Add auto-ban toggle in application settings
What does this MR do and why?
- We already have a functional feature flag
auto_ban_user_on_excessive_projects_download
. We want to replace this with a toggle in the UI so admins can toggle this on and off themselves. This MR just adds a boolean column,auto_ban_user_on_excessive_projects_download
in theapplication_settings
table.
Database Migrations
- Output of db:migrate
main: == 20220726025516 AddNamespaceSettingsUniqueProjectDownloadLimitAllowlistSizeConstraint: migrated (0.0117s)
main: == 20220803235114 AddAutoBanUserToApplicationSettings: migrating ==============
main: -- add_column(:application_settings, :auto_ban_user_on_excessive_projects_download, :boolean, {:default=>false, :null=>false})
main: -> 0.0033s
main: == 20220803235114 AddAutoBanUserToApplicationSettings: migrated (0.0035s) =====
- Output of db:rollback
main: == 20220803235114 AddAutoBanUserToApplicationSettings: reverting ==============
main: -- remove_column(:application_settings, :auto_ban_user_on_excessive_projects_download, :boolean, {:default=>false, :null=>false})
main: -> 0.0058s
main: == 20220803235114 AddAutoBanUserToApplicationSettings: reverted (0.0105s) =====
How to set up and validate locally
- Run the migration
bin/rake db:migrate RAILS_ENV=development
- Turn on feature flag
bundle exec rails c
> Feature.enable(:git_abuse_rate_limit_feature_flag)
- Generate a Personal Access Token from
http://localhost:3000/-/profile/personal_access_tokens
- List the current application settings of the GitLab instance. You should see
auto_ban_user_on_excessive_projects_download: false
returned in the response
curl --header "PRIVATE-TOKEN: <your_access_token>" "http://localhost:3000/api/v4/application/settings"
- Update the value of
auto_ban_user_on_excessive_projects_download
curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" -d "auto_ban_user_on_excessive_projects_download=true" "http://localhost:3000/api/v4/application/settings"
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/57
Edited by Hinam Mehra