Add latest changes from gitlab-org/gitlab@master

6 files changed, 116 insertions, 3 deletions

diff --git a/Gemfile b/Gemfile
index a1d33838052..2fbe351ed23 100644
--- a/Gemfile
+++ b/Gemfile
@@ -346,7 +346,7 @@ gem 'warning', '~> 1.3.0'
 group :development do
   gem 'lefthook', '~> 1.1.1', require: false
   gem 'rubocop'
-  gem 'solargraph', '~> 0.45.0', require: false
+  gem 'solargraph', '~> 0.46.0', require: false
 
   gem 'letter_opener_web', '~> 2.0.0'
   gem 'lookbook'
diff --git a/Gemfile.lock b/Gemfile.lock
index 3de98b585e9..f8e5f86ea0c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1308,7 +1308,7 @@ GEM
     slack-messenger (2.3.4)
     snowplow-tracker (0.6.1)
       contracts (~> 0.7, <= 0.11)
-    solargraph (0.45.0)
+    solargraph (0.46.0)
       backport (~> 1.2)
       benchmark
       bundler (>= 1.17.2)
@@ -1756,7 +1756,7 @@ DEPENDENCIES
   simplecov-lcov (~> 0.8.0)
   slack-messenger (~> 2.3.4)
   snowplow-tracker (~> 0.6.1)
-  solargraph (~> 0.45.0)
+  solargraph (~> 0.46.0)
   spamcheck (~> 1.0.0)
   spring (~> 2.1.0)
   spring-commands-rspec (~> 1.0.4)
diff --git a/doc/api/merge_requests.md b/doc/api/merge_requests.md
index 1df140979ae..8be7a4ddc66 100644
--- a/doc/api/merge_requests.md
+++ b/doc/api/merge_requests.md
@@ -1936,6 +1936,26 @@ If the rebase operation fails, the response includes the following:
 }
 ```
 
+## Reset approvals of a merge request
+
+Clear all approvals of merge request.
+
+Available only for [bot users](../user/project/settings/project_access_tokens.md#bot-users-for-projects)
+based on project or group tokens. Users without bot permissions receive a `401 Unauthorized` response.
+
+```plaintext
+PUT /projects/:id/merge_requests/:merge_request_iid/reset_approvals
+```
+
+| Attribute           | Type              | Required | Description                                                                                                     |
+|---------------------|-------------------|----------|-----------------------------------------------------------------------------------------------------------------|
+| `id`                | integer or string | yes      | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user. |
+| `merge_request_iid` | integer           | yes      | The internal ID of the merge request.                                                                           |
+
+```shell
+curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/76/merge_requests/1/reset_approvals"
+```
+
 ## Comments on merge requests
 
 Comments are done via the [notes](notes.md) resource.
diff --git a/doc/user/project/service_desk.md b/doc/user/project/service_desk.md
index f32035102bb..544ee2d8617 100644
--- a/doc/user/project/service_desk.md
+++ b/doc/user/project/service_desk.md
@@ -358,9 +358,23 @@ to everyone who can view the project.
 Behind the scenes, Service Desk works by the special Support Bot user creating issues. This user
 does not count toward the license limit count.
 
+### Moving a Service Desk issue
+
+Service Desk issues can be moved like any other issue in GitLab. 
+
+You can move a Service Desk issue the same way you
+[move a regular issue](issues/managing_issues.md#move-an-issue) in GitLab.
+
+If a Service Desk issue is moved to a different project the customer who created the issue stops receiving emails.
+
 ## Troubleshooting Service Desk
 
 ### Emails to Service Desk do not create issues
 
 Your emails might be ignored because they contain one of the
 [email headers that GitLab ignores](../../administration/incoming_email.md#rejected-headers).
+
+### Responses to a Service Desk issue do not generate emails
+
+Your issue might have been moved to a different project.
+Moved Service Desk issues do not retain email participants.
diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb
index a8f58e91067..9e64d951547 100644
--- a/lib/api/merge_requests.rb
+++ b/lib/api/merge_requests.rb
@@ -544,6 +544,19 @@ module API
         render_api_error!(e.message, 409)
       end
 
+      desc 'Remove merge request approvals' do
+        detail 'This feature was added in GitLab 15.4'
+      end
+      put ':id/merge_requests/:merge_request_iid/reset_approvals', feature_category: :code_review, urgency: :low do
+        merge_request = find_project_merge_request(params[:merge_request_iid])
+
+        unauthorized! unless current_user.bot? && merge_request.can_be_approved_by?(current_user)
+
+        merge_request.approvals.delete_all
+
+        status :accepted
+      end
+
       desc 'List issues that will be closed on merge' do
         success Entities::MRNote
       end
diff --git a/spec/requests/api/merge_requests_spec.rb b/spec/requests/api/merge_requests_spec.rb
index 17cd86e73a1..9bd1aef9961 100644
--- a/spec/requests/api/merge_requests_spec.rb
+++ b/spec/requests/api/merge_requests_spec.rb
@@ -9,6 +9,7 @@ RSpec.describe API::MergeRequests do
   let_it_be(:user)  { create(:user) }
   let_it_be(:user2) { create(:user) }
   let_it_be(:admin) { create(:user, :admin) }
+  let_it_be(:bot) { create(:user, :project_bot) }
   let_it_be(:project) { create(:project, :public, :repository, creator: user, namespace: user.namespace, only_allow_merge_if_pipeline_succeeds: false) }
 
   let(:milestone1) { create(:milestone, title: '0.9', project: project) }
@@ -3514,6 +3515,71 @@ RSpec.describe API::MergeRequests do
     end
   end
 
+  describe 'PUT :id/merge_requests/:merge_request_iid/reset_approvals' do
+    before do
+      merge_request.approvals.create!(user: user2)
+      create(:project_member, :maintainer, user: bot, source: project)
+    end
+
+    context 'when reset_approvals can be performed' do
+      it 'clears approvals of the merge_request' do
+        put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/reset_approvals", bot)
+
+        merge_request.reload
+        expect(response).to have_gitlab_http_status(:accepted)
+        expect(merge_request.approvals).to be_empty
+      end
+
+      it 'for users with bot role' do
+        put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/reset_approvals", bot)
+
+        expect(response).to have_gitlab_http_status(:accepted)
+      end
+
+      context 'for users with non-bot roles' do
+        let(:human_user) { create(:user) }
+
+        [:add_owner, :add_maintainer, :add_developer, :add_guest].each do |role_method|
+          it 'returns 401' do
+            project.send(role_method, human_user)
+
+            put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/reset_approvals", human_user)
+
+            expect(response).to have_gitlab_http_status(:unauthorized)
+          end
+        end
+      end
+
+      context 'for bot-users from external namespaces' do
+        let_it_be(:external_bot) { create(:user, :project_bot) }
+
+        context 'external group bot-user' do
+          before do
+            create(:group_member, :maintainer, user: external_bot, source: create(:group))
+          end
+
+          it 'returns 401' do
+            put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/reset_approvals", external_bot)
+
+            expect(response).to have_gitlab_http_status(:unauthorized)
+          end
+        end
+
+        context 'external project bot-user' do
+          before do
+            create(:project_member, :maintainer, user: external_bot, source: create(:project))
+          end
+
+          it 'returns 401' do
+            put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/reset_approvals", external_bot)
+
+            expect(response).to have_gitlab_http_status(:unauthorized)
+          end
+        end
+      end
+    end
+  end
+
   describe 'Time tracking' do
     let!(:issuable) { create(:merge_request, :simple, author: user, assignees: [user], source_project: project, target_project: project, source_branch: 'markdown', title: "Test", created_at: base_time) }