User admin approval - Approve users pending approval via admin UI
What does this MR do?
For #257886 (closed)
This is part of an epic and a good bunch of work on this feature has already been merged - &4491
**A short walkthru video explaining the change is available here ** (Update: This is slightly outdated now, as the approval flow does not include force confirming the user anymore)
This change allows the following operations via the admin UI.
- Shows the users pending approval under "Pending approval" tab.
- Allows to approve a pending user. This step
- activates the user
- send confirmation instruction to the users email if they are not confirmed yet
- accepts their pending invitations, if the user satisfies all prerequisites for a successful login and has their email confirmed.
- Allows to block a pending user.
- Allows to delete a pending user.
Everything is behind a feature flag, which will be removed soon with #258980 (closed), hence there is no changelog.
I will ask for review of UI text from Technical Writing & add documentation for the feature in a different MR (as this is behind a feature flag now, these will not be shown anyway)
Screenshots
New "Pending approval" tab shows users pending approval:
Operations available on pending users - they can be approved, blocked or deleted:
Show pending user page - has the same operations available: (this is for a user that does not have their email confirmed yet)
Show pending user page - has the same operations available: (this is for a user that hash their email confirmed already)
After approving a user:
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team