Hide user avatar for blocked and unconfirmed users
What does this MR do and why?
Follow-up to #341325 (closed) and !75032 (merged) (merged).
We should mask the user avatar for blocked or unconfirmed users to avoid it being used for spam. You can see in screenshots below this also masks the Gravatar for a user, so they can't even show spam via that external service when they're blocked in GitLab.
Admin users are always able to see the user avatar regardless of status.
Screenshots or screen recordings
Before
After
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Merge request reports
Activity
changed milestone to %14.6
assigned to @dblessing
mentioned in issue #347134 (closed)
Reviewer roulette
Changes that require review have been detected!
Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:
Category Reviewer Maintainer backend Diogo Frazão ( @dfrazao-gitlab) (UTC+1, 7 hours ahead of@dblessing)Sean McGivern ( @smcgivern) (UTC+0, 6 hours ahead of@dblessing)test Quality for spec/features/*Andrejs Cunskis ( @acunskis) (UTC+2, 8 hours ahead of@dblessing)Maintainer review is optional for test Quality for spec/features/*To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.
If needed, you can retry the
danger-reviewjob that generated this comment.Generated by
Edited by Ghost Useradded 1 commit
- c4eba128 - Hide user avatar for blocked and unconfirmed users
Allure report
allure-report-publishergenerated test report for f2a83cd8!review-qa-smoke:
Edited by Ghost User
Setting label(s) ~"Category:Authentication and Authorization" sectiondev based on ~"group::access".
added sectiondev + 1 deleted label
-
This nudge was added by this triage-ops policy.
Resolved by Sean McGivernIt would be useful for admins to see the avatar still when a user is blocked or unconfirmed. Can this be configured to hide the avatar for all users other than admins?
This will help us better determine if a user should be blocked for unconfirmed users. For Blocked accounts, as we use a lot of automation, it will help us better assess whether the block was a false positive or not.
This may have already been handled in this MR; apologies if so, but I don't have the skills to understand all the changes.
- Last reply by Drew Blessing
added 1 commit
- 54c841d7 - Hide user avatar for blocked and unconfirmed users
added 1 commit
- 2b822773 - Hide user avatar for blocked and unconfirmed users
added 1 commit
- 92c74714 - Hide user avatar for blocked and unconfirmed users
added pipeline:skip-undercoverage label
added 757 commits
-
92c74714...c60c6ed3 - 756 commits from branch
master - 25274ea7 - Hide user avatar for blocked and unconfirmed users
-
92c74714...c60c6ed3 - 756 commits from branch
added 1 commit
- e54c27cc - Hide user avatar for blocked and unconfirmed users
- Resolved by Sean McGivern
@alberts-gitlab Do you mind doing an initial backend review, please?
- Last reply by Andrejs Cunskis
