Table of Contents

Validation

Validate token

Check user scopes in order to perform this action (scope = 'merge_request:read')
1. Return forbidden in case invalid scope(s) -"Your scope does not allow to access this resource. Missing allowances: merge_request:read"

Extract from token:

...

Return response to user limited by context from user's token
1. return limited response by manual_merge_requests.assignee_id=$user_id and manual_merge_requests.status in ('NEW', 'POSTPONEDPOSTPONE')
  1. in case of error return forbidden ('You are not allowed to view this merge request)
Validate merge_request id. Check merge_requests.id = $.id
1. in case error return 404 ("Merge request with id=$id doesn't exist")

...