Group settings to limit unique project downloads per user

Implements https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/34 as part of https://gitlab.com/groups/gitlab-org/modelops/anti-abuse/-/epics/1.

What does this MR do and why?

Add top-level group settings page where group owners can set values to limit how many unique projects a user can download within a set interval. This feature is only available on Ultimate plans.

Why?

Please see https://gitlab.com/groups/gitlab-org/modelops/anti-abuse/-/epics/1 (confidential) for the rationale behind this feature.

Migrations

• Output of db:migrate

  main: == 20220613054349 AddUniqueProjectDownloadLimitSettingsToNamespaceSettings: migrating
  main: -- add_column(:namespace_settings, :unique_project_download_limit, :smallint, {:default=>0, :null=>false})
  main:    -> 0.0071s
  main: -- add_column(:namespace_settings, :unique_project_download_limit_interval, :integer, {:default=>0, :null=>false})
  main:    -> 0.0013s
  main: == 20220613054349 AddUniqueProjectDownloadLimitSettingsToNamespaceSettings: migrated (0.0092s)
  
  ci: == 20220613054349 AddUniqueProjectDownloadLimitSettingsToNamespaceSettings: migrating
  ci: -- add_column(:namespace_settings, :unique_project_download_limit, :smallint, {:default=>0, :null=>false})
  ci:    -> 0.0051s
  ci: -- add_column(:namespace_settings, :unique_project_download_limit_interval, :integer, {:default=>0, :null=>false})
  ci:    -> 0.0010s
  ci: == 20220613054349 AddUniqueProjectDownloadLimitSettingsToNamespaceSettings: migrated (0.0063s)

• Output of db:rollback

  main: == 20220613054349 AddUniqueProjectDownloadLimitSettingsToNamespaceSettings: reverting
  main: -- remove_column(:namespace_settings, :unique_project_download_limit_interval, :integer, {:default=>0, :null=>false})
  main:    -> 0.0062s
  main: -- remove_column(:namespace_settings, :unique_project_download_limit, :smallint, {:default=>0, :null=>false})
  main:    -> 0.0008s
  main: == 20220613054349 AddUniqueProjectDownloadLimitSettingsToNamespaceSettings: reverted (0.0127s)
  
  ci: == 20220613054349 AddUniqueProjectDownloadLimitSettingsToNamespaceSettings: reverting
  ci: -- remove_column(:namespace_settings, :unique_project_download_limit_interval, :integer, {:default=>0, :null=>false})
  ci:    -> 0.0056s
  ci: -- remove_column(:namespace_settings, :unique_project_download_limit, :smallint, {:default=>0, :null=>false})
  ci:    -> 0.0006s
  ci: == 20220613054349 AddUniqueProjectDownloadLimitSettingsToNamespaceSettings: reverted (0.0085s)

• db:check-migrations

• db:gitlabcom-database-testing results

Screenshots or screen recordings

Screen_Recording_2022-06-22_at_2.37.47_PM

How to set up and validate locally

Set up

1. Create a top-level group
2. Ensure you have an Ultimate plan in your GDK instance
3. With the group you created in (1), ensure that the licensed feature is available (this requires (2)). You can do this in Rails console:

   > Group.find(<id_of_your_group>).feature_available?(:unique_project_download_limit)
   => true

4. Enable the feature flag

   echo "Feature.enable(:limit_unique_project_downloads_per_namespace_user)" | rails c

Validate

1. With the user (owner) you used to create the group in Set up step 1, go to the group page

2. In the sidebar navigate to Settings > Reporting

3. Validate that you can see the form

   The form

   

4. Update the settings value

5. Validate that you can update Unique project download limit with values in 0-10,000 range

6. Validate that you can update Unique project download limit interval with values in 0-864,000 (10 days) range

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.