Skip to content

Allow auditor users to access MR approvals get configuration API

Anton Smith requested to merge auditor-enable-mr-approvals-endpoint into master

What does this MR do and why?

Describe in detail what your merge request does and why.

Closes #353292 (closed)

This MR allows auditors to access the get configuration API endpoint (GET /projects/:id/approvals).

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

87347

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Switch to the master branch and visit GitLab in your browser. Login as an admin user and attempt to visit https://gitlab.example.com/api/v4/projects/:id/approvals. You should see a 200, and it should return JSON.
  2. Impersonate an auditor account and attempt to visit https://gitlab.example.com/api/v4/projects/:id/approvals. You should see a 403. This is expected.
  3. Switch to the auditor-enable-mr-approvals-endpoint branch.
  4. In the address bar, attempt to visit https://gitlab.example.com/api/v4/projects/:id/approvals. You should see a 200, and it should return JSON.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Anton Smith

Merge request reports

Loading