Prevent current user from blocking themselves in (the new) abuse reports
What does this MR do and why?
- Resolves the 2nd sub-task of https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/185
- If an admin has been reported for abuse, they should not be allowed to take action on that report other than to just close the report. They can continue to block/report other admins.
- This MR addresses the new abuse report dashboard we have been working on which is behind a feature flag. The change has already been applied to the old abuse report dashboard, !119002 (merged)
Screenshots or screen recordings
Before | After |
---|---|
abuse-report-actions-before | abuse-report-actions-after |
How to set up and validate locally
- Enable feature flag
abuse_reports_list
- Log-in as any user that is not
root
. - Go to the admin profile,
http://127.0.0.1:3000/root
and report the user for abuse. - Log back in as
root
and navigate to the abuse reports,http://127.0.0.1:3000/admin/abuse_reports
. - Open the abuse report, you should not be able to block/ban/delete yourself as an admin.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Hinam Mehra