FE: Show warning when approval settings are overridden for MR

Martin Cavojrequested to merge
478175-fe-merge-request-approval-policies-to-override-project-level-settings-not-reflected-in-mr-page into master

What does this MR do and why?

Show warning when approval settings are overridden for MR

  • Add a warning icon in ApprovalsSummary based on the data
  • Handle potentially missing data and show generic popover text

GraphQL type is added in !175614 (merged). We have to wait until BE is deployed to production before we can merge this one.

References

Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Generic / when policy details are not populated With single policy With multiple policies
CleanShot_2024-12-11_at_20.41.22_2x CleanShot_2024-12-11_at_19.56.46_2x CleanShot_2024-12-11_at_19.41.07_2x

How to set up and validate locally

  1. Create a project
  2. In the project, create a policy which overrides approval settings: 
    approval_policy:
  - name: Any commit approvals
    description: ''
    enabled: false
    rules:
      - type: any_merge_request
        branch_type: protected
        commits: any
    actions:
      - type: require_approval
        approvals_required: 1
        role_approvers:
          - developer
      - type: send_bot_message
        enabled: true
    approval_settings:
      block_branch_modification: true
      prevent_pushing_and_force_pushing: true
      prevent_approval_by_author: true
      prevent_approval_by_commit_author: true
      remove_approvals_with_new_commit: false
      require_password_to_approve: false
    fallback_behavior:
      fail: closed
  3. Create MR and verify there's a warning icon in the MR widget and the link in the popover goes to the policy edit page
  4. Add another policy
  5. Verify that both policies show up
  6. Remove the approval_settings block from the YAML and verify that there's no warning
  7. Update the violations to remove the link to Security::ApprovalPolicyRule 
    MergeRequest.last.scan_result_policy_violations.update_all(approval_policy_rule_id: nil)
  8. Verify that a generic popover is shown without listing the policy details

Related to #478175 (closed)

Edited by Martin Cavoj

Merge request reports