Merge branch 'remove_deprecated_approver_endpoint' into 'master'

Removes deprecated approvers update endpoint See merge request gitlab-org/gitlab!57473

Merge branch 'remove_deprecated_approver_endpoint' into 'master'
Removes deprecated approvers update endpoint See merge request gitlab-org/gitlab!57473
e482597a · Mark Chao · 63b285ee · 27dc2f2f · e482597a · e482597a
Commit e482597a authored Apr 02, 2021 by Mark Chao
4 changed files
--- a/doc/api/merge_request_approvals.md
+++ b/doc/api/merge_request_approvals.md
@@ -501,72 +501,6 @@ DELETE /projects/:id/approval_rules/:approval_rule_id
 | `id`                 | integer | yes      | The ID of a project                                       |
 | `approval_rule_id`   | integer | yes      | The ID of a approval rule

-### Change allowed approvers
-
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/183) in GitLab 10.6.
-> - Moved to GitLab Premium in 13.9.
-
-NOTE:
-This API endpoint has been deprecated. Please use Approval Rule API instead.
-
-If you are allowed to, you can change approvers and approver groups using
-the following endpoint:
-
-```plaintext
-PUT /projects/:id/approvers
-```
-
-**Important:** Approvers and groups not in the request are **removed**
-
-**Parameters:**
-
-| Attribute            | Type    | Required | Description                                         |
-| -------------------- | ------- | -------- | --------------------------------------------------- |
-| `id`                 | integer | yes      | The ID of a project                                 |
-| `approver_ids`       | Array   | yes      | An array of User IDs that can approve MRs           |
-| `approver_group_ids` | Array   | yes      | An array of Group IDs whose members can approve MRs |
-
-```json
-{
-  "approvers": [
-    {
-      "user": {
-        "id": 5,
-        "name": "John Doe6",
-        "username": "user5",
-        "state":"active","avatar_url":"https://www.gravatar.com/avatar/4aea8cf834ed91844a2da4ff7ae6b491?s=80\u0026d=identicon","web_url":"http://localhost/user5"
-      }
-    }
-  ],
-  "approver_groups": [
-    {
-      "group": {
-        "id": 1,
-        "name": "group1",
-        "path": "group1",
-        "description": "",
-        "visibility": "public",
-        "lfs_enabled": false,
-        "avatar_url": null,
-        "web_url": "http://localhost/groups/group1",
-        "request_access_enabled": false,
-        "full_name": "group1",
-        "full_path": "group1",
-        "parent_id": null,
-        "ldap_cn": null,
-        "ldap_access": null
-      }
-    }
-  ],
-  "approvals_before_merge": 2,
-  "reset_approvals_on_push": true,
-  "disable_overriding_approvers_per_merge_request": false,
-  "merge_requests_author_approval": true,
-  "merge_requests_disable_committers_approval": false,
-  "require_password_to_approve": true
-}
-```
-
 ## External Project-level MR approvals **(ULTIMATE)**

 Configuration for approvals on a specific Merge Request which makes a call to an external HTTP resource.

