Resolve "Enforce authorization checks on media uploads"
What does this MR do and why?
Related to comment:
We want to add the backend part for allowing users to choose whether or not to enforce checks on uploads.
- This setting will be project level only
- The setting will only appear when
private
orinternal
visibility has been selected - The setting will be
checked
by default on either of the above settings
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
- Create an issue in a private project
- Add an image
- Try to access the image while not logged in
- It should load
- Turn on feature flag enforce_auth_checks_on_uploads
::Feature.enable(:enforce_auth_checks_on_uploads, project)
- Update the project to enforce the checks
project.update(enforce_auth_checks_on_uploads: true)
- Try to access the image again and it should redirect when not logged in
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Up
➜ gitlab git:(26781-enforce-authorization-checks-on-media-uploads) ✗ bundle exec rake db:migrate:up:main VERSION=20220324091224
== 20220324091224 AddEnforceAuthChecksOnUploadsToProjectSettings: migrating ===
-- add_column(:project_settings, :enforce_auth_checks_on_uploads, :boolean, {:null=>false, :default=>true})
-> 0.0018s
== 20220324091224 AddEnforceAuthChecksOnUploadsToProjectSettings: migrated (0.0018s)
Revert
➜ gitlab git:(26781-enforce-authorization-checks-on-media-uploads) ✗ bundle exec rake db:migrate:down:main VERSION=20220324091224
== 20220324091224 AddEnforceAuthChecksOnUploadsToProjectSettings: reverting ===
-- remove_column(:project_settings, :enforce_auth_checks_on_uploads, :boolean, {:null=>false, :default=>true})
-> 0.0062s
== 20220324091224 AddEnforceAuthChecksOnUploadsToProjectSettings: reverted (0.0125s)
Database lab
exec ALTER TABLE "project_settings" ADD "enforce_auth_checks_on_uploads" boolean DEFAULT TRUE NOT NULL
Session: 9945
The query has been executed. Duration: 7.323 ms (edited)
Related to #26781 (closed)
Edited by Marc Shaw