From 26f0a9658d54dbea62fa4191065d3a7bcc5cbe22 Mon Sep 17 00:00:00 2001
From: Jarek Porzucek <17789797+jporzucek@users.noreply.github.com>
Date: Mon, 7 Nov 2022 16:44:59 +0100
Subject: [PATCH 1/5] Add support for users and teams push restrictions

---
 github/repos.go      | 184 ++++++++++++++++++++++++++++
 github/repos_test.go | 278 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 462 insertions(+)

diff --git a/github/repos.go b/github/repos.go
index bef81b3d89c..13f7c64b62e 100644
--- a/github/repos.go
+++ b/github/repos.go
@@ -1690,6 +1690,16 @@ func (s *RepositoriesService) ListApps(ctx context.Context, owner, repo, branch
 	return apps, resp, nil
 }
 
+// ListAppRestrictions lists the GitHub apps that have push access to a given protected branch.
+// It requires the GitHub apps to have `write` access to the `content` permission.
+//
+// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#get-apps-with-access-to-the-protected-branch
+//
+// Note: This is a wrapper around ListApps so a naming convention with ListUserRestrictions and ListTeamRestrictions is preserved.
+func (s *RepositoriesService) ListAppRestrictions(ctx context.Context, owner, repo, branch string) ([]*App, *Response, error) {
+	return s.ListApps(ctx, owner, repo, branch)
+}
+
 // ReplaceAppRestrictions replaces the apps that have push access to a given protected branch.
 // It removes all apps that previously had push access and grants push access to the new list of apps.
 // It requires the GitHub apps to have `write` access to the `content` permission.
@@ -1757,6 +1767,180 @@ func (s *RepositoriesService) RemoveAppRestrictions(ctx context.Context, owner,
 	return apps, resp, nil
 }
 
+// ListTeamRestrictions lists the GitHub teams that have push access to a given protected branch.
+// It requires the GitHub teams to have `write` access to the `content` permission.
+//
+// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#get-teams-with-access-to-the-protected-branch
+func (s *RepositoriesService) ListTeamRestrictions(ctx context.Context, owner, repo, branch string) ([]*Team, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/teams", owner, repo, branch)
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var teams []*Team
+	resp, err := s.client.Do(ctx, req, &teams)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return teams, resp, nil
+}
+
+// ReplaceTeamRestrictions replaces the team that have push access to a given protected branch.
+// It removes all teams that previously had push access and grants push access to the new list of teams.
+// It requires the GitHub teams to have `write` access to the `content` permission.
+//
+// Note: The list of users, apps, and teams in total is limited to 100 items.
+//
+// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#set-team-access-restrictions
+func (s *RepositoriesService) ReplaceTeamRestrictions(ctx context.Context, owner, repo, branch string, slug []string) ([]*Team, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/teams", owner, repo, branch)
+	req, err := s.client.NewRequest("PUT", u, slug)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var teams []*Team
+	resp, err := s.client.Do(ctx, req, &teams)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return teams, resp, nil
+}
+
+// AddTeamRestrictions grants the specified teams push access to a given protected branch.
+// It requires the GitHub teams to have `write` access to the `content` permission.
+//
+// Note: The list of users, apps, and teams in total is limited to 100 items.
+//
+// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#add-team-access-restrictions
+func (s *RepositoriesService) AddTeamRestrictions(ctx context.Context, owner, repo, branch string, slug []string) ([]*Team, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/teams", owner, repo, branch)
+	req, err := s.client.NewRequest("POST", u, slug)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var teams []*Team
+	resp, err := s.client.Do(ctx, req, &teams)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return teams, resp, nil
+}
+
+// RemoveTeamRestrictions removes the ability of an team to push to this branch.
+// It requires the GitHub teams to have `write` access to the `content` permission.
+//
+// Note: The list of users, apps, and teams in total is limited to 100 items.
+//
+// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#remove-team-access-restrictions
+func (s *RepositoriesService) RemoveTeamRestrictions(ctx context.Context, owner, repo, branch string, slug []string) ([]*Team, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/teams", owner, repo, branch)
+	req, err := s.client.NewRequest("DELETE", u, slug)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var teams []*Team
+	resp, err := s.client.Do(ctx, req, &teams)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return teams, resp, nil
+}
+
+// ListUserRestrictions lists the GitHub users that have push access to a given protected branch.
+// It requires the GitHub users to have `write` access to the `content` permission.
+//
+// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#get-users-with-access-to-the-protected-branch
+func (s *RepositoriesService) ListUserRestrictions(ctx context.Context, owner, repo, branch string) ([]*User, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/users", owner, repo, branch)
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var users []*User
+	resp, err := s.client.Do(ctx, req, &users)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return users, resp, nil
+}
+
+// ReplaceUserRestrictions replaces the team that have push access to a given protected branch.
+// It removes all users that previously had push access and grants push access to the new list of users.
+// It requires the GitHub users to have `write` access to the `content` permission.
+//
+// Note: The list of users, apps, and teams in total is limited to 100 items.
+//
+// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#set-team-access-restrictions
+func (s *RepositoriesService) ReplaceUserRestrictions(ctx context.Context, owner, repo, branch string, slug []string) ([]*User, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/users", owner, repo, branch)
+	req, err := s.client.NewRequest("PUT", u, slug)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var users []*User
+	resp, err := s.client.Do(ctx, req, &users)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return users, resp, nil
+}
+
+// AddUserRestrictions grants the specified users push access to a given protected branch.
+// It requires the GitHub users to have `write` access to the `content` permission.
+//
+// Note: The list of users, apps, and teams in total is limited to 100 items.
+//
+// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#add-team-access-restrictions
+func (s *RepositoriesService) AddUserRestrictions(ctx context.Context, owner, repo, branch string, slug []string) ([]*User, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/users", owner, repo, branch)
+	req, err := s.client.NewRequest("POST", u, slug)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var users []*User
+	resp, err := s.client.Do(ctx, req, &users)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return users, resp, nil
+}
+
+// RemoveUserRestrictions removes the ability of an team to push to this branch.
+// It requires the GitHub users to have `write` access to the `content` permission.
+//
+// Note: The list of users, apps, and teams in total is limited to 100 items.
+//
+// GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#remove-team-access-restrictions
+func (s *RepositoriesService) RemoveUserRestrictions(ctx context.Context, owner, repo, branch string, slug []string) ([]*User, *Response, error) {
+	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/users", owner, repo, branch)
+	req, err := s.client.NewRequest("DELETE", u, slug)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var users []*User
+	resp, err := s.client.Do(ctx, req, &users)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return users, resp, nil
+}
+
 // TransferRequest represents a request to transfer a repository.
 type TransferRequest struct {
 	NewOwner string  `json:"new_owner"`
diff --git a/github/repos_test.go b/github/repos_test.go
index bcaa7d3d615..79f5cd68ab9 100644
--- a/github/repos_test.go
+++ b/github/repos_test.go
@@ -2853,6 +2853,284 @@ func TestRepositoriesService_RemoveAppRestrictions(t *testing.T) {
 	})
 }
 
+func TestRepositoriesService_ListTeamRestrictions(t *testing.T) {
+	client, mux, _, teardown := setup()
+	defer teardown()
+
+	mux.HandleFunc("/repos/o/r/branches/b/protection/restrictions/teams", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, "GET")
+	})
+
+	ctx := context.Background()
+	_, _, err := client.Repositories.ListTeamRestrictions(ctx, "o", "r", "b")
+	if err != nil {
+		t.Errorf("Repositories.ListTeamRestrictions returned error: %v", err)
+	}
+
+	const methodName = "ListTeamRestrictions"
+	testBadOptions(t, methodName, func() (err error) {
+		_, _, err = client.Repositories.ListTeamRestrictions(ctx, "\n", "\n", "\n")
+		return err
+	})
+
+	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
+		got, resp, err := client.Repositories.ListTeamRestrictions(ctx, "o", "r", "b")
+		if got != nil {
+			t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got)
+		}
+		return resp, err
+	})
+}
+
+func TestRepositoriesService_ReplaceTeamRestrictions(t *testing.T) {
+	client, mux, _, teardown := setup()
+	defer teardown()
+
+	mux.HandleFunc("/repos/o/r/branches/b/protection/restrictions/teams", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, "PUT")
+		fmt.Fprint(w, `[{
+				"name": "octocat"
+			}]`)
+	})
+	input := []string{"octocat"}
+	ctx := context.Background()
+	got, _, err := client.Repositories.ReplaceTeamRestrictions(ctx, "o", "r", "b", input)
+	if err != nil {
+		t.Errorf("Repositories.ReplaceTeamRestrictions returned error: %v", err)
+	}
+	want := []*Team{
+		{Name: String("octocat")},
+	}
+	if !cmp.Equal(got, want) {
+		t.Errorf("Repositories.ReplaceTeamRestrictions returned %+v, want %+v", got, want)
+	}
+
+	const methodName = "ReplaceTeamRestrictions"
+	testBadOptions(t, methodName, func() (err error) {
+		_, _, err = client.Repositories.ReplaceTeamRestrictions(ctx, "\n", "\n", "\n", input)
+		return err
+	})
+
+	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
+		got, resp, err := client.Repositories.ReplaceTeamRestrictions(ctx, "o", "r", "b", input)
+		if got != nil {
+			t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got)
+		}
+		return resp, err
+	})
+}
+
+func TestRepositoriesService_AddTeamRestrictions(t *testing.T) {
+	client, mux, _, teardown := setup()
+	defer teardown()
+
+	mux.HandleFunc("/repos/o/r/branches/b/protection/restrictions/teams", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, "POST")
+		fmt.Fprint(w, `[{
+				"name": "octocat"
+			}]`)
+	})
+	input := []string{"octocat"}
+	ctx := context.Background()
+	got, _, err := client.Repositories.AddTeamRestrictions(ctx, "o", "r", "b", input)
+	if err != nil {
+		t.Errorf("Repositories.AddTeamRestrictions returned error: %v", err)
+	}
+	want := []*Team{
+		{Name: String("octocat")},
+	}
+	if !cmp.Equal(got, want) {
+		t.Errorf("Repositories.AddTeamRestrictions returned %+v, want %+v", got, want)
+	}
+
+	const methodName = "AddTeamRestrictions"
+	testBadOptions(t, methodName, func() (err error) {
+		_, _, err = client.Repositories.AddTeamRestrictions(ctx, "\n", "\n", "\n", input)
+		return err
+	})
+
+	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
+		got, resp, err := client.Repositories.AddTeamRestrictions(ctx, "o", "r", "b", input)
+		if got != nil {
+			t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got)
+		}
+		return resp, err
+	})
+}
+
+func TestRepositoriesService_RemoveTeamRestrictions(t *testing.T) {
+	client, mux, _, teardown := setup()
+	defer teardown()
+
+	mux.HandleFunc("/repos/o/r/branches/b/protection/restrictions/teams", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, "DELETE")
+		fmt.Fprint(w, `[]`)
+	})
+	input := []string{"octocat"}
+	ctx := context.Background()
+	got, _, err := client.Repositories.RemoveTeamRestrictions(ctx, "o", "r", "b", input)
+	if err != nil {
+		t.Errorf("Repositories.RemoveTeamRestrictions returned error: %v", err)
+	}
+	want := []*Team{}
+	if !cmp.Equal(got, want) {
+		t.Errorf("Repositories.RemoveTeamRestrictions returned %+v, want %+v", got, want)
+	}
+
+	const methodName = "RemoveTeamRestrictions"
+	testBadOptions(t, methodName, func() (err error) {
+		_, _, err = client.Repositories.RemoveTeamRestrictions(ctx, "\n", "\n", "\n", input)
+		return err
+	})
+
+	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
+		got, resp, err := client.Repositories.RemoveTeamRestrictions(ctx, "o", "r", "b", input)
+		if got != nil {
+			t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got)
+		}
+		return resp, err
+	})
+}
+
+func TestRepositoriesService_ListUserRestrictions(t *testing.T) {
