Implement access controls when SSO enforcement enabled
In Issue #5291 (closed) we will be adding a group setting to enable SSO enforcement. Once this is done we will have to add various controls to restrict access to any group with SSO enforcement enabled.
We need to add the following access controls and validations:
- Prevent non-SSO users being added to the group
- Prevent access to basic group resources by intercepting
- Prevent access to basic project resources via
We also need to consider the following:
- Ensure that controllers that don't user
authenticate_user!still check SSO enforcement, but also check they still work rather than always blocking access
- Access checks when looking up multiple groups/projects at once such as from the projects dashboard
When access is prevented the user should be redirected to the SSO page.