Check if an MR is approved when merging from API

199262f0 · Jarka Kadlecova · 9415d0b1 · 199262f0 · 199262f0 · 199262f0
Commit 199262f0 authored May 22, 2017 by Jarka Kadlecova
4 changed files
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -490,6 +490,7 @@ class MergeRequest < ActiveRecord::Base
  end

  def mergeable?(skip_ci_check: false)
+    return false unless approved?
    return false unless mergeable_state?(skip_ci_check: skip_ci_check)

    check_if_can_be_merged
@@ -967,7 +968,6 @@ class MergeRequest < ActiveRecord::Base

  def mergeable_with_slash_command?(current_user, autocomplete_precheck: false, last_diff_sha: nil)
    return false unless can_be_merged_by?(current_user)
-    return false unless approved?

    return true if autocomplete_precheck


--- a/changelogs/unreleased-ee/2052-fix-merge-slash-approvals.yml
+++ b/changelogs/unreleased-ee/2052-fix-merge-slash-approvals.yml
+---
+title: Check if a merge request is approved when merging from API or slash command
+merge_request:
+author:
--- a/spec/models/merge_request_spec.rb
+++ b/spec/models/merge_request_spec.rb
@@ -1187,6 +1187,26 @@ describe MergeRequest, models: true do

      expect(subject.mergeable?).to be_truthy
    end
+
+    context 'when using approvals' do
+      let(:user) { create(:user) }
+      before do
+        allow(subject).to receive(:mergeable_state?).and_return(true)
+
+        subject.target_project.update_attributes(approvals_before_merge: 1)
+        project.team << [user, :developer]
+      end
+
+      it 'return false if not approved' do
+        expect(subject.mergeable?).to be_falsey
+      end
+
+      it 'return true if approved' do
+        subject.approvals.create(user: user)
+
+        expect(subject.mergeable?).to be_truthy
+      end
+    end
  end

  describe '#mergeable_state?' do

--- a/spec/requests/api/merge_requests_spec.rb
+++ b/spec/requests/api/merge_requests_spec.rb
@@ -635,6 +635,27 @@ describe API::MergeRequests do
      expect(json_response['message']).to eq('405 Method Not Allowed')
    end

+    it 'returns 405 if merge request was not approved' do
+      project.team << [create(:user), :developer]
+      project.update_attributes(approvals_before_merge: 1)
+
+      put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/merge", user)
+
+      expect(response).to have_http_status(406)
+      expect(json_response['message']).to eq('Branch cannot be merged')
+    end
+
+    it 'returns 200 if merge request was approved' do
+      approver = create(:user)
+      project.team << [approver, :developer]
+      project.update_attributes(approvals_before_merge: 1)
+      merge_request.approvals.create(user: approver)
+
+      put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/merge", user)
+
+      expect(response).to have_http_status(200)
+    end
+
    it "returns 401 if user has no permissions to merge" do
      user2 = create(:user)
      project.team << [user2, :reporter]