Merge branch 'docs/pages-access-control' into 'master'

Add user docs for Pages access control

Closes #54143

See merge request gitlab-org/gitlab-ce!23145

(cherry picked from commit 103267f7606170338345ccd00f452b3a779c7c74)

d5d5f90c Add user docs for Pages access control
44b2dc73 Change project permissions img to include Pages access control
9ec9c563 Remove unneeded auth info on admin pages access control
4ce0ef0e Merge branch 'master' into docs/pages-access-control
9cbbc53f Make Pages visibility list clearer

5 files changed, 58 insertions, 11 deletions

diff --git a/doc/administration/pages/index.md b/doc/administration/pages/index.md
index d8345f2d6bd..cbd3032bd4e 100644
--- a/doc/administration/pages/index.md
+++ b/doc/administration/pages/index.md
@@ -244,8 +244,9 @@ This setting is enabled by default.
 
 ### Access control
 
-Access control was [introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/33422)
-in GitLab 11.5. It can be configured per-project, and allows access to a Pages
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/33422) in GitLab 11.5.
+
+GitLab Pages access control can be configured per-project, and allows access to a Pages
 site to be controlled based on a user's membership to that project.
 
 Access control works by registering the Pages daemon as an OAuth application
@@ -259,15 +260,16 @@ Each request to view a resource in a private site is authenticated by Pages
 using that token. For each request it receives, it makes a request to the GitLab
 API to check that the user is authorized to read that site.
 
-Pages access control is currently disabled by default. To enable it, you must:
+Pages access control is disabled by default. To enable it:
 
-1. Enable it in `/etc/gitlab/gitlab.rb`
+1. Enable it in `/etc/gitlab/gitlab.rb`:
 
     ```ruby
     gitlab_pages['access_control'] = true
     ```
 
-1. [Reconfigure GitLab][reconfigure]
+1. [Reconfigure GitLab][reconfigure].
+1. Users can now configure it in their [projects' settings](../../user/project/pages/introduction.md#gitlab-pages-access-control-core-only).
 
 ## Activate verbose logging for daemon
 
diff --git a/doc/administration/pages/source.md b/doc/administration/pages/source.md
index ddff54be575..9f2b4d9075a 100644
--- a/doc/administration/pages/source.md
+++ b/doc/administration/pages/source.md
@@ -393,8 +393,9 @@ server_name ~^.*\.pages\.example\.io$;
 
 ## Access control
 
-Access control was [introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/33422)
-in GitLab 11.5. It can be configured per-project, and allows access to a Pages
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/33422) in GitLab 11.5.
+
+GitLab Pages access control can be configured per-project, and allows access to a Pages
 site to be controlled based on a user's membership to that project.
 
 Access control works by registering the Pages daemon as an OAuth application
@@ -408,15 +409,17 @@ Each request to view a resource in a private site is authenticated by Pages
 using that token. For each request it receives, it makes a request to the GitLab
 API to check that the user is authorized to read that site.
 
-Pages access control is currently disabled by default. To enable it, you must:
+Pages access control is disabled by default. To enable it:
 
