Skip to content

Cascading Setting for "Enable delayed project removal" group setting

📖 What does this MR do?

Related to #324097 (closed) and #321724 (closed)

~"group::access" is working on creating an "inherited settings framework" that allows settings to be "enforced" at the application level (for self-managed) or at the group/namespace level (for GitLab.com and self-managed). This MR adds new HAML partials that render an "Enforce for all subgroups" checkbox and JavaScript that displays a popover when a lock icon is hovered/focused. As a MVC we are focusing on just the "Enable delayed project removal" setting. In the future we will add this functionality to more settings.

The cascading settings framework (and this MR) support enforcing a setting at the application/namespace level. The "Enable delayed project removal" setting, however, does not yet exist at the application/namespace level but will be added in a future iteration. Work for this is being tracked in #326742

📋 Summary of changes

  • Create a HAML partial (app/views/shared/namespaces/cascading_settings/_setting_label.html.haml) for displaying the setting label with a lock icon when the settings enforced.
  • Create a HAML partial for displaying the enforcement checkbox (app/views/shared/namespaces/cascading_settings/_enforcement_checkbox.html.haml).
  • Create a Vue component that displays a popover when the lock icon is hovered over.
  • Update other checkbox settings in the "Permissions, LFS, 2FA" section to use the new GitLab UI checkbox CSS. This ensures that the checkboxes line up correctly in that section.
  • Add Rspec shared example that can be used to test this setting and other cascading settings in the future.

Example group structure

└── Group 1
    ├── Group 2
    │   └── Group 3
    └── Group 4

💻 Local testing

Based on "Example group structure"

  1. Enable the cascading_namespace_settings feature flag
    • bin/rails console
    • Feature.enable(:cascading_namespace_settings)
  2. Navigate to "Group 1" -> "Settings" -> "General" -> "Permissions, LFS, 2FA"
  3. Check the "Enforce for all subgroups" under the "Enable delayed project removal" setting
  4. Navigate to "Group 2, 3, or 4" -> "Settings" -> "General" -> "Permissions, LFS, 2FA". The "Enable delayed project removal" setting should be enforced.

📷 Screenshots

Based on "Example group structure"

View Before After
Group 1 Screen_Shot_2021-04-07_at_2.46.55_PM Screen_Shot_2021-04-09_at_9.03.33_AM
Group 2 Screen_Shot_2021-04-07_at_2.47.26_PM Screen_Shot_2021-04-09_at_9.05.27_AM

🚦 Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Peter Hegman

Merge request reports

Loading