Hide merge requests from banned users
What does this MR do and why?
When the ban_user_feature_flag
is enabled and a user is banned, we currently hide issues. This MR extends that functionality to also hide merge requests.
When logged in as auditor or admin, hidden merge requests (and issues) remain visible, with a spam icon to highlight their status.
Database
This adds a scope without_hidden
that is applied when viewing merge requests.
This is the query with the feature flag disabled (explained):
SELECT
"merge_requests".*
FROM
"merge_requests"
WHERE
"merge_requests"."target_project_id" = 278964
AND("merge_requests"."state_id" IN(1))
ORDER BY
"merge_requests"."created_at" DESC,
"merge_requests"."id" DESC
LIMIT 20 OFFSET 0
This is the query with the feature flag enabled (explained):
SELECT
"merge_requests".*
FROM
"merge_requests"
WHERE
"merge_requests"."author_id" NOT IN(
SELECT "banned_users"."user_id" FROM "banned_users"
)
AND "merge_requests"."target_project_id" = 278964
AND("merge_requests"."state_id" IN(1))
ORDER BY
"merge_requests"."created_at" DESC,
"merge_requests"."id" DESC
LIMIT 20 OFFSET 0
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/375964
Epic: &5741
Screenshots or screen recordings
Index | Show | |
---|---|---|
Logged in as admin | ||
Logged in as guest |
How to set up and validate locally
- Enable the banned users feature in the Rails console:
Feature.enable(:ban_user_feature_flag)
- Create a public project.
- Impersonate a user and create a public merge request in the project.
- Stop impersonation.
- Ban the user (user's page > Settings > Ban user)
- View the project page as an admin, and as a guest.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Alex Buijs