Merge branch...

Merge branch '27934-archived-project-settings-gets-an-error-occurred-fetching-the-approval-rules-2' into 'master' Resolve: Archived project settings gets "An error occurred fetching the approval rules" See merge request gitlab-org/gitlab!80652

Merge branch...
Merge branch '27934-archived-project-settings-gets-an-error-occurred-fetching-the-approval-rules-2' into 'master' Resolve: Archived project settings gets "An error occurred fetching the approval rules" See merge request gitlab-org/gitlab!80652
37dae5be · Mikołaj Wawrzyniak · dc9afe9f · b103c49e · 37dae5be · 37dae5be
Commit 37dae5be authored Feb 17, 2022 by Mikołaj Wawrzyniak
Hide whitespace changes
Inline Side-by-side

Showing with 31 additions and 1 deletion

ee/lib/api/project_approvals.rb ee/lib/api/project_approvals.rb +5 -1

ee/spec/requests/api/project_approvals_spec.rb ee/spec/requests/api/project_approvals_spec.rb +26 -0

No files found.
--- a/ee/lib/api/project_approvals.rb
+++ b/ee/lib/api/project_approvals.rb
@@ -5,7 +5,6 @@ module API
    feature_category :source_code_management

    before { authenticate! }
-    before { authorize! :update_approvers, user_project }

    helpers do
      def filter_forbidden_param(params, permission, param)
@@ -30,6 +29,9 @@ module API
          success EE::API::Entities::ApprovalSettings
        end
        get '/', urgency: :low do
+          # If the project is archived, the project admin should still be able to read the approvers
+          authorize!(:update_approvers, user_project) unless can?(current_user, :admin_project, user_project)
+
          present user_project.present(current_user: current_user), with: EE::API::Entities::ApprovalSettings
        end

@@ -47,6 +49,8 @@ module API
          at_least_one_of :approvals_before_merge, :reset_approvals_on_push, :disable_overriding_approvers_per_merge_request, :merge_requests_author_approval, :merge_requests_disable_committers_approval, :require_password_to_approve
        end
        post '/' do
+          authorize! :update_approvers, user_project
+
          declared_params = declared(params, include_missing: false, include_parent_namespaces: false)
          project_params = filter_params(declared_params)
          result = ::Projects::UpdateService.new(user_project, current_user, project_params).execute

--- a/ee/spec/requests/api/project_approvals_spec.rb
+++ b/ee/spec/requests/api/project_approvals_spec.rb
@@ -45,6 +45,32 @@ RSpec.describe API::ProjectApprovals do
      expect(response).to match_response_schema('public_api/v4/project_approvers', dir: 'ee')
      expect(json_response["approver_groups"]).to be_empty
    end
+
+    context 'when project is archived' do
+      let_it_be(:archived_project) { create(:project, :archived, creator: user) }
+
+      let(:url) { "/projects/#{archived_project.id}/approvals" }
+
+      context 'when user has normal permissions' do
+        it 'returns 403' do
+          archived_project.add_developer(user2)
+
+          get api(url, user2)
+
+          expect(response).to have_gitlab_http_status(:forbidden)
+        end
+      end
+
+      context 'when user has project admin permissions' do
+        it 'allows access' do
+          archived_project.add_maintainer(user2)
+
+          get api(url, user2)
+
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+      end
+    end
  end

  describe 'POST /projects/:id/approvals' do