Prevent project maintainers from approving Owner access requests

charlie ablettrequested to merge
cablett-project-maintainer-owner-access-requests into master

What does this MR do and why?

Prevent project maintainers from approving Owner access requests.

Follow-on to !88415 (merged)

How to set up and validate locally

  1. Create or find a project.
  2. As a non-admin user who is not a member of the project nor the group hierarchy, request access to the project via the API 👉 https://docs.gitlab.com/ee/api/access_requests.html#request-access-to-a-group-or-project
  3. As the project maintainer, accept the access request and set the access_level to 50 (Owner) 👉 https://docs.gitlab.com/ee/api/access_requests.html#approve-an-access-request

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Merge request reports