@@ -954,7 +954,7 @@ POST /projects/:id/merge_requests/:merge_request_iid/approve
...
@@ -954,7 +954,7 @@ POST /projects/:id/merge_requests/:merge_request_iid/approve
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) |
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) |
| `merge_request_iid` | integer | yes | The IID of the merge request |
| `merge_request_iid` | integer | yes | The IID of the merge request |
| `sha` | string | no | The `HEAD` of the merge request |
| `sha` | string | no | The `HEAD` of the merge request |
| `approval_password`**(PREMIUM)** | string | no | Current user's password. Required if [**Require user password to approve**](../user/project/merge_requests/approvals/settings.md#require-authentication-for-approvals) is enabled in the project settings. |
| `approval_password`**(PREMIUM)** | string | no | Current user's password. Required if [**Require user password to approve**](../user/project/merge_requests/approvals/settings.md#require-user-password-to-approve) is enabled in the project settings. |
The `sha` parameter works in the same way as
The `sha` parameter works in the same way as
when [accepting a merge request](merge_requests.md#accept-mr): if it is passed, then it must
when [accepting a merge request](merge_requests.md#accept-mr): if it is passed, then it must
@@ -60,8 +60,8 @@ We support a separation of duties policy between users who create and approve me
...
@@ -60,8 +60,8 @@ We support a separation of duties policy between users who create and approve me
The approval status column can help you identify violations of this policy.
The approval status column can help you identify violations of this policy.
Our criteria for the separation of duties is as follows:
Our criteria for the separation of duties is as follows:
-[A merge request author is **not** allowed to approve their merge request](../../project/merge_requests/approvals/settings.md#prevent-authors-from-approving-their-own-work)
-[A merge request author is **not** allowed to approve their merge request](../../project/merge_requests/approvals/settings.md#prevent-approval-by-author)
-[A merge request committer is **not** allowed to approve a merge request they have added commits to](../../project/merge_requests/approvals/settings.md#prevent-committers-from-approving-their-own-work)
-[A merge request committer is **not** allowed to approve a merge request they have added commits to](../../project/merge_requests/approvals/settings.md#prevent-approvals-by-users-who-add-commits)
-[The minimum number of approvals required to merge a merge request is **at least** two](../../project/merge_requests/approvals/rules.md)
-[The minimum number of approvals required to merge a merge request is **at least** two](../../project/merge_requests/approvals/rules.md)
The **Approval status** column shows you at a glance whether a merge request is complying with the above.
The **Approval status** column shows you at a glance whether a merge request is complying with the above.
@@ -20,37 +20,17 @@ To view or edit merge request approval settings:
...
@@ -20,37 +20,17 @@ To view or edit merge request approval settings:
1. Go to your project and select **Settings > General**.
1. Go to your project and select **Settings > General**.
1. Expand **Merge request (MR) approvals**.
1. Expand **Merge request (MR) approvals**.
In this section of general settings, you can configure the settings described
In this section of general settings, you can configure the following settings:
on this page.
## Prevent overrides of default approvals
| Setting | Description |
| ------ | ------ |
| [Prevent approval by author](#prevent-approval-by-author) | When enabled, the author of a merge request cannot approve it. |
| [Prevent approvals by users who add commits](#prevent-approvals-by-users-who-add-commits) | When enabled, users who have committed to a merge request cannot approve it. |
| [Prevent editing approval rules in merge requests](#prevent-editing-approval-rules-in-merge-requests) | When enabled, users can't override the project's approval rules on merge requests. |
| [Require user password to approve](#require-user-password-to-approve) | Force potential approvers to first authenticate with a password. |
| [Remove all approvals when commits are added to the source branch](#remove-all-approvals-when-commits-are-added-to-the-source-branch) | When enabled, remove all existing approvals on a merge request when more changes are added to it. |
By default, users can override the approval rules you [create for a project](rules.md)
## Prevent approval by author **(PREMIUM)**
on a per-merge request basis. If you don't want users to change approval rules
on merge requests, you can disable this setting:
1. Go to your project and select **Settings > General**.
1. Expand **Merge request (MR) approvals**.
1. Select the **Prevent users from modifying MR approval rules in merge requests** checkbox.
1. Select **Save changes**.
This change affects all open merge requests.
