diff options
author | Gosia Ksionek <mksionek@gitlab.com> | 2019-08-16 22:04:21 +0000 |
---|---|---|
committer | Paul Slaughter <pslaughter@gitlab.com> | 2019-08-16 22:04:21 +0000 |
commit | 3b32ac567848990094dc4bd4e67a32c6e22b61e8 (patch) | |
tree | 9f75f5f25a1f9d1217b74b9727563bb9ccbc3a17 | |
parent | 0baadb42e2a0a3aecdb0b9792743887998efbcf8 (diff) | |
download | gitlab-ce-3b32ac567848990094dc4bd4e67a32c6e22b61e8.tar.gz |
Add new table to store email domain
In order to save user preferences regarding
user emails allowed to be invited to group
Add foreign_key and down method
Change adding foreign key
Add partial call to view
Add changelog entry
Fix schema
-rw-r--r-- | app/views/groups/settings/_permissions.html.haml | 1 | ||||
-rw-r--r-- | changelogs/unreleased/10972-be-allow-restricting-group-members-by-a-domain-whitelist-ce.yml | 5 | ||||
-rw-r--r-- | db/migrate/20190723153247_create_allowed_email_domains_for_groups.rb | 22 | ||||
-rw-r--r-- | db/schema.rb | 9 | ||||
-rw-r--r-- | doc/user/group/index.md | 32 |
5 files changed, 69 insertions, 0 deletions
diff --git a/app/views/groups/settings/_permissions.html.haml b/app/views/groups/settings/_permissions.html.haml index d3375e00bad..162d28abb8c 100644 --- a/app/views/groups/settings/_permissions.html.haml +++ b/app/views/groups/settings/_permissions.html.haml @@ -18,6 +18,7 @@ %span.descr.text-muted= share_with_group_lock_help_text(@group) = render_if_exists 'groups/settings/ip_restriction', f: f, group: @group + = render_if_exists 'groups/settings/allowed_email_domain', f: f, group: @group = render 'groups/settings/lfs', f: f = render 'groups/settings/project_creation_level', f: f, group: @group = render 'groups/settings/subgroup_creation_level', f: f, group: @group diff --git a/changelogs/unreleased/10972-be-allow-restricting-group-members-by-a-domain-whitelist-ce.yml b/changelogs/unreleased/10972-be-allow-restricting-group-members-by-a-domain-whitelist-ce.yml new file mode 100644 index 00000000000..d93e7634ae5 --- /dev/null +++ b/changelogs/unreleased/10972-be-allow-restricting-group-members-by-a-domain-whitelist-ce.yml @@ -0,0 +1,5 @@ +--- +title: Add new table to store email domain per group +merge_request: 31071 +author: +type: added diff --git a/db/migrate/20190723153247_create_allowed_email_domains_for_groups.rb b/db/migrate/20190723153247_create_allowed_email_domains_for_groups.rb new file mode 100644 index 00000000000..c6c5b56ed8b --- /dev/null +++ b/db/migrate/20190723153247_create_allowed_email_domains_for_groups.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true + +# See http://doc.gitlab.com/ce/development/migration_style_guide.html +# for more information on how to write migrations for GitLab. + +class CreateAllowedEmailDomainsForGroups < ActiveRecord::Migration[5.2] + # Set this constant to true if this migration requires downtime. + DOWNTIME = false + + def change + create_table :allowed_email_domains do |t| + t.timestamps_with_timezone null: false + t.references :group, references: :namespace, + column: :group_id, + type: :integer, + null: false, + index: true + t.foreign_key :namespaces, column: :group_id, on_delete: :cascade + t.string :domain, null: false, limit: 255 + end + end +end diff --git a/db/schema.rb b/db/schema.rb index fafaec3fb51..ce5fd38129a 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -26,6 +26,14 @@ ActiveRecord::Schema.define(version: 2019_08_15_093949) do t.integer "cached_markdown_version" end + create_table "allowed_email_domains", force: :cascade do |t| + t.datetime_with_timezone "created_at", null: false + t.datetime_with_timezone "updated_at", null: false + t.integer "group_id", null: false + t.string "domain", limit: 255, null: false + t.index ["group_id"], name: "index_allowed_email_domains_on_group_id" + end + create_table "analytics_cycle_analytics_group_stages", force: :cascade do |t| t.datetime_with_timezone "created_at", null: false t.datetime_with_timezone "updated_at", null: false @@ -3670,6 +3678,7 @@ ActiveRecord::Schema.define(version: 2019_08_15_093949) do t.index ["type"], name: "index_web_hooks_on_type" end + add_foreign_key "allowed_email_domains", "namespaces", column: "group_id", on_delete: :cascade add_foreign_key "analytics_cycle_analytics_group_stages", "labels", column: "end_event_label_id", on_delete: :cascade add_foreign_key "analytics_cycle_analytics_group_stages", "labels", column: "start_event_label_id", on_delete: :cascade add_foreign_key "analytics_cycle_analytics_group_stages", "namespaces", column: "group_id", on_delete: :cascade diff --git a/doc/user/group/index.md b/doc/user/group/index.md index 43fd0bfd45a..8ebdb760678 100644 --- a/doc/user/group/index.md +++ b/doc/user/group/index.md @@ -350,6 +350,38 @@ Restriction currently applies to UI, API access is not restricted. To avoid accidental lock-out, admins and group owners are are able to access the group regardless of the IP restriction. +#### Allowed domain restriction **(PREMIUM ONLY)** + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/7297) in +[GitLab Premium](https://about.gitlab.com/pricing/) 12.2. + +You can restrict access to groups and their underlying projects by +allowing only users with email addresses in particular domains to be added to the group. + +Add email domains you want to whitelist and users with emails from different +domains won't be allowed to be added to this group. + +Some domains cannot be restricted. These are the most popular public email domains, such as: + +- `gmail.com` +- `yahoo.com` +- `hotmail.com` +- `aol.com` +- `msn.com` +- `hotmail.co.uk` +- `hotmail.fr` +- `live.com` +- `outlook.com` +- `icloud.com` + +To enable this feature: + +1. Navigate to the group's **Settings > General** page. +1. Expand the **Permissions, LFS, 2FA** section, and enter domain name into **Restrict membership by email** field. +1. Click **Save changes**. + +This will enable the domain-checking for all new users added to the group from this moment on. + #### Group file templates **(PREMIUM)** Group file templates allow you to share a set of templates for common file |