Disallow editing of project-level MR approval rules that are enabled at the instance level
Problem to solve
Currently admins (and maintainers?) are recently able to disable project-level MR approval rules that have been enabled at the instance level. A strategic customer has given early feedback this capability is not desirable.
Note: This issue replaced a short-lived security issue.
Proposal
When there are compliance settings enabled at the instance level, it should not be possible for anyone to modify these settings (not even admins) at the project-level.
See confirmations one and two.
Related links
(This list from @tancnle in another issue)
- 2020-04-24: [13.1] Instance-level MR approvals settings no longer affect project-level ones. Issue - MR
- 2020-05-20: [13.1] Revert maintainer permission lock-down MR
- 2020-06-19: [13.2] Allow admins to scope admin-level MR approval settings to compliance-labeled projects Issue - MR
- 2020-07-13: [13.2] GA scope admin-level MR approval settings MR
- 2020-10-21: [13.5] Fix the issue where modification of project-level MR approval rules is locked due to the instance-level MR approval settings. Issue, see Matt's comment about reverting this. MR
- 2020-10-28: [13.6] Revert fix permission to modify project MR rules MR (deleted to comply with security process)
Edited by Matt Gonzales (ex-GitLab)