From 1953c9c02fbc5f3551753cd9c2fd7a67b164aaa1 Mon Sep 17 00:00:00 2001 From: Brendan Date: Tue, 7 Oct 2025 09:25:55 +0200 Subject: [PATCH 1/3] Add info about differeing UI and API behavior --- doc/api/protected_branches.md | 16 ++++++++++++++++ .../project/repository/branches/protected.md | 6 ++++++ 2 files changed, 22 insertions(+) diff --git a/doc/api/protected_branches.md b/doc/api/protected_branches.md index 0b308a6c68e980..db76b9e9acef80 100644 --- a/doc/api/protected_branches.md +++ b/doc/api/protected_branches.md @@ -318,6 +318,19 @@ Supported attributes: | `push_access_level` | integer | No | Access levels allowed to push. Default is `40` (Maintainer role). | | `unprotect_access_level` | integer | No | Access levels allowed to unprotect. Default is `40` (Maintainer role). | +When you configure access levels: + +- You can set multiple access levels simultaneously for `allowed_to_push` and `allowed_to_merge`. +- The most permissive access level determines who can perform the action. +- Setting access level `0` (No access) with other access levels results in the other + levels taking effect. + +This behavior differs from the UI, which automatically clears other role selections +when you select **No one**. + +For example, if you set both `access_level: 0` (No access) and `access_level: 40` (Maintainer role) +for `allowed_to_push`, users with at least the Maintainer role can push to the branch. + If successful, returns [`201 Created`](rest/troubleshooting.md#status-codes) and the following response attributes: @@ -759,6 +772,9 @@ Supported attributes: | `allowed_to_unprotect` | array | No | Array of unprotect access levels, with each described by a hash of the form `{user_id: integer}`, `{group_id: integer}`, `{access_level: integer}`, or `{id: integer, _destroy: true}` to destroy an existing access level. Access level `No access` is not available for this field. Premium and Ultimate only. | | `code_owner_approval_required` | boolean | No | If `true`, prevents pushes to this branch if it matches an item in the [`CODEOWNERS` file](../user/project/codeowners/_index.md). Premium and Ultimate only. | +For information about how access levels interact when you set multiple values, +see [protect repository branches](#protect-repository-branches). + If successful, returns [`200 OK`](rest/troubleshooting.md#status-codes) and the following response attributes: diff --git a/doc/user/project/repository/branches/protected.md b/doc/user/project/repository/branches/protected.md index f6bf4fab2908ee..644d6f4a5c57ce 100644 --- a/doc/user/project/repository/branches/protected.md +++ b/doc/user/project/repository/branches/protected.md @@ -131,6 +131,12 @@ Users with this permission can merge through merge requests even without {{< /alert >}} +When you select **No one** for either **Allowed to merge** or **Allowed to push and merge**, the UI +clears other role selections. +This behavior differs from the API, where you can set multiple access levels simultaneously. +For more information about API behavior, see the +[Protected branches API](../../../../api/protected_branches.md). + ### Protection strategies by branch types Different branch types require different protection levels based on their purpose and -- GitLab From 216da6ad846576a137e050d24bab60c816813a4b Mon Sep 17 00:00:00 2001 From: Brendan Lynch Date: Fri, 10 Oct 2025 13:53:09 +0200 Subject: [PATCH 2/3] Apply 2 suggestion(s) to 1 file(s) Co-authored-by: Lorena Ciutacu --- doc/api/protected_branches.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/api/protected_branches.md b/doc/api/protected_branches.md index db76b9e9acef80..7f0e4f84335b7b 100644 --- a/doc/api/protected_branches.md +++ b/doc/api/protected_branches.md @@ -321,7 +321,7 @@ Supported attributes: When you configure access levels: - You can set multiple access levels simultaneously for `allowed_to_push` and `allowed_to_merge`. -- The most permissive access level determines who can perform the action. +- The highest access level determines who can perform the action. - Setting access level `0` (No access) with other access levels results in the other levels taking effect. @@ -773,7 +773,7 @@ Supported attributes: | `code_owner_approval_required` | boolean | No | If `true`, prevents pushes to this branch if it matches an item in the [`CODEOWNERS` file](../user/project/codeowners/_index.md). Premium and Ultimate only. | For information about how access levels interact when you set multiple values, -see [protect repository branches](#protect-repository-branches). +see [Protect repository branches](#protect-repository-branches). If successful, returns [`200 OK`](rest/troubleshooting.md#status-codes) and the following response attributes: -- GitLab From 45854541bfe338a12d8045f7e3520781f1371bd0 Mon Sep 17 00:00:00 2001 From: Brendan Lynch Date: Wed, 22 Oct 2025 13:11:00 +0200 Subject: [PATCH 3/3] Apply 1 suggestion(s) to 1 file(s) Co-authored-by: Lorena Ciutacu --- doc/api/protected_branches.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/doc/api/protected_branches.md b/doc/api/protected_branches.md index 7f0e4f84335b7b..fc66a75860ab5d 100644 --- a/doc/api/protected_branches.md +++ b/doc/api/protected_branches.md @@ -322,8 +322,7 @@ When you configure access levels: - You can set multiple access levels simultaneously for `allowed_to_push` and `allowed_to_merge`. - The highest access level determines who can perform the action. -- Setting access level `0` (No access) with other access levels results in the other - levels taking effect. +- If you set access level `0` (no one) and other access levels for the same branch, the most permissive access level applies. This behavior differs from the UI, which automatically clears other role selections when you select **No one**. -- GitLab