Merge branch '329514-approval-rule-deletion-audit-event' into 'master'

Creates audit event when approval rule is deleted

See merge request gitlab-org/gitlab!82297

ee/app/services/approval_rules/project_rule_destroy_service.rb

@@ -4,8 +4,9 @@ module ApprovalRules
   class ProjectRuleDestroyService < ::BaseService
     attr_reader :rule
 
-    def initialize(approval_rule)
+    def initialize(approval_rule, current_user)
       @rule = approval_rule
+      super(approval_rule.project, current_user)
     end
 
     def execute
@@ -17,6 +18,7 @@ module ApprovalRules
       end
 
       if rule.destroyed?
+        audit_deletion
         success
       else
         error(rule.errors.messages)
@@ -31,5 +33,16 @@ module ApprovalRules
         .for_unmerged_merge_requests
         .delete_all
     end
+
+    def audit_deletion
+      audit_context = {
+        author: current_user,
+        scope: rule.project,
+        target: rule,
+        message: 'Deleted approval rule'
+      }
+
+      ::Gitlab::Audit::Auditor.audit(audit_context)
+    end
   end
 end

ee/lib/api/helpers/project_approval_rules_helpers.rb

@@ -75,7 +75,7 @@ module API
         approval_rule = user_project.approval_rules.find(params[:approval_rule_id])
 
         destroy_conditionally!(approval_rule) do |rule|
-          ::ApprovalRules::ProjectRuleDestroyService.new(rule).execute
+          ::ApprovalRules::ProjectRuleDestroyService.new(rule, current_user).execute
         end
       end
     end

ee/spec/services/approval_rules/project_rule_destroy_service_spec.rb

@@ -8,13 +8,28 @@ RSpec.describe ApprovalRules::ProjectRuleDestroyService do
 
   describe '#execute' do
     let!(:project_rule) { create(:approval_project_rule, project: project) }
-
-    subject { described_class.new(project_rule) }
+    let(:current_user) { create(:user, name: 'Bruce Wayne') }
+
+    subject { described_class.new(project_rule, current_user) }
+
+    shared_context 'an audit event is added' do
+      it 'adds an audit event' do
+        expect { subject.execute }.to change { AuditEvent.count }.by(1)
+        expect(AuditEvent.last.details).to include({
+                                                     author_name: current_user.name,
+                                                     custom_message: 'Deleted approval rule',
+                                                     target_type: 'ApprovalProjectRule',
+                                                     target_id: project_rule.id
+                                                   })
+      end
+    end
 
     context 'when there is no merge request rules' do
       it 'destroys project rule' do
         expect { subject.execute }.to change { ApprovalProjectRule.count }.by(-1)
       end
+
+      include_context 'an audit event is added'
     end
 
     context 'when there is a merge request rule' do
@@ -28,6 +43,8 @@ RSpec.describe ApprovalRules::ProjectRuleDestroyService do
         it 'destroys merge request rules' do
           expect { subject.execute }.to change { ApprovalMergeRequestRule.count }.by(-1)
         end
+
+        include_context 'an audit event is added'
       end
 
       context 'when merged' do
@@ -38,6 +55,8 @@ RSpec.describe ApprovalRules::ProjectRuleDestroyService do
         it 'does nothing' do
           expect { subject.execute }.not_to change { ApprovalMergeRequestRule.count }
         end
+
+        include_context 'an audit event is added'
       end
     end
   end