Audit events for features access level changes shows wrong label
Summary
Audit event logs show "Unknown" for for a Page's access level if the project is private, and the pages access level is set to "EVERYONE".
I believe this is because Gitlab::VisibilityLevel.level_name
is used to determine the label of the access level number:
project_feature_changes_auditor.rb
def attributes_from_auditable_model(column)
base_data = { target_details: @project.full_path }
return base_data unless COLUMNS.include?(column)
{
from: ::Gitlab::VisibilityLevel.level_name(model.previous_changes[column].first),
to: ::Gitlab::VisibilityLevel.level_name(model.previous_changes[column].last)
}.merge(base_data)
end
This causes problems with the audit label (at least?) because the Pages access level numbers do not align with the visibility level enum values, which also do not align with a hard-coded constant that the Vue component uses:
pagesFeatureAccessLevelOptions() {
const options = [featureAccessLevelMembers];
if (this.pagesAccessControlForced) {
// ...
} else {
// ...
if (this.visibilityLevel !== visibilityOptions.PUBLIC) {
options.push([30, PAGE_FEATURE_ACCESS_LEVEL]); // <-- HERE
}
}
return options;
},
Number | UI Constants (src) | Vue Component (src) | visibility_level.rb (src) |
---|---|---|---|
0 | NOT_ENABLED | PRIVATE | |
10 | PROJECT_MEMBERS | INTERNAL | |
20 | EVERYONE | PUBLIC | |
30 | EVERYONE |
On a potentially related note, I found that a background migration fix_pages_access_level.rb
also uses a different set of constants than the UI when setting pages access levels:
Number | UI Constants (src) | Vue Component (src) | visibility_level.rb (src) | fix_pages_access_level.rb (src) |
---|---|---|---|---|
0 | NOT_ENABLED | PRIVATE | ||
10 | PROJECT_MEMBERS | INTERNAL | PRIVATE | |
20 | EVERYONE | PUBLIC | ENABLED | |
30 | EVERYONE | PUBLIC |
I am also unsure if anything else is affected aside from the invalid audit label entries.
Steps to reproduce
Set a private project's Pages access level to "EVERYONE" and view the audit log for the project:
Example Project
What is the current bug behavior?
An invalid label for a page's access level is displayed in the audit log.
What is the expected correct behavior?
A correct access level (not visibility level?) label should be displayed
Relevant logs and/or screenshots
Output of checks
Occurs on GitLab.com
Results of GitLab environment info
Results of GitLab application Check
Possible fixes
See the summary above