 1. Modify your `config/gitlab.yml` file:
+
     ```yaml
     pages:
       access_control: true
     ```
-1. [Restart GitLab][restart]
-1. Create a new [system OAuth application](../../integration/oauth_provider.md#adding-an-application-through-the-profile)
+
+1. [Restart GitLab][restart].
+1. Create a new [system OAuth application](../../integration/oauth_provider.md#adding-an-application-through-the-profile).
    This should be called `GitLab Pages` and have a `Redirect URL` of
    `https://projects.example.io/auth`. It does not need to be a "trusted"
    application, but it does need the "api" scope.
@@ -429,6 +432,8 @@ Pages access control is currently disabled by default. To enable it, you must:
       -auth-server <URL of the GitLab instance>
     ```
 
+1. Users can now configure it in their [projects' settings](../../user/project/pages/introduction.md#gitlab-pages-access-control-core-only).
+
 ## Change storage path
 
 Follow the steps below to change the default path where GitLab Pages' contents
diff --git a/doc/user/permissions.md b/doc/user/permissions.md
index 1fd230a41aa..c4a2d5f66e5 100644
--- a/doc/user/permissions.md
+++ b/doc/user/permissions.md
@@ -95,7 +95,7 @@ The following table depicts the various user permission levels in a project.
 | Manage GitLab Pages                   |         |            |             | ✓        | ✓      |
 | Manage GitLab Pages domains and certificates |         |            |             | ✓        | ✓      |
 | Remove GitLab Pages                   |         |            |             |          | ✓      |
-| View GitLab Pages protected by [access control](../administration/pages/index.md#access-control) | ✓       | ✓          | ✓           | ✓        | ✓      |
+| View GitLab Pages protected by [access control](project/pages/introduction.md#gitlab-pages-access-control-core-only) | ✓       | ✓          | ✓           | ✓        | ✓      |
 | Manage clusters                       |         |            |             | ✓        | ✓      |
 | Manage license policy **[ULTIMATE]**  |         |            |             | ✓        | ✓      |
 | Edit comments (posted by any user)    |         |            |             | ✓        | ✓      |
diff --git a/doc/user/project/pages/introduction.md b/doc/user/project/pages/introduction.md
index fe4d15adfa1..9f9b64ec20d 100644
--- a/doc/user/project/pages/introduction.md
+++ b/doc/user/project/pages/introduction.md
@@ -441,6 +441,46 @@ The rest of the guide still applies.
 
 See also: [GitLab Pages from A to Z: Part 1 - Static sites and GitLab Pages domains](getting_started_part_one.md#gitlab-pages-domain).
 
+## GitLab Pages access control **[CORE ONLY]**
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/issues/33422) in GitLab 11.5.
+
+NOTE: **Note:**
+GitLab Pages access control is not activated on GitLab.com.
+
+You can enable Pages access control on your project, so that only
+[members of your project](../../permissions.md#project-members-permissions)
+(at least Guest) can access your website:
+
+1. Navigate to your project's **Settings > General > Permissions**.
+1. Toggle the **Pages** button to enable the access control.
+
+    NOTE: **Note:**
+    If you don't see the toggle button, that means that it's not enabled.
+    Ask your administrator to [enable it](../../../administration/pages/index.md#access-control).
+
+1. The Pages access control dropdown allows you to set who can view pages hosted
+   with GitLab Pages, depending on your project's visibility:
+
+    - If your project is private:
+      - **Only project members**: Only project members will be able to browse the website.
+      - **Everyone**: Everyone, both logged into and logged out of GitLab, will be able to browse the website, no matter their project membership.
+    - If your project is internal:
+      - **Only project members**: Only project members will be able to browse the website.
+      - **Everyone with access**: Everyone logged into GitLab will be able to browse the website, no matter their project membership.
+      - **Everyone**: Everyone, both logged into and logged out of GitLab, will be able to browse the website, no matter their project membership.
+    - If your project is public:
+      - **Only project members**: Only project members will be able to browse the website.
+      - **Everyone with access**: Everyone, both logged into and logged out of GitLab, will be able to browse the website, no matter their project membership.
+
+1. Click **Save changes**.
+
+---
+
+The next time someone tries to access your website and the access control is
+enabled, they will be presented with a page to sign into GitLab and verify they
+can access the website.
+
 ## Limitations
 
 When using Pages under the general domain of a GitLab instance (`*.example.io`),
diff --git a/doc/user/project/settings/img/sharing_and_permissions_settings.png b/doc/user/project/settings/img/sharing_and_permissions_settings.png
index f5e3e32f95c..6cb89c6ea1d 100644
--- a/doc/user/project/settings/img/sharing_and_permissions_settings.png
+++ b/doc/user/project/settings/img/sharing_and_permissions_settings.png