From 2e6aa69e00a1ae1f520df9ff0b5d0254516a63ed Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Fri, 11 Jul 2025 23:35:50 +1000 Subject: [PATCH 01/19] Add group setting for hiding email on user profile page --- app/views/groups/settings/_permissions.html.haml | 1 + ...250711032556_add_hide_email_to_namespace_setting.rb | 9 +++++++++ db/schema_migrations/20250711032556 | 1 + ee/app/models/ee/group.rb | 6 ++++++ .../groups/settings/_hide_email_on_profile.html.haml | 10 ++++++++++ 5 files changed, 27 insertions(+) create mode 100644 db/migrate/20250711032556_add_hide_email_to_namespace_setting.rb create mode 100644 db/schema_migrations/20250711032556 create mode 100644 ee/app/views/groups/settings/_hide_email_on_profile.html.haml diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml index 2cf2211c989d91..5d4fe8016f3d51 100644 --- a/app/views/groups/settings/_permissions.html.haml +++ b/app/views/groups/settings/_permissions.html.haml @@ -44,6 +44,7 @@ = render_if_exists 'groups/settings/placeholder_confirmation_bypass', f: f, group: @group = render_if_exists 'groups/settings/remove_dormant_members', f: f, group: @group = render_if_exists 'groups/settings/disable_invite_members', f: f, group: @group + = render_if_exists 'groups/settings/hide_email_on_profile', f: f, group: @group = render_if_exists 'groups/settings/extensions_marketplace', f: f, group: @group = render_if_exists 'groups/settings/pages_access_control', f: f, group: @group diff --git a/db/migrate/20250711032556_add_hide_email_to_namespace_setting.rb b/db/migrate/20250711032556_add_hide_email_to_namespace_setting.rb new file mode 100644 index 00000000000000..76ee16a59c1e66 --- /dev/null +++ b/db/migrate/20250711032556_add_hide_email_to_namespace_setting.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +class AddHideEmailToNamespaceSetting < Gitlab::Database::Migration[2.3] + milestone '18.2' + + def change + add_column :namespace_settings, :hide_email_on_profile, :boolean, default: false, null: false + end +end diff --git a/db/schema_migrations/20250711032556 b/db/schema_migrations/20250711032556 new file mode 100644 index 00000000000000..23f9f3ce32a7a7 --- /dev/null +++ b/db/schema_migrations/20250711032556 @@ -0,0 +1 @@ +a53298bc6eb458e0801ece738c1c44ed4486f70c094e3fbf11c8438e7b2790f5 \ No newline at end of file diff --git a/ee/app/models/ee/group.rb b/ee/app/models/ee/group.rb index dd58dc0d3e0461..ebb01111a614e3 100644 --- a/ee/app/models/ee/group.rb +++ b/ee/app/models/ee/group.rb @@ -114,6 +114,8 @@ module Group delegate :user_cap_enabled?, to: :namespace_settings delegate :disable_personal_access_tokens=, to: :namespace_settings + delegate :hide_email_on_profile=, to: :namespace_settings + delegate :enterprise_users_extensions_marketplace_enabled=, to: :namespace_settings delegate :wiki_access_level, :wiki_access_level=, to: :group_feature, allow_nil: true @@ -1063,6 +1065,10 @@ def disable_personal_access_tokens? namespace_settings.disable_personal_access_tokens? end + def hide_email_on_profile? + namespace_settings.hide_email_on_profile? + end + def extended_grat_expiry_webhooks_execute? licensed_feature_available?(:group_webhooks) && namespace_settings&.extended_grat_expiry_webhooks_execute? diff --git a/ee/app/views/groups/settings/_hide_email_on_profile.html.haml b/ee/app/views/groups/settings/_hide_email_on_profile.html.haml new file mode 100644 index 00000000000000..bf60767ca08e0a --- /dev/null +++ b/ee/app/views/groups/settings/_hide_email_on_profile.html.haml @@ -0,0 +1,10 @@ +- return unless group.root? + +%h5= _('Hide Email On Profile') + +.form-group.gl-mb-3 + = f.gitlab_ui_checkbox_component :hide_email_on_profile, checkbox_options: { checked: group.hide_email_on_profile? } do |c| + - c.with_label do + = s_('GroupSettings|Hide email on profile page') + - c.with_help_text do + = s_("GroupSettings|If enabled, enterprise user accounts will have their email addresses hidden on profile.") -- GitLab From 5b8d766971abf299da613c26a3a7bbcd0b72b73c Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Fri, 11 Jul 2025 23:49:42 +1000 Subject: [PATCH 02/19] Add locale gitlab.pot --- locale/gitlab.pot | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/locale/gitlab.pot b/locale/gitlab.pot index ed2091644c6cd9..74fad6783e2704 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -31176,9 +31176,15 @@ msgstr "" msgid "GroupSettings|Group path cannot be longer than %{length} characters." msgstr "" +msgid "GroupSettings|Hide email on profile page" +msgstr "" + msgid "GroupSettings|How do I manage group SSH certificates?" msgstr "" +msgid "GroupSettings|If enabled, enterprise user accounts will have their email addresses hidden on profile." +msgstr "" + msgid "GroupSettings|If enabled, enterprise user accounts will not be able to use personal access tokens. %{learn_more_link}." msgstr "" @@ -31915,6 +31921,9 @@ msgstr "" msgid "Hide" msgstr "" +msgid "Hide Email On Profile" +msgstr "" + msgid "Hide Live Preview" msgstr "" -- GitLab From ddd04eafd469844f2fddb81c1d3792e78f73d12d Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Mon, 14 Jul 2025 13:09:44 +1000 Subject: [PATCH 03/19] Add model specs --- .../settings/_hide_email_on_profile.html.haml | 2 +- ee/spec/models/ee/group_spec.rb | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/ee/app/views/groups/settings/_hide_email_on_profile.html.haml b/ee/app/views/groups/settings/_hide_email_on_profile.html.haml index bf60767ca08e0a..da12990f7f4b7e 100644 --- a/ee/app/views/groups/settings/_hide_email_on_profile.html.haml +++ b/ee/app/views/groups/settings/_hide_email_on_profile.html.haml @@ -5,6 +5,6 @@ .form-group.gl-mb-3 = f.gitlab_ui_checkbox_component :hide_email_on_profile, checkbox_options: { checked: group.hide_email_on_profile? } do |c| - c.with_label do - = s_('GroupSettings|Hide email on profile page') + = s_('GroupSettings|Hide public user profile email for enterprise users') - c.with_help_text do = s_("GroupSettings|If enabled, enterprise user accounts will have their email addresses hidden on profile.") diff --git a/ee/spec/models/ee/group_spec.rb b/ee/spec/models/ee/group_spec.rb index 42cf28256fb405..fe2db6769a1f32 100644 --- a/ee/spec/models/ee/group_spec.rb +++ b/ee/spec/models/ee/group_spec.rb @@ -3043,6 +3043,24 @@ def webhook_headers end end + describe '#hide_email_on_profile?' do + it 'returns false by default' do + expect(group.hide_email_on_profile?).to be_falsey + end + + it 'returns true when enabled' do + group.update!(hide_email_on_profile: true) + expect(group.hide_email_on_profile?).to be_truthy + end + end + + describe '#hide_email_on_profile=' do + it 'delegates to namespace_settings' do + expect(group.namespace_settings).to receive(:hide_email_on_profile=).with(true) + group.hide_email_on_profile = true + end + end + context 'when setting extended_grat_expiry_webhooks_execute is disabled' do before do group.namespace_settings.update!