Resolve "Deactivate a user (with self-service reactivation)"
Moved to new repo:
What does this MR do?
For #63921 (moved)
-
Adds option to deactivate a user from admin/users/show
page -
Adds option to activate a user from admin/users/show
page if the user is currently deactivated -
Adds option to deactivate a user from admin/users/index
page -
Adds option to activate a user from admin/users/index
page if the user is currently deactivated -
The option to deactivate a user shows up only if the user is currently in activate state and does not have any activity in the last 14 days. -
A deactivated user cannot access git, and when trying to do so is shown an informative error message to log in to GitLab to activate the account. -
A deactivated user cannot access the API, and when trying to do so is shown an informative error message to log in to GitLab to activate the account. -
When a deactivated user logs back in via username/password, an informative message is shown regarding their reactivation. -
When a deactivated user logs back in via SSO(like bitbucket), an informative message is shown regarding their reactivation. -
Added new tab "Deactivated" for deactivated users in admin/users/index
page -
Added "Sort by" label to sort options -
When a user is deactivated by the admin, the user is forcefully logged out when they perform their next request with informative error message. To reactivate their account, they would have to log back in. -
Deactivated users do not receive notifications.
API:
-
Added PUT users/:id/activate
API for activating a deactivated user. Only for admins. -
Added PUT users/:id/deactivate
API for deactivating an active user. Only for admins. Returns403
if the user has any activity in the last 14 days or if the user is not in an active state
TODO:
-
FE Work - Adding modals while activating and blocking a user from admin/users
page as described @ https://gitlab.com/gitlab-org/gitlab-ce/issues/63921#solution -
EE Port - I will do this after an initial review.
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry for user-facing changes, or community contribution. Check the link for other scenarios. -
Documentation created/updated or follow-up review issue created -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Performance and testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Edited by Manoj M J