Hide snippets of banned users (backend) (!134048) · Merge requests · GitLab.org / GitLab

Hinam Mehra requested to merge anti-abuse/418-hide-snippets-banned-users-backend into master Oct 13, 2023

What does this MR do and why?

Follows from !131725 (merged)
The previous MR was reverted due to a mixed deployment issue which caused a QA spec to fail.
The suggestion was to create 2 new MRs - one for backend and one for frontend. This MR copies the backend changes from the previously merged MR !131725 (merged)

How to set up and validate locally

Enable feature flag hide_snippets_of_banned_users
Log-in as a user and create a personal / project snippet
In the rails console, ban the user that you just logged in as.

> user.ban!

Get a list of snippets that weren't created by banned users.

> Snippet.without_created_by_banned_user

Lastly, navigate to http://127.0.0.1:3000/-/graphql-explorer and run the following GraphQL query. The field hidden = true when the author of the snippet is banned.

query GetSnippetQuery($ids: [SnippetID!]) {
  snippets(ids: $ids) {
    __typename
    nodes {
      __typename
      id
      title
      description
      descriptionHtml
      createdAt
      updatedAt
      visibilityLevel
      webUrl
      httpUrlToRepo
      sshUrlToRepo
      hidden
    }
  }
}

# VARIABLES
{
  "ids": ["gid://gitlab/Snippet/<SNIPPET ID>"]
}

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Nov 14, 2023 by Hinam Mehra

Hide snippets of banned users (backend)

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports