Merge branch...

Merge branch '220858-implement-token-selector-component-for-group-restrict-access-by-ip-address-field' into 'master' Implement token selector component for "Restrict access by IP address" field See merge request gitlab-org/gitlab!36240

Merge branch...
Merge branch '220858-implement-token-selector-component-for-group-restrict-access-by-ip-address-field' into 'master' Implement token selector component for "Restrict access by IP address" field See merge request gitlab-org/gitlab!36240
1e00a38d · Andrew Fontaine · 6b310d57 · 44eb9998 · 1e00a38d · 1e00a38d
Commit 1e00a38d authored Jul 14, 2020 by Andrew Fontaine
8 changed files
--- a/doc/user/group/index.md
+++ b/doc/user/group/index.md
@@ -543,7 +543,7 @@ underlying projects, issues, etc, by IP address. This can help ensure that
 particular content doesn't leave the premises, while not blocking off access to
 the entire instance.
-Add one or more allowed IP subnets using CIDR notation in comma separated format to the group settings and anyone
+Add one or more allowed IP subnets using CIDR notation to the group settings and anyone
 coming from a different IP address won't be able to access the restricted
 content.
@@ -556,6 +556,12 @@ Restriction currently applies to:
 To avoid accidental lock-out, admins and group owners are able to access
 the group regardless of the IP restriction.
+To enable this feature:
+1. Navigate to the group’s **Settings > General** page.
+1. Expand the **Permissions, LFS, 2FA** section, and enter IP address ranges into **Allow access to the following IP addresses** field.
+1. Click **Save changes**.
 #### Allowed domain restriction **(PREMIUM)**
 >- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7297) in [GitLab Premium and Silver](https://about.gitlab.com/pricing/) 12.2.

--- a/ee/app/assets/javascripts/groups/settings/allowed_email_domains/index.js
+++ b/ee/app/assets/javascripts/groups/settings/allowed_email_domains/index.js
@@ -2,10 +2,10 @@ import Vue from 'vue';
 import { __, sprintf } from '~/locale';
 import CommaSeparatedListTokenSelector from '../components/comma_separated_list_token_selector.vue';
-export default () => {
+export default (el, placeholder, qaSelector) => {
  // eslint-disable-next-line no-new
  new Vue({
-    el: '.js-allowed-email-domains',
+    el,
    components: {
      CommaSeparatedListTokenSelector,
    },
@@ -16,14 +16,17 @@ export default () => {
    },
    render(createElement) {
      return createElement('comma-separated-list-token-selector', {
+        attrs: {
+          'data-qa-selector': qaSelector,
+        },
        props: {
          hiddenInputId: this.hiddenInputId,
          ariaLabelledby: this.labelId,
-          placeholder: __('Enter domain'),
+          placeholder,
        },
        scopedSlots: {
          'user-defined-token-content': ({ inputText: value }) => {
-            return sprintf(__('Add "%{value}" to allowlist'), { value });
+            return sprintf(__('Add "%{value}"'), { value });
          },
        },
      });

--- a/ee/app/assets/javascripts/pages/groups/edit/index.js
+++ b/ee/app/assets/javascripts/pages/groups/edit/index.js
 import '~/pages/groups/edit';
-import initAllowedEmailDomains from 'ee/groups/settings/allowed_email_domains';
+import initAccessRestrictionField from 'ee/groups/settings/access_restriction_field';
+import { __ } from '~/locale';
 document.addEventListener('DOMContentLoaded', () => {
-  initAllowedEmailDomains();
+  initAccessRestrictionField('.js-allowed-email-domains', __('Enter domain'));
+  initAccessRestrictionField(
+    '.js-ip-restriction',
+    __('Enter IP address range'),
+    'ip_restriction_field',
+  );
 });
--- a/ee/app/views/groups/settings/_ip_restriction.html.haml
+++ b/ee/app/views/groups/settings/_ip_restriction.html.haml
 - return if !group.feature_available?(:group_ip_restriction) || group.parent_id.present?
+- hidden_input_id = 'group_ip_restriction_ranges'
-%h5= _('Restrict access by IP address')
+- label_id = "#{hidden_input_id}_label"
 .form-group
-  = f.text_field :ip_restriction_ranges, class: 'form-control', data: { qa_selector: 'ip_restriction_field' }, placeholder: _('Enter IP address range')
+  %label{ id: label_id }
+    = _('Allow access to the following IP addresses')
+  .js-ip-restriction{ data: { hidden_input_id: hidden_input_id, label_id: label_id } }
+  = f.hidden_field :ip_restriction_ranges, id: hidden_input_id
  .form-text.text-muted
    - read_more_link = link_to(_('Read more'), help_page_path('user/group/index.md', anchor: 'ip-access-restriction-premium'))
-    = _('This group, including all subgroups, projects and git repositories, will only be reachable from the specified IP address range. Multiple addresses are supported with comma delimiters.<br>Example: <code>192.168.0.0/24,192.168.1.0/24</code>. %{read_more_link}.').html_safe % { read_more_link: read_more_link }
+    = _('This group, including all subgroups, projects and git repositories, will be reachable from only the specified IP address ranges.')
+    %br
+    = _('Multiple IP address ranges are supported.')
+    %br
+    = _('Example: <code>192.168.0.0/24</code>. %{read_more_link}.').html_safe % { read_more_link: read_more_link }
--- a/ee/changelogs/unreleased/220858-implement-token-selector-component-for-group-restrict-access-by.yml
+++ b/ee/changelogs/unreleased/220858-implement-token-selector-component-for-group-restrict-access-by.yml
+---
+title: Change "Restrict access by IP address" field from a comma separated list to
+  the GitLab UI Token Selector component
+merge_request: 36240
+author:
+type: changed
--- a/ee/spec/views/groups/edit.html.haml_spec.rb
+++ b/ee/spec/views/groups/edit.html.haml_spec.rb
@@ -21,7 +21,8 @@ RSpec.describe 'groups/edit.html.haml' do
        expect(rendered).to render_template('groups/settings/_ip_restriction')
        expect(rendered).to(have_field('group_ip_restriction_ranges',
                                       { disabled: false,
-                                         with: ranges.join(",") }))
+                                         with: ranges.join(","),
+                                         type: :hidden }))
      end
    end
@@ -30,7 +31,7 @@ RSpec.describe 'groups/edit.html.haml' do
        render
        expect(rendered).to render_template('groups/settings/_ip_restriction')
-        expect(rendered).not_to have_field('group_ip_restriction_ranges')
+        expect(rendered).not_to have_field('group_ip_restriction_ranges', { type: :hidden })
      end
    end