+	client, mux, _, teardown := setup()
+	defer teardown()
+
+	mux.HandleFunc("/repos/o/r/branches/b/protection/restrictions/users", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, "GET")
+	})
+
+	ctx := context.Background()
+	_, _, err := client.Repositories.ListUserRestrictions(ctx, "o", "r", "b")
+	if err != nil {
+		t.Errorf("Repositories.ListUserRestrictions returned error: %v", err)
+	}
+
+	const methodName = "ListUserRestrictions"
+	testBadOptions(t, methodName, func() (err error) {
+		_, _, err = client.Repositories.ListUserRestrictions(ctx, "\n", "\n", "\n")
+		return err
+	})
+
+	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
+		got, resp, err := client.Repositories.ListUserRestrictions(ctx, "o", "r", "b")
+		if got != nil {
+			t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got)
+		}
+		return resp, err
+	})
+}
+
+func TestRepositoriesService_ReplaceUserRestrictions(t *testing.T) {
+	client, mux, _, teardown := setup()
+	defer teardown()
+
+	mux.HandleFunc("/repos/o/r/branches/b/protection/restrictions/users", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, "PUT")
+		fmt.Fprint(w, `[{
+				"name": "octocat"
+			}]`)
+	})
+	input := []string{"octocat"}
+	ctx := context.Background()
+	got, _, err := client.Repositories.ReplaceUserRestrictions(ctx, "o", "r", "b", input)
+	if err != nil {
+		t.Errorf("Repositories.ReplaceUserRestrictions returned error: %v", err)
+	}
+	want := []*User{
+		{Name: String("octocat")},
+	}
+	if !cmp.Equal(got, want) {
+		t.Errorf("Repositories.ReplaceUserRestrictions returned %+v, want %+v", got, want)
+	}
+
+	const methodName = "ReplaceUserRestrictions"
+	testBadOptions(t, methodName, func() (err error) {
+		_, _, err = client.Repositories.ReplaceUserRestrictions(ctx, "\n", "\n", "\n", input)
+		return err
+	})
+
+	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
+		got, resp, err := client.Repositories.ReplaceUserRestrictions(ctx, "o", "r", "b", input)
+		if got != nil {
+			t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got)
+		}
+		return resp, err
+	})
+}
+
+func TestRepositoriesService_AddUserRestrictions(t *testing.T) {
+	client, mux, _, teardown := setup()
+	defer teardown()
+
+	mux.HandleFunc("/repos/o/r/branches/b/protection/restrictions/users", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, "POST")
+		fmt.Fprint(w, `[{
+				"name": "octocat"
+			}]`)
+	})
+	input := []string{"octocat"}
+	ctx := context.Background()
+	got, _, err := client.Repositories.AddUserRestrictions(ctx, "o", "r", "b", input)
+	if err != nil {
+		t.Errorf("Repositories.AddUserRestrictions returned error: %v", err)
+	}
+	want := []*User{
+		{Name: String("octocat")},
+	}
+	if !cmp.Equal(got, want) {
+		t.Errorf("Repositories.AddUserRestrictions returned %+v, want %+v", got, want)
+	}
+
+	const methodName = "AddUserRestrictions"
+	testBadOptions(t, methodName, func() (err error) {
+		_, _, err = client.Repositories.AddUserRestrictions(ctx, "\n", "\n", "\n", input)
+		return err
+	})
+
+	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
+		got, resp, err := client.Repositories.AddUserRestrictions(ctx, "o", "r", "b", input)
+		if got != nil {
+			t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got)
+		}
+		return resp, err
+	})
+}
+
+func TestRepositoriesService_RemoveUserRestrictions(t *testing.T) {
+	client, mux, _, teardown := setup()
+	defer teardown()
+
+	mux.HandleFunc("/repos/o/r/branches/b/protection/restrictions/users", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, "DELETE")
+		fmt.Fprint(w, `[]`)
+	})
+	input := []string{"octocat"}
+	ctx := context.Background()
+	got, _, err := client.Repositories.RemoveUserRestrictions(ctx, "o", "r", "b", input)
+	if err != nil {
+		t.Errorf("Repositories.RemoveUserRestrictions returned error: %v", err)
+	}
+	want := []*User{}
+	if !cmp.Equal(got, want) {
+		t.Errorf("Repositories.RemoveUserRestrictions returned %+v, want %+v", got, want)
+	}
+
+	const methodName = "RemoveUserRestrictions"
+	testBadOptions(t, methodName, func() (err error) {
+		_, _, err = client.Repositories.RemoveUserRestrictions(ctx, "\n", "\n", "\n", input)
+		return err
+	})
+
+	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
+		got, resp, err := client.Repositories.RemoveUserRestrictions(ctx, "o", "r", "b", input)
+		if got != nil {
+			t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got)
+		}
+		return resp, err
+	})
+}
+
 func TestRepositoriesService_Transfer(t *testing.T) {
 	client, mux, _, teardown := setup()
 	defer teardown()

