Skip to content

Operations menu goes to 404 when logged out

Summary

When logged out, the Operations menu goes to /-/metrics and 404s.

Steps to reproduce

Example Project

https://gitlab.com/markpundsack/docker-example

What is the current bug behavior?

Operations goes to metrics page, which is not available when not logged in.

What is the expected correct behavior?

Operations should go to some page that is available when not logged in. or at least show something about Metrics only being available to project/group members.

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info 

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Proposal

  1. Change default visibility setting for Operations from: Everyone with access --> Only project members

  2. When someone has the visibility set to only project members in place:

  • Non-project members would not see Operations at all.
  • Project members would see the Operations nav item. For permissions level Developers and up, clicking on Operations would display the metrics page. But, Guests and Reporters would instead see the Incidents page when clicking on Operations. Guests would not have the "create new incident" button on the Incident page.
  1. When someone changes the visibility to everyone with access:
  • For project members: Operations would link to the Metrics page for Developers and up. Operations would link to incidents for Guests and Reporters. Guests would not see the "Create an incident" button, as only Reporters can create an Incident.
  • For non-project members - Clicking Operations would show the Incident page (the only page available in the section, other than Environments) but the "Create an incident" button would be hidden (as we are limiting the creation of incidents to project reporters only)
Edited by Amelia Bauerly