Hide snippets of banned users
What does this MR do and why?
- Resolves https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/418
- Hides snippets of banned users from non-admin users.
- Admin users can still see the snippets of banned users with a warning icon.
Screenshots or screen recordings
| Context | Admin | Non-Admin |
|---|---|---|
| All Snippets |  |
 |
| Personal Snippet |  |
|
| Project Snippets |  |
 |
| Project Snippet |  |
|
Database
-
Current query plan to get snippets for a project (paginated)
-
Current query plan when on
/explore/snippets -
Query plan with without_created_by_banned_user to get snippets for a project (paginated)
-
Query plan with without_created_by_banned_user when on
/explore/snippets
How to set up and validate locally
-
Log in as a non-admin user and create a public personal snippet using on /dashboard/snippets.
-
In a separate window, log-in as admin and invite the above user to a project (eg.
gitlab-org/gitlab-test). -
Once invited, create another public snippet as the user in step 1 in the gitlab-test project.
-
As an admin, you should be able to see both-snippets.
-
Enable feature flag and ban the user that created the snippets:
Feature.enable(:hide_snippets_of_banned_users)
user.ban!- Refresh the page, the admin should still be able to see the snippets but with a spam icon next to them.
- Log-in as any other user, they should not be able to see either of the snippets.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.