From 2a2c37d207dc201f3f1a5cec257ba70967a37d54 Mon Sep 17 00:00:00 2001
From: Jarek Porzucek <17789797+jporzucek@users.noreply.github.com>
Date: Fri, 13 Jan 2023 13:34:29 +0100
Subject: [PATCH 2/5] Fix slug naming convention to reflect docs

---
 github/repos.go | 106 ++++++++++++++++++++++++------------------------
 1 file changed, 53 insertions(+), 53 deletions(-)

diff --git a/github/repos.go b/github/repos.go
index 13f7c64b62e..f1045a78d8f 100644
--- a/github/repos.go
+++ b/github/repos.go
@@ -1116,9 +1116,9 @@ type AdminEnforcement struct {
 type BranchRestrictions struct {
 	// The list of user logins with push access.
 	Users []*User `json:"users"`
-	// The list of team slugs with push access.
+	// The list of teams with push access.
 	Teams []*Team `json:"teams"`
-	// The list of app slugs with push access.
+	// The list of apps with push access.
 	Apps []*App `json:"apps"`
 }
 
@@ -1129,9 +1129,9 @@ type BranchRestrictions struct {
 type BranchRestrictionsRequest struct {
 	// The list of user logins with push access. (Required; use []string{} instead of nil for empty list.)
 	Users []string `json:"users"`
-	// The list of team slugs with push access. (Required; use []string{} instead of nil for empty list.)
+	// The list of teams with push access. (Required; use []string{} instead of nil for empty list.)
 	Teams []string `json:"teams"`
-	// The list of app slugs with push access.
+	// The list of apps with push access.
 	Apps []string `json:"apps"`
 }
 
@@ -1152,9 +1152,9 @@ type BypassPullRequestAllowances struct {
 type BypassPullRequestAllowancesRequest struct {
 	// The list of user logins allowed to bypass pull request requirements.
 	Users []string `json:"users"`
-	// The list of team slugs allowed to bypass pull request requirements.
+	// The list of teams allowed to bypass pull request requirements.
 	Teams []string `json:"teams"`
-	// The list of app slugs allowed to bypass pull request requirements.
+	// The list of apps allowed to bypass pull request requirements.
 	Apps []string `json:"apps"`
 }
 
