version (or commit ref): 1.10.0+dev-275-g72f6d5c88

Description

Currently, there's no way of knowing what branches are protected in a repo for simple users.

A PR is in the works (#7093) for configuring such information, but that is only for repo owner because it exposes whitelists and other sensitive information.

My proposal is to change /api/v1/repos/{owner}/{repo}/branches and add the last two fields (protected and required_approvals), so anyone with read permissions on the repo can access this information:

[
  {
    "commit": {
      "added": [
        "string"
      ],
      "author": {
        "email": "user@example.com",
        "name": "string",
        "username": "string"
      },
      "committer": {
        "email": "user@example.com",
        "name": "string",
        "username": "string"
      },
      "id": "string",
      "message": "string",
      "modified": [
        "string"
      ],
      "removed": [
        "string"
      ],
      "timestamp": "2019-09-11T19:38:32.417Z",
      "url": "string",
      "verification": {
        "payload": "string",
        "reason": "string",
        "signature": "string",
        "verified": true
      }
    },
    "name": "string",
    "protected": true,
    "required_approvals": 2
  }
]
Originally created by @guillep2k on GitHub (Sep 11, 2019). - Gitea version (or commit ref): 1.10.0+dev-275-g72f6d5c88 ## Description Currently, there's no way of knowing what branches are protected in a repo for simple users. A PR is in the works (#7093) for configuring such information, but that is only for repo owner because it exposes whitelists and other sensitive information. My proposal is to change `/api/v1/repos/{owner}/{repo}/branches` and add the last two fields (`protected` and `required_approvals`), so anyone with read permissions on the repo can access this information: ``` [ { "commit": { "added": [ "string" ], "author": { "email": "user@example.com", "name": "string", "username": "string" }, "committer": { "email": "user@example.com", "name": "string", "username": "string" }, "id": "string", "message": "string", "modified": [ "string" ], "removed": [ "string" ], "timestamp": "2019-09-11T19:38:32.417Z", "url": "string", "verification": { "payload": "string", "reason": "string", "signature": "string", "verified": true } }, "name": "string", "protected": true, "required_approvals": 2 } ] ```
GiteaMirror added the type/proposalmodifies/api labels 2025-11-02 05:31:10 -06:00
GiteaMirror commented 2025-11-02 05:31:11 -06:00
Author
Owner
Copy Link

@davidsvantesson commented on GitHub (Sep 12, 2019):

Couldn't the whole GET API for protected branch be made available for persons with code (read or write) access to the repository? Looking at GitHubs API they state that admin or owner permissions is required to update branch protection, but they don't state anything for reading branch protection, so I suppose anyone with access to the repository can do that.

@davidsvantesson commented on GitHub (Sep 12, 2019): Couldn't the whole GET API for protected branch be made available for persons with code (read or write) access to the repository? Looking at [GitHubs API](https://developer.github.com/v3/repos/branches/#get-branch-protection) they state that admin or owner permissions is required to update branch protection, but they don't state anything for reading branch protection, so I suppose anyone with access to the repository can do that.
GiteaMirror commented 2025-11-02 05:31:11 -06:00
Author
Owner
Copy Link

@guillep2k commented on GitHub (Sep 12, 2019):

@davidsvantesson it's alright with me, can you check with the API for github.com/go-gitea/gitea?

@guillep2k commented on GitHub (Sep 12, 2019): @davidsvantesson it's alright with me, can you check with the API for github.com/go-gitea/gitea?
GiteaMirror commented 2025-11-02 05:31:11 -06:00
Author
Owner
Copy Link

@davidsvantesson commented on GitHub (Sep 12, 2019):

This is what I can get out:
repos/go-gitea/gitea/branches/master:

...
  "protected": true,
  "protection": {
    "enabled": true,
    "required_status_checks": {
      "enforcement_level": "non_admins",
      "contexts": [
        "continuous-integration/drone/pr",
        "approvals/lgtm"
      ]
    }
  },
  "protection_url": "https://api.github.com/repos/go-gitea/gitea/branches/master/protection"

repos/go-gitea/gitea/branches/master/protection:
Not found

So apparently some restrictions for public access they have not documented. Can you see this information if member of the organization but not administrator/owner?
So it seem your suggestion is more close to how Github have restricted it.

@davidsvantesson commented on GitHub (Sep 12, 2019): This is what I can get out: **repos/go-gitea/gitea/branches/master:** ``` ... "protected": true, "protection": { "enabled": true, "required_status_checks": { "enforcement_level": "non_admins", "contexts": [ "continuous-integration/drone/pr", "approvals/lgtm" ] } }, "protection_url": "https://api.github.com/repos/go-gitea/gitea/branches/master/protection" ``` **repos/go-gitea/gitea/branches/master/protection:** Not found So apparently some restrictions for public access they have not documented. Can you see this information if member of the organization but not administrator/owner? So it seem your suggestion is more close to how Github have restricted it.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label modifies/api type/proposal
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#3938
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?