--- a/ee/changelogs/unreleased/remove_deprecated_approver_endpoint.yml
+++ b/ee/changelogs/unreleased/remove_deprecated_approver_endpoint.yml
+---
+title: Remove deprecated project approvers update REST API endpoint
+merge_request: 57473
+author:
+type: removed
--- a/ee/lib/api/project_approvals.rb
+++ b/ee/lib/api/project_approvals.rb
@@ -58,24 +58,6 @@ module API
          end
        end
      end
-
-      desc 'Update approvers and approver groups' do
-        detail 'This feature was introduced in 10.6'
-        success EE::API::Entities::ApprovalSettings
-      end
-      params do
-        requires :approver_ids, type: Array[Integer], coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'Array of User IDs to set as approvers.'
-        requires :approver_group_ids, type: Array[Integer], coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'Array of Group IDs to set as approvers.'
-      end
-      put ':id/approvers' do
-        result = ::Projects::UpdateService.new(user_project, current_user, declared(params, include_parent_namespaces: false).merge(remove_old_approvers: true)).execute
-
-        if result[:status] == :success
-          present user_project.present(current_user: current_user), with: EE::API::Entities::ApprovalSettings
-        else
-          render_validation_error!(user_project)
-        end
-      end
    end
  end
 end
--- a/ee/spec/requests/api/project_approvals_spec.rb
+++ b/ee/spec/requests/api/project_approvals_spec.rb
@@ -177,90 +177,4 @@ RSpec.describe API::ProjectApprovals do
      end
    end
  end
-
-  describe 'PUT /projects/:id/approvers' do
-    let(:url) { "/projects/#{project.id}/approvers" }
-
-    shared_examples_for 'a user with access' do
-      it 'removes all approvers if no params are given' do
-        project.approvers.create(user: approver)
-
-        expect do
-          put api(url, current_user), params: { approver_ids: [], approver_group_ids: [] }.to_json, headers: { CONTENT_TYPE: 'application/json' }
-        end.to change { project.approvers.count }.from(1).to(0)
-
-        expect(response).to have_gitlab_http_status(:ok)
-        expect(json_response['approvers']).to be_empty
-        expect(json_response['approver_groups']).to be_empty
-      end
-
-      context 'when sending form-encoded data' do
-        it 'removes all approvers if no params are given' do
-          project.approvers.create(user: approver)
-
-          expect do
-            put api(url, current_user), params: { approver_ids: '', approver_group_ids: '' }
-          end.to change { project.approvers.count }.from(1).to(0)
-
-          expect(response).to have_gitlab_http_status(:ok)
-          expect(json_response['approvers']).to be_empty
-          expect(json_response['approver_groups']).to be_empty
-        end
-      end
-
-      it 'sets approvers and approver groups' do
-        project.approvers.create(user: approver)
-
-        expect do
-          put api(url, current_user), params: { approver_ids: [approver.id], approver_group_ids: [group.id] }
-        end.to change { project.approvers.count }.by(0).and change { project.approver_groups.count }.from(0).to(1)
-
-        expect(project.approvers.count).to eq(1)
-        expect(project.approvers.first.user_id).to eq(approver.id)
-        expect(project.approver_groups.first.group_id).to eq(group.id)
-
-        expect(response).to have_gitlab_http_status(:ok)
-        expect(json_response['approvers'][0]['user']['username']).to eq(approver.username)
-        expect(json_response['approver_groups'][0]['group']['name']).to eq(group.name)
-      end
-
-      it 'only shows approver groups that are visible to the current user' do
-        private_group = create(:group, :private)
-        project.approvers.create(user: approver)
-
-        expect do
-          put api(url, current_user), params: { approver_ids: [approver.id], approver_group_ids: [private_group.id] }
-        end.to change { project.approver_groups.count }.from(0).to(1)
-
-        expect(response).to match_response_schema('public_api/v4/project_approvers', dir: 'ee')
-        expect(json_response["approver_groups"].size).to eq(visible_approver_groups_count)
-      end
-    end
-
-    context 'as a project admin' do
-      it_behaves_like 'a user with access' do
-        let(:current_user) { user }
-        let(:visible_approver_groups_count) { 0 }
-      end
-    end
-
-    context 'as a global admin' do
-      it_behaves_like 'a user with access' do
-        let(:current_user) { admin }
-        let(:visible_approver_groups_count) { 1 }
-      end
-    end
-
-    context 'as a random user' do
-      it 'returns 403' do
-        project.approvers.create(user: approver)
-
-        expect do
-          put api(url, user2), params: { approver_ids: [], approver_group_ids: [] }.to_json, headers: { CONTENT_TYPE: 'application/json' }
-        end.not_to change { project.approvers.count }
-
-        expect(response).to have_gitlab_http_status(:forbidden)
-      end
-    end
-  end
 end