@@ -1176,7 +1176,7 @@ type DismissalRestrictions struct {
 type DismissalRestrictionsRequest struct {
 	// The list of user logins who can dismiss pull request reviews. (Required; use nil to disable dismissal_restrictions or &[]string{} otherwise.)
 	Users *[]string `json:"users,omitempty"`
-	// The list of team slugs which can dismiss pull request reviews. (Required; use nil to disable dismissal_restrictions or &[]string{} otherwise.)
+	// The list of teams which can dismiss pull request reviews. (Required; use nil to disable dismissal_restrictions or &[]string{} otherwise.)
 	Teams *[]string `json:"teams,omitempty"`
 	// The list of apps which can dismiss pull request reviews. (Required; use nil to disable dismissal_restrictions or &[]string{} otherwise.)
 	Apps *[]string `json:"apps,omitempty"`
@@ -1707,20 +1707,20 @@ func (s *RepositoriesService) ListAppRestrictions(ctx context.Context, owner, re
 // Note: The list of users, apps, and teams in total is limited to 100 items.
 //
 // GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#set-app-access-restrictions
-func (s *RepositoriesService) ReplaceAppRestrictions(ctx context.Context, owner, repo, branch string, slug []string) ([]*App, *Response, error) {
+func (s *RepositoriesService) ReplaceAppRestrictions(ctx context.Context, owner, repo, branch string, apps []string) ([]*App, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/apps", owner, repo, branch)
-	req, err := s.client.NewRequest("PUT", u, slug)
+	req, err := s.client.NewRequest("PUT", u, apps)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	var apps []*App
-	resp, err := s.client.Do(ctx, req, &apps)
+	var newApps []*App
+	resp, err := s.client.Do(ctx, req, &newApps)
 	if err != nil {
 		return nil, resp, err
 	}
 
-	return apps, resp, nil
+	return newApps, resp, nil
 }
 
 // AddAppRestrictions grants the specified apps push access to a given protected branch.
@@ -1729,20 +1729,20 @@ func (s *RepositoriesService) ReplaceAppRestrictions(ctx context.Context, owner,
 // Note: The list of users, apps, and teams in total is limited to 100 items.
 //
 // GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#add-app-access-restrictions
-func (s *RepositoriesService) AddAppRestrictions(ctx context.Context, owner, repo, branch string, slug []string) ([]*App, *Response, error) {
+func (s *RepositoriesService) AddAppRestrictions(ctx context.Context, owner, repo, branch string, apps []string) ([]*App, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/apps", owner, repo, branch)
-	req, err := s.client.NewRequest("POST", u, slug)
+	req, err := s.client.NewRequest("POST", u, apps)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	var apps []*App
-	resp, err := s.client.Do(ctx, req, &apps)
+	var newApps []*App
+	resp, err := s.client.Do(ctx, req, &newApps)
 	if err != nil {
 		return nil, resp, err
 	}
 
-	return apps, resp, nil
+	return newApps, resp, nil
 }
 
 // RemoveAppRestrictions removes the ability of an app to push to this branch.
@@ -1751,20 +1751,20 @@ func (s *RepositoriesService) AddAppRestrictions(ctx context.Context, owner, rep
 // Note: The list of users, apps, and teams in total is limited to 100 items.
 //
 // GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#remove-app-access-restrictions
-func (s *RepositoriesService) RemoveAppRestrictions(ctx context.Context, owner, repo, branch string, slug []string) ([]*App, *Response, error) {
+func (s *RepositoriesService) RemoveAppRestrictions(ctx context.Context, owner, repo, branch string, apps []string) ([]*App, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/apps", owner, repo, branch)
-	req, err := s.client.NewRequest("DELETE", u, slug)
+	req, err := s.client.NewRequest("DELETE", u, apps)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	var apps []*App
-	resp, err := s.client.Do(ctx, req, &apps)
+	var newApps []*App
+	resp, err := s.client.Do(ctx, req, &newApps)
 	if err != nil {
 		return nil, resp, err
 	}
 
-	return apps, resp, nil
+	return newApps, resp, nil
 }
 
 // ListTeamRestrictions lists the GitHub teams that have push access to a given protected branch.
@@ -1788,26 +1788,26 @@ func (s *RepositoriesService) ListTeamRestrictions(ctx context.Context, owner, r
 }
 
 // ReplaceTeamRestrictions replaces the team that have push access to a given protected branch.
-// It removes all teams that previously had push access and grants push access to the new list of teams.
+// This removes all teams that previously had push access and grants push access to the new list of teams.
 // It requires the GitHub teams to have `write` access to the `content` permission.
 //
 // Note: The list of users, apps, and teams in total is limited to 100 items.
 //
 // GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#set-team-access-restrictions
-func (s *RepositoriesService) ReplaceTeamRestrictions(ctx context.Context, owner, repo, branch string, slug []string) ([]*Team, *Response, error) {
+func (s *RepositoriesService) ReplaceTeamRestrictions(ctx context.Context, owner, repo, branch string, teams []string) ([]*Team, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/teams", owner, repo, branch)
-	req, err := s.client.NewRequest("PUT", u, slug)
+	req, err := s.client.NewRequest("PUT", u, teams)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	var teams []*Team
-	resp, err := s.client.Do(ctx, req, &teams)
+	var newTeams []*Team
+	resp, err := s.client.Do(ctx, req, &newTeams)
 	if err != nil {
 		return nil, resp, err
 	}
 
