Skip to content

Code Owners no longer able to override "disable committer approval" for merge requests

Summary

Previously (before 13.11), if a merge request disallowed approvals from committers, code owners were still able to self-approve changes for files they owned. This is noted in the approval settings documentation. With GitLab 13.11, it is no longer possible to approve a merge request you contributed to, even if you were the code owner for the change.

Steps to reproduce

  • Create or find a project with code owner approvals enabled. I used a new project with just a readme, protected the main branch, then added two codeowners for the readme.
  • Make sure the Prevent MR approvals from users who make commits to the MR setting is turned on.
  • As one of the code owners, make a change and create a merge request for a file protected by the code owner.
  • Notice you are unable to approve the merge request as a code owner who contributed to it, even though this was previously possible.

What is the current bug behavior?

Code owners cannot approve merge requests they made commits to if the corresponding setting is enabled, despite documentation and previous behavior suggesting this should be possible.

What is the expected correct behavior?

Code owners should override the Prevent MR approvals from users who make commits to the MR setting for files they own as stated in documentation.

Relevant logs and/or screenshots

Big screenshots inside

Here is my test code owner file:

codeowners

One of the code owners makes a commit and an MR to change the readme:

commitbycodeowner

With the "Prevent MR approvals from users who make commits to the MR" setting enabled, the code owner cannot approve their merge request and only the second code owner is shown as an approver:

withpreventcommitter

After unchecking the box for preventing self approval, both code owners, including the one that made the commit, can approve:

withoutpreventcommitter

Output of checks

Results of GitLab environment info

This is my support team test instance, the report came from a customer who recently moved from 13.9.4 to 13.11.2 and noticed this after the upgrade when it worked before, so the change happened between those versions we think!

Expand for output related to GitLab environment info 

System information
System:		Ubuntu 18.04
Proxy:		no
Current User:	git
Using RVM:	no
Ruby Version:	2.7.2p137
Gem Version:	3.1.4
Bundler Version:2.1.4
Rake Version:	13.0.3
Redis Version:	6.0.12
Git Version:	2.31.1
Sidekiq Version:5.2.9
Go Version:	unknown

GitLab information
Version:	13.11.4-ee
Revision:	d1a2e182d3b
Directory:	/opt/gitlab/embedded/service/gitlab-rails
DB Adapter:	PostgreSQL
DB Version:	12.6
URL:		https://gitlarb.party
HTTP Clone URL:	https://gitlarb.party/some-group/some-project.git
SSH Clone URL:	git@gitlarb.party:some-group/some-project.git
Elasticsearch:	no
Geo:		no
Using LDAP:	no
Using Omniauth:	yes
Omniauth Providers:

GitLab Shell
Version:	13.17.0
Repository storage paths:
- default: 	/var/opt/gitlab/git-data/repositories
GitLab Shell path:		/opt/gitlab/embedded/service/gitlab-shell
Git:		/opt/gitlab/embedded/bin/git

Results of GitLab application Check

Expand for output related to the GitLab application check 
Checking GitLab subtasks ...


Checking GitLab Shell ...


GitLab Shell: ... GitLab Shell version >= 13.17.0 ? ... OK (13.17.0)
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Internal API available: OK
Redis available via internal API: OK
gitlab-shell self-check successful


Checking GitLab Shell ... Finished


Checking Gitaly ...


Gitaly: ... default ... OK


Checking Gitaly ... Finished


Checking Sidekiq ...


Sidekiq: ... Running? ... yes
Number of Sidekiq processes (cluster/worker) ... 1/1


Checking Sidekiq ... Finished


Checking Incoming Email ...


Incoming Email: ... Reply by email is disabled in config/gitlab.yml


Checking Incoming Email ... Finished


Checking LDAP ...


LDAP: ... LDAP is disabled in config/gitlab.yml


Checking LDAP ... Finished


Checking GitLab App ...


Git configured correctly? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config up to date? ... yes
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory exists? ... yes
Uploads directory has correct permissions? ... yes
Uploads directory tmp has correct permissions? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
Projects have namespace: ...
2/1 ... yes
3/2 ... yes
11/4 ... yes
12/5 ... yes
1/6 ... yes
1/7 ... yes
1/8 ... yes
12/9 ... yes
1/10 ... yes
74/12 ... yes
1/13 ... yes
76/14 ... yes
1/20 ... yes
1/21 ... yes
1/22 ... yes
1/24 ... yes
11/25 ... yes
10/26 ... yes
11/27 ... yes
11/28 ... yes
11/29 ... yes
1/30 ... yes
95/31 ... yes
96/32 ... yes
1/34 ... yes
3/35 ... yes
Redis version >= 5.0.0? ... yes
Ruby version >= 2.7.2 ? ... yes (2.7.2)
Git version >= 2.31.0 ? ... yes (2.31.1)
Git user has default SSH configuration? ... yes
Active users: ... 8
Is authorized keys file accessible? ... yes
GitLab configured to store new projects in hashed storage? ... yes
All projects are in hashed storage? ... no
Try fixing it:
Please migrate all projects to hashed storage
as legacy storage is deprecated in 13.0 and support will be removed in 14.0.
For more information see:
doc/administration/repository_storage_types.md
Elasticsearch version 7.x (6.4 - 6.x deprecated to be removed in 13.8)? ... skipped (elasticsearch is disabled)


Checking GitLab App ... Finished


Checking GitLab subtasks ... Finished

Possible fixes