The source project of this merge request has been removed.
Add ability to lock issue/merge request discussion
What does this MR do?
This MR adds the ability to lock an issue/merge request dicussion, more precisely:
- Adds a discussion_locked attribute to issuables
- Prevents notes creation/edition for non team members on locked issuables
- Adds an API endpoint to lock/unlock issuables
- Changes the comment form look in locked issuables
- Adds a frontend button to lock/unlock an issuable
Are there points in the code the reviewer needs to double check?
I am worried about the note_editable? helper. Currently it only affects the view and there is no controller check as whether a note can be edited or not. Therefore, users may edit notes via the API on locked discussions.
Also, there is no particular documentation yet.
Why was this MR needed?
On public projects, any logged in member may create/edit notes without control. There has been incidents: users trying to resurrect closed discussions, trolling and making discussions unproductive.
Screenshots (if relevant)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated -
API support added - Tests
-
Added for this feature/bug -
All builds are passing
-
-
Conform by the merge request performance guides -
Conform by the style guides -
Branch has no merge conflicts with master(if it does - rebase it please) -
Squashed related commits together
What are the relevant issue numbers?
Closes #18608 (closed)