Skip to content

Add auto-ban toggle in application settings

Hinam Mehra requested to merge 57-auto-ban-db-api into master

What does this MR do and why?

  • We already have a functional feature flag auto_ban_user_on_excessive_projects_download. We want to replace this with a toggle in the UI so admins can toggle this on and off themselves. This MR just adds a boolean column, auto_ban_user_on_excessive_projects_download in the application_settings table.

Database Migrations

  1. Output of db:migrate
main: == 20220726025516 AddNamespaceSettingsUniqueProjectDownloadLimitAllowlistSizeConstraint: migrated (0.0117s) 
main: == 20220803235114 AddAutoBanUserToApplicationSettings: migrating ==============
main: -- add_column(:application_settings, :auto_ban_user_on_excessive_projects_download, :boolean, {:default=>false, :null=>false})
main:    -> 0.0033s
main: == 20220803235114 AddAutoBanUserToApplicationSettings: migrated (0.0035s) =====
  1. Output of db:rollback
main: == 20220803235114 AddAutoBanUserToApplicationSettings: reverting ==============
main: -- remove_column(:application_settings, :auto_ban_user_on_excessive_projects_download, :boolean, {:default=>false, :null=>false})
main:    -> 0.0058s
main: == 20220803235114 AddAutoBanUserToApplicationSettings: reverted (0.0105s) =====

  1. db:check-migrations

  2. db:gitlabcom-database-testing results

How to set up and validate locally

  1. Run the migration
bin/rake db:migrate RAILS_ENV=development
  1. Turn on feature flag 
bundle exec rails c
> Feature.enable(:git_abuse_rate_limit_feature_flag)
  1. Generate a Personal Access Token from http://localhost:3000/-/profile/personal_access_tokens
  2. List the current application settings of the GitLab instance. You should see auto_ban_user_on_excessive_projects_download: false returned in the response
curl --header "PRIVATE-TOKEN: <your_access_token>" "http://localhost:3000/api/v4/application/settings"
  1. Update the value of auto_ban_user_on_excessive_projects_download 
curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" -d "auto_ban_user_on_excessive_projects_download=true" "http://localhost:3000/api/v4/application/settings"

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/57

Edited by Hinam Mehra

Merge request reports