Revisit logic used to hide projects created by banned users
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
The following discussion from !126953 (merged) should be addressed:
@cablett: I have a question about the significance of the creator. Consider the following scenario:
-
User1creates a project in a group they own and they become the owner of the project. -
User1addsUser2as an owner of the project. -
User2removesUser1as the owner of the group and project. -
AdminUserbansUser2because they did something bad.
Since User1 is the creator, but not the current owner, of the project, what happens? What should happen if the user and the creator are both banned but are different people? Or the creator is not banned, but they gave it to a user who was later banned? The check ensures they are the same person, but maybe it shouldn't
I see this was also discussed in https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/373#note_1399331159. I think if this is a good enough to capture projects that are created and owned by the same user and we can think about how to handle non-creator owners. I would argue that the last owner is far more significant than whoever created the project.
If a banned user has a project in their personal namespace, do we hide the project in this way? Especially if there are other owners.
I might suggest that we have something like: show this indicator if last owner of the project is banned. @serenafang @manojmj @lohrc you did some analysis on the last owner of a group being banned? What do you think?
@manojmj: I agree with @cablett here: In https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/373#note_1399670498, the recommendation is:
The edge case is a hard one. Let's say for now they need to be a
Creator+Owneras that would probably cover most of the abuse and would be easier to defend in the event their is a FP that affects legitimate members.
However, I would say that looking at the Creator alone would be enough to prevent abuse, we do not really need to bring Ownership into the mix.
I am understanding that what we need to solve for is: certain bad actors create projects, and we want to ban them, and when we ban them, the projects they created should be hidden too.
For this use case, I do not understand why we need to look at both Creator + Owner - if we are certain that a person is a bad actor, aren't we also certain that the projects they created should disappear too, no matter what access level they hold currently?
Edit: Ah, I see this now: https://gitlab.com/gitlab-org/gitlab/-/blob/532b24ba9c9039f226ac1a9d46f3e0bbefedbc7e/app/models/project.rb#L915, the current logic to hide a project is actually to hide all projects created by a person, where they are also an OWNER. So looks like we have no option but to continue using this logic when we are gonna display badges in the UI for the same set of projects, so looks like this is okay
But, I still do not understand why we bring ownership into the whole picture
@lohrc: I agree with @manojmj here that looking into project creation seems more reasonable. In Charlie's example:
User1creates a project in a group they own and they become the owner of the project.User1addsUser2as an owner of the project.User2removesUser1as the owner of the group and project.AdminUserbansUser2because they did something bad.
User 1 might not know that User 2 is malicious. Perhaps User 2 removes User 1 with malicious intent and then behaves badly to get the project banned. User 1 cannot do anything now to remedy this situation, even though they haven't done anything wrong.
What assumption are we working off here? Do we assume that projects that were "touched" by a malicious actor are generally a risk and should therefore be removed?