Cascade delayed project removal setting to parent namespace

Creates the cascading namespace concern, and defines the
delayed_project_removal attribute as the first cascading
attribute.

app/models/concerns/cascading_namespace_setting_attribute.rb

+# frozen_string_literal: true
+
+#
+# Cascading attributes enables managing settings in a flexible way.
+#
+# - Instance administrator can define an instance-wide default setting, or
+#   lock the setting to prevent change by group owners.
+# - Group maintainers/owners can define a default setting for their group, or
+#   lock the setting to prevent change by sub-group maintainers/owners.
+#
+# Behavior:
+#
+# - When a group does not have a value (value is `nil`), cascade up the
+#   hierarchy to find the first non-nil value.
+# - Settings can be locked at any level to prevent groups/sub-groups from
+#   overriding.
+# - If the setting isn't locked, the default can be overridden.
+# - An instance administrator or group maintainer/owner can push settings values
+#   to groups/sub-groups to override existing values, even when the setting
+#   is not otherwise locked.
+#
+module CascadingNamespaceSettingAttribute
+  extend ActiveSupport::Concern
+  include Gitlab::Utils::StrongMemoize
+
+  class_methods do
+    def cascading_settings_feature_enabled?
+      ::Feature.enabled?(:cascading_namespace_settings, default_enabled: false)
+    end
+
+    private
+
+    # Facilitates the cascading lookup of values and,
+    # similar to Rails' `attr_accessor`, defines convenience methods such as
+    # a reader, writer, and validators.
+    #
+    # Example: `cascading_attr :delayed_project_removal`
+    #
+    # Public methods defined:
+    # - `delayed_project_removal`
+    # - `delayed_project_removal=`
+    # - `delayed_project_removal_locked?`
+    # - `delayed_project_removal_locked_by_ancestor?`
+    # - `delayed_project_removal_locked_by_application_setting?`
+    # - `delayed_project_removal?` (only defined for boolean attributes)
+    # - `delayed_project_removal_locked_ancestor` - Returns locked namespace settings object (only namespace_id)
+    #
+    # Defined validators ensure attribute value cannot be updated if locked by
+    # an ancestor or application settings.
+    #
+    # Requires database columns be present in both `namespace_settings` and
+    # `application_settings`.
+    def cascading_attr(*attributes)
+      attributes.map(&:to_sym).each do |attribute|
+        # public methods
+        define_attr_reader(attribute)
+        define_attr_writer(attribute)
+        define_lock_methods(attribute)
+        alias_boolean(attribute)
+
+        # private methods
+        define_validator_methods(attribute)
+        define_after_update(attribute)
+
+        validate :"#{attribute}_changeable?"
+        validate :"lock_#{attribute}_changeable?"
+
+        after_update :"clear_descendant_#{attribute}_locks", if: -> { saved_change_to_attribute?("lock_#{attribute}", to: true) }
+      end
+    end
+
+    # The cascading attribute reader method handles lookups
+    # with the following criteria:
+    #
+    # 1. Returns the dirty value, if the attribute has changed.
+    # 2. Return locked ancestor value.
+    # 3. Return locked instance-level application settings value.
+    # 4. Return this namespace's attribute, if not nil.
+    # 5. Return value from nearest ancestor where value is not nil.
+    # 6. Return instance-level application setting.
+    def define_attr_reader(attribute)
+      define_method(attribute) do
+        strong_memoize(attribute) do
+          next self[attribute] unless self.class.cascading_settings_feature_enabled?
+
+          next self[attribute] if will_save_change_to_attribute?(attribute)
+          next locked_value(attribute) if cascading_attribute_locked?(attribute)
+          next self[attribute] unless self[attribute].nil?
+
+          cascaded_value = cascaded_ancestor_value(attribute)
+          next cascaded_value unless cascaded_value.nil?
+
+          application_setting_value(attribute)
+        end
+      end
+    end
+
+    def define_attr_writer(attribute)
+      define_method("#{attribute}=") do |value|
+        clear_memoization(attribute)
+
+        super(value)
+      end
+    end
+
+    def define_lock_methods(attribute)
+      define_method("#{attribute}_locked?") do
+        cascading_attribute_locked?(attribute)
+      end
+
+      define_method("#{attribute}_locked_by_ancestor?") do
+        locked_by_ancestor?(attribute)
+      end
+
+      define_method("#{attribute}_locked_by_application_setting?") do
+        locked_by_application_setting?(attribute)
+      end
+
+      define_method("#{attribute}_locked_ancestor") do
+        locked_ancestor(attribute)
+      end
+    end
+
+    def alias_boolean(attribute)
+      return unless Gitlab::Database.exists? && type_for_attribute(attribute).type == :boolean
+
+      alias_method :"#{attribute}?", attribute
+    end
+
+    # Defines two validations - one for the cascadable attribute itself and one
+    # for the lock attribute. Only allows the respective value to change if
+    # an ancestor has not already locked the value.
+    def define_validator_methods(attribute)
+      define_method("#{attribute}_changeable?") do
+        return unless cascading_attribute_changed?(attribute)
+        return unless cascading_attribute_locked?(attribute)
+
+        errors.add(attribute, s_('CascadingSettings|cannot be changed because it is locked by an ancestor'))
+      end
+
+      define_method("lock_#{attribute}_changeable?") do
+        return unless cascading_attribute_changed?("lock_#{attribute}")
+
+        if cascading_attribute_locked?(attribute)
+          return errors.add(:"lock_#{attribute}", s_('CascadingSettings|cannot be changed because it is locked by an ancestor'))
+        end
+
+        # Don't allow locking a `nil` attribute.
+        # Even if the value being locked is currently cascaded from an ancestor,
+        # it should be copied to this record to avoid the ancestor changing the
+        # value unexpectedly later.
+        return unless self[attribute].nil? && public_send("lock_#{attribute}?") # rubocop:disable GitlabSecurity/PublicSend
+
+        errors.add(attribute, s_('CascadingSettings|cannot be nil when locking the attribute'))
+      end
+
+      private :"#{attribute}_changeable?", :"lock_#{attribute}_changeable?"
+    end
+
+    # When a particular group locks the attribute, clear all sub-group locks
+    # since the higher lock takes priority.
+    def define_after_update(attribute)
+      define_method("clear_descendant_#{attribute}_locks") do
+        self.class.where(namespace_id: descendants).update_all("lock_#{attribute}" => false)
+      end
+
+      private :"clear_descendant_#{attribute}_locks"
+    end
+  end
+
+  private
+
+  def locked_value(attribute)
+    ancestor = locked_ancestor(attribute)
+    return ancestor.read_attribute(attribute) if ancestor
+
+    Gitlab::CurrentSettings.public_send(attribute) # rubocop:disable GitlabSecurity/PublicSend
+  end
+
+  def locked_ancestor(attribute)
+    return unless self.class.cascading_settings_feature_enabled?
+    return unless namespace.has_parent?
+
+    strong_memoize(:"#{attribute}_locked_ancestor") do
+      self.class
+        .select(:namespace_id, "lock_#{attribute}", attribute)
+        .where(namespace_id: namespace_ancestor_ids)
+        .where(self.class.arel_table["lock_#{attribute}"].eq(true))
+        .limit(1).load.first
+    end
+  end
+
+  def locked_by_ancestor?(attribute)
+    return false unless self.class.cascading_settings_feature_enabled?
+
+    locked_ancestor(attribute).present?
+  end
+
+  def locked_by_application_setting?(attribute)
+    return false unless self.class.cascading_settings_feature_enabled?
+
+    Gitlab::CurrentSettings.public_send("lock_#{attribute}") # rubocop:disable GitlabSecurity/PublicSend
+  end
+
+  def cascading_attribute_locked?(attribute)
+    locked_by_ancestor?(attribute) || locked_by_application_setting?(attribute)
+  end
+
+  def cascading_attribute_changed?(attribute)
+    public_send("#{attribute}_changed?") # rubocop:disable GitlabSecurity/PublicSend
+  end
+
+  def cascaded_ancestor_value(attribute)
+    return unless namespace.has_parent?
+
+    # rubocop:disable GitlabSecurity/SqlInjection
+    self.class
+      .select(attribute)
+      .joins("join unnest(ARRAY[#{namespace_ancestor_ids.join(',')}]) with ordinality t(namespace_id, ord) USING (namespace_id)")
+      .where("#{attribute} IS NOT NULL")
+      .order('t.ord')
+      .limit(1).first&.read_attribute(attribute)
+    # rubocop:enable GitlabSecurity/SqlInjection
+  end
+
+  def application_setting_value(attribute)
+    Gitlab::CurrentSettings.public_send(attribute) # rubocop:disable GitlabSecurity/PublicSend
+  end
+
+  def namespace_ancestor_ids
+    strong_memoize(:namespace_ancestor_ids) do
+      namespace.self_and_ancestors(hierarchy_order: :asc).pluck(:id).reject { |id| id == namespace_id }
+    end
+  end
+
+  def descendants
+    strong_memoize(:descendants) do
+      namespace.descendants.pluck(:id)
+    end
+  end
+end

