Allow auditor users to access MR approvals get configuration API
What does this MR do and why?
Describe in detail what your merge request does and why.
Closes #353292 (closed)
This MR allows auditors to access the get configuration API endpoint (GET /projects/:id/approvals
).
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Switch to the
master
branch and visit GitLab in your browser. Login as an admin user and attempt to visithttps://gitlab.example.com/api/v4/projects/:id/approvals
. You should see a200
, and it should return JSON. - Impersonate an auditor account and attempt to visit
https://gitlab.example.com/api/v4/projects/:id/approvals
. You should see a403
. This is expected. - Switch to the
auditor-enable-mr-approvals-endpoint
branch. - In the address bar, attempt to visit
https://gitlab.example.com/api/v4/projects/:id/approvals
. You should see a200
, and it should return JSON.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Anton Smith