Commit e9cd5d41 authored by Paul Slaughter's avatar Paul Slaughter

Merge branch '10972-be-allow-restricting-group-members-by-a-domain-whitelist-ce' into 'master'

Add new table to store email domain per group

See merge request gitlab-org/gitlab-ce!31071
parents 0baadb42 3b32ac56
...@@ -18,6 +18,7 @@ ...@@ -18,6 +18,7 @@
%span.descr.text-muted= share_with_group_lock_help_text(@group) %span.descr.text-muted= share_with_group_lock_help_text(@group)
= render_if_exists 'groups/settings/ip_restriction', f: f, group: @group = render_if_exists 'groups/settings/ip_restriction', f: f, group: @group
= render_if_exists 'groups/settings/allowed_email_domain', f: f, group: @group
= render 'groups/settings/lfs', f: f = render 'groups/settings/lfs', f: f
= render 'groups/settings/project_creation_level', f: f, group: @group = render 'groups/settings/project_creation_level', f: f, group: @group
= render 'groups/settings/subgroup_creation_level', f: f, group: @group = render 'groups/settings/subgroup_creation_level', f: f, group: @group
......
---
title: Add new table to store email domain per group
merge_request: 31071
author:
type: added
# frozen_string_literal: true
# See http://doc.gitlab.com/ce/development/migration_style_guide.html
# for more information on how to write migrations for GitLab.
class CreateAllowedEmailDomainsForGroups < ActiveRecord::Migration[5.2]
# Set this constant to true if this migration requires downtime.
DOWNTIME = false
def change
create_table :allowed_email_domains do |t|
t.timestamps_with_timezone null: false
t.references :group, references: :namespace,
column: :group_id,
type: :integer,
null: false,
index: true
t.foreign_key :namespaces, column: :group_id, on_delete: :cascade
t.string :domain, null: false, limit: 255
end
end
end
...@@ -26,6 +26,14 @@ ActiveRecord::Schema.define(version: 2019_08_15_093949) do ...@@ -26,6 +26,14 @@ ActiveRecord::Schema.define(version: 2019_08_15_093949) do
t.integer "cached_markdown_version" t.integer "cached_markdown_version"
end end
create_table "allowed_email_domains", force: :cascade do |t|
t.datetime_with_timezone "created_at", null: false
t.datetime_with_timezone "updated_at", null: false
t.integer "group_id", null: false
t.string "domain", limit: 255, null: false
t.index ["group_id"], name: "index_allowed_email_domains_on_group_id"
end
create_table "analytics_cycle_analytics_group_stages", force: :cascade do |t| create_table "analytics_cycle_analytics_group_stages", force: :cascade do |t|
t.datetime_with_timezone "created_at", null: false t.datetime_with_timezone "created_at", null: false
t.datetime_with_timezone "updated_at", null: false t.datetime_with_timezone "updated_at", null: false
...@@ -3670,6 +3678,7 @@ ActiveRecord::Schema.define(version: 2019_08_15_093949) do ...@@ -3670,6 +3678,7 @@ ActiveRecord::Schema.define(version: 2019_08_15_093949) do
t.index ["type"], name: "index_web_hooks_on_type" t.index ["type"], name: "index_web_hooks_on_type"
end end
add_foreign_key "allowed_email_domains", "namespaces", column: "group_id", on_delete: :cascade
add_foreign_key "analytics_cycle_analytics_group_stages", "labels", column: "end_event_label_id", on_delete: :cascade add_foreign_key "analytics_cycle_analytics_group_stages", "labels", column: "end_event_label_id", on_delete: :cascade
add_foreign_key "analytics_cycle_analytics_group_stages", "labels", column: "start_event_label_id", on_delete: :cascade add_foreign_key "analytics_cycle_analytics_group_stages", "labels", column: "start_event_label_id", on_delete: :cascade
add_foreign_key "analytics_cycle_analytics_group_stages", "namespaces", column: "group_id", on_delete: :cascade add_foreign_key "analytics_cycle_analytics_group_stages", "namespaces", column: "group_id", on_delete: :cascade
......
...@@ -350,6 +350,38 @@ Restriction currently applies to UI, API access is not restricted. ...@@ -350,6 +350,38 @@ Restriction currently applies to UI, API access is not restricted.
To avoid accidental lock-out, admins and group owners are are able to access To avoid accidental lock-out, admins and group owners are are able to access
the group regardless of the IP restriction. the group regardless of the IP restriction.
#### Allowed domain restriction **(PREMIUM ONLY)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/7297) in
[GitLab Premium](https://about.gitlab.com/pricing/) 12.2.
You can restrict access to groups and their underlying projects by
allowing only users with email addresses in particular domains to be added to the group.
Add email domains you want to whitelist and users with emails from different
domains won't be allowed to be added to this group.
Some domains cannot be restricted. These are the most popular public email domains, such as:
- `gmail.com`
- `yahoo.com`
- `hotmail.com`
- `aol.com`
- `msn.com`
- `hotmail.co.uk`
- `hotmail.fr`
- `live.com`
- `outlook.com`
- `icloud.com`
To enable this feature:
1. Navigate to the group's **Settings > General** page.
1. Expand the **Permissions, LFS, 2FA** section, and enter domain name into **Restrict membership by email** field.
1. Click **Save changes**.
This will enable the domain-checking for all new users added to the group from this moment on.
#### Group file templates **(PREMIUM)** #### Group file templates **(PREMIUM)**
Group file templates allow you to share a set of templates for common file Group file templates allow you to share a set of templates for common file
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment