diff --git a/ee/app/services/approval_rules/project_rule_destroy_service.rb b/ee/app/services/approval_rules/project_rule_destroy_service.rb index 9a68c6dd6faad2b6655dc5d040f270412ccea6c4..5e1fc53dd3d979fa3197e4fd056e27e94d7fecce 100644 --- a/ee/app/services/approval_rules/project_rule_destroy_service.rb +++ b/ee/app/services/approval_rules/project_rule_destroy_service.rb @@ -4,8 +4,9 @@ module ApprovalRules class ProjectRuleDestroyService < ::BaseService attr_reader :rule - def initialize(approval_rule) + def initialize(approval_rule, current_user) @rule = approval_rule + super(approval_rule.project, current_user) end def execute @@ -17,6 +18,7 @@ def execute end if rule.destroyed? + audit_deletion success else error(rule.errors.messages) @@ -31,5 +33,16 @@ def remove_associated_approval_rules_from_unmerged_merge_requests .for_unmerged_merge_requests .delete_all end + + def audit_deletion + audit_context = { + author: current_user, + scope: rule.project, + target: rule, + message: 'Deleted approval rule' + } + + ::Gitlab::Audit::Auditor.audit(audit_context) + end end end diff --git a/ee/lib/api/helpers/project_approval_rules_helpers.rb b/ee/lib/api/helpers/project_approval_rules_helpers.rb index 82c2d872d8343c52e923634d118c90bef17c0442..3873e3c37563835d09d3f123ac24f2f6191b96f9 100644 --- a/ee/lib/api/helpers/project_approval_rules_helpers.rb +++ b/ee/lib/api/helpers/project_approval_rules_helpers.rb @@ -75,7 +75,7 @@ def destroy_project_approval_rule approval_rule = user_project.approval_rules.find(params[:approval_rule_id]) destroy_conditionally!(approval_rule) do |rule| - ::ApprovalRules::ProjectRuleDestroyService.new(rule).execute + ::ApprovalRules::ProjectRuleDestroyService.new(rule, current_user).execute end end end diff --git a/ee/spec/services/approval_rules/project_rule_destroy_service_spec.rb b/ee/spec/services/approval_rules/project_rule_destroy_service_spec.rb index d06b40b1923b5e330a24a6fa2af765f517e44f98..a0b232d2529a67ff327b2b5f14f92806034ece80 100644 --- a/ee/spec/services/approval_rules/project_rule_destroy_service_spec.rb +++ b/ee/spec/services/approval_rules/project_rule_destroy_service_spec.rb @@ -8,13 +8,28 @@ describe '#execute' do let!(:project_rule) { create(:approval_project_rule, project: project) } - - subject { described_class.new(project_rule) } + let(:current_user) { create(:user, name: 'Bruce Wayne') } + + subject { described_class.new(project_rule, current_user) } + + shared_context 'an audit event is added' do + it 'adds an audit event' do + expect { subject.execute }.to change { AuditEvent.count }.by(1) + expect(AuditEvent.last.details).to include({ + author_name: current_user.name, + custom_message: 'Deleted approval rule', + target_type: 'ApprovalProjectRule', + target_id: project_rule.id + }) + end + end context 'when there is no merge request rules' do it 'destroys project rule' do expect { subject.execute }.to change { ApprovalProjectRule.count }.by(-1) end + + include_context 'an audit event is added' end context 'when there is a merge request rule' do @@ -28,6 +43,8 @@ it 'destroys merge request rules' do expect { subject.execute }.to change { ApprovalMergeRequestRule.count }.by(-1) end + + include_context 'an audit event is added' end context 'when merged' do @@ -38,6 +55,8 @@ it 'does nothing' do expect { subject.execute }.not_to change { ApprovalMergeRequestRule.count } end + + include_context 'an audit event is added' end end end