Netlify CMS authentication for only members of repository
Goal
For only members of a public GitLab repository to be able to access the Netlify CMS admin.
For our use case, this means about.gitlab.com/admin
Currently anyone with a GitLab account can login to the admin. We'd like to restrict access to www-gitlab-com project members.
Here's the slack thread in #marketing that spawned this issue.
Although any account can log in, their actions are still restricted based on their permissions. For example users could see "draft posts" which are just public MRs - already visible via gitlab.com's normal UI - but they wouldn't be able to merge without Maintainer permissions. There is no current security risk, just confusing behavior.
Jobs To Be Done
-
Situation: When anyone tries to login to the
about.gitlab.com/admin
, only those who are project members of www-gitlab-com should be able to authenticate successfully. - Motivation: We want to have the admin only available to GitLab team members.
- Outcome: So that non team-members don't have access to an "admin" site.
Please provide more information related to this request
Make sure the information you provide is relevant for your request. If unsure, please provide all the fields. Add/remove rows as needed.
If this is urgent, what is the business need for the urgency?
-
Yes: SIRT got informed that it is possible to log into the https://about.gitlab.com/admin interface with ANY GitLab account
-
No
If the requestor is not the DRI, find out if the DRI is aware of the request / wants to change things.
Does anyone in leadership have eyes on this project?
-
Yes @laurenbarker -
No
Compliance / legal / accessibility regulations to be aware of?
-
Yes: Please describe why
-
No: Please describe why
Page(s)
Which page(s) are involved in this request?
about.gitlab.com/admin
DCI
-
DRI: GitLab Handle
-
Consulted: @laurenbarker @jroppelt -
Informed: Everyone
In scope
What is within scope of this request?
-
Making an open source contribution to the GitLab Netlify CMS backend -
Bumping the netlify-cms.js package here -
Verifying on production
Requirements
What are the requirements for this request? Checklist below is an example of common requirements, please check all that apply and adjust as necessary:
-
Copy writing -
Illustration -
Custom Graphics -
Research -
Data / Analytics -
UX Design -
Engineering