(extended_grat_expiry_webhooks_execute: false) -- GitLab From e2de5b7c72c58c04df1c43eb7eba68ddba08c533 Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Mon, 14 Jul 2025 13:13:17 +1000 Subject: [PATCH 04/19] Add model specs and settings text --- locale/gitlab.pot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 74fad6783e2704..4b98e190207a12 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -31176,7 +31176,7 @@ msgstr "" msgid "GroupSettings|Group path cannot be longer than %{length} characters." msgstr "" -msgid "GroupSettings|Hide email on profile page" +msgid "GroupSettings|Hide public user profile email for enterprise users" msgstr "" msgid "GroupSettings|How do I manage group SSH certificates?" -- GitLab From cda4388498c980d89239cae3c2ab474a89db4fbf Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Mon, 14 Jul 2025 21:43:55 +1000 Subject: [PATCH 05/19] Add a condition to include the view only for enteprise group --- ee/app/views/groups/settings/_hide_email_on_profile.html.haml | 4 ++-- locale/gitlab.pot | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ee/app/views/groups/settings/_hide_email_on_profile.html.haml b/ee/app/views/groups/settings/_hide_email_on_profile.html.haml index da12990f7f4b7e..671512a43d01eb 100644 --- a/ee/app/views/groups/settings/_hide_email_on_profile.html.haml +++ b/ee/app/views/groups/settings/_hide_email_on_profile.html.haml @@ -1,4 +1,4 @@ -- return unless group.root? +- return unless group.root? && group.domain_verification_available? && can?(current_user, :owner_access, group) %h5= _('Hide Email On Profile') @@ -7,4 +7,4 @@ - c.with_label do = s_('GroupSettings|Hide public user profile email for enterprise users') - c.with_help_text do - = s_("GroupSettings|If enabled, enterprise user accounts will have their email addresses hidden on profile.") + = s_("GroupSettings|If enabled, enterprise user accounts associated with this group will have their email addresses hidden on their public profile pages.") diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 4b98e190207a12..b4724dc510b598 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -31182,7 +31182,7 @@ msgstr "" msgid "GroupSettings|How do I manage group SSH certificates?" msgstr "" -msgid "GroupSettings|If enabled, enterprise user accounts will have their email addresses hidden on profile." +msgid "GroupSettings|If enabled, enterprise user accounts associated with this group will have their email addresses hidden on their public profile pages." msgstr "" msgid "GroupSettings|If enabled, enterprise user accounts will not be able to use personal access tokens. %{learn_more_link}." -- GitLab From aac79cae3872ecf4e6a2fc5e27d570cca662d5a1 Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Tue, 15 Jul 2025 23:03:15 +1000 Subject: [PATCH 06/19] Add column after rebase to structure.sql --- db/structure.sql | 1 + 1 file changed, 1 insertion(+) diff --git a/db/structure.sql b/db/structure.sql index fc63b1cb29aba6..f48384fe1783a3 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -18626,6 +18626,7 @@ CREATE TABLE namespace_settings ( lock_web_based_commit_signing_enabled boolean DEFAULT false NOT NULL, allow_enterprise_bypass_placeholder_confirmation boolean DEFAULT false NOT NULL, enterprise_bypass_expires_at timestamp with time zone, + hide_email_on_profile boolean DEFAULT false NOT NULL, CONSTRAINT check_0ba93c78c7 CHECK ((char_length(default_branch_name) <= 255)), CONSTRAINT check_namespace_settings_security_policies_is_hash CHECK ((jsonb_typeof(security_policies) = 'object'::text)), CONSTRAINT namespace_settings_unique_project_download_limit_alertlist_size CHECK ((cardinality(unique_project_download_limit_alertlist) <= 100)), -- GitLab From baed1ee3539a4d232e2701163d86c8fb633627fe Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Thu, 17 Jul 2025 22:39:35 +1000 Subject: [PATCH 07/19] Group Enterprise users related settings together --- .../groups/settings/_permissions.html.haml | 12 ++- .../settings/_enterprise_users_pats.html.haml | 2 +- .../_extensions_marketplace.html.haml | 2 - .../settings/_hide_email_on_profile.html.haml | 2 - .../_personal_access_tokens.html.haml | 1 - .../settings/_permissions.html.haml_spec.rb | 93 ++++++++++++++++--- locale/gitlab.pot | 14 +-- 7 files changed, 98 insertions(+), 28 deletions(-) diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml index 5d4fe8016f3d51..fa5b8a291ef488 100644 --- a/app/views/groups/settings/_permissions.html.haml +++ b/app/views/groups/settings/_permissions.html.haml @@ -34,6 +34,16 @@ = render 'groups/settings/project_creation_level', f: f, group: @group = render 'groups/settings/subgroup_creation_level', f: f, group: @group = render_if_exists 'groups/settings/prevent_forking', f: f, group: @group + + - if @group.root? && @group.domain_verification_available? && can?(current_user, :owner_access, @group) + %h5= s_('GroupSettings|Enterprise users') + .gl-mb-3 + = s_('GroupSettings|Settings that apply only to enterprise user accounts associated with this group.') + + = render_if_exists 'groups/settings/enterprise_users_pats', f: f, group: @group + = render_if_exists 'groups/settings/hide_email_on_profile', f: f, group: @group + = render_if_exists 'groups/settings/extensions_marketplace', f: f, group: @group + = render_if_exists 'groups/settings/personal_access_tokens', f: f, group: @group = render 'groups/settings/resource_access_token_creation', f: f, group: @group = render_if_exists 'groups/personal_access_token_expiration_policy', f: f, group: @group @@ -44,8 +54,6 @@ = render_if_exists 'groups/settings/placeholder_confirmation_bypass', f: f, group: @group = render_if_exists 'groups/settings/remove_dormant_members', f: f, group: @group = render_if_exists 'groups/settings/disable_invite_members', f: f, group: @group - = render_if_exists 'groups/settings/hide_email_on_profile', f: f, group: @group - = render_if_exists 'groups/settings/extensions_marketplace', f: f, group: @group = render_if_exists 'groups/settings/pages_access_control', f: f, group: @group %h5= _('Customer relations') diff --git a/ee/app/views/groups/settings/_enterprise_users_pats.html.haml b/ee/app/views/groups/settings/_enterprise_users_pats.html.haml index dc138a9ba14213..7e647065d47246 100644 --- a/ee/app/views/groups/settings/_enterprise_users_pats.html.haml +++ b/ee/app/views/groups/settings/_enterprise_users_pats.html.haml @@ -2,7 +2,7 @@ = f.gitlab_ui_checkbox_component :disable_personal_access_tokens, checkbox_options: { checked: group.disable_personal_access_tokens? } do |c| - c.with_label do - = s_('GroupSettings|Disable personal access tokens for enterprise users') + = s_('GroupSettings|Disable personal access tokens') - c.with_help_text do - learn_more_link = link_to(_('Learn more'), help_page_path('user/profile/personal_access_tokens.md', anchor: 