Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-01-13 06:08:10 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-01-13 06:08:10 +0000
commit: 6ede90f5dd63d4a1f5ba243b4ed5097bb1a0acab (patch)
tree: 6bb9e934cdd90d62e672a1d6c4a5a63995bfbb00 /app
parent: b8e30b446d9cb91b94d2b55e5c81303c8f2d1b25 (diff)
download: gitlab-ce-6ede90f5dd63d4a1f5ba243b4ed5097bb1a0acab.tar.gz
6 files changed, 41 insertions, 6 deletions
diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb
index d9a91f72dca..ffea7d53b14 100644
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -283,6 +283,7 @@ module ApplicationSettingsHelper
       :unique_ips_limit_enabled,
       :unique_ips_limit_per_user,
       :unique_ips_limit_time_window,
+      :updating_name_disabled_for_users,
       :usage_ping_enabled,
       :instance_statistics_visibility_private,
       :user_default_external,
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index d092a2de882..fd5708f742f 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -13,6 +13,11 @@ class UserPolicy < BasePolicy
   desc "The user is blocked"
   condition(:blocked_user, scope: :subject, score: 0) { @subject.blocked? }
 
+  condition(:updating_name_disabled_for_users) do
+    ::Gitlab::CurrentSettings.current_application_settings
+      .updating_name_disabled_for_users
+  end
+
   rule { ~restricted_public_level }.enable :read_user
   rule { ~anonymous }.enable :read_user
 
@@ -22,6 +27,8 @@ class UserPolicy < BasePolicy
     enable :update_user_status
   end
 
+  rule { can?(:update_user) & ( admin | ~updating_name_disabled_for_users ) }.enable :update_name
+
   rule { default }.enable :read_user_profile
   rule { (private_profile | blocked_user) & ~(user_is_self | admin) }.prevent :read_user_profile
 end
diff --git a/app/services/users/update_service.rb b/app/services/users/update_service.rb
index 422c8ed6575..dfbb65b7fcf 100644
--- a/app/services/users/update_service.rb
+++ b/app/services/users/update_service.rb
@@ -17,6 +17,8 @@ module Users
       yield(@user) if block_given?
 
       user_exists = @user.persisted?
+
+      discard_read_only_attributes
       assign_attributes
       assign_identity
 
@@ -50,13 +52,28 @@ module Users
       success
     end
 
-    def assign_attributes
+    def discard_read_only_attributes
+      discard_synced_attributes
+      discard_name unless name_updatable?
+    end
+
+    def discard_synced_attributes
       if (metadata = @user.user_synced_attributes_metadata)
         read_only = metadata.read_only_attributes
 
         params.reject! { |key, _| read_only.include?(key.to_sym) }
       end
+    end
 
+    def discard_name
+      params.delete(:name)
+    end
+
+    def name_updatable?
+      can?(current_user, :update_name, @user)
+    end
+
+    def assign_attributes
       @user.assign_attributes(params.except(*identity_attributes)) unless params.empty?
     end
 
diff --git a/app/views/admin/application_settings/_account_and_limit.html.haml b/app/views/admin/application_settings/_account_and_limit.html.haml
index 6b95c0f40c5..60130f9b5ef 100644
--- a/app/views/admin/application_settings/_account_and_limit.html.haml
+++ b/app/views/admin/application_settings/_account_and_limit.html.haml
@@ -51,6 +51,12 @@
         = f.check_box :user_show_add_ssh_key_message, class: 'form-check-input'
         = f.label :user_show_add_ssh_key_message, class: 'form-check-label' do
           = _("Inform users without uploaded SSH keys that they can't push over SSH until one is added")
+    .form-group
+      = f.label :updating_name_disabled_for_users, _('User restrictions'), class: 'label-bold'
+      .form-check
+        = f.check_box :updating_name_disabled_for_users, class: 'form-check-input'
+        = f.label :updating_name_disabled_for_users, class: 'form-check-label' do
+          = _("Prevent users from changing their profile name")
 
     = render_if_exists 'admin/application_settings/availability_on_namespace_setting', form: f
 
diff --git a/app/views/profiles/_name.html.haml b/app/views/profiles/_name.html.haml
new file mode 100644
index 00000000000..8711be5cd29
--- /dev/null
+++ b/app/views/profiles/_name.html.haml
@@ -0,0 +1,8 @@
+- if user.read_only_attribute?(:name)
+  = form.text_field :name, required: true, readonly: true, wrapper: { class: 'col-md-9 qa-full-name rspec-full-name' },
+  help: s_("Profiles|Your name was automatically set based on your %{provider_label} account, so people you know can recognize you") % { provider_label: attribute_provider_label(:name) }
+- elsif can?(current_user, :update_name, user)
+  = form.text_field :name, label: s_('Profiles|Full name'), required: true, title: s_("Profiles|Using emojis in names seems fun, but please try to set a status message instead"), wrapper: { class: 'col-md-9 qa-full-name rspec-full-name' }, help: s_("Profiles|Enter your name, so people you know can recognize you")
+- else
+  = form.text_field :name, required: true, readonly: true, wrapper: { class: 'col-md-9 qa-full-name rspec-full-name' },
+  help: s_("Profiles|The ability to update your name has been disabled by your administrator.")
diff --git a/app/views/profiles/show.html.haml b/app/views/profiles/show.html.haml
index cfad274f91d..49533c18c8f 100644
--- a/app/views/profiles/show.html.haml
+++ b/app/views/profiles/show.html.haml
@@ -88,11 +88,7 @@
           = s_("Profiles|Some options are unavailable for LDAP accounts")
     .col-lg-8
       .row
-        - if @user.read_only_attribute?(:name)
-          = f.text_field :name, required: true, readonly: true, wrapper: { class: 'col-md-9 qa-full-name rspec-full-name' },
-          help: s_("Profiles|Your name was automatically set based on your %{provider_label} account, so people you know can recognize you") % { provider_label: attribute_provider_label(:name) }
-        - else
-          = f.text_field :name, label: s_('Profiles|Full name'), required: true, title: s_("Profiles|Using emojis in names seems fun, but please try to set a status message instead"), wrapper: { class: 'col-md-9 qa-full-name rspec-full-name' }, help: s_("Profiles|Enter your name, so people you know can recognize you")
+        = render 'profiles/name', form: f, user: @user
         = f.text_field :id, readonly: true, label: s_('Profiles|User ID'), wrapper: { class: 'col-md-3' }
       = f.select :role, ::User.roles.keys.map { |role| [role.titleize, role] }, { prompt: _('Select your role') }, required: true, class: 'input-md'
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-01-13 06:08:10 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-01-13 06:08:10 +0000
commit	6ede90f5dd63d4a1f5ba243b4ed5097bb1a0acab (patch)
tree	6bb9e934cdd90d62e672a1d6c4a5a63995bfbb00 /app
parent	b8e30b446d9cb91b94d2b55e5c81303c8f2d1b25 (diff)
download	gitlab-ce-6ede90f5dd63d4a1f5ba243b4ed5097bb1a0acab.tar.gz