56e65268d7
Org-level branch protection rules previously supported team-only allowlists. This adds per-user allowlists (resolved by username OR email) and "allow the actions bot" toggles for the push, merge and force-push allowlists, plus a per-user approvals allowlist -- mirroring the repo-level ProtectedBranch fields exactly. These carry through ToProtectedBranch() into the standard enforcement path. Model: add WhitelistUserIDs/MergeWhitelistUserIDs/ ForcePushAllowlistUserIDs/ApprovalsWhitelistUserIDs ([]int64 JSON) and WhitelistActionsUser/MergeWhitelistActionsUser/ ForcePushAllowlistActionsUser (bool) to OrgProtectedBranch, and copy them in ToProtectedBranch(). Migration 362 (v368-style file v363.go): additive columns via x.Sync. API: new resolveUserIDs helper (username-then-email lookup, dedupe, 422 on unknown); Create/Edit set the new fields gated on the matching Enable* flags; GET resolves stored user IDs back to usernames and returns the actions-user bools. DTOs: add *Usernames []string + *ActionsUser bool to the Create/Edit/ response structs, using the same json names as repo_branch.go. Swagger: register OrgBranchProtection(/List) responses and the Create/Edit option bodies; regenerate specs for the org endpoints. Delete allowlists are intentionally omitted -- org branch protection has no delete-allowlist concept (no CanDelete/EnableDeleteAllowlist/ DeleteAllowlistTeamIDs), so there is no team allowlist to extend. Claude-Session: https://claude.ai/code/session_01Wsno14cxE49MstXFs9G5KT