Skip to content

Hide merge requests from banned users

Alex Buijs requested to merge hide-merge-requests-from-banned-users into master

What does this MR do and why?

When the ban_user_feature_flag is enabled and a user is banned, we currently hide issues. This MR extends that functionality to also hide merge requests.

When logged in as auditor or admin, hidden merge requests (and issues) remain visible, with a spam icon to highlight their status.

Database

This adds a scope without_hidden that is applied when viewing merge requests.

This is the query with the feature flag disabled (explained):

SELECT
	"merge_requests".*
FROM
	"merge_requests"
WHERE
	"merge_requests"."target_project_id" = 278964
	AND("merge_requests"."state_id" IN(1))
ORDER BY
	"merge_requests"."created_at" DESC,
	"merge_requests"."id" DESC
LIMIT 20 OFFSET 0

This is the query with the feature flag enabled (explained):

SELECT
	"merge_requests".*
FROM
	"merge_requests"
WHERE
	"merge_requests"."author_id" NOT IN(
            SELECT "banned_users"."user_id" FROM "banned_users"
        )
	AND "merge_requests"."target_project_id" = 278964
	AND("merge_requests"."state_id" IN(1))
ORDER BY
	"merge_requests"."created_at" DESC,
        "merge_requests"."id" DESC
LIMIT 20 OFFSET 0

Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/375964

Epic: &5741

Screenshots or screen recordings

Index Show
Logged in as admin Screenshot_2022-12-06_at_15.48.38 Screenshot_2022-12-06_at_15.48.45
Logged in as guest Screenshot_2022-12-06_at_15.48.09 Screenshot_2022-12-06_at_15.48.25

How to set up and validate locally

  1. Enable the banned users feature in the Rails console:
Feature.enable(:ban_user_feature_flag)
  1. Create a public project.
  2. Impersonate a user and create a public merge request in the project.
  3. Stop impersonation.
  4. Ban the user (user's page > Settings > Ban user)
  5. View the project page as an admin, and as a guest.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Alex Buijs

Merge request reports

Loading