'disable-personal-access-tokens-for-enterprise-users')) = s_("GroupSettings|If enabled, enterprise user accounts will not be able to use personal access tokens. %{learn_more_link}.").html_safe % { learn_more_link: learn_more_link } diff --git a/ee/app/views/groups/settings/_extensions_marketplace.html.haml b/ee/app/views/groups/settings/_extensions_marketplace.html.haml index a83439b5a27faa..6b75c11152613d 100644 --- a/ee/app/views/groups/settings/_extensions_marketplace.html.haml +++ b/ee/app/views/groups/settings/_extensions_marketplace.html.haml @@ -3,8 +3,6 @@ - return unless group.can_manage_extensions_marketplace_for_enterprise_users? -%h5= _('Web IDE and workspaces') - .form-group.gl-mb-3 = f.gitlab_ui_checkbox_component :enterprise_users_extensions_marketplace_enabled, checkbox_options: { checked: group.enterprise_users_extensions_marketplace_enabled? } do |c| - c.with_label do diff --git a/ee/app/views/groups/settings/_hide_email_on_profile.html.haml b/ee/app/views/groups/settings/_hide_email_on_profile.html.haml index 671512a43d01eb..b50fdd8c448bbb 100644 --- a/ee/app/views/groups/settings/_hide_email_on_profile.html.haml +++ b/ee/app/views/groups/settings/_hide_email_on_profile.html.haml @@ -1,7 +1,5 @@ - return unless group.root? && group.domain_verification_available? && can?(current_user, :owner_access, group) -%h5= _('Hide Email On Profile') - .form-group.gl-mb-3 = f.gitlab_ui_checkbox_component :hide_email_on_profile, checkbox_options: { checked: group.hide_email_on_profile? } do |c| - c.with_label do diff --git a/ee/app/views/groups/settings/_personal_access_tokens.html.haml b/ee/app/views/groups/settings/_personal_access_tokens.html.haml index 0afd9735d528e5..872542ed2602fc 100644 --- a/ee/app/views/groups/settings/_personal_access_tokens.html.haml +++ b/ee/app/views/groups/settings/_personal_access_tokens.html.haml @@ -3,5 +3,4 @@ %h5= s_('AccessTokens|Personal access tokens') .form-group.gl-mb-3 - = render_if_exists 'groups/settings/enterprise_users_pats', f: f, group: @group = render_if_exists 'groups/settings/service_accounts_pats_expiration_enforced', f: f, group: @group diff --git a/ee/spec/views/groups/settings/_permissions.html.haml_spec.rb b/ee/spec/views/groups/settings/_permissions.html.haml_spec.rb index 3d72e361d111a8..b44f74c2a9baf6 100644 --- a/ee/spec/views/groups/settings/_permissions.html.haml_spec.rb +++ b/ee/spec/views/groups/settings/_permissions.html.haml_spec.rb @@ -50,31 +50,98 @@ end end - context 'for extensions marketplace settings' do - let_it_be(:section_title) { _('Web IDE and workspaces') } - let_it_be(:checkbox_label) { s_('GroupSettings|Enable extension marketplace') } + context 'for enterprise users section' do + let_it_be(:section_title) { s_('GroupSettings|Enterprise users') } + let_it_be(:section_description) do + s_('GroupSettings|Settings that apply only to enterprise user accounts associated with this group.') + end - context 'when cannot manage extensions marketplace for enterprise users' do - it 'renders nothing', :aggregate_failures do - allow(group).to receive(:can_manage_extensions_marketplace_for_enterprise_users?).and_return(false) + context 'when group is not root' do + before do + allow(group).to receive(:root?).and_return(false) + end + it 'does not render enterprise users section' do render - expect(rendered).to render_template('groups/settings/_extensions_marketplace') expect(rendered).not_to have_content(section_title) - expect(rendered).not_to have_field(checkbox_label, type: 'checkbox') + expect(rendered).not_to have_content(section_description) end end - context 'when can manage extensions marketplace for enterprise users' do - it 'renders checkbox', :aggregate_failures do - allow(group).to receive(:can_manage_extensions_marketplace_for_enterprise_users?).and_return(true) + context 'when domain verification is not available' do + before do + allow(group).to receive(:root?).and_return(true) + allow(group).to receive(:domain_verification_available?).and_return(false) + end + it 'does not render enterprise users section' do + render + + expect(rendered).not_to have_content(section_title) + expect(rendered).not_to have_content(section_description) + end + end + + context 'when user does not have owner access' do + before do + allow(group).to receive(:root?).and_return(true) + allow(group).to receive(:domain_verification_available?).and_return(true) + allow(view).to receive(:can?).with(anything, :owner_access, group).and_return(false) + end + + it 'does not render enterprise users section' do + render + + expect(rendered).not_to have_content(section_title) + expect(rendered).not_to have_content(section_description) + end + end + + context 'when all conditions are met' do + before do + allow(group).to receive(:root?).and_return(true) + allow(group).to receive(:domain_verification_available?).and_return(true) + allow(view).to receive(:can?).with(anything, :owner_access, group).and_return(true) + end + + it 'renders enterprise users section with description' do render - expect(rendered).to render_template('groups/settings/_extensions_marketplace') expect(rendered).to have_content(section_title) - expect(rendered).to have_unchecked_field(checkbox_label, type: 'checkbox') + expect(rendered).to have_content(section_description) + end + + it 'renders enterprise user partials' do + render + + expect(rendered).to render_template('groups/settings/_enterprise_users_pats') + expect(rendered).to render_template('groups/settings/_hide_email_on_profile') + expect(rendered).to render_template('groups/settings/_extensions_marketplace') + end + + context 'when extensions marketplace can be managed' do + before do + allow(group).to receive(:can_manage_extensions_marketplace_for_enterprise_users?).and_return(true) + end + + it 'renders extensions marketplace checkbox' do + render + + expect(rendered).to have_unchecked_field(s_('GroupSettings|Enable extension marketplace'), type: 'checkbox') + end + end + + context 'when extensions marketplace cannot be managed' do + before do + allow(group).to receive(:can_manage_extensions_marketplace_for_enterprise_users?).and_return(false) + end + + it 'does not render extensions marketplace checkbox' do + render + + expect(rendered).not_to have_field(s_('GroupSettings|Enable extension marketplace'), type: 'checkbox') + end end end end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index b4724dc510b598..c2cd6dcc49ad7c 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -31119,7 +31119,7 @@ msgstr "" msgid "GroupSettings|Default to Auto DevOps pipeline for all projects within this group" msgstr "" -msgid "GroupSettings|Disable personal access tokens for enterprise users" +msgid "GroupSettings|Disable personal access tokens" msgstr "" msgid "GroupSettings|Disable user invitations to groups and projects within %{group}" @@ -31152,6 +31152,9 @@ msgstr "" msgid "GroupSettings|Enterprise user accounts can use the extension marketplace in the Web IDE and workspaces." msgstr "" +msgid "GroupSettings|Enterprise users" +msgstr "" + msgid "GroupSettings|Experiment" msgstr "" @@ -31263,6 +31266,9 @@ msgstr "" msgid "GroupSettings|Set the initial name and protections for the default branch of new repositories created in the group." msgstr "" +msgid "GroupSettings|Settings that apply only to enterprise user accounts associated with this group." +msgstr "" + msgid "GroupSettings|The Auto DevOps pipeline runs if no alternative CI configuration file is found." msgstr "" @@ -31921,9 +31927,6 @@ msgstr "" msgid "Hide" msgstr "" -msgid "Hide Email On Profile" -msgstr "" - msgid "Hide Live Preview" msgstr "" @@ -70339,9 +70342,6 @@ msgstr "" msgid "Web IDE" msgstr "" -msgid "Web IDE and workspaces" -msgstr "" - msgid "Web terminal" msgstr "" -- GitLab From e88ac7eccece05555118f0a7decb5da5a70c8577 Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Thu, 17 Jul 2025 22:43:53 +1000 Subject: [PATCH 08/19] Fix haml-lint errors --- app/views/groups/settings/_permissions.html.haml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml index fa5b8a291ef488..17e10384824c04 100644 --- a/app/views/groups/settings/_permissions.html.haml +++ b/app/views/groups/settings/_permissions.html.haml @@ -34,12 +34,12 @@ = render 'groups/settings/project_creation_level', f: f, group: @group = render 'groups/settings/subgroup_creation_level', f: f, group: @group = render_if_exists 'groups/settings/prevent_forking', f: f, group: @group - + - if @group.root? && @group.domain_verification_available? && can?(current_user, :owner_access, @group) %h5= s_('GroupSettings|Enterprise users') .gl-mb-3 = s_('GroupSettings|Settings that apply only to enterprise user accounts associated with this group.') - + = render_if_exists 'groups/settings/enterprise_users_pats', f: f, group: @group = render_if_exists 'groups/settings/hide_email_on_profile', f: f, group: @group = render_if_exists 'groups/settings/extensions_marketplace', f: f, group: @group -- GitLab From 59e031b0bd447578e432d13f562bbab70d02a216 Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Tue, 22 Jul 2025 15:16:42 +1000 Subject: [PATCH 09/19] Review comment delegate method --- ee/app/models/ee/group.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/ee/app/models/ee/group.rb b/ee/app/models/ee/group.rb index ebb01111a614e3..fc96cc361eda67 100644 --- a/ee/app/models/ee/group.rb +++ b/ee/app/models/ee/group.rb @@ -115,6 +115,7 @@ module Group delegate :disable_personal_access_tokens=, to: :namespace_settings delegate :hide_email_on_profile=, to: :namespace_settings + delegate :hide_email_on_profile?, to: :namespace_settings delegate :enterprise_users_extensions_marketplace_enabled=, to: :namespace_settings -- GitLab From 81ef95a726b82f5db1c3b97dc3a6978cf4418003 Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Tue, 22 Jul 2025 22:10:03 +1000 Subject: [PATCH 10/19] Fix failing feature spec --- ee/app/models/ee/group.rb | 4 ---- ee/spec/features/groups/group_settings_spec.rb | 1 + 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/ee/app/models/ee/group.rb b/ee/app/models/ee/group.rb index fc96cc361eda67..0303efb7be941d 100644 --- a/ee/app/models/ee/group.rb +++ b/ee/app/models/ee/group.rb @@ -1066,10 +1066,6 @@ def disable_personal_access_tokens? namespace_settings.disable_personal_access_tokens? end - def hide_email_on_profile? - namespace_settings.hide_email_on_profile? - end - def extended_grat_expiry_webhooks_execute? licensed_feature_available?(:group_webhooks) && namespace_settings&.extended_grat_expiry_webhooks_execute? diff --git a/ee/spec/features/groups/group_settings_spec.rb b/ee/spec/features/groups/group_settings_spec.rb index 8953d6fb4cf0c4..0fea98a69c2979 100644 --- a/ee/spec/features/groups/group_settings_spec.rb +++ b/ee/spec/features/groups/group_settings_spec.rb @@ -515,6 +515,7 @@ def service_access_token_expiration_enforced_selector context 'for SaaS', :saas do before do + stub_licensed_features(domain_verification: true, disable_personal_access_tokens: true) stub_saas_features(disable_personal_access_tokens: true) end -- GitLab From f04bbc16a64e68410586bdae47354543e3ccbbda Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Wed, 23 Jul 2025 13:36:48 +1000 Subject: [PATCH 11/19] Fix failing auditor spec --- .../lib/namespaces/namespace_setting_changes_auditor_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/spec/lib/namespaces/namespace_setting_changes_auditor_spec.rb b/ee/spec/lib/namespaces/namespace_setting_changes_auditor_spec.rb index 27b13e2e754127..86f99b2ec714e6 100644 --- a/ee/spec/lib/namespaces/namespace_setting_changes_auditor_spec.rb +++ b/ee/spec/lib/namespaces/namespace_setting_changes_auditor_spec.rb @@ -121,7 +121,7 @@ default_branch_protection_defaults allow_merge_without_pipeline auto_ban_user_on_excessive_projects_download lock_math_rendering_limits_enabled enable_auto_assign_gitlab_duo_pro_seats early_access_program_participant lock_duo_features_enabled allow_merge_without_pipeline only_allow_merge_if_pipeline_succeeds - lock_spp_repository_pipeline_access spp_repository_pipeline_access archived + lock_spp_repository_pipeline_access hide_email_on_profile spp_repository_pipeline_access archived resource_access_token_notify_inherited lock_resource_access_token_notify_inherited pipeline_variables_default_role extended_grat_expiry_webhooks_execute force_pages_access_control jwt_ci_cd_job_token_enabled jwt_ci_cd_job_token_opted_out require_dpop_for_manage_api_endpoints -- GitLab From 14a2d995460754a469f1ef119c4607561ac1a3c7 Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Wed, 23 Jul 2025 15:44:50 +1000 Subject: [PATCH 12/19] Add controller spec --- .../controllers/concerns/ee/groups/params.rb | 6 ++ ee/spec/requests/groups_controller_spec.rb | 59 +++++++++++++++++++ 2 files changed, 65 insertions(+) diff --git a/ee/app/controllers/concerns/ee/groups/params.rb b/ee/app/controllers/concerns/ee/groups/params.rb index 07cefd106aebfc..aa4d5abd410559 100644 --- a/ee/app/controllers/concerns/ee/groups/params.rb +++ b/ee/app/controllers/concerns/ee/groups/params.rb @@ -93,6 +93,12 @@ def group_params_ee params_ee << :disable_invite_members end + if current_group&.root? && + current_group.domain_verification_available? && + can?