-	return teams, resp, nil
+	return newTeams, resp, nil
 }
 
 // AddTeamRestrictions grants the specified teams push access to a given protected branch.
@@ -1816,20 +1816,20 @@ func (s *RepositoriesService) ReplaceTeamRestrictions(ctx context.Context, owner
 // Note: The list of users, apps, and teams in total is limited to 100 items.
 //
 // GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#add-team-access-restrictions
-func (s *RepositoriesService) AddTeamRestrictions(ctx context.Context, owner, repo, branch string, slug []string) ([]*Team, *Response, error) {
+func (s *RepositoriesService) AddTeamRestrictions(ctx context.Context, owner, repo, branch string, teams []string) ([]*Team, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/teams", owner, repo, branch)
-	req, err := s.client.NewRequest("POST", u, slug)
+	req, err := s.client.NewRequest("POST", u, teams)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	var teams []*Team
-	resp, err := s.client.Do(ctx, req, &teams)
+	var newTeams []*Team
+	resp, err := s.client.Do(ctx, req, &newTeams)
 	if err != nil {
 		return nil, resp, err
 	}
 
-	return teams, resp, nil
+	return newTeams, resp, nil
 }
 
 // RemoveTeamRestrictions removes the ability of an team to push to this branch.
@@ -1838,20 +1838,20 @@ func (s *RepositoriesService) AddTeamRestrictions(ctx context.Context, owner, re
 // Note: The list of users, apps, and teams in total is limited to 100 items.
 //
 // GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#remove-team-access-restrictions
-func (s *RepositoriesService) RemoveTeamRestrictions(ctx context.Context, owner, repo, branch string, slug []string) ([]*Team, *Response, error) {
+func (s *RepositoriesService) RemoveTeamRestrictions(ctx context.Context, owner, repo, branch string, teams []string) ([]*Team, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/teams", owner, repo, branch)
-	req, err := s.client.NewRequest("DELETE", u, slug)
+	req, err := s.client.NewRequest("DELETE", u, teams)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	var teams []*Team
-	resp, err := s.client.Do(ctx, req, &teams)
+	var newTeams []*Team
+	resp, err := s.client.Do(ctx, req, &newTeams)
 	if err != nil {
 		return nil, resp, err
 	}
 
-	return teams, resp, nil
+	return newTeams, resp, nil
 }
 
 // ListUserRestrictions lists the GitHub users that have push access to a given protected branch.
@@ -1881,20 +1881,20 @@ func (s *RepositoriesService) ListUserRestrictions(ctx context.Context, owner, r
 // Note: The list of users, apps, and teams in total is limited to 100 items.
 //
 // GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#set-team-access-restrictions
-func (s *RepositoriesService) ReplaceUserRestrictions(ctx context.Context, owner, repo, branch string, slug []string) ([]*User, *Response, error) {
+func (s *RepositoriesService) ReplaceUserRestrictions(ctx context.Context, owner, repo, branch string, users []string) ([]*User, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/users", owner, repo, branch)
-	req, err := s.client.NewRequest("PUT", u, slug)
+	req, err := s.client.NewRequest("PUT", u, users)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	var users []*User
-	resp, err := s.client.Do(ctx, req, &users)
+	var newUsers []*User
+	resp, err := s.client.Do(ctx, req, &newUsers)
 	if err != nil {
 		return nil, resp, err
 	}
 
-	return users, resp, nil
+	return newUsers, resp, nil
 }
 
 // AddUserRestrictions grants the specified users push access to a given protected branch.
@@ -1903,20 +1903,20 @@ func (s *RepositoriesService) ReplaceUserRestrictions(ctx context.Context, owner
 // Note: The list of users, apps, and teams in total is limited to 100 items.
 //
 // GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#add-team-access-restrictions
-func (s *RepositoriesService) AddUserRestrictions(ctx context.Context, owner, repo, branch string, slug []string) ([]*User, *Response, error) {
+func (s *RepositoriesService) AddUserRestrictions(ctx context.Context, owner, repo, branch string, users []string) ([]*User, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/users", owner, repo, branch)
-	req, err := s.client.NewRequest("POST", u, slug)
+	req, err := s.client.NewRequest("POST", u, users)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	var users []*User
-	resp, err := s.client.Do(ctx, req, &users)
+	var newUsers []*User
+	resp, err := s.client.Do(ctx, req, &newUsers)
 	if err != nil {
 		return nil, resp, err
 	}
 
