Require project membership for merge request approvals (!90681) · Merge requests · GitLab.org / GitLab

Sincheol (David) Kim requested to merge 365278-non-eligible-user-able-to-create-and-approve-mrs into master Jun 21, 2022

What does this MR do and why?

Related to #365278 (closed)

MRs from a forked public project can be approved by the author unintentionally. Our doc mentions that a membership is required so users without a membership shouldn't be able to approve.

How to set up and validate locally

Fork a public project that you are not a member of
Make a commit to your forked project
Create a merge request and set the forked project as the source project and original project as the target project.
Verify that Approve button does not appear

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #365278 (closed)

Require project membership for merge request approvals

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports