Limit updating `can_create_group` & `projects_limit` to Enterprise Users
requested to merge limit-updating-can_create_group-and-projects_limit-to-enterprise-users into master
What does this MR do and why?
This MR limits updating user settings by a group's SAML SSO response from provisioned by the group users to enterprise users of the group
Related to #412898 (closed)
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
- Make sure the GitLab instance simulates or a SaaS instance since Enterprise Users is a SaaS feature
- Create a top-level group and configure SAML SSO.
-
Configure SAML response to return
can_create_group
withfalse
value andprojects_limit
with0
. - Sign in through the group's SAML identity provider to provision a user.
- Confirm that
can_create_group
andprojects_limit
settings hasn't been updated for the user. In Rails console:
User.find_by_username('USERNAME').slice('can_create_group', 'projects_limit')
- Configure "Automatic claims of enterprise users". For testing purposes on the local environment you can claim the user manually from the Rails console:
User.find_by_username('USERNAME').user_detail.update(enterprise_group_id: GROUP_ID)
- Sing out and sign in to the user account through the group's SAML identity provider one more time
- Check the users settings -
step 5
. Confirm that the user'scan_create_group
andprojects_limit
settings are set tofalse
and0
as per the SAML response.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Bogdan Denkovych