app/models/namespace_setting.rb

 # frozen_string_literal: true
 
 class NamespaceSetting < ApplicationRecord
+  include CascadingNamespaceSettingAttribute
+
+  cascading_attr :delayed_project_removal
+
   belongs_to :namespace, inverse_of: :namespace_settings
 
   validate :default_branch_name_content
@@ -9,7 +13,8 @@ class NamespaceSetting < ApplicationRecord
 
   before_validation :normalize_default_branch_name
 
-  NAMESPACE_SETTINGS_PARAMS = [:default_branch_name, :delayed_project_removal, :resource_access_token_creation_allowed].freeze
+  NAMESPACE_SETTINGS_PARAMS = [:default_branch_name, :delayed_project_removal,
+                               :lock_delayed_project_removal, :resource_access_token_creation_allowed].freeze
 
   self.primary_key = :namespace_id
 

changelogs/unreleased/dblessing_cascading_settings_final.yml

+---
+title: Cascade delayed project removal setting lookup to parent namespace
+merge_request: 55678
+author:
+type: added

config/feature_flags/development/cascading_namespace_settings.yml

+---
+name: cascading_namespace_settings
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/55678
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/321724
+milestone: '13.11'
+type: development
+group: group::access
+default_enabled: false

db/migrate/20210308175224_change_namespace_settings_delayed_project_removal_null.rb

