Enabling GitLab pages access control is still broken resulting in pages going to private unexpectedly
Summary
Original issue at gitlab-foss#59286 (closed) still exists. 2 years after introduction, this migration bug still prevents me from using this feature.
After enabling access control feature via gitlab_pages['access_control'] = true
existing GitLab pages sites will incorrectly have access controls set to private on next save of project settings.
Steps to reproduce
- GitLab instances with pages access levels never having been enabled. Set custom
gitlab_rails['shared_path'] = '/data
(no idea if this makes a difference) - Create private GitLab project and publish GitLab pages site from it
- Verify can access site without authentication
- Enable via
gitlab_pages['access_control'] = true
- Access GitLab pages site, still loads
✔ - Look at project settings page - we can see it says it shouldn't load?
❌ That's not expected migration (public page should not become private without user action) nor is it accurate - we just viewed page without authentication even though it says it should be required - Without changing anything, select save on project settings page
- Why is the save button even showing as active? We didn't change anything...
- Now the site cannot be loaded without authentication. We didn't change any options, this should not require authentication...
❌
Example Project
n/a
What is the current bug behavior?
After enabling access control feature publicly accessible GitLab pages sites are being changed to private unexpectedly upon user saving project settings without explicitly setting to to private
What is the expected correct behavior?
When GitLab pages access control is enabled, existing sites should have setting site to allow "Everyone" which is equivalent to GitLab pages without access controls enabled
Relevant logs and/or screenshots
above
Output of checks
n/a
Results of GitLab environment info
12.10 omnibus
Results of GitLab application Check
all good
Proposed solution
- Change access level for pages to public when pages are deployed if access control is disabled on the instance level
- Rewrite old migration using pages_metadata and re-apply it for fix problem for existing instances
Workaround
Edited by Ben Bodenmiller