Allow code review bot to publish review on private projects (!158596) · Merge requests · GitLab.org / GitLab

Patrick Bajao requested to merge 469692-duo-code-review-publish-review-private into master Jul 08, 2024

What does this MR do and why?

When we execute duo code review on a private project, we call DraftNotes::PublishService and it checks if user can create_note. We only want to allow that if the executing user is allowed to create note in a private project.

To do that, we check the permission of the executing user instead. If it's allowed to do so, we allow the publishing of review. If not, we don't publish the review.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #469692

Edited Jul 10, 2024 by Patrick Bajao

Allow code review bot to publish review on private projects

What does this MR do and why?

MR acceptance checklist

Merge request reports