Commit e482597a authored by Mark Chao's avatar Mark Chao

Merge branch 'remove_deprecated_approver_endpoint' into 'master'

Removes deprecated approvers update endpoint

See merge request gitlab-org/gitlab!57473
parents 63b285ee 27dc2f2f
...@@ -501,72 +501,6 @@ DELETE /projects/:id/approval_rules/:approval_rule_id ...@@ -501,72 +501,6 @@ DELETE /projects/:id/approval_rules/:approval_rule_id
| `id` | integer | yes | The ID of a project | | `id` | integer | yes | The ID of a project |
| `approval_rule_id` | integer | yes | The ID of a approval rule | `approval_rule_id` | integer | yes | The ID of a approval rule
### Change allowed approvers
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/183) in GitLab 10.6.
> - Moved to GitLab Premium in 13.9.
NOTE:
This API endpoint has been deprecated. Please use Approval Rule API instead.
If you are allowed to, you can change approvers and approver groups using
the following endpoint:
```plaintext
PUT /projects/:id/approvers
```
**Important:** Approvers and groups not in the request are **removed**
**Parameters:**
| Attribute | Type | Required | Description |
| -------------------- | ------- | -------- | --------------------------------------------------- |
| `id` | integer | yes | The ID of a project |
| `approver_ids` | Array | yes | An array of User IDs that can approve MRs |
| `approver_group_ids` | Array | yes | An array of Group IDs whose members can approve MRs |
```json
{
"approvers": [
{
"user": {
"id": 5,
"name": "John Doe6",
"username": "user5",
"state":"active","avatar_url":"https://www.gravatar.com/avatar/4aea8cf834ed91844a2da4ff7ae6b491?s=80\u0026d=identicon","web_url":"http://localhost/user5"
}
}
],
"approver_groups": [
{
"group": {
"id": 1,
"name": "group1",
"path": "group1",
"description": "",
"visibility": "public",
"lfs_enabled": false,
"avatar_url": null,
"web_url": "http://localhost/groups/group1",
"request_access_enabled": false,
"full_name": "group1",
"full_path": "group1",
"parent_id": null,
"ldap_cn": null,
"ldap_access": null
}
}
],
"approvals_before_merge": 2,
"reset_approvals_on_push": true,
"disable_overriding_approvers_per_merge_request": false,
"merge_requests_author_approval": true,
"merge_requests_disable_committers_approval": false,
"require_password_to_approve": true
}
```
## External Project-level MR approvals **(ULTIMATE)** ## External Project-level MR approvals **(ULTIMATE)**
Configuration for approvals on a specific Merge Request which makes a call to an external HTTP resource. Configuration for approvals on a specific Merge Request which makes a call to an external HTTP resource.
......
---
title: Remove deprecated project approvers update REST API endpoint
merge_request: 57473
author:
type: removed
...@@ -58,24 +58,6 @@ module API ...@@ -58,24 +58,6 @@ module API
end end
end end
end end
desc 'Update approvers and approver groups' do
detail 'This feature was introduced in 10.6'
success EE::API::Entities::ApprovalSettings
end
params do
requires :approver_ids, type: Array[Integer], coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'Array of User IDs to set as approvers.'
requires :approver_group_ids, type: Array[Integer], coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'Array of Group IDs to set as approvers.'
end
put ':id/approvers' do
result = ::Projects::UpdateService.new(user_project, current_user, declared(params, include_parent_namespaces: false).merge(remove_old_approvers: true)).execute
if result[:status] == :success
present user_project.present(current_user: current_user), with: EE::API::Entities::ApprovalSettings
else
render_validation_error!(user_project)
end
end
end end
end end
end end
...@@ -177,90 +177,4 @@ RSpec.describe API::ProjectApprovals do ...@@ -177,90 +177,4 @@ RSpec.describe API::ProjectApprovals do
end end
end end
end end
describe 'PUT /projects/:id/approvers' do
let(:url) { "/projects/#{project.id}/approvers" }
shared_examples_for 'a user with access' do
it 'removes all approvers if no params are given' do
project.approvers.create(user: approver)
expect do
put api(url, current_user), params: { approver_ids: [], approver_group_ids: [] }.to_json, headers: { CONTENT_TYPE: 'application/json' }
end.to change { project.approvers.count }.from(1).to(0)
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['approvers']).to be_empty
expect(json_response['approver_groups']).to be_empty
end
context 'when sending form-encoded data' do
it 'removes all approvers if no params are given' do
project.approvers.create(user: approver)
expect do
put api(url, current_user), params: { approver_ids: '', approver_group_ids: '' }
end.to change { project.approvers.count }.from(1).to(0)
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['approvers']).to be_empty
expect(json_response['approver_groups']).to be_empty
end
end
it 'sets approvers and approver groups' do
project.approvers.create(user: approver)
expect do
put api(url, current_user), params: { approver_ids: [approver.id], approver_group_ids: [group.id] }
end.to change { project.approvers.count }.by(0).and change { project.approver_groups.count }.from(0).to(1)
expect(project.approvers.count).to eq(1)
expect(project.approvers.first.user_id).to eq(approver.id)
expect(project.approver_groups.first.group_id).to eq(group.id)
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['approvers'][0]['user']['username']).to eq(approver.username)
expect(json_response['approver_groups'][0]['group']['name']).to eq(group.name)
end
it 'only shows approver groups that are visible to the current user' do
private_group = create(:group, :private)
project.approvers.create(user: approver)
expect do
put api(url, current_user), params: { approver_ids: [approver.id], approver_group_ids: [private_group.id] }
end.to change { project.approver_groups.count }.from(0).to(1)
expect(response).to match_response_schema('public_api/v4/project_approvers', dir: 'ee')
expect(json_response["approver_groups"].size).to eq(visible_approver_groups_count)
end
end
context 'as a project admin' do
it_behaves_like 'a user with access' do
let(:current_user) { user }
let(:visible_approver_groups_count) { 0 }
end
end
context 'as a global admin' do
it_behaves_like 'a user with access' do
let(:current_user) { admin }
let(:visible_approver_groups_count) { 1 }
end
end
context 'as a random user' do
it 'returns 403' do
project.approvers.create(user: approver)
expect do
put api(url, user2), params: { approver_ids: [], approver_group_ids: [] }.to_json, headers: { CONTENT_TYPE: 'application/json' }
end.not_to change { project.approvers.count }
expect(response).to have_gitlab_http_status(:forbidden)
end
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment