Disable "explore" and "help"

Description

Some organizations prefer to have all GitLab related data private, currently on the sign-in page we offer two links that can be accessed by non-authenticated users.

/help
/explore

There's also /public and /explore/groups.

Proposal

When the Public option is set as a restricted visibility setting in /admin/application_settings, require authentication for /explore, /help, and /public for non-authenticated users.
When selected:
- Redirect unauthenticated users to the sign in page.
- Remove the Explore link from the sign in page.
- Redirect an unauthenticated user attempting to access /help to https://docs.gitlab.com/.

Links / references

Workaround - taken from https://gitlab.com/gitlab-org/gitlab-ce/issues/12658#note_4346566

Only applies to explore

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 99a45e5..7a08f0c 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -13,6 +13,7 @@ class ApplicationController < ActionController::Base
   before_action :authenticate_user_from_private_token!
   before_action :authenticate_user!
   before_action :validate_user_service_ticket!
+  before_action :force_authenticated_user!
   before_action :check_password_expiration
   before_action :ldap_security_check
   before_action :sentry_context
@@ -87,6 +88,12 @@ class ApplicationController < ActionController::Base
     logger.error "\n#{exception.class.name} (#{exception.message}):\n#{application_trace.join}"
   end

+  def force_authenticated_user!(*args)
+    if (!current_user) and (["/users/sign_in", "/users/password/new", "/users/password", "/users/password/edit"].exclude?(request.path))
+        redirect_to new_user_session_path and return
+    end
+  end
+
   def after_sign_in_path_for(resource)
     stored_location_for(:redirect) || stored_location_for(resource) || root_path
   end

Edited Dec 02, 2019 by Jeremy Watson (ex-GitLab)