API: Expose 'developers_can_merge' for branches

5 files changed, 57 insertions, 11 deletions

diff --git a/CHANGELOG b/CHANGELOG
index e30b61c40a4..2892631560b 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -57,7 +57,7 @@ v 8.10.0 (unreleased)
   - API: Expose `due_date` for issues (Robert Schilling)
   - API: Todos !3188 (Robert Schilling)
   - API: Expose shared groups for projects and shared projects for groups !5050 (Robert Schilling)
-  - API: Expose 'developers_can_push' for branches !5208 (Robert Schilling)
+  - API: Expose `developers_can_push` and `developers_can_merge` for branches !5208 (Robert Schilling)
   - Add "Enabled Git access protocols" to Application Settings
   - Diffs will create button/diff form on demand no on server side
   - Reduce size of HTML used by diff comment forms
diff --git a/doc/api/branches.md b/doc/api/branches.md
index e5a1e12ffb9..dbe8306c66f 100644
--- a/doc/api/branches.md
+++ b/doc/api/branches.md
@@ -24,6 +24,7 @@ Example response:
     "name": "master",
     "protected": true,
     "developers_can_push": false,
+    "developers_can_merge": false,
     "commit": {
       "author_email": "john@example.com",
       "author_name": "John Smith",
@@ -66,6 +67,7 @@ Example response:
   "name": "master",
   "protected": true,
   "developers_can_push": false,
+  "developers_can_merge": false,
   "commit": {
     "author_email": "john@example.com",
     "author_name": "John Smith",
@@ -93,7 +95,7 @@ PUT /projects/:id/repository/branches/:branch/protect
 ```
 
 ```bash
-curl -X PUT -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/5/repository/branches/master/protect?developers_can_push=true
+curl -X PUT -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/5/repository/branches/master/protect?developers_can_push=true&developers_can_merge=true
 ```
 
 | Attribute | Type | Required | Description |
@@ -101,6 +103,7 @@ curl -X PUT -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/
 | `id` | integer | yes | The ID of a project |
 | `branch` | string | yes | The name of the branch |
 | `developers_can_push` | boolean | no | Flag if developers can push to the branch |
+| `developers_can_merge` | boolean | no | Flag if developers can merge to the branch |
 
 Example response:
 
@@ -121,7 +124,8 @@ Example response:
   },
   "name": "master",
   "protected": true,
-  "developers_can_push": true
+  "developers_can_push": true,
+  "developers_can_merge": true
 }
 ```
 
@@ -163,7 +167,8 @@ Example response:
   },
   "name": "master",
   "protected": false,
-  "developers_can_push": false
+  "developers_can_push": false,
+  "developers_can_merge": false
 }
 ```
 
@@ -202,7 +207,8 @@ Example response:
   },
   "name": "newbranch",
   "protected": false,
-  "developers_can_push": false
+  "developers_can_push": false,
+  "developers_can_merge": false
 }
 ```
 
diff --git a/lib/api/branches.rb b/lib/api/branches.rb
index cd33091d9f4..b77eebc729a 100644
--- a/lib/api/branches.rb
+++ b/lib/api/branches.rb
@@ -37,6 +37,7 @@ module API
       #   id (required) - The ID of a project
       #   branch (required) - The name of the branch
       #   developers_can_push (optional) - Flag if developers can push to that branch
+      #   developers_can_merge (optional) - Flag if developers can merge to that branch
       # Example Request:
       #   PUT /projects/:id/repository/branches/:branch/protect
       put ':id/repository/branches/:branch/protect',
@@ -47,12 +48,15 @@ module API
         not_found!('Branch') unless @branch
         protected_branch = user_project.protected_branches.find_by(name: @branch.name)
         developers_can_push = to_boolean(params[:developers_can_push])
+        developers_can_merge = to_boolean(params[:developers_can_merge])
 
         if protected_branch
           protected_branch.update(developers_can_push: developers_can_push) unless developers_can_push.nil?
+          protected_branch.update(developers_can_merge: developers_can_merge) unless developers_can_merge.nil?
         else
           user_project.protected_branches.create(name: @branch.name,
-                                                 developers_can_push: developers_can_push || false)
+                                                 developers_can_push: developers_can_push || false,
+                                                 developers_can_merge: developers_can_merge || false)
         end
 
         present @branch, with: Entities::RepoObject, project: user_project
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index e4ae5adafd6..d6fed1a1eed 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -136,6 +136,12 @@ module API
           options[:project].developers_can_push_to_protected_branch? repo_obj.name
         end
       end
+
+      expose :developers_can_merge do |repo_obj, options|
+        if options[:project]
+          options[:project].developers_can_merge_to_protected_branch? repo_obj.name
+        end
+      end
     end
 