(current_user, :owner_access, current_group) + params_ee << :hide_email_on_profile + end + if enterprise_bypass_placeholders_allowed? params_ee << :allow_enterprise_bypass_placeholder_confirmation params_ee << :enterprise_bypass_expires_at diff --git a/ee/spec/requests/groups_controller_spec.rb b/ee/spec/requests/groups_controller_spec.rb index cd7f1a191dde99..8e6410432b8ed0 100644 --- a/ee/spec/requests/groups_controller_spec.rb +++ b/ee/spec/requests/groups_controller_spec.rb @@ -617,6 +617,65 @@ end end end + + context 'when setting hide_email_on_profile' do + let(:params) { { group: { hide_email_on_profile: true } } } + + before do + group.add_owner(user) + allow(Group).to receive(:find_by_full_path).and_return(group) + allow(group).to receive(:domain_verification_available?).and_return(true) + end + + it 'successfully updates the setting for top-level group owners' do + expect { request }.to change { + group.reload.namespace_settings.hide_email_on_profile? + }.from(false).to(true) + + expect(response).to have_gitlab_http_status(:found) + end + + context 'and user is not a group owner' do + before do + group.owners.delete(user) + group.add_maintainer(user) + end + + it 'does not change the setting and returns not found' do + expect { request }.not_to change { + group.reload.namespace_settings.hide_email_on_profile? + }.from(false) + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + context 'when domain verification is not enabled' do + before do + allow(group).to receive(:domain_verification_available?).and_return(false) + end + + it 'does not change the setting' do + expect { request }.not_to change { + group.reload.namespace_settings.hide_email_on_profile? + }.from(false) + + expect(response).to have_gitlab_http_status(:found) + end + end + + context 'when group is not a root group' do + let(:group) { create(:group, :nested) } + + it 'does not change the setting' do + expect { request }.not_to change { + group.reload.namespace_settings.hide_email_on_profile? + }.from(false) + + expect(response).to have_gitlab_http_status(:found) + end + end + end end describe 'PUT #transfer', :saas do -- GitLab From e98d5260362722589ad2f72526d15891afc05673 Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Wed, 23 Jul 2025 23:29:47 +1000 Subject: [PATCH 13/19] Implement checkboxes without formgroup --- app/views/groups/settings/_permissions.html.haml | 15 ++++++++------- .../settings/_extensions_marketplace.html.haml | 11 +++++------ .../settings/_hide_email_on_profile.html.haml | 11 +++++------ 3 files changed, 18 insertions(+), 19 deletions(-) diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml index 17e10384824c04..f14607ac59a212 100644 --- a/app/views/groups/settings/_permissions.html.haml +++ b/app/views/groups/settings/_permissions.html.haml @@ -36,13 +36,14 @@ = render_if_exists 'groups/settings/prevent_forking', f: f, group: @group - if @group.root? && @group.domain_verification_available? && can?(current_user, :owner_access, @group) - %h5= s_('GroupSettings|Enterprise users') - .gl-mb-3 - = s_('GroupSettings|Settings that apply only to enterprise user accounts associated with this group.') - - = render_if_exists 'groups/settings/enterprise_users_pats', f: f, group: @group - = render_if_exists 'groups/settings/hide_email_on_profile', f: f, group: @group - = render_if_exists 'groups/settings/extensions_marketplace', f: f, group: @group + %fieldset.form-group.gl-form-group + %legend.col-form-label.col-form-label + = s_('GroupSettings|Enterprise users') + .label-description + = s_('GroupSettings|Settings that apply only to enterprise user accounts associated with this group.') + = render_if_exists 'groups/settings/enterprise_users_pats', f: f, group: @group + = render_if_exists 'groups/settings/hide_email_on_profile', f: f, group: @group + = render_if_exists 'groups/settings/extensions_marketplace', f: f, group: @group = render_if_exists 'groups/settings/personal_access_tokens', f: f, group: @group = render 'groups/settings/resource_access_token_creation', f: f, group: @group diff --git a/ee/app/views/groups/settings/_extensions_marketplace.html.haml b/ee/app/views/groups/settings/_extensions_marketplace.html.haml index 6b75c11152613d..8107d03d52100c 100644 --- a/ee/app/views/groups/settings/_extensions_marketplace.html.haml +++ b/ee/app/views/groups/settings/_extensions_marketplace.html.haml @@ -3,9 +3,8 @@ - return unless group.can_manage_extensions_marketplace_for_enterprise_users? -.form-group.gl-mb-3 - = f.gitlab_ui_checkbox_component :enterprise_users_extensions_marketplace_enabled, checkbox_options: { checked: group.enterprise_users_extensions_marketplace_enabled? } do |c| - - c.with_label do - = s_('GroupSettings|Enable extension marketplace') - - c.with_help_text do - = s_("GroupSettings|Enterprise user accounts can use the extension marketplace in the Web IDE and workspaces.") += f.gitlab_ui_checkbox_component :enterprise_users_extensions_marketplace_enabled, checkbox_options: { checked: group.enterprise_users_extensions_marketplace_enabled? } do |c| + - c.with_label do + = s_('GroupSettings|Enable extension marketplace') + - c.with_help_text do + = s_("GroupSettings|Enterprise user accounts can use the extension marketplace in the Web IDE and workspaces.") diff --git a/ee/app/views/groups/settings/_hide_email_on_profile.html.haml b/ee/app/views/groups/settings/_hide_email_on_profile.html.haml index b50fdd8c448bbb..be650f31ff0392 100644 --- a/ee/app/views/groups/settings/_hide_email_on_profile.html.haml +++ b/ee/app/views/groups/settings/_hide_email_on_profile.html.haml @@ -1,8 +1,7 @@ - return unless group.root? && group.domain_verification_available? && can?(current_user, :owner_access, group) -.form-group.gl-mb-3 - = f.gitlab_ui_checkbox_component :hide_email_on_profile, checkbox_options: { checked: group.hide_email_on_profile? } do |c| - - c.with_label do - = s_('GroupSettings|Hide public user profile email for enterprise users') - - c.with_help_text do - = s_("GroupSettings|If enabled, enterprise user accounts associated with this group will have their email addresses hidden on their public profile pages.") += f.gitlab_ui_checkbox_component :hide_email_on_profile, checkbox_options: { checked: group.hide_email_on_profile? } do |c| + - c.with_label do + = s_('GroupSettings|Hide public user profile email for enterprise users') + - c.with_help_text do + = s_("GroupSettings|If enabled, enterprise user accounts associated with this group will have their email addresses hidden on their public profile pages.") -- GitLab From 2de5a61ecc9b55674c29f615ebcaa8e4deee6411 Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Thu, 24 Jul 2025 13:14:55 +1000 Subject: [PATCH 14/19] DRY condition check and text changes --- .../groups/settings/_permissions.html.haml | 4 +- .../controllers/concerns/ee/groups/params.rb | 6 +-- ee/app/helpers/ee/groups_helper.rb | 6 +++ .../settings/_enterprise_users_pats.html.haml | 2 +- .../settings/_hide_email_on_profile.html.haml | 4 +- ee/spec/helpers/ee/groups_helper_spec.rb | 53 +++++++++++++++++++ .../settings/_permissions.html.haml_spec.rb | 2 +- 7 files changed, 66 insertions(+), 11 deletions(-) diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml index f14607ac59a212..aacef850b2557d 100644 --- a/app/views/groups/settings/_permissions.html.haml +++ b/app/views/groups/settings/_permissions.html.haml @@ -35,12 +35,12 @@ = render 'groups/settings/subgroup_creation_level', f: f, group: @group = render_if_exists 'groups/settings/prevent_forking', f: f, group: @group - - if @group.root? && @group.domain_verification_available? && can?(current_user, :owner_access, @group) + - if enterprise_user_settings_available?(@group) %fieldset.form-group.gl-form-group %legend.col-form-label.col-form-label = s_('GroupSettings|Enterprise users') .label-description - = s_('GroupSettings|Settings that apply only to enterprise user accounts associated with this group.') + = s_('GroupSettings|Settings that apply only to enterprise users associated with this group.') = render_if_exists 'groups/settings/enterprise_users_pats', f: f, group: @group = render_if_exists 'groups/settings/hide_email_on_profile', f: f, group: @group = render_if_exists 'groups/settings/extensions_marketplace', f: f, group: @group diff --git a/ee/app/controllers/concerns/ee/groups/params.rb b/ee/app/controllers/concerns/ee/groups/params.rb index aa4d5abd410559..a2b0774052200c 100644 --- a/ee/app/controllers/concerns/ee/groups/params.rb +++ b/ee/app/controllers/concerns/ee/groups/params.rb @@ -93,11 +93,7 @@ def group_params_ee params_ee << :disable_invite_members end - if current_group&.root? && - current_group.domain_verification_available? && - can?(current_user, :owner_access, current_group) - params_ee << :hide_email_on_profile - end + params_ee << :hide_email_on_profile if enterprise_user_settings_available?(current_group, current_user) if enterprise_bypass_placeholders_allowed? params_ee << :allow_enterprise_bypass_placeholder_confirmation diff --git a/ee/app/helpers/ee/groups_helper.rb b/ee/app/helpers/ee/groups_helper.rb index 4d09dac55457cf..f74a6d8ca51692 100644 --- a/ee/app/helpers/ee/groups_helper.rb +++ b/ee/app/helpers/ee/groups_helper.rb @@ -6,6 +6,12 @@ module GroupsHelper include ::Gitlab::Utils::StrongMemoize include ::Nav::GitlabDuoSettingsPage + def enterprise_user_settings_available?(group, user = current_user) + group&.root? && + group.domain_verification_available? && + can?(user, :owner_access, group) + end + def size_limit_message_for_group(group) repository_size_limit_link = link_to _('Learn more'), help_page_path('administration/settings/account_and_limit_settings.md', anchor: 'repository-size-limit') message = group.lfs_enabled? ? _("Max size for repositories within this group, including LFS files. %{repository_size_limit_link}.") : _("Max size for repositories within this group. %{repository_size_limit_link}.") diff --git a/ee/app/views/groups/settings/_enterprise_users_pats.html.haml b/ee/app/views/groups/settings/_enterprise_users_pats.html.haml index 7e647065d47246..ee10ad58326c7b 100644 --- a/ee/app/views/groups/settings/_enterprise_users_pats.html.haml +++ b/ee/app/views/groups/settings/_enterprise_users_pats.html.haml @@ -5,4 +5,4 @@ = s_('GroupSettings|Disable personal access tokens') - c.with_help_text do - learn_more_link = link_to(_('Learn more'), help_page_path('user/profile/personal_access_tokens.md', anchor: 'disable-personal-access-tokens-for-enterprise-users')) - = s_("GroupSettings|If enabled, enterprise user accounts will not be able to use personal access tokens. %{learn_more_link}.").html_safe % { learn_more_link: learn_more_link } + = s_("GroupSettings|If enabled, enterprise users cannot use personal access tokens. %{learn_more_link}.").html_safe % { learn_more_link: learn_more_link } diff --git a/ee/app/views/groups/settings/_hide_email_on_profile.html.haml b/ee/app/views/groups/settings/_hide_email_on_profile.html.haml index be650f31ff0392..98aea8edb3ecf9 100644 --- a/ee/app/views/groups/settings/_hide_email_on_profile.html.haml +++ b/ee/app/views/groups/settings/_hide_email_on_profile.html.haml @@ -2,6 +2,6 @@ = f.gitlab_ui_checkbox_component :hide_email_on_profile, checkbox_options: { checked: group.hide_email_on_profile? } do |c| - c.with_label do - = s_('GroupSettings|Hide public user profile email for enterprise users') + = s_('GroupSettings|Hide email address from public profile') - c.with_help_text do - = s_("GroupSettings|If enabled, enterprise user accounts associated with this group will have their email addresses hidden on their public profile pages.") + = s_("GroupSettings|If enabled, hides email addresses on public profile pages for enterprise users.") diff --git a/ee/spec/helpers/ee/groups_helper_spec.rb b/ee/spec/helpers/ee/groups_helper_spec.rb index 05d638f3d8a5cf..2b7d2d990f5475 100644 --- a/ee/spec/helpers/ee/groups_helper_spec.rb +++ b/ee/spec/helpers/ee/groups_helper_spec.rb @@ -16,6 +16,59 @@ group.add_owner(owner) end + describe '#enterprise_user_settings_available?' do + let_it_be(:current_user) { create(:user) } + let_it_be(:root_group) { create(:group) } + let_it_be(:subgroup) { create(:group, parent: root_group) } + + before do + allow(helper).to receive(:current_user) { current_user } + end + + context 'when all conditions are met' do + before do + allow(root_group).to receive(:domain_verification_available?).and_return(true) + allow(helper).to receive(:can?).with(current_user, :owner_access, root_group).and_return(true) + end + + it 'returns true for root group' do + expect(helper.enterprise_user_settings_available?(root_group)).to be_truthy + end + + it 'returns false for subgroup' do + expect(helper.enterprise_user_settings_available?(subgroup)).to be_falsey + end + end + + context 'when group is nil' do + it 'returns false' do + expect(helper.enterprise_user_settings_available?(nil)).to be_falsey + end + end + + context 'when domain verification is not available' do + before do + allow(root_group).to receive(:domain_verification_available?).and_return(false) + allow(helper).to receive(:can?).with(current_user, :owner_access, root_group).and_return(true) + end + + it 'returns false' do + expect(helper.enterprise_user_settings_available?(root_group)).to be_falsey + end + end + + context 'when user does not have owner access' do + before do + allow(root_group).to receive(:domain_verification_available?).and_return(true) + allow(helper).to receive(:can?).with(current_user, :owner_access, root_group).and_return(false) + end + + it 'returns false' do + expect(helper.enterprise_user_settings_available?