Step 2: Rails controller enforcement for Organization read-only mode

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Label this issue

Summary

Create an EnforcesReadOnlyOrganization concern following the EnforcesStepUpAuthenticationForNamespace pattern to block write requests when an Organization is in :maintenance state.

Branch from: duo-edit-20260307-155643 (!226399 (closed) - Step 1 POC branch)

Implementation Details

Create app/controllers/concerns/enforces_read_only_organization.rb
Include in Groups::ApplicationController with before_action after @group is loaded
Include in Projects::ApplicationController with before_action after @project is loaded
Resolve Organization from loaded group/project via namespace.organization
Check if Organization is in :maintenance state
Write requests: return 503 (JSON) or redirect with flash (HTML)
Read requests: allow through

Key Files

app/controllers/concerns/enforces_read_only_organization.rb (new)
app/controllers/groups/application_controller.rb
app/controllers/projects/application_controller.rb

Reference Pattern

app/controllers/concerns/enforces_step_up_authentication_for_namespace.rb

Effort

Medium (2-3 days)

Dependencies

Step 1 (Organization state machine) - done via !226399 (closed)

Edited Mar 25, 2026 by 🤖 GitLab Bot 🤖