GitLab API Protected branches with allowed_to_push and allowed_to_merge

I’m attempt to use the GitLab API to set a protected branch and to allow pushes and merges by a specific access level (Devs and Masters) and also by a specific group.

From looking at the API documentation I’m using a CURL request:

curl --request POST --header “PRIVATE-TOKEN: XXX” ‘[][group_id]=282&allowed_to_merge[][group_id]=282

But I get the following error:
{“message”:[“Cannot add users or groups unless they have access to the project”]}

However the group I’m trying trying to give access to push/merge is valid and has access to the project.
In fact this seems to be an issue with using the allowed_to_push and allowed_to_merge at the same time.

If I use the allowed_to_push or allowed_to_merge parameter individually without the other:

curl --request POST --header “PRIVATE-TOKEN: XXX” ‘[][group_id]=282


curl --request POST --header “PRIVATE-TOKEN: XXX” ‘[][group_id]=282

Then the command runs as expected, I may not be formatting these correctly together, as these are supposed to be array values so any help would be appreciated. Obviously I can do this in the Web API, but I have to set this for a large number of projects and so the API is the way to go.

The version of GitLab is: GitLab Enterprise Edition 10.7.3-ee

I’ve also tried with content type JSON:

curl --request POST --header “PRIVATE-TOKEN: XXX” -H “Content-Type: application/json” -d ‘{“name”:“XXXdev”, “allowed_to_push”: [{“access_level”: 30}, {“group_id”: 282}], “allowed_to_merge”: [{“access_level”: 30}, {“group_id”: 282}]}’

But get the same error as above, so the issue does seem to be with trying to set allowed_to_push and allowed_to_merge at the same time.

This appears to be related to: which is being worked on and hopefully a fix will be released soon.