Approval rules with users that have their access revoked could become impossible to satisfy

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Summary

When creating an ApprovalRule (ApprovalProjectRule or ApprovalMergeRequestRule) and removing access from the users/groups who are supposed to approve for that rule, it becomes impossible to satisfy the rule.

Steps to reproduce

Add a user as developer to a project
Create an approval rule with that requires 1 approval and link that developer to the rule
Remove the developer from the project

Example Project

https://gitlab.com/reprazents-test-space-renamed/working/merge_requests/2

This merge request cannot be approved by @toon, so it can never be merged

What is the expected correct behavior?

The rule does not display Toon as a developer, allowing the other users, if any to approve the merge request

Possible fixes

It think we should filter out ineligible approvers from ApprovalWrappedRule#approvers, that would allow any other user linked to the rule to still approve.

If the rule becomes impossible to satisfy, we should display a warning asking to update the rule.

Edited Aug 28, 2025 by 🤖 GitLab Bot 🤖