-	return users, resp, nil
+	return newUsers, resp, nil
 }
 
 // RemoveUserRestrictions removes the ability of an team to push to this branch.
@@ -1925,20 +1925,20 @@ func (s *RepositoriesService) AddUserRestrictions(ctx context.Context, owner, re
 // Note: The list of users, apps, and teams in total is limited to 100 items.
 //
 // GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#remove-team-access-restrictions
-func (s *RepositoriesService) RemoveUserRestrictions(ctx context.Context, owner, repo, branch string, slug []string) ([]*User, *Response, error) {
+func (s *RepositoriesService) RemoveUserRestrictions(ctx context.Context, owner, repo, branch string, users []string) ([]*User, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/users", owner, repo, branch)
-	req, err := s.client.NewRequest("DELETE", u, slug)
+	req, err := s.client.NewRequest("DELETE", u, users)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	var users []*User
-	resp, err := s.client.Do(ctx, req, &users)
+	var newUsers []*User
+	resp, err := s.client.Do(ctx, req, &newUsers)
 	if err != nil {
 		return nil, resp, err
 	}
 
-	return users, resp, nil
+	return newUsers, resp, nil
 }
 
 // TransferRequest represents a request to transfer a repository.

From ff084be186dc09c270594206074a7860e26b1a07 Mon Sep 17 00:00:00 2001
From: Jarek Porzucek <17789797+jporzucek@users.noreply.github.com>
Date: Fri, 13 Jan 2023 18:18:03 +0100
Subject: [PATCH 3/5] Changed spelling

---
 github/repos.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/github/repos.go b/github/repos.go
index f1045a78d8f..b498725fa4e 100644
--- a/github/repos.go
+++ b/github/repos.go
@@ -1745,7 +1745,7 @@ func (s *RepositoriesService) AddAppRestrictions(ctx context.Context, owner, rep
 	return newApps, resp, nil
 }
 
-// RemoveAppRestrictions removes the ability of an app to push to this branch.
+// RemoveAppRestrictions removes the restrictions of an app from pushing to this branch.
 // It requires the GitHub apps to have `write` access to the `content` permission.
 //
 // Note: The list of users, apps, and teams in total is limited to 100 items.
@@ -1832,7 +1832,7 @@ func (s *RepositoriesService) AddTeamRestrictions(ctx context.Context, owner, re
 	return newTeams, resp, nil
 }
 
-// RemoveTeamRestrictions removes the ability of an team to push to this branch.
+// RemoveTeamRestrictions removes the restrictions of a team from pushing to this branch.
 // It requires the GitHub teams to have `write` access to the `content` permission.
 //
 // Note: The list of users, apps, and teams in total is limited to 100 items.
@@ -1919,7 +1919,7 @@ func (s *RepositoriesService) AddUserRestrictions(ctx context.Context, owner, re
 	return newUsers, resp, nil
 }
 
-// RemoveUserRestrictions removes the ability of an team to push to this branch.
+// RemoveUserRestrictions removes the restrictions of a user from pushing to this branch.
 // It requires the GitHub users to have `write` access to the `content` permission.
 //
 // Note: The list of users, apps, and teams in total is limited to 100 items.

From 5f741b82006743fad90fcc82fdd0aa75debf5e4b Mon Sep 17 00:00:00 2001
From: Jarek Porzucek <17789797+jporzucek@users.noreply.github.com>
Date: Sat, 14 Jan 2023 11:40:28 +0100
Subject: [PATCH 4/5] spelling

---
 github/repos.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/github/repos.go b/github/repos.go
index b498725fa4e..7689eaf9727 100644
--- a/github/repos.go
+++ b/github/repos.go
@@ -1874,7 +1874,7 @@ func (s *RepositoriesService) ListUserRestrictions(ctx context.Context, owner, r
 	return users, resp, nil
 }
 
-// ReplaceUserRestrictions replaces the team that have push access to a given protected branch.
+// ReplaceUserRestrictions replaces the user that have push access to a given protected branch.
 // It removes all users that previously had push access and grants push access to the new list of users.
 // It requires the GitHub users to have `write` access to the `content` permission.
 //

From 09e4fd0171f2c5e6741e02ec7aa9cbf8663a728f Mon Sep 17 00:00:00 2001
From: Jarek Porzucek <17789797+jporzucek@users.noreply.github.com>
Date: Mon, 16 Jan 2023 13:04:52 +0100
Subject: [PATCH 5/5] Addreess code review suggestions

---
 github/repos.go      | 18 ++++++++++--------
 github/repos_test.go | 12 ++++++------
 2 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/github/repos.go b/github/repos.go
index 7689eaf9727..3c98fded0d8 100644
--- a/github/repos.go
+++ b/github/repos.go
@@ -1116,9 +1116,9 @@ type AdminEnforcement struct {
 type BranchRestrictions struct {
 	// The list of user logins with push access.
 	Users []*User `json:"users"`
-	// The list of teams with push access.
+	// The list of team slugs with push access.
 	Teams []*Team `json:"teams"`
-	// The list of apps with push access.
+	// The list of app slugs with push access.
 	Apps []*App `json:"apps"`
 }
 
