Obfuscate external participants emails in system notes
This MR includes the original changes plus the fix.
Solves #456109 (closed)
Feature context
External issue participants are a record in issue_email_participants
and are not connected to a User
and cannot log in to GitLab. They can only interact with the issue (or work item) via email. An issue can have 0..n
external participants and we're working on adding management functionality (quick actions, system notes etc.) to it using the issue_email_participants
feature flag. The target milestone for a release is 16.11
.
An external participant receives a Service Desk email whenever a new comment that's not internal has been added to an issue. They can reply to the email and their comment will be added (using the GitLab Support Bot).
What does this MR do and why?
When managing external participants in an issue we add system notes to display which email was added or removed. On public issues or for guest users this information should not be visible.
This MR adds obfuscation to issue email participant system notes, so no email addresses are disclosed if the user does not have the needed role.
It also adds the obfuscation logic to the REST and GraphQL APIs. It introduces a NotePresenter
that these APIs use. This will also allow us to migrate helper logic to the presenter.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Select a project and enable the feature flag for
issue_email_participants
.project = Project.find(7) Feature.enable(:issue_email_participants, project)
- Browse to an issue in the project and add a comment with
/invite_email user@example.com
. You can see the system note is displayed without obfuscation. - Only users with at least the reporter role in a project should not be able to see the full email address. So simulate this, you can comment the following line, so it will always obfuscate system notes about issue email participants:
app/serializers/note_entity.rb:128
return body if can?(current_user, :read_external_emails, object.project)
- Now play around with the quick actions
/invite_email
and/remove_email
Check via GraphQl
- Figure out the global id of the
☝ aboveissue. I simply looked it upIssue.last
- Then use the GraphQl explorer and run this query
query { issue(id: "gid://gitlab/Issue/609") { id iid title notes { edges { node { id body bodyHtml } } } } }
- You should see the notes unobfuscated.
- Now open a new private window and run the same query (ensure the project is public and the issue is not confidential or log in with a user that has the guest role in the project)
- You should see
body
andbodyHtml
being obfuscated.