Hide user avatar for blocked and unconfirmed users (!75921) · Merge requests · GitLab.org / GitLab

Drew Blessing requested to merge dblessing_avatar_for_blocked_users into master Dec 03, 2021

What does this MR do and why?

Follow-up to #341325 (closed) and !75032 (merged) (merged).

We should mask the user avatar for blocked or unconfirmed users to avoid it being used for spam. You can see in screenshots below this also masks the Gravatar for a user, so they can't even show spam via that external service when they're blocked in GitLab.

Admin users are always able to see the user avatar regardless of status.

Screenshots or screen recordings

Before

After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Dec 06, 2021 by Drew Blessing

Hide user avatar for blocked and unconfirmed users