Add a setting to prevent committers from merging their own work
Proposal
Many organizations might have compliance reasons to enforce rules where users are not allowed to merge their own work, no matter who approved the merge request. We should introduce a setting that makes this easy to enforce. The feature should prevent any people from merging MRs in two different levels of limitation:
- Basic: Authors can't merge their own work. If someone else commits to the branch, rebases, applies a suggestion, they still can merge if the approvals exist. (Essentially, "the docs exception").
- Strict: Any person that added a commit can't merge the MR.
To make this easier to implement, we can do the backend as the first step, and the frontend later:
-
As the initial MVC, add settings that you can toggle via the Projects API endpoint, with new boolean project attributes. For example:
prevent-merging-by-mr-authorsandprevent-merging-by-users-who-add-commits. Should default to disabled so that it isn't a breaking change. -
As a followup, we can add the frontend components into Project > Settings > General > Merge Requests. The user text could be something like:
-
Prevent merging by merge request authors
Merge request authors are prevented from merging their own merge requests. -
Prevent merging by all users who add commits
Any user who added commits to a merge request's source branch is prevented from merging the merge request.
-
Edit: I realized that we might only need to do this for Protected branches, or the default branch. That way users can work on two different feature branches, and merge one into the other if needed. In that case, it could be something like:
-
Prevent merge request authors from merging to the default branch
Merge request authors are prevented from merging their own merge requests into a protected branch. -
Prevent merging to the default branch by all users who add commits
Any user who added commits to a merge request's source branch is prevented from merging the merge request into a protected branch.