From 046fe624fa90c39124eca39475d0f519a0788d0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=B7=AF=E5=B0=8F=E9=B9=BF?= <1551755561@qq.com>
Date: Mon, 20 Feb 2023 20:08:11 +0800
Subject: [PATCH] Add deployment approver settings to API

Changelog: added
EE: true
---
 doc/api/projects.md                       |  1 +
 ee/lib/ee/api/entities/project.rb         |  1 +
 ee/lib/ee/api/helpers/projects_helpers.rb |  6 +++
 ee/spec/requests/api/projects_spec.rb     | 54 +++++++++++++++++++++++
 4 files changed, 62 insertions(+)

diff --git a/doc/api/projects.md b/doc/api/projects.md
index 529e86d2c94a..736d4dc207c3 100644
--- a/doc/api/projects.md
+++ b/doc/api/projects.md
@@ -1420,6 +1420,7 @@ Supported attributes:
 |-------------------------------------------------------------|----------------|------------------------|-------------|
 | `id`                                                        | integer or string | **{check-circle}** Yes | The ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding). |
 | `allow_merge_on_skipped_pipeline`                           | boolean        | **{dotted-circle}** No | Set whether or not merge requests can be merged with skipped jobs. |
+| `allow_pipeline_trigger_approve_deployment` **(PREMIUM)**   | boolean        | **{dotted-circle}** No | Set whether or not a pipeline triggerer is allowed to approve deployments. |
 | `only_allow_merge_if_all_status_checks_passed` **(ULTIMATE)** | boolean | **{dotted-circle}** No | Indicates that merges of merge requests should be blocked unless all status checks have passed. Defaults to false.<br/><br/>[Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/369859) in GitLab 15.5 with feature flag `only_allow_merge_if_all_status_checks_passed` disabled by default. The feature flag was enabled by default in GitLab 15.9. |
 | `analytics_access_level`                                    | string         | **{dotted-circle}** No | One of `disabled`, `private` or `enabled` |
 | `approvals_before_merge` **(PREMIUM)**                      | integer        | **{dotted-circle}** No | How many approvers should approve merge request by default. To configure approval rules, see [Merge request approvals API](merge_request_approvals.md). |
diff --git a/ee/lib/ee/api/entities/project.rb b/ee/lib/ee/api/entities/project.rb
index 30ca3f99904d..3a2f38d31bc2 100644
--- a/ee/lib/ee/api/entities/project.rb
+++ b/ee/lib/ee/api/entities/project.rb
@@ -52,6 +52,7 @@ def preload_relation(projects_relation, options = {})
           expose :merge_pipelines_enabled?, as: :merge_pipelines_enabled, if: ->(project, _) { project.feature_available?(:merge_pipelines) }
           expose :merge_trains_enabled?, as: :merge_trains_enabled, if: ->(project, _) { project.feature_available?(:merge_pipelines) }
           expose :only_allow_merge_if_all_status_checks_passed, if: ->(project, _) { project.feature_available?(:external_status_checks) }
+          expose :allow_pipeline_trigger_approve_deployment, documentation: { type: 'boolean' }, if: ->(project, _) { project.feature_available?(:protected_environments) }
         end
       end
     end
diff --git a/ee/lib/ee/api/helpers/projects_helpers.rb b/ee/lib/ee/api/helpers/projects_helpers.rb
index 9d8eca9f342a..45cc3f59f736 100644
--- a/ee/lib/ee/api/helpers/projects_helpers.rb
+++ b/ee/lib/ee/api/helpers/projects_helpers.rb
@@ -30,6 +30,7 @@ module ProjectsHelpers
           end
 
           params :optional_update_params_ee do
+            optional :allow_pipeline_trigger_approve_deployment, type: Grape::API::Boolean, desc: 'Allow pipeline triggerer to approve deployments'
             optional :mirror_user_id, type: Integer, desc: 'User responsible for all the activity surrounding a pull mirror event. Can only be set by admins'
             optional :only_mirror_protected_branches, type: Grape::API::Boolean, desc: 'Only mirror protected branches'
             optional :mirror_branch_regex, type: String, desc: 'Only mirror branches match regex'
@@ -54,6 +55,7 @@ module ProjectsHelpers
           # https://gitlab.com/gitlab-org/gitlab-foss/issues/50911.
           def update_params_at_least_one_of
             super.concat [
+              :allow_pipeline_trigger_approve_deployment,
               :only_allow_merge_if_all_status_checks_passed,
               :approvals_before_merge,
               :external_authorization_classification_label,
@@ -75,6 +77,10 @@ def filter_attributes_using_license!(attrs)
           unless ::License.feature_available?(:external_authorization_service_api_management)
             attrs.delete(:external_authorization_classification_label)
           end
+
+          unless ::License.feature_available?(:protected_environments)
+            attrs.delete(:allow_pipeline_trigger_approve_deployment)
+          end
         end
 
         override :filter_attributes_under_feature_flag!
diff --git a/ee/spec/requests/api/projects_spec.rb b/ee/spec/requests/api/projects_spec.rb
index 870e3333c3c2..584475260c4c 100644
--- a/ee/spec/requests/api/projects_spec.rb
+++ b/ee/spec/requests/api/projects_spec.rb
@@ -409,6 +409,32 @@
         expect(json_response).not_to have_key 'merge_trains_enabled'
       end
     end
+
+    context 'when protected_environments is available' do
+      before do
+        stub_licensed_features(protected_environments: true)
+      end
+
+      it 'returns allow_pipeline_trigger_approve_deployment flag' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(json_response).to have_key 'allow_pipeline_trigger_approve_deployment'
+      end
+    end
+
+    context 'when protected_environments is not available' do
+      before do
+        stub_licensed_features(protected_environments: false)
+      end
+
+      it 'does not returns allow_pipeline_trigger_approve_deployment flag' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(json_response).not_to have_key 'allow_pipeline_trigger_approve_deployment'
+      end
+    end
   end
 
   # Assumes the following variables are defined:
@@ -1490,6 +1516,34 @@
         end
       end
     end
+
+    context 'when protected_environments is available' do
+      before do
+        stub_licensed_features(protected_environments: true)
+      end
+
+      let(:project_params) { { allow_pipeline_trigger_approve_deployment: true } }
+
+      it 'updates the content' do
+        expect { subject }.to change { project.reload.allow_pipeline_trigger_approve_deployment }.from(false).to(true)
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(json_response['allow_pipeline_trigger_approve_deployment']).to eq(project_params[:allow_pipeline_trigger_approve_deployment])
+      end
+    end
+
+    context 'when protected_environments not available' do
+      before do
+        stub_licensed_features(protected_environments: false)
+      end
+
+      let(:project_params) { { allow_pipeline_trigger_approve_deployment: true } }
+
+      it 'does not update the content' do
+        expect { subject }.to not_change { project.reload.allow_pipeline_trigger_approve_deployment }
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(json_response).not_to have_key 'allow_pipeline_trigger_approve_deployment'
+      end
+    end
   end
 
   describe 'POST /projects/:id/restore' do
-- 
GitLab