Allow auditor users to access MR approvals get configuration API (!87347) · Merge requests · GitLab.org / GitLab

Anton Smith requested to merge auditor-enable-mr-approvals-endpoint into master May 12, 2022

What does this MR do and why?

Describe in detail what your merge request does and why.

Closes #353292 (closed)

This MR allows auditors to access the get configuration API endpoint (GET /projects/:id/approvals).

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

87347

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Switch to the master branch and visit GitLab in your browser. Login as an admin user and attempt to visit https://gitlab.example.com/api/v4/projects/:id/approvals. You should see a 200, and it should return JSON.
Impersonate an auditor account and attempt to visit https://gitlab.example.com/api/v4/projects/:id/approvals. You should see a 403. This is expected.
Switch to the auditor-enable-mr-approvals-endpoint branch.
In the address bar, attempt to visit https://gitlab.example.com/api/v4/projects/:id/approvals. You should see a 200, and it should return JSON.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited May 12, 2022 by Anton Smith

Allow auditor users to access MR approvals get configuration API

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports