Allow administrators to force access control for gitlab pages (disable public pages)
What does this MR do?
Allow pages access control to be forced on the instance level
Limitations
- We actually don't update any
config.jsonfiles for pages daemon, so if you enforce access control on the admin level it will take effect only with next pages deployment or change of pages related settings. But that will be resolved by gitlab-pages#282 (closed), when we'll get rid of these files altogether. - Settings in
project_featureare allowed to be in an inconsistent state(be public) with the global restriction. But this way if admin has enforced access control and later reverted this change, old settings will take effect.
Allowed settings for pages visibility in the UI
Without enforced access control:
| project visibility | members-only | internal(everyone with access) | public(not logged in users |
|---|---|---|---|
| private | |||
| internal | |||
| public |
|
With enforced access control:
| project visibility | members-only | internal(everyone with access) | public(not logged in users |
|---|---|---|---|
| private | |||
| internal | |||
| public |
|
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec -
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Edited by Vladimir Shushlin