     class RepoTreeObject < Grape::Entity
diff --git a/spec/requests/api/branches_spec.rb b/spec/requests/api/branches_spec.rb
index c843e8cf7be..719da27f919 100644
--- a/spec/requests/api/branches_spec.rb
+++ b/spec/requests/api/branches_spec.rb
@@ -33,6 +33,7 @@ describe API::API, api: true  do
       expect(json_response['commit']['id']).to eq(branch_sha)
       expect(json_response['protected']).to eq(false)
       expect(json_response['developers_can_push']).to eq(false)
+      expect(json_response['developers_can_merge']).to eq(false)
     end
 
     it "should return a 403 error if guest" do
@@ -55,6 +56,7 @@ describe API::API, api: true  do
       expect(json_response['commit']['id']).to eq(branch_sha)
       expect(json_response['protected']).to eq(true)
       expect(json_response['developers_can_push']).to eq(false)
+      expect(json_response['developers_can_merge']).to eq(false)
     end
 
     it 'protects a single branch and developers can push' do
@@ -66,17 +68,43 @@ describe API::API, api: true  do
       expect(json_response['commit']['id']).to eq(branch_sha)
       expect(json_response['protected']).to eq(true)
       expect(json_response['developers_can_push']).to eq(true)
+      expect(json_response['developers_can_merge']).to eq(false)
     end
 
-    it 'protects a single branch and developers cannot push' do
+    it 'protects a single branch and developers can merge' do
       put api("/projects/#{project.id}/repository/branches/#{branch_name}/protect", user),
-        developers_can_push: 'tru'
+        developers_can_merge: true
 
       expect(response).to have_http_status(200)
       expect(json_response['name']).to eq(branch_name)
       expect(json_response['commit']['id']).to eq(branch_sha)
       expect(json_response['protected']).to eq(true)
       expect(json_response['developers_can_push']).to eq(false)
+      expect(json_response['developers_can_merge']).to eq(true)
+    end
+
+    it 'protects a single branch and developers can push and merge' do
+      put api("/projects/#{project.id}/repository/branches/#{branch_name}/protect", user),
+        developers_can_push: true, developers_can_merge: true
+
+      expect(response).to have_http_status(200)
+      expect(json_response['name']).to eq(branch_name)
+      expect(json_response['commit']['id']).to eq(branch_sha)
+      expect(json_response['protected']).to eq(true)
+      expect(json_response['developers_can_push']).to eq(true)
+      expect(json_response['developers_can_merge']).to eq(true)
+    end
+
+    it 'protects a single branch and developers cannot push and merge' do
+      put api("/projects/#{project.id}/repository/branches/#{branch_name}/protect", user),
+        developers_can_push: 'tru', developers_can_merge: 'tr'
+
+      expect(response).to have_http_status(200)
+      expect(json_response['name']).to eq(branch_name)
+      expect(json_response['commit']['id']).to eq(branch_sha)
+      expect(json_response['protected']).to eq(true)
+      expect(json_response['developers_can_push']).to eq(false)
+      expect(json_response['developers_can_merge']).to eq(false)
     end
 
     context 'on a protected branch' do
@@ -84,27 +112,29 @@ describe API::API, api: true  do
 
       before do
         project.repository.add_branch(user, protected_branch, 'master')
-        create(:protected_branch, project: project, name: protected_branch, developers_can_push: true)
+        create(:protected_branch, project: project, name: protected_branch, developers_can_push: true, developers_can_merge: true)
       end
 
       it 'updates that a developer can push' do
         put api("/projects/#{project.id}/repository/branches/#{protected_branch}/protect", user),
-          developers_can_push: false
+          developers_can_push: false, developers_can_merge: false
 
         expect(response).to have_http_status(200)
         expect(json_response['name']).to eq(protected_branch)
         expect(json_response['protected']).to eq(true)
         expect(json_response['developers_can_push']).to eq(false)
+        expect(json_response['developers_can_merge']).to eq(false)
       end
 
       it 'does not update that a developer can push' do
         put api("/projects/#{project.id}/repository/branches/#{protected_branch}/protect", user),
-          developers_can_push: 'foobar'
+          developers_can_push: 'foobar', developers_can_merge: 'foo'
 
         expect(response).to have_http_status(200)
         expect(json_response['name']).to eq(protected_branch)
         expect(json_response['protected']).to eq(true)
         expect(json_response['developers_can_push']).to eq(true)
+        expect(json_response['developers_can_merge']).to eq(true)
       end
     end