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -1330,7 +1330,7 @@ msgstr ""
 msgid "Add"
 msgstr ""
-msgid "Add \"%{value}\" to allowlist"
+msgid "Add \"%{value}\""
 msgstr ""
 msgid "Add %d issue"
@@ -2285,6 +2285,9 @@ msgstr ""
 msgid "Allow \"%{group_name}\" to sign you in"
 msgstr ""
+msgid "Allow access to the following IP addresses"
+msgstr ""
 msgid "Allow commits from members who can merge to the target branch."
 msgstr ""
@@ -9537,6 +9540,9 @@ msgstr ""
 msgid "Exactly one of %{attributes} is required"
 msgstr ""
+msgid "Example: <code>192.168.0.0/24</code>. %{read_more_link}."
+msgstr ""
 msgid "Example: @sub\\.company\\.com$"
 msgstr ""
@@ -15209,6 +15215,9 @@ msgstr ""
 msgid "MrDeploymentActions|Stop environment"
 msgstr ""
+msgid "Multiple IP address ranges are supported."
+msgstr ""
 msgid "Multiple domains are supported."
 msgstr ""
@@ -19951,9 +19960,6 @@ msgstr ""
 msgid "Restoring the project will prevent the project from being removed on this date and restore people's ability to make changes to it."
 msgstr ""
-msgid "Restrict access by IP address"
-msgstr ""
 msgid "Restrict membership by email domain"
 msgstr ""
@@ -23845,7 +23851,7 @@ msgstr ""
 msgid "This group has been scheduled for permanent removal on %{date}"
 msgstr ""
-msgid "This group, including all subgroups, projects and git repositories, will only be reachable from the specified IP address range. Multiple addresses are supported with comma delimiters.<br>Example: <code>192.168.0.0/24,192.168.1.0/24</code>. %{read_more_link}."
+msgid "This group, including all subgroups, projects and git repositories, will be reachable from only the specified IP address ranges."
 msgstr ""
 msgid "This group, its subgroups and projects has been scheduled for removal on %{date}."

--- a/qa/qa/ee/page/group/settings/general.rb
+++ b/qa/qa/ee/page/group/settings/general.rb
@@ -21,7 +21,7 @@ module QA
                  element :save_changes_button
                end
-                view 'ee/app/views/groups/settings/_ip_restriction.html.haml' do
+                view 'ee/app/assets/javascripts/pages/groups/edit/index.js' do
                  element :ip_restriction_field
                end
@@ -63,15 +63,17 @@ module QA
            def set_ip_address_restriction(ip_address)
              QA::Runtime::Logger.debug(%Q[Setting ip address restriction to: #{ip_address}])
              expand_section(:permission_lfs_2fa_section)
-              find_element(:ip_restriction_field).send_keys([:command, 'a'], :backspace)
-              find_element(:ip_restriction_field).set ip_address
-              click_element :save_permissions_changes_button
-            end
-            def restricted_ip_address
+              # GitLab UI Token Selector (https://gitlab-org.gitlab.io/gitlab-ui/?path=/story/base-token-selector--default)
-              expand_section(:permission_lfs_2fa_section)
+              # `data-qa-*` can only be added to the wrapper so custom selector used to find token close buttons and text input
-              scroll_to_element(:ip_restriction_field)
+              find_element(:ip_restriction_field).all('.gl-token-close', minimum: 0).each do |el|
-              find_element(:ip_restriction_field).value
+                el.click
+              end
+              ip_restriction_field_input = find_element(:ip_restriction_field).find('input[type="text"]')
+              ip_restriction_field_input.set ip_address
+              ip_restriction_field_input.send_keys(:enter)
+              click_element :save_permissions_changes_button
            end
            def set_membership_lock_enabled