Add validation for new_user_signups_cap enabling
What does this MR do and why?
- adds validation to
NamespaceSetting
to verify enabling of thenew_user_signups_cap
setting - moves some EE logic out of CE
NamespaceSetting
class
The NamespaceSetting attribute can only be enabled if:
- the namespace is a group
- the namespace itself has not been shared externally (outside of it's hierarchy)
- the namespace has no subgroup that has been shared externally (outside of it's hierarchy)
- the feature is enabled for the namespace
- the environment is Gitlab.com
This reason for the externally shared requirement is that because once a group has been shared externally, the owner has no control over the users being added to those groups, but they'll count towards the billable user count.
This was discussed and agreed here.
Refs #342227 (closed)
Database/Queries
This MR introduces a new query to check if a group, or any groups in it's hierarchy have been shared with a group outside (externally) to the hierarchy.
Query plans from #database-lab:
Warm query https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/7777/commands/27650
Summary:
Time: 10.728 ms
- planning: 3.169 ms
- execution: 7.559 ms
- I/O read: 0.000 ms
- I/O write: 0.000 ms
Shared buffers:
- hits: 3003 (~23.50 MiB) from the buffer pool
- reads: 0 from the OS file cache, including disk I/O
- dirtied: 0
- writes: 0
Cold query https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/7777/commands/27653 (assuming reset
makes this a cold query)
Summary:
Time: 1.335 s
- planning: 6.987 ms
- execution: 1.328 s
- I/O read: 1.296 s
- I/O write: 0.000 ms
Shared buffers:
- hits: 2444 (~19.10 MiB) from the buffer pool
- reads: 559 (~4.40 MiB) from the OS file cache, including disk I/O
- dirtied: 18 (~144.00 KiB)
- writes: 0
How to set up and validate locally
-
Modify Gitlab.com? to return true
-
Setup a root group, e.g.
Group A
-
Setup another root group, e.g.
Group X
-
Check the validation:
settings = group_a.namespace_settings settings.new_user_signups_cap = 10 settings.valid? => false
-
Enable the feature flag for Group A and re-validate:
Feature.enable(:saas_user_caps, group_a) settings.valid? => true
-
Invite
Group X
toGroup A
viaGroup Information > Members > Invite a group
-
Check the validation:
settings.valid? => false
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.