feat: Add audit event for group Pages public access control setting
What does this MR do and why?
Toggling the "Remove public access" setting (force_pages_access_control) at the group level previously produced no audit event, creating a gap in audit coverage for a security-relevant setting that affects all projects within a group and its subgroups.
This MR adds the group_force_pages_access_control_updated audit event by:
- Creating a new audit event type YAML file at
ee/config/audit_events/types/group_force_pages_access_control_updated.yml - Adding
force_pages_access_controltoEVENT_NAME_PER_COLUMNinNamespaces::NamespaceSettingChangesAuditor, so changes to this column are audited consistently with other namespace settings - Updating the spec to add a test case for the new column and removing it from the denylist
- Updating the audit event types documentation
This is consistent with how project-level Pages access changes are audited via Projects::ProjectFeatureChangesAuditor (project_feature_pages_access_level_updated).
References
- Closes #595288 (closed)
- Reference: existing project-level audit event
ee/config/audit_events/types/project_feature_pages_access_level_updated.yml
Screenshots or screen recordings
No UI changes — this is a backend-only change adding audit instrumentation.
| Before | After |
|---|---|
| No audit event when toggling "Remove public access" at group level | group_force_pages_access_control_updated audit event created |
How to set up and validate locally
- Toggle the Remove public access setting for your group.
- Check Group Audit events — a
group_force_pages_access_control_updatedevent should appear
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Naman Jagdish Gala