+# frozen_string_literal: true
+
+class ChangeNamespaceSettingsDelayedProjectRemovalNull < ActiveRecord::Migration[6.0]
+  DOWNTIME = false
+
+  def up
+    change_column :namespace_settings, :delayed_project_removal, :boolean, null: true, default: nil
+  end
+
+  def down
+    change_column_default :namespace_settings, :delayed_project_removal, false
+    change_column_null :namespace_settings, :delayed_project_removal, false, false
+  end
+end

db/migrate/20210308175225_add_lock_delayed_project_removal_to_namespace_settings.rb

+# frozen_string_literal: true
+
+class AddLockDelayedProjectRemovalToNamespaceSettings < ActiveRecord::Migration[6.0]
+  DOWNTIME = false
+
+  def change
+    add_column :namespace_settings, :lock_delayed_project_removal, :boolean, default: false, null: false
+  end
+end

db/migrate/20210308175226_add_delayed_project_removal_to_application_settings.rb

+# frozen_string_literal: true
+
+class AddDelayedProjectRemovalToApplicationSettings < ActiveRecord::Migration[6.0]
+  DOWNTIME = false
+
+  def change
+    add_column :application_settings, :delayed_project_removal, :boolean, default: false, null: false
+  end
+end

db/migrate/20210308175227_add_lock_delayed_project_removal_to_application_settings.rb

+# frozen_string_literal: true
+
+class AddLockDelayedProjectRemovalToApplicationSettings < ActiveRecord::Migration[6.0]
+  DOWNTIME = false
+
+  def change
+    add_column :application_settings, :lock_delayed_project_removal, :boolean, default: false, null: false
+  end
+end

db/schema_migrations/20210308175224

+ad6e0feff16589839714098a69673edcba50af7a62d98cd078585c5d2aada919
\ No newline at end of file

db/schema_migrations/20210308175225

+9263c522f0632f5b4fc0004e1fe9666bc3a44e4f70cf0d21aab5bb229f08ab5c
\ No newline at end of file

db/schema_migrations/20210308175226

+72491b1834a1256a197e8f49c599b28b41773226db4fe70ce402903674d2f622
\ No newline at end of file

db/schema_migrations/20210308175227

+e99b8a6242589992ae8b618cb502d16b67672856cef024c1aafe00a1e64e41b9
\ No newline at end of file

db/structure.sql

@@ -9439,6 +9439,8 @@ CREATE TABLE application_settings (
     in_product_marketing_emails_enabled boolean DEFAULT true NOT NULL,
     asset_proxy_whitelist text,
     admin_mode boolean DEFAULT false NOT NULL,
+    delayed_project_removal boolean DEFAULT false NOT NULL,
+    lock_delayed_project_removal boolean DEFAULT false NOT NULL,
     CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
     CONSTRAINT app_settings_registry_exp_policies_worker_capacity_positive CHECK ((container_registry_expiration_policies_worker_capacity >= 0)),
     CONSTRAINT check_17d9558205 CHECK ((char_length((kroki_url)::text) <= 1024)),
@@ -14665,8 +14667,9 @@ CREATE TABLE namespace_settings (
     allow_mfa_for_subgroups boolean DEFAULT true NOT NULL,
     default_branch_name text,
     repository_read_only boolean DEFAULT false NOT NULL,
-    delayed_project_removal boolean DEFAULT false NOT NULL,
+    delayed_project_removal boolean,
     resource_access_token_creation_allowed boolean DEFAULT true NOT NULL,
+    lock_delayed_project_removal boolean DEFAULT false NOT NULL,
     CONSTRAINT check_0ba93c78c7 CHECK ((char_length(default_branch_name) <= 255))
 );
 

locale/gitlab.pot

@@ -5646,6 +5646,12 @@ msgstr ""
 msgid "Capacity threshold"
 msgstr ""
 
+msgid "CascadingSettings|cannot be changed because it is locked by an ancestor"
+msgstr ""
+
+msgid "CascadingSettings|cannot be nil when locking the attribute"
+msgstr ""
+
 msgid "Certain user content will be moved to a system-wide \"Ghost User\" in order to maintain content for posterity. For further information, please refer to the %{link_start}user account deletion documentation.%{link_end}"
 msgstr ""