Skip to content

Ensure the approvals can not be changed after merge

What does this MR do and why?

After a merge request is merged, the user's should not be allowed to approve/unapprove.

To Test:

  • Find a merged MR that you haven't approved
  • Try to approve through the quick actions
  • Find a merge MR that you have approved
  • Try to unapprove through the quick actions
curl -X POST -H "PRIVATE-TOKEN: TOKEN" "http://localhost:3000/api/v4/projects/PROJECT_ID/merge_requests/MERGE_REQUEST_IID/approve"

curl -X POST -H "PRIVATE-TOKEN: TOKEN" "http://localhost:3000/api/v4/projects/PROJECT_ID/merge_requests/MERGE_REQUEST_IID/unapprove"

Related to #424340 (closed)

Edited by Patrick Bajao

Merge request reports

Loading