Rebasing open MR allows User who has added commit to approve

Summary

User who has committed to a Merge Request is able to approve after rebase is performed by a service account.

To avoid regular users being blocked from approving MRs authored by someone else, we have created a system where they can add a comment to the MR @engineering-bot rebase which is picked up via webhook and actioned using a service-account to rebase the MR, thus allowing any user to rebase and approve an MR, unblocking their workflow if the author is unavailable.

To be clear this is different to #360671 (closed) and #216144 (closed) - as I am not the User performing the rebase and I am genuinely a contributor

Steps to reproduce

• User 1 is an approver for Merge Requests on a given Repo
• Repo has the following Merge Requests settings "Prevent approval by author", "Prevent approvals by users who add commits", "When a commit is added: Remove all approvals"
• Given an open MR authored by a different User
• User 1 adds some commits to that MR/Branch
• User 1 is not able to approve
• A Service-Account performs the rebase MR request: https://docs.gitlab.com/api/merge_requests/#rebase-a-merge-request
• User 1 is now able to approve

Example Project

Can be provided by request or sharing to our tech contact

What is the current bug behavior?

User who has added commits to a Merge Request is able to approve after the merge request is rebased via a service account

What is the expected correct behavior?

User who has added commits to an MR is never able to approve the MR regardless of who has rebased the MR or how it was rebased

Output of checks

This bug happens on GitLab.com

follow up with an issue comment of @gitlab-bot label ~"reproduced on GitLab.com"

High-severity bug remediation

If you don't have /label privileges, follow up with an issue comment of @gitlab-bot label ~"type::bug"