Improve clarity of the Rate Limits UI

Previously the admin interface for "User and IP Rate Limits" had inputs with duplicate labels. These inputs were only differentiated by their groupings on the page, which themselves were not clear. This improves the input labels, makes the checkbox labels bold (as they are the most important inputs in this section), and adds some horizontal rules to visually distinguish the groupings. These changes are intended to make this UI easier to understand, and match up better with the docs.

Improve clarity of the Rate Limits UI
Previously the admin interface for "User and IP Rate Limits" had inputs with duplicate labels. These inputs were only differentiated by their groupings on the page, which themselves were not clear. This improves the input labels, makes the checkbox labels bold (as they are the most important inputs in this section), and adds some horizontal rules to visually distinguish the groupings. These changes are intended to make this UI easier to understand, and match up better with the docs.
55f060c5 · Dan Jensen · Phil Hughes · 4ffbeefd · 55f060c5 · 55f060c5
Commit 55f060c5 authored Nov 20, 2020 by Dan Jensen Committed by Phil Hughes Nov 20, 2020
4 changed files
--- a/app/views/admin/application_settings/_ip_limits.html.haml
+++ b/app/views/admin/application_settings/_ip_limits.html.haml
@@ -2,44 +2,52 @@
  = form_errors(@application_setting)

  %fieldset
+    %h5
+      = _('Unauthenticated request rate limit')
    .form-group
      .form-check
        = f.check_box :throttle_unauthenticated_enabled, class: 'form-check-input', data: { qa_selector: 'throttle_unauthenticated_checkbox' }
-        = f.label :throttle_unauthenticated_enabled, class: 'form-check-label' do
+        = f.label :throttle_unauthenticated_enabled, class: 'form-check-label label-bold' do
          Enable unauthenticated request rate limit
        %span.form-text.text-muted
          Helps reduce request volume (e.g. from crawlers or abusive bots)
    .form-group
-      = f.label :throttle_unauthenticated_requests_per_period, 'Max requests per period per IP', class: 'label-bold'
+      = f.label :throttle_unauthenticated_requests_per_period, 'Max unauthenticated requests per period per IP', class: 'label-bold'
      = f.number_field :throttle_unauthenticated_requests_per_period, class: 'form-control'
    .form-group
-      = f.label :throttle_unauthenticated_period_in_seconds, 'Rate limit period in seconds', class: 'label-bold'
+      = f.label :throttle_unauthenticated_period_in_seconds, 'Unauthenticated rate limit period in seconds', class: 'label-bold'
      = f.number_field :throttle_unauthenticated_period_in_seconds, class: 'form-control'
+    %hr
+    %h5
+      = _('Authenticated API request rate limit')
    .form-group
      .form-check
        = f.check_box :throttle_authenticated_api_enabled, class: 'form-check-input', data: { qa_selector: 'throttle_authenticated_api_checkbox' }
-        = f.label :throttle_authenticated_api_enabled, class: 'form-check-label' do
+        = f.label :throttle_authenticated_api_enabled, class: 'form-check-label label-bold' do
          Enable authenticated API request rate limit
        %span.form-text.text-muted
          Helps reduce request volume (e.g. from crawlers or abusive bots)
    .form-group
-      = f.label :throttle_authenticated_api_requests_per_period, 'Max requests per period per user', class: 'label-bold'
+      = f.label :throttle_authenticated_api_requests_per_period, 'Max authenticated API requests per period per user', class: 'label-bold'
      = f.number_field :throttle_authenticated_api_requests_per_period, class: 'form-control'
    .form-group
-      = f.label :throttle_authenticated_api_period_in_seconds, 'Rate limit period in seconds', class: 'label-bold'
+      = f.label :throttle_authenticated_api_period_in_seconds, 'Authenticated API rate limit period in seconds', class: 'label-bold'
      = f.number_field :throttle_authenticated_api_period_in_seconds, class: 'form-control'
+    %hr
+    %h5
+      = _('Authenticated web request rate limit')
    .form-group
      .form-check
        = f.check_box :throttle_authenticated_web_enabled, class: 'form-check-input', data: { qa_selector: 'throttle_authenticated_web_checkbox' }
-        = f.label :throttle_authenticated_web_enabled, class: 'form-check-label' do
+        = f.label :throttle_authenticated_web_enabled, class: 'form-check-label label-bold' do
          Enable authenticated web request rate limit
        %span.form-text.text-muted
          Helps reduce request volume (e.g. from crawlers or abusive bots)
    .form-group
-      = f.label :throttle_authenticated_web_requests_per_period, 'Max requests per period per user', class: 'label-bold'
+      = f.label :throttle_authenticated_web_requests_per_period, 'Max authenticated web requests per period per user', class: 'label-bold'
      = f.number_field :throttle_authenticated_web_requests_per_period, class: 'form-control'
    .form-group
-      = f.label :throttle_authenticated_web_period_in_seconds, 'Rate limit period in seconds', class: 'label-bold'
+      = f.label :throttle_authenticated_web_period_in_seconds, 'Authenticated web rate limit period in seconds', class: 'label-bold'
      = f.number_field :throttle_authenticated_web_period_in_seconds, class: 'form-control'

  = f.submit 'Save changes', class: "gl-button btn btn-success", data: { qa_selector: 'save_changes_button' }
--- a/changelogs/unreleased/djensen-improve-differentiation-in-ip-rate-limit-ui.yml
+++ b/changelogs/unreleased/djensen-improve-differentiation-in-ip-rate-limit-ui.yml
+---
+title: Improve clarity of admin Rate Limiting UI
+merge_request: 46142
+author:
+type: changed
--- a/doc/user/admin_area/settings/img/user_and_ip_rate_limits.png
+++ b/doc/user/admin_area/settings/img/user_and_ip_rate_limits.png
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -3968,6 +3968,12 @@ msgstr ""
 msgid "Authenticate with GitHub"
 msgstr ""

+msgid "Authenticated API request rate limit"
+msgstr ""
+
+msgid "Authenticated web request rate limit"
+msgstr ""
+
 msgid "Authenticating"
 msgstr ""

@@ -28967,6 +28973,9 @@ msgstr ""
 msgid "Unassigned"
 msgstr ""

+msgid "Unauthenticated request rate limit"
+msgstr ""
+
 msgid "Undo"
 msgstr ""