Skip to content

User private profile enabled by default

Problem to solve

GitLab does not provide the possibility of creating new users with the private profile enabled by default. In different organizations, this might bring new features for data privacy. This is to comply with local data privacy laws and the agreements with, e.g. a company's works council.

It is important that new users "at first" have no choice as to how their profile is set up. It must first be set private. Later, every user can decide for themselves whether to make their profile public or keep it private.

Intended users

Any new user just registered for the first time in GitLab

Proposal

Make this an instance setting to use private profile enabled by default for any new accounts. Users have the option to override this setting later in their profile page. So, even if the instance setting is set to false, the user profile will be created as a private profile when they start off, but they can later switch it to a public profile themselves.

The admin, when they create a new user via the UI/API should respect this instance setting.

When an admin sends a POST request to /users with private_profile=false (when the instance setting is true) to create a new user, the response should be successful, and the value of the instance setting should be overridden by the value present in the API params.

Implementation Plan

  • Migration to add a new boolean column in ApplicationSetting, default_to_private_profile, with a default value of false
  • Allow to change this value via the instance admin UI/API
  • New users should inherit this boolean value to User#private_profile upon creation

Availability and Testing

  • The E2E test qa/qa/specs/features/browser_ui/1_manage/user/follow_user_activity_spec.rb will also need to be updated within this issue. This test uses 2 users- a followed_user and following_user, where the followed_user performs various actions (creating a project, MR, issue, etc.) and the following_user visits the followed_user profile to verify the correct user activity displays. We need to ensure the followed_user's profile will be set to public.
    • Add a data-qa-selector to the "Private profile - Don't display activity-related personal information on your profile." checkbox element on the user's profile settings page
    • Create a new page module to represent a user's main profile settings page (ex: qa/qa/page/profile/show.rb)
    • Add the element reference to this page module and create method(s) that toggle the user's profile to private or public
    • Make changes to follow_user_activity_spec to log in as the followed_user and use the new method to set their profile to public first before continuing on with the test
    • Feel free to reach out to @vburton with any questions
Edited by Manoj M J