Skip to content

Disallow creating project when no visibility levels are available

Peter Hegman requested to merge 384355-remove-new-project-button-in-group-overview-if-visibility-levels-are-restricted into master

What does this MR do and why?

Related to #384355 (closed) and #384356 (closed)

In the admin area there is a setting called Restricted visibility levels. This is a confusing setting and we are trying to make it less confusing in !109538 (merged). Essentially an admin can prevent users from creating Private, Internal, and/or Public projects, groups and snippets. This means that sometimes it is not possible for a user to create a project because there are no visibility levels available. For example if you are trying to create a project in a private group and the admin has Private checked under the Restricted visibility levels it is not possible to create a project.

This MR updates the :create_projects permissions to check if there are any available visibility levels. If there are no available visibility levels this permission is prevented. When it is prevented the New project button on the group overview page is not shown. Also if you go to the new project page with the namespace_id param set (/projects/new?namespace_id=22#blank_project) and there are no available visibility levels in that namespace it will return a 404.

Screenshots or screen recordings

Group overview

Before After
Screenshot_2023-02-02_at_5.32.46_PM Screenshot_2023-02-02_at_5.29.31_PM

Create new project

Before (after submitting form) After
Screenshot_2023-02-02_at_5.33.07_PM Screenshot_2023-02-02_at_5.31.25_PM

How to set up and validate locally

  1. Create a private group
  2. Invite a user to the private group
  3. Go to the admin area -> Settings -> General -> Visibility and access controls
  4. In the Restricted visibility levels setting check Private. Save the form.
  5. Go to the admin area -> Users
  6. Find the user you invited in step 2
  7. Click Impersonate
  8. Navigate to the group you created in step 1
  9. The New project button should not be shown
  10. Make note of the group ID from step 1 (shown next to the group name)
  11. Navigate to /projects/new?namespace_id=<group id>#blank_project
  12. It should return a 404

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Peter Hegman

Merge request reports