Prevent read access to projects and groups when banned (!91294) · Merge requests · GitLab.org / GitLab

Alex Buijs requested to merge ban-users-from-namespaces into master Jun 28, 2022

What does this MR do and why?

Part of the epics (here and here) to ban users on root namespace level from all subgroups and projects, this adds a service to ban users and policies to enforce the ban.

Issue: https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/41

How to set up and validate locally

Enable the feature flag

Feature.enable(:limit_unique_project_downloads_per_namespace_user)

Ban a user from a root namespace

Users::Abuse::NamespaceBans::CreateService.new(namespace: root_namespace, user: user).execute

Verify the user does not have access to the namespace, any subgroups and projects contained in them

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jul 08, 2022 by Alex Buijs

Prevent read access to projects and groups when banned

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports