Fix Misleading title for Pages Access Control in project settings
What does this MR do?
Fixes titles of pages settings #33548 (closed)
Screenshots
old texts | new texts |
---|---|
Why it works this way
I'm not sure the original intention of this feature author, but disabling access control actually disables pages altogether.
This allignes well with the rest of the controls on this page. If you disable something, e.g. snippets), it's disabled completely for everyone.
The only thing which confuses people is the text helper which suggests that you enable/disable access control, not the whole pages website.
So this MR fixes the texts.
But the way it's implemented is actually very interesting:
- user disable access control, i.e. sets
pages_access_level
toDISABLED
- we redeploy pages website config and enable
access_control: true
in it - pages daemon goes through the usual authorization process
- when pages daemon finally tries to check if user has access to a particular pages site it call api which checks the policy https://gitlab.com/gitlab-org/gitlab/blob/master/app/policies/project_policy.rb#L333
I thought about maybe triggering cleaning pages data when a user disables pages, but decided against it, because then enabling pages would require user to run a pipeline again.
The authorization workflow doesn't add overhead, because pages daemon will go through the same authorization process if the pages website is absent in order to prevent user of knowing which sites exist and which don't.
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation created/updated or follow-up review issue created -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Performance and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team