summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGosia Ksionek <mksionek@gitlab.com>2019-08-16 22:04:21 +0000
committerPaul Slaughter <pslaughter@gitlab.com>2019-08-16 22:04:21 +0000
commit3b32ac567848990094dc4bd4e67a32c6e22b61e8 (patch)
tree9f75f5f25a1f9d1217b74b9727563bb9ccbc3a17
parent0baadb42e2a0a3aecdb0b9792743887998efbcf8 (diff)
downloadgitlab-ce-3b32ac567848990094dc4bd4e67a32c6e22b61e8.tar.gz
Add new table to store email domain
In order to save user preferences regarding user emails allowed to be invited to group Add foreign_key and down method Change adding foreign key Add partial call to view Add changelog entry Fix schema
-rw-r--r--app/views/groups/settings/_permissions.html.haml1
-rw-r--r--changelogs/unreleased/10972-be-allow-restricting-group-members-by-a-domain-whitelist-ce.yml5
-rw-r--r--db/migrate/20190723153247_create_allowed_email_domains_for_groups.rb22
-rw-r--r--db/schema.rb9
-rw-r--r--doc/user/group/index.md32
5 files changed, 69 insertions, 0 deletions
diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml
index d3375e00bad..162d28abb8c 100644
--- a/app/views/groups/settings/_permissions.html.haml
+++ b/app/views/groups/settings/_permissions.html.haml
@@ -18,6 +18,7 @@
%span.descr.text-muted= share_with_group_lock_help_text(@group)
= render_if_exists 'groups/settings/ip_restriction', f: f, group: @group
+ = render_if_exists 'groups/settings/allowed_email_domain', f: f, group: @group
= render 'groups/settings/lfs', f: f
= render 'groups/settings/project_creation_level', f: f, group: @group
= render 'groups/settings/subgroup_creation_level', f: f, group: @group
diff --git a/changelogs/unreleased/10972-be-allow-restricting-group-members-by-a-domain-whitelist-ce.yml b/changelogs/unreleased/10972-be-allow-restricting-group-members-by-a-domain-whitelist-ce.yml
new file mode 100644
index 00000000000..d93e7634ae5
--- /dev/null
+++ b/changelogs/unreleased/10972-be-allow-restricting-group-members-by-a-domain-whitelist-ce.yml
@@ -0,0 +1,5 @@
+---
+title: Add new table to store email domain per group
+merge_request: 31071
+author:
+type: added
diff --git a/db/migrate/20190723153247_create_allowed_email_domains_for_groups.rb b/db/migrate/20190723153247_create_allowed_email_domains_for_groups.rb
new file mode 100644
index 00000000000..c6c5b56ed8b
--- /dev/null
+++ b/db/migrate/20190723153247_create_allowed_email_domains_for_groups.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class CreateAllowedEmailDomainsForGroups < ActiveRecord::Migration[5.2]
+ # Set this constant to true if this migration requires downtime.
+ DOWNTIME = false
+
+ def change
+ create_table :allowed_email_domains do |t|
+ t.timestamps_with_timezone null: false
+ t.references :group, references: :namespace,
+ column: :group_id,
+ type: :integer,
+ null: false,
+ index: true
+ t.foreign_key :namespaces, column: :group_id, on_delete: :cascade
+ t.string :domain, null: false, limit: 255
+ end
+ end
+end
diff --git a/db/schema.rb b/db/schema.rb
index fafaec3fb51..ce5fd38129a 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -26,6 +26,14 @@ ActiveRecord::Schema.define(version: 2019_08_15_093949) do
t.integer "cached_markdown_version"
end
+ create_table "allowed_email_domains", force: :cascade do |t|
+ t.datetime_with_timezone "created_at", null: false
+ t.datetime_with_timezone "updated_at", null: false
+ t.integer "group_id", null: false
+ t.string "domain", limit: 255, null: false
+ t.index ["group_id"], name: "index_allowed_email_domains_on_group_id"
+ end
+
create_table "analytics_cycle_analytics_group_stages", force: :cascade do |t|
t.datetime_with_timezone "created_at", null: false
t.datetime_with_timezone "updated_at", null: false
@@ -3670,6 +3678,7 @@ ActiveRecord::Schema.define(version: 2019_08_15_093949) do
t.index ["type"], name: "index_web_hooks_on_type"
end
+ add_foreign_key "allowed_email_domains", "namespaces", column: "group_id", on_delete: :cascade
add_foreign_key "analytics_cycle_analytics_group_stages", "labels", column: "end_event_label_id", on_delete: :cascade
add_foreign_key "analytics_cycle_analytics_group_stages", "labels", column: "start_event_label_id", on_delete: :cascade
add_foreign_key "analytics_cycle_analytics_group_stages", "namespaces", column: "group_id", on_delete: :cascade
diff --git a/doc/user/group/index.md b/doc/user/group/index.md
index 43fd0bfd45a..8ebdb760678 100644
--- a/doc/user/group/index.md
+++ b/doc/user/group/index.md
@@ -350,6 +350,38 @@ Restriction currently applies to UI, API access is not restricted.
To avoid accidental lock-out, admins and group owners are are able to access
the group regardless of the IP restriction.
+#### Allowed domain restriction **(PREMIUM ONLY)**
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/7297) in
+[GitLab Premium](https://about.gitlab.com/pricing/) 12.2.
+
+You can restrict access to groups and their underlying projects by
+allowing only users with email addresses in particular domains to be added to the group.
+
+Add email domains you want to whitelist and users with emails from different
+domains won't be allowed to be added to this group.
+
+Some domains cannot be restricted. These are the most popular public email domains, such as:
+
+- `gmail.com`
+- `yahoo.com`
+- `hotmail.com`
+- `aol.com`
+- `msn.com`
+- `hotmail.co.uk`
+- `hotmail.fr`
+- `live.com`
+- `outlook.com`
+- `icloud.com`
+
+To enable this feature:
+
+1. Navigate to the group's **Settings > General** page.
+1. Expand the **Permissions, LFS, 2FA** section, and enter domain name into **Restrict membership by email** field.
+1. Click **Save changes**.
+
+This will enable the domain-checking for all new users added to the group from this moment on.
+
#### Group file templates **(PREMIUM)**
Group file templates allow you to share a set of templates for common file