Merge branch '257881-user-admin-approval-toggle-to-enable' into 'master'

Add setting in the UI for governing admin approval for new signups See merge request gitlab-org/gitlab!43827

Merge branch '257881-user-admin-approval-toggle-to-enable' into 'master'
Add setting in the UI for governing admin approval for new signups See merge request gitlab-org/gitlab!43827
bc534a99 · Imre Farkas · 627c5447 · 464cc0a3 · bc534a99 · bc534a99
Commit bc534a99 authored Oct 02, 2020 by Imre Farkas
6 changed files
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -167,7 +167,7 @@ module ApplicationSettingsHelper
  end

  def visible_attributes
-    [
+    attributes = [
      :abuse_notification_email,
      :after_sign_out_path,
      :after_sign_up_text,
@@ -331,6 +331,9 @@ module ApplicationSettingsHelper
      :wiki_page_max_content_bytes,
      :container_registry_delete_tags_service_timeout
    ]
+
+    attributes << :require_admin_approval_after_user_signup if Feature.enabled?(:admin_approval_for_new_user_signups)
+    attributes
  end

  def external_authorization_service_attributes

--- a/app/views/admin/application_settings/_signup.html.haml
+++ b/app/views/admin/application_settings/_signup.html.haml
@@ -9,6 +9,14 @@
          Sign-up enabled
          .form-text.text-muted
            = _("When enabled, any user visiting %{host} will be able to create an account.") % { host: "#{new_user_session_url(host: Gitlab.config.gitlab.host)}" }
+    - if Feature.enabled?(:admin_approval_for_new_user_signups)
+      .form-group
+        .form-check
+          = f.check_box :require_admin_approval_after_user_signup, class: 'form-check-input'
+          = f.label :require_admin_approval_after_user_signup, class: 'form-check-label' do
+            = _('Require admin approval for new sign-ups')
+            .form-text.text-muted
+              = _("When enabled, any user visiting %{host} and creating an account will have to be explicitly approved by the admin before they can login. This setting is effective only if sign-ups are enabled.") % { host: "#{new_user_session_url(host: Gitlab.config.gitlab.host)}" }
    .form-group
      .form-check
        = f.check_box :send_user_confirmation_email, class: 'form-check-input'

--- a/config/feature_flags/development/admin_approval_for_new_user_signups.yml
+++ b/config/feature_flags/development/admin_approval_for_new_user_signups.yml
+---
+name: admin_approval_for_new_user_signups
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/43827
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/258980
+type: development
+group: group::access
+default_enabled: false
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -21821,6 +21821,9 @@ msgstr ""
 msgid "Requests to these domain(s)/address(es) on the local network will be allowed when local requests from hooks and services are not allowed. IP ranges such as 1:0:0:0:0:0:0:0/124 or 127.0.0.0/28 are supported. Domain wildcards are not supported currently. Use comma, semicolon, or newline to separate multiple entries. The allowlist can hold a maximum of 1000 entries. Domains should use IDNA encoding. Ex: example.com, 192.168.1.1, 127.0.0.0/28, xn--itlab-j1a.com."
 msgstr ""

+msgid "Require admin approval for new sign-ups"
+msgstr ""
+
 msgid "Require all users in this group to setup Two-factor authentication"
 msgstr ""

@@ -28944,6 +28947,9 @@ msgstr ""
 msgid "When a runner is locked, it cannot be assigned to other projects"
 msgstr ""

+msgid "When enabled, any user visiting %{host} and creating an account will have to be explicitly approved by the admin before they can login. This setting is effective only if sign-ups are enabled."
+msgstr ""
+
 msgid "When enabled, any user visiting %{host} will be able to create an account."
 msgstr ""


--- a/spec/controllers/admin/application_settings_controller_spec.rb
+++ b/spec/controllers/admin/application_settings_controller_spec.rb
@@ -87,6 +87,38 @@ RSpec.describe Admin::ApplicationSettingsController do
      sign_in(admin)
    end

+    context 'require_admin_approval_after_user_signup setting' do
+      subject do
+        put :update, params: { application_setting: { require_admin_approval_after_user_signup: true } }
+      end
+
+      context 'when feature is enabled' do
+        before do
+          stub_feature_flags(admin_approval_for_new_user_signups: true)
+        end
+
+        it 'updates the require_admin_approval_after_user_signup setting' do
+          subject
+
+          expect(response).to redirect_to(general_admin_application_settings_path)
+          expect(ApplicationSetting.current.require_admin_approval_after_user_signup).to eq(true)
+        end
+      end
+
+      context 'when feature is disabled' do
+        before do
+          stub_feature_flags(admin_approval_for_new_user_signups: false)
+        end
+
+        it 'does not update the require_admin_approval_after_user_signup setting' do
+          subject
+
+          expect(response).to redirect_to(general_admin_application_settings_path)
+          expect(ApplicationSetting.current.require_admin_approval_after_user_signup).not_to eq(true)
+        end
+      end
+    end
+
    it 'updates the password_authentication_enabled_for_git setting' do
      put :update, params: { application_setting: { password_authentication_enabled_for_git: "0" } }


--- a/spec/features/admin/admin_settings_spec.rb
+++ b/spec/features/admin/admin_settings_spec.rb
@@ -130,6 +130,38 @@ RSpec.describe 'Admin updates settings', :clean_gitlab_redis_shared_state, :do_n
        expect(user_internal_regex['placeholder']).to eq 'Regex pattern'
      end

+      context 'Change Sign-up restrictions' do
+        context 'Require Admin approval for new signup setting' do
+          context 'when feature is enabled' do
+            before do
+              stub_feature_flags(admin_approval_for_new_user_signups: true)
+            end
+
+            it 'changes the setting' do
+              page.within('.as-signup') do
+                check 'Require admin approval for new sign-ups'
+                click_button 'Save changes'
+              end
+
+              expect(current_settings.require_admin_approval_after_user_signup).to be_truthy
+              expect(page).to have_content "Application settings saved successfully"
+            end
+          end
+
+          context 'when feature is disabled' do
+            before do
+              stub_feature_flags(admin_approval_for_new_user_signups: false)
+            end
+
+            it 'does not show the the setting' do
+              page.within('.as-signup') do
+                expect(page).not_to have_selector('.application_setting_require_admin_approval_after_user_signup')
+              end
+            end
+          end
+        end
+      end
+
      it 'Change Sign-in restrictions' do
        page.within('.as-signin') do
          fill_in 'Home page URL', with: 'https://about.gitlab.com/'