Add `ai_catalog_restricted_to_group_hierarchy` to `namespace_ai_settings`

Luke Duncalferequested to merge
594617-be-migrations into master

What does this MR do and why?

This MR adds a new boolean column ai_catalog_restricted_to_group_hierarchy to namespace_ai_settings, defaulting to false and not nullable.

A follow-up MR !233914 (merged) will use this setting to filter the AI Catalog. When the setting is true on a top-level group, only items owned within the group's hierarchy and GitLab-managed foundational items will be available. When false (the default), the catalog will not be filtered.

Also adds the corresponding audit event ai_catalog_restricted_to_group_hierarchy_updated, registered with the existing AiNamespaceSettingChangesAuditor so changes to the column are recorded automatically.

References

Screenshots

image

How to set up and validate locally

This MR adds a database column and registers an audit event. There is no UI yet. To verify:

  1. Run bundle exec rails db:migrate.
  2. In a rails console session, choose a top-level group with Duo enabled, and toggle the column: 
    user = User.first # @root
group = Group.last
::Groups::UpdateService.new(
  group,
  user,
  ai_settings_attributes: { ai_catalog_restricted_to_group_hierarchy: true }
).execute
  3. Visit the group's Secure > Audit events section and confirm an audit events appears for the settings change.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Luke Duncalfe

Merge request reports