(root_group)).to be_falsey + end + end + end + describe '#render_setting_to_allow_project_access_token_creation?' do context 'with self-managed' do let_it_be(:parent) { create(:group) } diff --git a/ee/spec/views/groups/settings/_permissions.html.haml_spec.rb b/ee/spec/views/groups/settings/_permissions.html.haml_spec.rb index b44f74c2a9baf6..1d9a6fee7ffa9c 100644 --- a/ee/spec/views/groups/settings/_permissions.html.haml_spec.rb +++ b/ee/spec/views/groups/settings/_permissions.html.haml_spec.rb @@ -53,7 +53,7 @@ context 'for enterprise users section' do let_it_be(:section_title) { s_('GroupSettings|Enterprise users') } let_it_be(:section_description) do - s_('GroupSettings|Settings that apply only to enterprise user accounts associated with this group.') + s_('GroupSettings|Settings that apply only to enterprise users associated with this group.') end context 'when group is not root' do -- GitLab From 77fd59a4566154c5b696e705d0e4cc35ba10f169 Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Thu, 24 Jul 2025 13:16:37 +1000 Subject: [PATCH 15/19] gitlab.pot changes --- locale/gitlab.pot | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/locale/gitlab.pot b/locale/gitlab.pot index c2cd6dcc49ad7c..fa9212744830ff 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -31179,19 +31179,19 @@ msgstr "" msgid "GroupSettings|Group path cannot be longer than %{length} characters." msgstr "" -msgid "GroupSettings|Hide public user profile email for enterprise users" +msgid "GroupSettings|Hide email address from public profile" msgstr "" msgid "GroupSettings|How do I manage group SSH certificates?" msgstr "" -msgid "GroupSettings|If enabled, enterprise user accounts associated with this group will have their email addresses hidden on their public profile pages." +msgid "GroupSettings|If enabled, enterprise users cannot use personal access tokens. %{learn_more_link}." msgstr "" -msgid "GroupSettings|If enabled, enterprise user accounts will not be able to use personal access tokens. %{learn_more_link}." +msgid "GroupSettings|If enabled, group access tokens expiry webhooks execute 60, 30, and 7 days before the token expires. If disabled, these webhooks only execute 7 days before the token expires." msgstr "" -msgid "GroupSettings|If enabled, group access tokens expiry webhooks execute 60, 30, and 7 days before the token expires. If disabled, these webhooks only execute 7 days before the token expires." +msgid "GroupSettings|If enabled, hides email addresses on public profile pages for enterprise users." msgstr "" msgid "GroupSettings|If enabled, individual user accounts will be able to use only issued SSH certificates for Git access. It doesn't apply to service accounts, deploy keys, and other types of internal accounts." @@ -31266,7 +31266,7 @@ msgstr "" msgid "GroupSettings|Set the initial name and protections for the default branch of new repositories created in the group." msgstr "" -msgid "GroupSettings|Settings that apply only to enterprise user accounts associated with this group." +msgid "GroupSettings|Settings that apply only to enterprise users associated with this group." msgstr "" msgid "GroupSettings|The Auto DevOps pipeline runs if no alternative CI configuration file is found." -- GitLab From a297210193ac97e314ce8a9d0bf57f69b038c0a6 Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Fri, 25 Jul 2025 22:03:11 +1000 Subject: [PATCH 16/19] Add enterprise_user_settings_available? method in model --- .../groups/settings/_permissions.html.haml | 2 +- .../controllers/concerns/ee/groups/params.rb | 2 +- ee/app/helpers/ee/groups_helper.rb | 6 --- ee/app/models/ee/group.rb | 6 +++ ee/spec/helpers/ee/groups_helper_spec.rb | 53 ------------------- ee/spec/models/ee/group_spec.rb | 43 +++++++++++++++ 6 files changed, 51 insertions(+), 61 deletions(-) diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml index aacef850b2557d..d5abcfab34247c 100644 --- a/app/views/groups/settings/_permissions.html.haml +++ b/app/views/groups/settings/_permissions.html.haml @@ -35,7 +35,7 @@ = render 'groups/settings/subgroup_creation_level', f: f, group: @group = render_if_exists 'groups/settings/prevent_forking', f: f, group: @group - - if enterprise_user_settings_available?(@group) + - if @group.enterprise_user_settings_available?(current_user) %fieldset.form-group.gl-form-group %legend.col-form-label.col-form-label = s_('GroupSettings|Enterprise users') diff --git a/ee/app/controllers/concerns/ee/groups/params.rb b/ee/app/controllers/concerns/ee/groups/params.rb index a2b0774052200c..4361fa479d657b 100644 --- a/ee/app/controllers/concerns/ee/groups/params.rb +++ b/ee/app/controllers/concerns/ee/groups/params.rb @@ -93,7 +93,7 @@ def group_params_ee params_ee << :disable_invite_members end - params_ee << :hide_email_on_profile if enterprise_user_settings_available?(current_group, current_user) + params_ee << :hide_email_on_profile if current_group&.enterprise_user_settings_available?(current_user) if enterprise_bypass_placeholders_allowed? params_ee << :allow_enterprise_bypass_placeholder_confirmation diff --git a/ee/app/helpers/ee/groups_helper.rb b/ee/app/helpers/ee/groups_helper.rb index f74a6d8ca51692..4d09dac55457cf 100644 --- a/ee/app/helpers/ee/groups_helper.rb +++ b/ee/app/helpers/ee/groups_helper.rb @@ -6,12 +6,6 @@ module GroupsHelper include ::Gitlab::Utils::StrongMemoize include ::Nav::GitlabDuoSettingsPage - def enterprise_user_settings_available?(group, user = current_user) - group&.root? && - group.domain_verification_available? && - can?(user, :owner_access, group) - end - def size_limit_message_for_group(group) repository_size_limit_link = link_to _('Learn more'), help_page_path('administration/settings/account_and_limit_settings.md', anchor: 'repository-size-limit') message = group.lfs_enabled? ? _("Max size for repositories within this group, including LFS files. %{repository_size_limit_link}.") : _("Max size for repositories within this group. %{repository_size_limit_link}.") diff --git a/ee/app/models/ee/group.rb b/ee/app/models/ee/group.rb index 0303efb7be941d..60a317fc0a381c 100644 --- a/ee/app/models/ee/group.rb +++ b/ee/app/models/ee/group.rb @@ -1084,6 +1084,12 @@ def groups_for_extended_webhook_execution_on_token_expiry .where(namespace_settings: { extended_grat_expiry_webhooks_execute: true }) end + def enterprise_user_settings_available?(user = nil) + root? && + domain_verification_available? && + Ability.allowed?(user, :owner_access, self) + end + def virtual_registry_policy_subject ::VirtualRegistries::Packages::Policies::Group.new(self) end diff --git a/ee/spec/helpers/ee/groups_helper_spec.rb b/ee/spec/helpers/ee/groups_helper_spec.rb index 2b7d2d990f5475..05d638f3d8a5cf 100644 --- a/ee/spec/helpers/ee/groups_helper_spec.rb +++ b/ee/spec/helpers/ee/groups_helper_spec.rb @@ -16,59 +16,6 @@ group.add_owner(owner) end - describe '#enterprise_user_settings_available?' do - let_it_be(:current_user) { create(:user) } - let_it_be(:root_group) { create(:group) } - let_it_be(:subgroup) { create(:group, parent: root_group) } - - before do - allow(helper).to receive(:current_user) { current_user } - end - - context 'when all conditions are met' do - before do - allow(root_group).to receive(:domain_verification_available?).and_return(true) - allow(helper).to receive(:can?).with(current_user, :owner_access, root_group).and_return(true) - end - - it 'returns true for root group' do - expect(helper.enterprise_user_settings_available?