Restrict admin access to specific email domains
Problem to solve
While we have the ability to restrict users from specific domains from registering (https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/598), we should also consider adding the ability to prevent users from specific domains from being made administrators.
Take GitLab.com as an example: we'd certainly like this instance to be open to users from a wide variety of email domains. However, only users with a gitlab.com email address should be allowed to be an administrator; even if a GitLabber owns the account, having an email address not associated with gitlab could open up a possible attack vector. We don't currently have this problem, but preventing administrator access for these users would be an additional and useful check.
Proposal
In the admin area, allow an instance to specify allowed domains for administrator accounts.
- Attempting to promote a user using a prohibited email domain will surface an error.