Add setting filtering to api endpoint

Fix schema file

Fix rubocop problems

Fix rubocop problems

Pretty up js file

Fix spacing

ee/app/assets/javascripts/approvals/mount_project_settings.js

@@ -16,7 +16,7 @@ export default function mountProjectSettingsApprovals(el) {
     ...el.dataset,
     prefix: 'project-settings',
     allowMultiRule: parseBoolean(el.dataset.allowMultiRule),
-    canEdit: parseBoolean(el.dataset.canEdit)
+    canEdit: parseBoolean(el.dataset.canEdit),
   });
 
   return new Vue({

ee/app/controllers/ee/projects_controller.rb

@@ -87,7 +87,7 @@ module EE
         attrs << %i[merge_pipelines_enabled]
       end
 
-      attrs = attrs + merge_request_rules_params
+      attrs += merge_request_rules_params
 
       if allow_mirror_params?
         attrs + mirror_params
@@ -115,15 +115,15 @@ module EE
     def merge_request_rules_params
       attrs = []
 
-      if can?(current_user, :modify_merge_request_commiter_setting, @project)
+      if can?(current_user, :modify_merge_request_commiter_setting, project)
         attrs << :merge_requests_disable_committers_approval
       end
 
-      if can?(current_user, :modify_approvers_rules, @project)
+      if can?(current_user, :modify_approvers_rules, project)
         attrs << :disable_overriding_approvers_per_merge_request
       end
 
-      if can?(current_user, :modify_merge_request_author_setting, @project)
+      if can?(current_user, :modify_merge_request_author_setting, project)
         attrs << :merge_requests_author_approval
       end
 

ee/app/models/ee/project.rb

@@ -734,6 +734,7 @@ module EE
       return self[:merge_requests_author_approval] unless License.feature_available?(:merge_request_approvers_rules)
 
       return false if ::Gitlab::CurrentSettings.prevent_merge_requests_author_approval?
+
       self[:merge_requests_author_approval]
     end
 

ee/app/views/projects/_merge_request_approvals_settings_form.html.haml

@@ -48,7 +48,7 @@
 
 .form-group.committers-approval
   .form-check
-    = form.check_box :merge_requests_disable_committers_approval, { disabled: !can?(current_user, :modify_merge_request_commiter_setting, @project),  class: 'form-check-input' }
+    = form.check_box :merge_requests_disable_committers_approval, { disabled: !can?(current_user, :modify_merge_request_commiter_setting, @project), class: 'form-check-input' }
     = form.label :merge_requests_disable_committers_approval, class: 'form-check-label' do
       %span= _('Prevent approval of merge requests by merge request committers')
       = link_to icon('question-circle'), help_page_path('user/project/merge_requests/merge_request_approvals',

ee/lib/api/project_approvals.rb

@@ -7,6 +7,25 @@ module API
 
     ARRAY_COERCION_LAMBDA = ->(val) { val.empty? ? [] : Array.wrap(val) }
 
+    helpers do
+      def filter_params(params)
+        unless can?(current_user, :modify_merge_request_commiter_setting, user_project)
+          params.delete(:merge_requests_disable_committers_approval)
+        end
+
+        unless can?(current_user, :modify_approvers_rules, user_project)
+          params.delete(:disable_overriding_approvers_per_merge_request)
+        end
+
+        unless can?(current_user, :modify_merge_request_author_setting, user_project)
+          params.delete(:merge_requests_author_approval)
+        end
+
+        # binding.pry
+        params
+      end
+    end
+
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
@@ -34,8 +53,8 @@ module API
           at_least_one_of :approvals_before_merge, :reset_approvals_on_push, :disable_overriding_approvers_per_merge_request, :merge_requests_author_approval, :merge_requests_disable_committers_approval, :require_password_to_approve
         end
         post '/' do
-          project_params = declared(params, include_missing: false, include_parent_namespaces: false)
-
+          declared_params = declared(params, include_missing: false, include_parent_namespaces: false)
+          project_params = filter_params(declared_params)
           result = ::Projects::UpdateService.new(user_project, current_user, project_params).execute
 
           if result[:status] == :success

ee/spec/controllers/projects_controller_spec.rb

@@ -356,7 +356,7 @@ describe ProjectsController do
       describe ':disable_overriding_approvers_per_merge_request' do
         it_behaves_like 'merge request approvers rules' do
           let(:app_setting) { :disable_overriding_approvers_per_merge_request }
-          let(:setting) { :disable_overriding_approvers_per_merge_request}
+          let(:setting) { :disable_overriding_approvers_per_merge_request }
         end
       end
 

ee/spec/models/project_spec.rb

@@ -482,7 +482,6 @@ describe Project do
     end
   end
 
-
   context 'merge requests related settings' do
     shared_examples 'setting modified by application setting' do
       context 'final setting' do

