Permit File Locking to Lock Files across All branches
Problem to solve
GitLab's File Locking feature should lock a particular file for all branches, not just the default branch. GitLab's File Locking Feature currently only prevents merges into the Default Branch (typically master although can be changed Settings > Repository > Default Branch). This is misleading as it allows users to modify locked files in any other branch.
This is a problem when there are particular repository files that need to be protected from users with developer access.
Intended users
Further details
A benefit of this is to protect developers from modifying the .gitlab-ci.yml and/or any files executed or referenced the .gitlab-ci.yml. Suppose I have a .gitlab-ci.yml that utilizes Maven to run pom.xml file. I could potentially rewrite the pom.xml file to expose a GitLab CI Variable containing a secret to an external service. As of 12.6, I can prevent users from modifying the .gitlab-ci.yml file, but it does not prevent users from modifying files used by the .gitlab-ci.yml file.
Proposal
Per @fjsanpedro, it should be possible to lock all files regardless of whether or the change is applied to the default branch due to updates to the API. The code ignoring all non-default branches is in the git_access.rb file.
Permissions and Security
The proposed change is in line with how the File Locking documentation is written as there is no indication that it only protects the default branch.
Documentation
No documentation should need to be changed - although we could explicitly declare that file locks will lock the file across all branches.
https://docs.gitlab.com/ee/user/project/file_lock.html
Testing
This change ought to be tested both in making commits via the Git CLI as well as the Web IDE to ensure that proper errors are returned.
What does success look like, and how can we measure that?
We ought to no longer be able to push or merge to any branches where a file is locked by any user that is not the owner of the file lock.
What is the type of buyer?
Given that File Lock is a Premium feature, this would remain a Premium feature.