Skip to content

Rebuild MR report approval rules on group access changes

Dominic Bauer requested to merge 359278-eligible-group-approvers-not-added into master

What does this MR do and why?

Scan result policies allow specifying merge request approvers by specifying their username or ID. Currently, when a user is referenced in a policy and only afterwards given project access through group membership, merge request approvers are not updated. Hence, the added user is unable to approve merge requests he is listed as approver for.

Project access changes are handled in !113681 (merged).

How to set up and validate locally

  1. Create a new group
  2. Create a new project within the group
  3. Create a Scan Result Policy that lists user_approvers without group/project access.
  4. Create a new MR and note that the MR rule lists no members
  5. Invite the one of the users listed in the policy to the group
  6. Verify the user is listed as a rule approver on the MR

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #359278 (closed)

Edited by Vitali Tatarintev

Merge request reports

Loading