(root_group)).to be_truthy - end - - it 'returns false for subgroup' do - expect(helper.enterprise_user_settings_available?(subgroup)).to be_falsey - end - end - - context 'when group is nil' do - it 'returns false' do - expect(helper.enterprise_user_settings_available?(nil)).to be_falsey - end - end - - context 'when domain verification is not available' do - before do - allow(root_group).to receive(:domain_verification_available?).and_return(false) - allow(helper).to receive(:can?).with(current_user, :owner_access, root_group).and_return(true) - end - - it 'returns false' do - expect(helper.enterprise_user_settings_available?(root_group)).to be_falsey - end - end - - context 'when user does not have owner access' do - before do - allow(root_group).to receive(:domain_verification_available?).and_return(true) - allow(helper).to receive(:can?).with(current_user, :owner_access, root_group).and_return(false) - end - - it 'returns false' do - expect(helper.enterprise_user_settings_available?(root_group)).to be_falsey - end - end - end - describe '#render_setting_to_allow_project_access_token_creation?' do context 'with self-managed' do let_it_be(:parent) { create(:group) } diff --git a/ee/spec/models/ee/group_spec.rb b/ee/spec/models/ee/group_spec.rb index fe2db6769a1f32..0d3daa53f95c46 100644 --- a/ee/spec/models/ee/group_spec.rb +++ b/ee/spec/models/ee/group_spec.rb @@ -4303,6 +4303,49 @@ def webhook_headers end end + describe '#enterprise_user_settings_available?' do + let_it_be(:current_user) { create(:user) } + let_it_be(:root_group) { create(:group) } + let_it_be(:subgroup) { create(:group, parent: root_group) } + + context 'when all conditions are met' do + before do + allow(root_group).to receive(:domain_verification_available?).and_return(true) + allow(Ability).to receive(:allowed?).with(current_user, :owner_access, root_group).and_return(true) + end + + it 'returns true for root group' do + expect(root_group.enterprise_user_settings_available?(current_user)).to be_truthy + end + + it 'returns false for subgroup' do + expect(subgroup.enterprise_user_settings_available?(current_user)).to be_falsey + end + end + + context 'when domain verification is not available' do + before do + allow(root_group).to receive(:domain_verification_available?).and_return(false) + allow(Ability).to receive(:allowed?).with(current_user, :owner_access, root_group).and_return(true) + end + + it 'returns false' do + expect(root_group.enterprise_user_settings_available?(current_user)).to be_falsey + end + end + + context 'when user does not have owner access' do + before do + allow(root_group).to receive(:domain_verification_available?).and_return(true) + allow(Ability).to receive(:allowed?).with(current_user, :owner_access, root_group).and_return(false) + end + + it 'returns false' do + expect(root_group.enterprise_user_settings_available?(current_user)).to be_falsey + end + end + end + describe '#virtual_registry_policy_subject' do subject { group.virtual_registry_policy_subject } -- GitLab From 25aeaf4d05f9a9bc564bff5ff18c053973e6e462 Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Sat, 26 Jul 2025 23:30:06 +1000 Subject: [PATCH 17/19] Fix _permissions.html.haml_spec.rb --- ee/spec/views/groups/settings/_permissions.html.haml_spec.rb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ee/spec/views/groups/settings/_permissions.html.haml_spec.rb b/ee/spec/views/groups/settings/_permissions.html.haml_spec.rb index 1d9a6fee7ffa9c..26e23c20129d64 100644 --- a/ee/spec/views/groups/settings/_permissions.html.haml_spec.rb +++ b/ee/spec/views/groups/settings/_permissions.html.haml_spec.rb @@ -100,9 +100,7 @@ context 'when all conditions are met' do before do - allow(group).to receive(:root?).and_return(true) - allow(group).to receive(:domain_verification_available?).and_return(true) - allow(view).to receive(:can?).with(anything, :owner_access, group).and_return(true) + allow(group).to receive(:enterprise_user_settings_available?).and_return(true) end it 'renders enterprise users section with description' do -- GitLab From be5ce9136a03338cfa4e1c4da57ef27a05c42efe Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Tue, 29 Jul 2025 09:59:43 +1000 Subject: [PATCH 18/19] Refresh timestamps --- ...rb => 20250728235237_add_hide_email_to_namespace_setting.rb} | 2 +- db/schema_migrations/20250711032556 | 1 - db/schema_migrations/20250728235237 | 1 + 3 files changed, 2 insertions(+), 2 deletions(-) rename db/migrate/{20250711032556_add_hide_email_to_namespace_setting.rb => 20250728235237_add_hide_email_to_namespace_setting.rb} (92%) delete mode 100644 db/schema_migrations/20250711032556 create mode 100644 db/schema_migrations/20250728235237 diff --git a/db/migrate/20250711032556_add_hide_email_to_namespace_setting.rb b/db/migrate/20250728235237_add_hide_email_to_namespace_setting.rb similarity index 92% rename from db/migrate/20250711032556_add_hide_email_to_namespace_setting.rb rename to db/migrate/20250728235237_add_hide_email_to_namespace_setting.rb index 76ee16a59c1e66..018da4a084a8f5 100644 --- a/db/migrate/20250711032556_add_hide_email_to_namespace_setting.rb +++ b/db/migrate/20250728235237_add_hide_email_to_namespace_setting.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class AddHideEmailToNamespaceSetting < Gitlab::Database::Migration[2.3] - milestone '18.2' + milestone '18.3' def change add_column :namespace_settings, :hide_email_on_profile, :boolean, default: false, null: false diff --git a/db/schema_migrations/20250711032556 b/db/schema_migrations/20250711032556 deleted file mode 100644 index 23f9f3ce32a7a7..00000000000000 --- a/db/schema_migrations/20250711032556 +++ /dev/null @@ -1 +0,0 @@ -a53298bc6eb458e0801ece738c1c44ed4486f70c094e3fbf11c8438e7b2790f5 \ No newline at end of file diff --git a/db/schema_migrations/20250728235237 b/db/schema_migrations/20250728235237 new file mode 100644 index 00000000000000..066fe831bbb5ab --- /dev/null +++ b/db/schema_migrations/20250728235237 @@ -0,0 +1 @@ +88be319b0a2fd60531704e55e11131d62f8c2c9d8459d559a3bd4ee0ee3f8367 \ No newline at end of file -- GitLab From cccdbdff7bd105aafd41c9d26d7af281fc1b9fb8 Mon Sep 17 00:00:00 2001 From: hmuralidhar Date: Thu, 31 Jul 2025 13:28:39 +1000 Subject: [PATCH 19/19] Add method in CE context --- app/models/group.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/models/group.rb b/app/models/group.rb index eec41422dcdd50..ea17559d073399 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -1132,6 +1132,11 @@ def supports_group_work_items? false end + # overriden in EE + def enterprise_user_settings_available?(user = nil) + false + end + def create_group_level_work_items_feature_flag_enabled? ::Feature.enabled?(:create_group_level_work_items, self, type: :wip) && supports_group_work_items? end -- GitLab