Add setting in the UI for governing admin approval for new signups

This change adds setting in the UI for governing admin approval for new signups.

Add setting in the UI for governing admin approval for new signups
This change adds setting in the UI for governing admin approval for new signups.
464cc0a3 · manojmj · 1178757b · 464cc0a3 · 464cc0a3 · 464cc0a3
Commit 464cc0a3 authored Sep 30, 2020 by manojmj
6 changed files
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -167,7 +167,7 @@ module ApplicationSettingsHelper
  end

  def visible_attributes
-    [
+    attributes = [
      :abuse_notification_email,
      :after_sign_out_path,
      :after_sign_up_text,
@@ -331,6 +331,9 @@ module ApplicationSettingsHelper
      :wiki_page_max_content_bytes,
      :container_registry_delete_tags_service_timeout
    ]
+
+    attributes << :require_admin_approval_after_user_signup if Feature.enabled?(:admin_approval_for_new_user_signups)
+    attributes
  end

  def external_authorization_service_attributes

--- a/app/views/admin/application_settings/_signup.html.haml
+++ b/app/views/admin/application_settings/_signup.html.haml
@@ -9,6 +9,14 @@
          Sign-up enabled
          .form-text.text-muted
            = _("When enabled, any user visiting %{host} will be able to create an account.") % { host: "#{new_user_session_url(host: Gitlab.config.gitlab.host)}" }
+    - if Feature.enabled?(:admin_approval_for_new_user_signups)
+      .form-group
+        .form-check
+          = f.check_box :require_admin_approval_after_user_signup, class: 'form-check-input'
+          = f.label :require_admin_approval_after_user_signup, class: 'form-check-label' do
+            = _('Require admin approval for new sign-ups')
+            .form-text.text-muted
+              = _("When enabled, any user visiting %{host} and creating an account will have to be explicitly approved by the admin before they can login. This setting is effective only if sign-ups are enabled.") % { host: "#{new_user_session_url(host: Gitlab.config.gitlab.host)}" }
    .form-group
      .form-check
        = f.check_box :send_user_confirmation_email, class: 'form-check-input'

--- a/config/feature_flags/development/admin_approval_for_new_user_signups.yml
+++ b/config/feature_flags/development/admin_approval_for_new_user_signups.yml
+---
+name: admin_approval_for_new_user_signups
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/43827
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/258980
+type: development
+group: group::access
+default_enabled: false
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -21721,6 +21721,9 @@ msgstr ""
 msgid "Requests to these domain(s)/address(es) on the local network will be allowed when local requests from hooks and services are not allowed. IP ranges such as 1:0:0:0:0:0:0:0/124 or 127.0.0.0/28 are supported. Domain wildcards are not supported currently. Use comma, semicolon, or newline to separate multiple entries. The allowlist can hold a maximum of 1000 entries. Domains should use IDNA encoding. Ex: example.com, 192.168.1.1, 127.0.0.0/28, xn--itlab-j1a.com."
 msgstr ""

+msgid "Require admin approval for new sign-ups"
+msgstr ""
+
 msgid "Require all users in this group to setup Two-factor authentication"
 msgstr ""

@@ -28821,6 +28824,9 @@ msgstr ""
 msgid "When a runner is locked, it cannot be assigned to other projects"
 msgstr ""

+msgid "When enabled, any user visiting %{host} and creating an account will have to be explicitly approved by the admin before they can login. This setting is effective only if sign-ups are enabled."
+msgstr ""
+
 msgid "When enabled, any user visiting %{host} will be able to create an account."
 msgstr ""


--- a/spec/controllers/admin/application_settings_controller_spec.rb
+++ b/spec/controllers/admin/application_settings_controller_spec.rb
@@ -87,6 +87,38 @@ RSpec.describe Admin::ApplicationSettingsController do
      sign_in(admin)
    end

+    context 'require_admin_approval_after_user_signup setting' do
+      subject do
+        put :update, params: { application_setting: { require_admin_approval_after_user_signup: true } }
+      end
+
+      context 'when feature is enabled' do
+        before do
+          stub_feature_flags(admin_approval_for_new_user_signups: true)
+        end
+
+        it 'updates the require_admin_approval_after_user_signup setting' do
+          subject
+
+          expect(response).to redirect_to(general_admin_application_settings_path)
+          expect(ApplicationSetting.current.require_admin_approval_after_user_signup).to eq(true)
+        end
+      end
+
+      context 'when feature is disabled' do
+        before do
+          stub_feature_flags(admin_approval_for_new_user_signups: false)
+        end
+
+        it 'does not update the require_admin_approval_after_user_signup setting' do
+          subject
+
+          expect(response).to redirect_to(general_admin_application_settings_path)
+          expect(ApplicationSetting.current.require_admin_approval_after_user_signup).not_to eq(true)
+        end
+      end
+    end
+
    it 'updates the password_authentication_enabled_for_git setting' do
      put :update, params: { application_setting: { password_authentication_enabled_for_git: "0" } }


--- a/spec/features/admin/admin_settings_spec.rb
+++ b/spec/features/admin/admin_settings_spec.rb
@@ -130,6 +130,38 @@ RSpec.describe 'Admin updates settings', :clean_gitlab_redis_shared_state, :do_n
        expect(user_internal_regex['placeholder']).to eq 'Regex pattern'
      end

+      context 'Change Sign-up restrictions' do
+        context 'Require Admin approval for new signup setting' do
+          context 'when feature is enabled' do
+            before do
+              stub_feature_flags(admin_approval_for_new_user_signups: true)
+            end
+
+            it 'changes the setting' do
+              page.within('.as-signup') do
+                check 'Require admin approval for new sign-ups'
+                click_button 'Save changes'
+              end
+
+              expect(current_settings.require_admin_approval_after_user_signup).to be_truthy
+              expect(page).to have_content "Application settings saved successfully"
+            end
+          end
+
+          context 'when feature is disabled' do
+            before do
+              stub_feature_flags(admin_approval_for_new_user_signups: false)
+            end
+
+            it 'does not show the the setting' do
+              page.within('.as-signup') do
+                expect(page).not_to have_selector('.application_setting_require_admin_approval_after_user_signup')
+              end
+            end
+          end
+        end
+      end
+
      it 'Change Sign-in restrictions' do
        page.within('.as-signin') do
          fill_in 'Home page URL', with: 'https://about.gitlab.com/'