[Pages] Allow customising the access level for instance level enforced access control

Proposal

Currently, we have (#542363)[[Pages] Allow customising the access level for group level enforced access control] for Group level settings of pages.

This feature request is to focus more on instance-level Access Control for pages. As they have suffer a lot of the same issues at the instance level but differ in implementation. Separating into two issues will hopefully lessen the confusion about which one we are referencing. The group setting was created specifically with gitlab.com in mind. See MR.

As it works now

  1. To Disable public access to all Pages Go to Admin > Settings > Preferences > Disable public access checkbox > Save
  2. We notice that Allow public access to pages is forced to Only project members

Image_9-25-25_at_4.58_PM

However, this setting conflicts with internal projects and is not very intuative.

If your project is internal:

  • Only project members: Only project members are able to browse the website.
  • Everyone with access: Everyone logged into GitLab is able to browse the website, no matter their project membership. External users can access the website only if they have a membership in the project.
  • Everyone: Everyone, both logged into and logged out of GitLab, is able to browse the website, no matter their project membership.

But this functionality does not work if we are enforcing Everyone with access at the top level. With Disable Public access to all sites

Instead, we force the Only project members" setting, meaning internal project members will not have access to pages unless they are a member of the project.

With the API

We provide the pages_access_level setting in the Projects API

Which allows us to set the pages access level

Project feature visibility settings with access control options can be one of:

  • disabled: Disable the feature.
  • private: Enable and set the feature to Only project members.
  • enabled: Enable and set the feature to Everyone with access.
  • public: Enable and set the feature to Everyone. Only available for pages_access_level.

Setting this via a curl with

curl --request PUT \
      --header "PRIVATE-TOKEN: <your pat>" \
      --data "pages_access_level=public" \
       "https://<your instance url>/api/v4/projects/<:ID>"

Allows us to set the pages settings to public or enabled (everyone with access), But doing so seems to break the array

Image_9-25-25_at_5.09_PM

While we do not want outside users to access pages, there may be situations where we want to only have internal members access pages. It seems we should have some more functionality here in the UI or api to adjust this feature more accordingly.

-->

Edited by 🤖 GitLab Bot 🤖