@@ -1129,9 +1129,9 @@ type BranchRestrictions struct {
 type BranchRestrictionsRequest struct {
 	// The list of user logins with push access. (Required; use []string{} instead of nil for empty list.)
 	Users []string `json:"users"`
-	// The list of teams with push access. (Required; use []string{} instead of nil for empty list.)
+	// The list of team slugs with push access. (Required; use []string{} instead of nil for empty list.)
 	Teams []string `json:"teams"`
-	// The list of apps with push access.
+	// The list of app slugs with push access.
 	Apps []string `json:"apps"`
 }
 
@@ -1152,9 +1152,9 @@ type BypassPullRequestAllowances struct {
 type BypassPullRequestAllowancesRequest struct {
 	// The list of user logins allowed to bypass pull request requirements.
 	Users []string `json:"users"`
-	// The list of teams allowed to bypass pull request requirements.
+	// The list of team slugs allowed to bypass pull request requirements.
 	Teams []string `json:"teams"`
-	// The list of apps allowed to bypass pull request requirements.
+	// The list of app slugs allowed to bypass pull request requirements.
 	Apps []string `json:"apps"`
 }
 
@@ -1176,9 +1176,9 @@ type DismissalRestrictions struct {
 type DismissalRestrictionsRequest struct {
 	// The list of user logins who can dismiss pull request reviews. (Required; use nil to disable dismissal_restrictions or &[]string{} otherwise.)
 	Users *[]string `json:"users,omitempty"`
-	// The list of teams which can dismiss pull request reviews. (Required; use nil to disable dismissal_restrictions or &[]string{} otherwise.)
+	// The list of team slugs which can dismiss pull request reviews. (Required; use nil to disable dismissal_restrictions or &[]string{} otherwise.)
 	Teams *[]string `json:"teams,omitempty"`
-	// The list of apps which can dismiss pull request reviews. (Required; use nil to disable dismissal_restrictions or &[]string{} otherwise.)
+	// The list of app slugs which can dismiss pull request reviews. (Required; use nil to disable dismissal_restrictions or &[]string{} otherwise.)
 	Apps *[]string `json:"apps,omitempty"`
 }
 
@@ -1674,6 +1674,8 @@ func (s *RepositoriesService) ReplaceAllTopics(ctx context.Context, owner, repo
 // It requires the GitHub apps to have `write` access to the `content` permission.
 //
 // GitHub API docs: https://docs.github.com/en/rest/branches/branch-protection#get-apps-with-access-to-the-protected-branch
+//
+// Deprecated: Please use ListAppRestrictions instead.
 func (s *RepositoriesService) ListApps(ctx context.Context, owner, repo, branch string) ([]*App, *Response, error) {
 	u := fmt.Sprintf("repos/%v/%v/branches/%v/protection/restrictions/apps", owner, repo, branch)
 	req, err := s.client.NewRequest("GET", u, nil)
diff --git a/github/repos_test.go b/github/repos_test.go
index 79f5cd68ab9..23dab10f766 100644
--- a/github/repos_test.go
+++ b/github/repos_test.go
@@ -2714,7 +2714,7 @@ func TestRepositoriesService_ReplaceAllTopics_emptySlice(t *testing.T) {
 	}
 }
 
-func TestRepositoriesService_ListApps(t *testing.T) {
+func TestRepositoriesService_ListAppRestrictions(t *testing.T) {
 	client, mux, _, teardown := setup()
 	defer teardown()
 
@@ -2723,19 +2723,19 @@ func TestRepositoriesService_ListApps(t *testing.T) {
 	})
 
 	ctx := context.Background()
-	_, _, err := client.Repositories.ListApps(ctx, "o", "r", "b")
+	_, _, err := client.Repositories.ListAppRestrictions(ctx, "o", "r", "b")
 	if err != nil {
-		t.Errorf("Repositories.ListApps returned error: %v", err)
+		t.Errorf("Repositories.ListAppRestrictions returned error: %v", err)
 	}
 
-	const methodName = "ListApps"
+	const methodName = "ListAppRestrictions"
 	testBadOptions(t, methodName, func() (err error) {
-		_, _, err = client.Repositories.ListApps(ctx, "\n", "\n", "\n")
+		_, _, err = client.Repositories.ListAppRestrictions(ctx, "\n", "\n", "\n")
 		return err
 	})
 
 	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
-		got, resp, err := client.Repositories.ListApps(ctx, "o", "r", "b")
+		got, resp, err := client.Repositories.ListAppRestrictions(ctx, "o", "r", "b")
 		if got != nil {
 			t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got)
 		}