ee/spec/requests/api/project_approvals_spec.rb

@@ -98,6 +98,39 @@ describe API::ProjectApprovals do
       end
     end
 
+    shared_examples 'updates merge requests settings when possible' do
+      using RSpec::Parameterized::TableSyntax
+
+      where(:license_value, :setting_value, :param_value, :final_value) do
+        false | false | false | false
+        false | true  | false | false
+        false | false | true  | true
+        false | true  | true  | true
+        true  | false | false | false
+        true  | true  | false | nil
+        true  | false | true  | true
+        true  | true  | true  | nil
+      end
+
+      with_them do
+        before do
+          stub_licensed_features(merge_request_approvers_rules: license_value)
+          stub_application_setting(app_setting => setting_value)
+        end
+
+        it 'changes settings properly' do
+          settings = {
+            setting => param_value
+          }
+
+          post api(url, current_user), params: settings
+          project.reload
+
+          expect(project[setting]).to eq(final_value)
+        end
+      end
+    end
+
     context 'as a project admin' do
       it_behaves_like 'a user with access' do
         let(:current_user) { user }
@@ -110,6 +143,62 @@ describe API::ProjectApprovals do
         let(:current_user) { admin }
         let(:visible_approver_groups_count) { 1 }
       end
+
+      context 'updates merge requests settings' do
+        # context 'updates merge requests author approval setting when possible' do
+        #   using RSpec::Parameterized::TableSyntax
+
+        #   where(:license_value, :setting_value, :param_value, :final_value) do
+        #     false | false | false | false
+        #     false | true  | false | false
+        #     false | false | true  | true
+        #     false | true  | true  | true
+        #     true  | false | false | false
+        #     true  | true  | false | false
+        #     true  | false | true  | true
+        #     true  | true  | true  | false
+        #   end
+
+        #   with_them do
+        #     let(:current_user) { admin }
+        #     let(:app_setting) { :prevent_merge_requests_committers_approval }
+        #     let(:setting) { :merge_requests_disable_committers_approval }
+
+        #     before do
+        #       stub_licensed_features(merge_request_approvers_rules: license_value)
+        #       stub_application_setting(app_setting => setting_value)
+        #     end
+
+        #     it 'changes settings properly' do
+        #       settings = {
+        #         setting => param_value
+        #       }
+
+        #       post api(url, current_user), params: settings
+
+        #       expect(json_response.symbolize_keys).to include({ setting => final_value})
+        #     end
+        #   end
+        # end
+
+        it_behaves_like 'updates merge requests settings when possible' do
+          let(:current_user) { admin }
+          let(:app_setting) { :disable_overriding_approvers_per_merge_request }
+          let(:setting) { :disable_overriding_approvers_per_merge_request }
+        end
+
+        it_behaves_like 'updates merge requests settings when possible' do
+          let(:current_user) { admin }
+          let(:app_setting) { :prevent_merge_requests_committers_approval }
+          let(:setting) { :merge_requests_disable_committers_approval }
+        end
+
+        it_behaves_like 'updates merge requests settings when possible' do
+          let(:current_user) { admin }
+          let(:app_setting) { :prevent_merge_requests_committers_approval }
+          let(:setting) { :merge_requests_disable_committers_approval }
+        end
+      end
     end
 
     context 'as a user without access' do

locale/gitlab.pot

@@ -11884,6 +11884,9 @@ msgstr ""
 msgid "Merge requests"
 msgstr ""
 
+msgid "Merge requests approvals"
+msgstr ""
+
 msgid "Merge requests are a place to propose changes you've made to a project and discuss those changes with others"
 msgstr ""
 
@@ -14104,6 +14107,9 @@ msgstr ""
 msgid "Prevent approval of merge requests by merge request author"
 msgstr ""
 
+msgid "Prevent approval of merge requests by merge request commiters"
+msgstr ""
+
 msgid "Prevent approval of merge requests by merge request committers"
 msgstr ""
 
@@ -16334,6 +16340,9 @@ msgstr ""
 msgid "Rook"
 msgstr ""
 
+msgid "Rules that define what git pushes are accepted for a project. All newly created projects will use this settings."
+msgstr ""
+
 msgid "Run CI/CD pipelines for external repositories"
 msgstr ""
 
@@ -17370,6 +17379,9 @@ msgstr ""
 msgid "Settings"
 msgstr ""
 
+msgid "Settings to prevent self-approval across all projects in the instance. Only an administrator can modify those settings."
+msgstr ""
+
 msgid "Severity: %{severity}"
 msgstr ""
 
@@ -21109,6 +21121,9 @@ msgstr ""
 msgid "Users"
 msgstr ""
 
+msgid "Users cannot modify merge request approvers list"
+msgstr ""
+
 msgid "Users in License:"
 msgstr ""