REST API allows unsafe branch archiving via PATCH

[jnovinger]

Plugin Version

v0.7.1

NetBox Version

v4.4.5

Python Version

3.13.9

Steps to Reproduce

1. Create and merge a branch via the API
2. Send a PATCH request to /api/plugins/branching/branches/{id}/ with body:

   {
     "status": "archived"
   }

3. Observe that the branch status changes to "archived" but the schema remains provisioned

Expected Behavior

The API should either:

• Reject the PATCH with a 400 error indicating that archiving requires using a dedicated endpoint
• OR automatically trigger the full deprovisioning workflow when status is changed to "archived"

The UI archive flow properly calls branch.archive(user) which deprovisions the schema before setting the status.

Observed Behavior

The API accepts the PATCH and changes the status to "archived" without deprovisioning the branch's schema. Thisleaves the PostgreSQL schema and tables orphaned in the database, creates potential data exposure risks, and bypasses the proper branch.archive() method which handles cleanup.

[jnovinger]

Some follow up observations: the BranchViewSet in api/views.py has action endpoints for sync, merge, and revert operations, but is missing an archive action endpoint. Meanwhile, the BranchSerializer exposes the status field as writable, allowing direct status changes that bypass the model's .archive() method. I propose fixing this way:

1. Add an @action endpoint for archiving (following the pattern of existing sync/merge/revert endpoints):

@action(detail=True, methods=['post'])
def archive(self, request, pk):
    """
    Archive a merged branch, deprovisioning its schema.
    """
    if not request.user.has_perm('netbox_branching.archive_branch'):
        raise PermissionDenied("This user does not have permission to archive branches.")

    branch = self.get_object()
    if not branch.can_archive:
        return HttpResponseBadRequest("Archiving this branch is not permitted.")

    branch.archive(user=request.user)

    serializer = self.get_serializer(branch)
    return Response(serializer.data)

2. Either make the status field read-only in BranchSerializer, or add validation to reject attempts to directly set status to "archived" with a helpful error message pointing to the archive endpoint.