Only allow developers or higher to trigger merge_status_recheck
What does this MR do and why?
with_merge_status_recheck
is a expensive call so we'd like to restrict it to users with developer role or above.
Related to #393600
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Mark some merge requests of a group you want to test to be in
unchecked
via Rails consolemrs = MergeRequestsFinder.new(user, group_id: 22).execute mrs.each(&:mark_as_unchecked)
- Make an merge_request list API call as a developer+ user with
with_merge_status_recheck=true
paramhttp://127.0.0.1:3000/api/v4/groups/22/merge_requests?state=opened&with_merge_status_recheck=true
- Observe background jobs are enqueued either by looking at the
log/sidekiq_client.log
or by checking themerge_status
of those MRs - Mark them as unchecked once again
- Make the same request as a guest user with
with_merge_status_recheck=true
paramhttp://127.0.0.1:3000/api/v4/groups/22/merge_requests?state=opened&with_merge_status_recheck=true
- Observe background jobs are not enqueued
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #393600
Edited by Sincheol (David) Kim