Draft: Authorize using admin_merge_request_approval_settings in REST API (!140828) · Merge requests · GitLab.org / GitLab

Hinam Mehra requested to merge 435126-fix-approval-rule-settings-rest-api into master Jan 03, 2024

What does this MR do and why?

According to the permission matrix only maintainers or owners are allowed to manage approval rules. Hence, update the permissions in REST API to check for admin_merge_request_approval_settings policy when returning approval rules for a project or merge request.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

No change

How to set up and validate locally

The steps to reproduce are listed in the issue description of #435126 (closed)

Related to #435126 (closed)

Draft: Authorize using admin_merge_request_approval_settings in REST API

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports