Skip to content

Group settings to limit unique project downloads per user

Eugie Limpin requested to merge limit_unique_project_downloads_per_user_namespace_settings into master

Implements https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/34 as part of https://gitlab.com/groups/gitlab-org/modelops/anti-abuse/-/epics/1.

What does this MR do and why?

Add top-level group settings page where group owners can set values to limit how many unique projects a user can download within a set interval. This feature is only available on Ultimate plans.

Why?

Please see https://gitlab.com/groups/gitlab-org/modelops/anti-abuse/-/epics/1 (confidential) for the rationale behind this feature.

Migrations

  • Output of db:migrate 
    main: == 20220613054349 AddUniqueProjectDownloadLimitSettingsToNamespaceSettings: migrating
main: -- add_column(:namespace_settings, :unique_project_download_limit, :smallint, {:default=>0, :null=>false})
main:    -> 0.0071s
main: -- add_column(:namespace_settings, :unique_project_download_limit_interval, :integer, {:default=>0, :null=>false})
main:    -> 0.0013s
main: == 20220613054349 AddUniqueProjectDownloadLimitSettingsToNamespaceSettings: migrated (0.0092s)

ci: == 20220613054349 AddUniqueProjectDownloadLimitSettingsToNamespaceSettings: migrating
ci: -- add_column(:namespace_settings, :unique_project_download_limit, :smallint, {:default=>0, :null=>false})
ci:    -> 0.0051s
ci: -- add_column(:namespace_settings, :unique_project_download_limit_interval, :integer, {:default=>0, :null=>false})
ci:    -> 0.0010s
ci: == 20220613054349 AddUniqueProjectDownloadLimitSettingsToNamespaceSettings: migrated (0.0063s)
  • Output of db:rollback 
    main: == 20220613054349 AddUniqueProjectDownloadLimitSettingsToNamespaceSettings: reverting
main: -- remove_column(:namespace_settings, :unique_project_download_limit_interval, :integer, {:default=>0, :null=>false})
main:    -> 0.0062s
main: -- remove_column(:namespace_settings, :unique_project_download_limit, :smallint, {:default=>0, :null=>false})
main:    -> 0.0008s
main: == 20220613054349 AddUniqueProjectDownloadLimitSettingsToNamespaceSettings: reverted (0.0127s)

ci: == 20220613054349 AddUniqueProjectDownloadLimitSettingsToNamespaceSettings: reverting
ci: -- remove_column(:namespace_settings, :unique_project_download_limit_interval, :integer, {:default=>0, :null=>false})
ci:    -> 0.0056s
ci: -- remove_column(:namespace_settings, :unique_project_download_limit, :smallint, {:default=>0, :null=>false})
ci:    -> 0.0006s
ci: == 20220613054349 AddUniqueProjectDownloadLimitSettingsToNamespaceSettings: reverted (0.0085s)

  • db:check-migrations

  • db:gitlabcom-database-testing results

Screenshots or screen recordings

Screen_Recording_2022-06-22_at_2.37.47_PM

How to set up and validate locally

Set up

  1. Create a top-level group
  2. Ensure you have an Ultimate plan in your GDK instance
  3. With the group you created in (1), ensure that the licensed feature is available (this requires (2)). You can do this in Rails console: 
    > Group.find(<id_of_your_group>).feature_available?(:unique_project_download_limit)
=> true
  4. Enable the feature flag 
    echo "Feature.enable(:limit_unique_project_downloads_per_namespace_user)" | rails c

Validate

  1. With the user (owner) you used to create the group in Set up step 1, go to the group page

  2. In the sidebar navigate to Settings > Reporting

  3. Validate that you can see the form

    The form

    Screen_Shot_2022-06-22_at_2.35.29_PM

  4. Update the settings value

  5. Validate that you can update Unique project download limit with values in 0-10,000 range

  6. Validate that you can update Unique project download limit interval with values in 0-864,000 (10 days) range

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Eugie Limpin

Merge request reports