Disallow creating project when no visibility levels are available
What does this MR do and why?
Related to #384355 (closed) and #384356 (closed)
In the admin area there is a setting called Restricted visibility levels
. This is a confusing setting and we are trying to make it less confusing in !109538 (merged). Essentially an admin can prevent users from creating Private
, Internal
, and/or Public
projects, groups and snippets. This means that sometimes it is not possible for a user to create a project because there are no visibility levels available. For example if you are trying to create a project in a private group and the admin has Private
checked under the Restricted visibility levels
it is not possible to create a project.
This MR updates the :create_projects
permissions to check if there are any available visibility levels. If there are no available visibility levels this permission is prevented. When it is prevented the New project
button on the group overview page is not shown. Also if you go to the new project page with the namespace_id
param set (/projects/new?namespace_id=22#blank_project
) and there are no available visibility levels in that namespace it will return a 404.
Screenshots or screen recordings
Group overview
Before | After |
---|---|
Create new project
Before (after submitting form) | After |
---|---|
How to set up and validate locally
- Create a private group
- Invite a user to the private group
- Go to the admin area ->
Settings
->General
->Visibility and access controls
- In the
Restricted visibility levels
setting checkPrivate
. Save the form. - Go to the admin area ->
Users
- Find the user you invited in step 2
- Click
Impersonate
- Navigate to the group you created in step 1
- The
New project
button should not be shown - Make note of the group ID from step 1 (shown next to the group name)
- Navigate to
/projects/new?namespace_id=<group id>#blank_project
- It should return a 404
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.