Operations menu goes to 404 when logged out
Summary
When logged out, the Operations menu goes to /-/metrics
and 404s.
Steps to reproduce
Example Project
https://gitlab.com/markpundsack/docker-example
What is the current bug behavior?
Operations goes to metrics page, which is not available when not logged in.
What is the expected correct behavior?
Operations should go to some page that is available when not logged in. or at least show something about Metrics only being available to project/group members.
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Proposal
-
Change default visibility setting for Operations from: Everyone with access --> Only project members
-
When someone has the visibility set to
only project members
in place:
- Non-project members would not see Operations at all.
- Project members would see the Operations nav item. For permissions level Developers and up, clicking on Operations would display the metrics page. But, Guests and Reporters would instead see the Incidents page when clicking on Operations. Guests would not have the "create new incident" button on the Incident page.
- When someone changes the visibility to
everyone with access
:
- For project members: Operations would link to the Metrics page for Developers and up. Operations would link to incidents for Guests and Reporters. Guests would not see the "Create an incident" button, as only Reporters can create an Incident.
- For non-project members - Clicking Operations would show the Incident page (the only page available in the section, other than Environments) but the "Create an incident" button would be hidden (as we are limiting the creation of incidents to project reporters only)