1 files changed, 64 insertions, 8 deletions

diff --git a/lib/api/protected_branches.rb b/lib/api/protected_branches.rb
index 38bafac25b2..786045684b8 100644
--- a/lib/api/protected_branches.rb
+++ b/lib/api/protected_branches.rb
@@ -13,15 +13,23 @@ module API
     helpers Helpers::ProtectedBranchesHelpers
 
     params do
-      requires :id, type: String, desc: 'The ID of a project'
+      requires :id,
+        types: [String, Integer],
+        desc: 'The ID or URL-encoded path of the project',
+        documentation: { example: 'gitlab-org/gitlab' }
     end
     resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
       desc "Get a project's protected branches" do
-        success Entities::ProtectedBranch
+        success code: 200, model: Entities::ProtectedBranch
+        is_array true
+        failure [
+          { code: 404, message: '404 Project Not Found' },
+          { code: 401, message: '401 Unauthorized' }
+        ]
       end
       params do
         use :pagination
-        optional :search, type: String, desc: 'Search for a protected branch by name'
+        optional :search, type: String, desc: 'Search for a protected branch by name', documentation: { example: 'mai' }
       end
       # rubocop: disable CodeReuse/ActiveRecord
       get ':id/protected_branches' do
@@ -36,10 +44,14 @@ module API
       # rubocop: enable CodeReuse/ActiveRecord
 
       desc 'Get a single protected branch' do
-        success Entities::ProtectedBranch
+        success code: 200, model: Entities::ProtectedBranch
+        failure [
+          { code: 404, message: '404 Project Not Found' },
+          { code: 401, message: '401 Unauthorized' }
+        ]
       end
       params do
-        requires :name, type: String, desc: 'The name of the branch or wildcard'
+        requires :name, type: String, desc: 'The name of the branch or wildcard', documentation: { example: 'main' }
       end
       # rubocop: disable CodeReuse/ActiveRecord
       get ':id/protected_branches/:name', requirements: BRANCH_ENDPOINT_REQUIREMENTS do
@@ -50,10 +62,16 @@ module API
       # rubocop: enable CodeReuse/ActiveRecord
 
       desc 'Protect a single branch' do
-        success Entities::ProtectedBranch
+        success code: 201, model: Entities::ProtectedBranch
+        failure [
+          { code: 422, message: 'name is missing' },
+          { code: 409, message: "Protected branch 'main' already exists" },
+          { code: 404, message: '404 Project Not Found' },
+          { code: 401, message: '401 Unauthorized' }
+        ]
       end
       params do
-        requires :name, type: String, desc: 'The name of the protected branch'
+        requires :name, type: String, desc: 'The name of the protected branch', documentation: { example: 'main' }
         optional :push_access_level, type: Integer,
                                      values: ProtectedBranch::PushAccessLevel.allowed_access_levels,
                                      desc: 'Access levels allowed to push (defaults: `40`, maintainer access level)'
@@ -86,9 +104,47 @@ module API
       end
       # rubocop: enable CodeReuse/ActiveRecord
 
+      desc 'Update a protected branch' do
+        success code: 200, model: Entities::ProtectedBranch
+        failure [
+          { code: 422, message: 'Push access levels access level has already been taken' },
+          { code: 404, message: '404 Project Not Found' },
+          { code: 401, message: '401 Unauthorized' }
+        ]
+      end
+      params do
+        requires :name, type: String, desc: 'The name of the branch', documentation: { example: 'main' }
+        optional :allow_force_push, type: Boolean,
+                                    desc: 'Allow force push for all users with push access.'
+
+        use :optional_params_ee
+      end
+      # rubocop: disable CodeReuse/ActiveRecord
+      patch ':id/protected_branches/:name', requirements: BRANCH_ENDPOINT_REQUIREMENTS do
+        protected_branch = user_project.protected_branches.find_by!(name: params[:name])
+
+        declared_params = declared_params(include_missing: false)
+        api_service = ::ProtectedBranches::ApiService.new(user_project, current_user, declared_params)
+        protected_branch = api_service.update(protected_branch)
+
+        if protected_branch.valid?
+          present protected_branch, with: Entities::ProtectedBranch, project: user_project
+        else
+          render_api_error!(protected_branch.errors.full_messages, 422)
+        end
+      end
+      # rubocop: enable CodeReuse/ActiveRecord
+
       desc 'Unprotect a single branch'
       params do
-        requires :name, type: String, desc: 'The name of the protected branch'
+        requires :name, type: String, desc: 'The name of the protected branch', documentation: { example: 'main' }
+      end
+      desc 'Unprotect a single branch' do
+        success code: 204
+        failure [
+          { code: 404, message: '404 Project Not Found' },
+          { code: 401, message: '401 Unauthorized' }
+        ]
       end
       # rubocop: disable CodeReuse/ActiveRecord
       delete ':id/protected_branches/:name', requirements: BRANCH_ENDPOINT_REQUIREMENTS, urgency: :low do