Approvers in approval rules are not removed when user is removed from project/group
Summary
When an user approver from approval rules is removed from project/group, they are still listed in the approvers in MR approval widget.
Steps to reproduce
- Add a user to a project/group
- Create an approval rule from Settings -> Merge Requests -> Merge request approvals -> Create approval rule with the user as approver
- Create a MR in the project and verify that the user is in approvers
- Now remove the user from the project/group
- Go the MR and the user is still in approvers
Example Project
What is the current bug behavior?
Users who no longer have access to project are listed in approvers
What is the expected correct behavior?
Removed users should not be listed in MR approvers
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
- We currently have
ProjectAuthorizations::AuthorizationsChangedEvent
event which is published whenever a newproject_authorizations
record is created/destroyed. We should probably update the event to publish the user_ids that are added/removed and create a handler for event to update theapproval_project_rules
andapproval_merge_request_rules
Edited by Sashi Kumar Kumaresan