## Reset approvals on push
By default, an approval on a merge request remains in place, even if you add more changes
after the approval. If you want to remove all existing approvals on a merge request
when more changes are added to it:
1. Go to your project and select **Settings > General**.
1. Expand **Merge request (MR) approvals**.
1. Select the **Require new approvals when new commits are added to an MR** checkbox.
1. Select **Save changes**.
Approvals aren't reset when a merge request is [rebased from the UI](../fast_forward_merge.md)
However, approvals are reset if the target branch is changed.
## Prevent authors from approving their own work **(PREMIUM)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3349) in GitLab 11.3.
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3349) in GitLab 11.3.
> - Moved to GitLab Premium in 13.9.
> - Moved to GitLab Premium in 13.9.
...
@@ -65,14 +45,14 @@ By default, the author of a merge request cannot approve it. To change this sett
...
@@ -65,14 +45,14 @@ By default, the author of a merge request cannot approve it. To change this sett
Authors can edit the approval rule in an individual merge request and override
Authors can edit the approval rule in an individual merge request and override
this setting, unless you configure one of these options:
this setting, unless you configure one of these options:
-[Prevent overrides of default approvals](#prevent-overrides-of-default-approvals) at
-[Prevent overrides of default approvals](#prevent-editing-approval-rules-in-merge-requests) at
the project level.
the project level.
-*(Self-managed instances only)* Prevent overrides of default approvals
-*(Self-managed instances only)* Prevent overrides of default approvals
[at the instance level](../../../admin_area/merge_requests_approvals.md). When configured
[at the instance level](../../../admin_area/merge_requests_approvals.md). When configured
at the instance level, you can't edit this setting at the project or individual
at the instance level, you can't edit this setting at the project or individual
merge request levels.
merge request levels.
## Prevent committers from approving their own work **(PREMIUM)**
## Prevent approvals by users who add commits **(PREMIUM)**
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10441) in GitLab 11.10.
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10441) in GitLab 11.10.
> - Moved to GitLab Premium in 13.9.
> - Moved to GitLab Premium in 13.9.
...
@@ -96,7 +76,20 @@ to a merge request can approve merge requests that affect files they own.
...
@@ -96,7 +76,20 @@ to a merge request can approve merge requests that affect files they own.
To learn more about the [differences between authors and committers](https://git-scm.com/book/en/v2/Git-Basics-Viewing-the-Commit-History),
To learn more about the [differences between authors and committers](https://git-scm.com/book/en/v2/Git-Basics-Viewing-the-Commit-History),
read the official Git documentation for an explanation.
read the official Git documentation for an explanation.
## Require authentication for approvals
## Prevent editing approval rules in merge requests
By default, users can override the approval rules you [create for a project](rules.md)
on a per-merge request basis. If you don't want users to change approval rules
on merge requests, you can disable this setting:
1. Go to your project and select **Settings > General**.
1. Expand **Merge request (MR) approvals**.
1. Select the **Prevent users from modifying MR approval rules in merge requests** checkbox.
1. Select **Save changes**.
This change affects all open merge requests.
## Require user password to approve
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5981) in GitLab 12.0.
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5981) in GitLab 12.0.
> - Moved to GitLab Premium in 13.9.
> - Moved to GitLab Premium in 13.9.
...
@@ -112,6 +105,20 @@ permission enables an electronic signature for approvals, such as the one define
...
@@ -112,6 +105,20 @@ permission enables an electronic signature for approvals, such as the one define
1. Select the **Require user password for approvals** checkbox.
1. Select the **Require user password for approvals** checkbox.
1. Select **Save changes**.
1. Select **Save changes**.
## Remove all approvals when commits are added to the source branch
By default, an approval on a merge request remains in place, even if you add more changes
after the approval. If you want to remove all existing approvals on a merge request
when more changes are added to it:
1. Go to your project and select **Settings > General**.
1. Expand **Merge request (MR) approvals**.
1. Select the **Require new approvals when new commits are added to an MR** checkbox.
1. Select **Save changes**.
Approvals aren't reset when a merge request is [rebased from the UI](../fast_forward_merge.md)
However, approvals are reset if the target branch is changed.
## Security approvals in merge requests **(ULTIMATE)**
## Security approvals in merge requests **(ULTIMATE)**
You can require that a member of your security team approves a merge request if a
You can require that a member of your security team approves a merge request if a