Skip to content

Unban banned users

Eugie Limpin requested to merge unban_users into master

What does this MR do and why?

This MR implements the second iteration of https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/42.

It adds the ability for a (top-level) group's owners to unban banned members of the group.

See rollout issue.

Screenshots or screen recordings

Screen_Recording_2022-07-15_at_2.39.03_PM

How to set up and validate locally

Set up

  1. Ensure you are running GDK with an Ultimate license. The following command should log true if this is set up correctly 
    echo "License.feature_available?(:unique_project_download_limit)" | rails c
  2. Turn on the feature flags: 
    echo "Feature.enable(:limit_unique_project_downloads_per_namespace_user)" | rails c

Validate

  1. Create a top-level group and invite another member as a non-owner to the group
  2. Ban the invited user in (1) by running the following in Rails console: 
    > group_id = ... # id of the group you created in (1) 
> group = Group.find(group_id)
> user_id = ... # id of the user you invited to your group in (1)
> user = User.find(user_id)
> Users::Abuse::NamespaceBans::CreateService.new(namespace: group, user: user).execute
  3. Using the group owner user go to the group's members page
  4. Validate that you can see Banned tab and the banned user is in the table
  5. Click on Unban button for the user and validate that the page refreshes displaying the message User was successfully unbanned.
  6. Validate the the page does display the Banned tab any more

database Query plan

SQL query

[21] pry(main)> User.find(3).namespace_ban_for(Group.find(89))
  Group Load (1.0ms) ...
  Namespaces::NamespaceBan Load (0.4ms)  SELECT "namespace_bans".* FROM "namespace_bans" WHERE "namespace_bans"."user_id" = 3 AND "namespace_bans"."namespace_id" = 89 LIMIT 1 /*application:console,db_config_name:main,line:/ee/app/models/ee/user.rb:445:in `namespace_ban_for'*/
=> nil

Excerpt from #database-lab

https://gitlab.slack.com/archives/CLJMDRD8C/p1658113583247409

Click to expand 
explain SELECT "namespace_bans".* FROM "namespace_bans" WHERE "namespace_bans"."user_id" = 1 AND "namespace_bans"."namespace_id" = 278964 LIMIT 1
Session: 11061
Plan with execution:
 Limit  (cost=0.15..3.17 rows=1 width=40) (actual time=0.065..0.066 rows=0 loops=1)
   Buffers: shared hit=5
   I/O Timings: read=0.000 write=0.000
   ->  Index Scan using index_namespace_bans_on_namespace_id_and_user_id on public.namespace_bans  (cost=0.15..3.17 rows=1 width=40) (actual time=0.063..0.064 rows=0 loops=1)
         Index Cond: ((namespace_bans.namespace_id = 278964) AN
[...SKIP...]

Recommendations: Looks good

Summary:
Time: 0.652 ms
  - planning: 0.527 ms
  - execution: 0.125 ms
    - I/O read: 0.000 ms
    - I/O write: 0.000 ms

Shared buffers:
  - hits: 5 (~40.00 KiB) from the buffer pool
  - reads: 0 from the OS file cache, including disk I/O
  - dirtied: 0
  - writes: 0

Public link to the plan

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/11061/commands/39632

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Eugie Limpin

Merge request reports