Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Verify the validity of access token

    1. Return 401 in case validation fails

  2. Check user scopes in order to perform this action (scope = 'merge_request:write')

    1. Return 403 in case invalid scope(s)

  3. Check the employee has created this merge request. Thus select inserted_by from il.merge_requests of this merge request and compare it with user_id from the token.

    1. If not match - return 403 error (Only author of merge request is allowed to reject it)

  4. Check that client_id from the token maches with il.merge_requests.legal_entity_id

    1. If not match - return 422 error (User doesn’t belong to legal entity where the merge request was created)

...