Update group approval rules via API

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Why are we doing this work

To support the management of MR approval rules at the group level, we need to add an update endpoint for the front-end app.

Relevant links

  • See #293957 for high-level design.
  • Existing project-level rule API

Functional requirements

  • Add a new endpoint PUT /api/:version/projects/:id/approval_rules/:approval_rule_id
Parameters
Attribute Type Required Description
id integer yes The ID of a group
name string yes The name of the approval rule
approvals_required integer yes The number of required approvals for this rule
user_ids Array no The ids of users as approvers
group_ids Array no The ids of groups as approvers
protected_branch_ids Array no The ids of protected branches to scope the rule by
Example payload 
{
  "id": 1,
  "name": "security",
  "rule_type": "regular",
  "approvals_required": 1,
  "users": [
    {
      "id": 2,
      "name": "John Doe",
      "username": "jdoe",
      "state": "active",
      "avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
      "web_url": "http://localhost/jdoe"
    }
  ],
  "groups": [
    {
      "id": 5,
      "name": "group1",
      "path": "group1",
      "description": "",
      "visibility": "public",
      "lfs_enabled": false,
      "avatar_url": null,
      "web_url": "http://localhost/groups/group1",
      "request_access_enabled": false,
      "full_name": "group1",
      "full_path": "group1",
      "parent_id": null,
      "ldap_cn": null,
      "ldap_access": null
    }
  ],
  "protected_branches": [
    {
      "id": 1,
      "name": "master",
      "push_access_levels": [
        {
          "access_level": 30,
          "access_level_description": "Developers + Maintainers"
        }
      ],
      "merge_access_levels": [
        {
          "access_level": 30,
          "access_level_description": "Developers + Maintainers"
        }
      ],
      "unprotect_access_levels": [
        {
          "access_level": 40,
          "access_level_description": "Maintainers"
        }
      ],
      "code_owner_approval_required": "false"
    }
  ]
}
  • Restrict access to user who has permission to admin_merge_request_approval_settings

Non-functional requirements

  • [-] Documentation: Not needed as it is behind a feature flag
  • Feature flag: group_merge_request_approval_settings_feature_flag
  • [-] Performance:
  • [-] Testing:

Implementation plan

  • backend Add new route to API class API::GroupApprovalRules.
  • backend Extend ApprovalRules::UpdateService to support group target (currently supporting project and MR)
graph LR
  API::GroupApprovalRules --> ApprovalRules::UpdateService --> ApprovalRules::Updater
  ApprovalRules::Updater --> ApprovalGroupRule
Edited by 🤖 GitLab Bot 🤖