Merge branch...

Merge branch '24605-allow-admins-to-disable-users-ability-to-change-profile-name-premium-only' into 'master' Move "Allow admins to disable users ability to change profile name" feature to EE Premium See merge request gitlab-org/gitlab!23034

Merge branch...
Merge branch '24605-allow-admins-to-disable-users-ability-to-change-profile-name-premium-only' into 'master' Move "Allow admins to disable users ability to change profile name" feature to EE Premium See merge request gitlab-org/gitlab!23034
3029be8b · Ash McKenzie · bc5a8494 · e213d115 · 3029be8b · 3029be8b
Commit 3029be8b authored Jan 16, 2020 by Ash McKenzie
32 changed files
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -284,7 +284,6 @@ module ApplicationSettingsHelper
      :unique_ips_limit_enabled,
      :unique_ips_limit_per_user,
      :unique_ips_limit_time_window,
-      :updating_name_disabled_for_users,
      :usage_ping_enabled,
      :instance_statistics_visibility_private,
      :user_default_external,

--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -13,11 +13,6 @@ class UserPolicy < BasePolicy
  desc "The user is blocked"
  condition(:blocked_user, scope: :subject, score: 0) { @subject.blocked? }

-  condition(:updating_name_disabled_for_users) do
-    ::Gitlab::CurrentSettings.current_application_settings
-      .updating_name_disabled_for_users
-  end
-
  rule { ~restricted_public_level }.enable :read_user
  rule { ~anonymous }.enable :read_user

@@ -27,8 +22,8 @@ class UserPolicy < BasePolicy
    enable :update_user_status
  end

-  rule { can?(:update_user) & ( admin | ~updating_name_disabled_for_users ) }.enable :update_name
-
  rule { default }.enable :read_user_profile
  rule { (private_profile | blocked_user) & ~(user_is_self | admin) }.prevent :read_user_profile
 end
+
+UserPolicy.prepend_if_ee('EE::UserPolicy')
--- a/app/services/users/update_service.rb
+++ b/app/services/users/update_service.rb
@@ -54,7 +54,6 @@ module Users

    def discard_read_only_attributes
      discard_synced_attributes
-      discard_name unless name_updatable?
    end

    def discard_synced_attributes
@@ -65,14 +64,6 @@ module Users
      end
    end

-    def discard_name
-      params.delete(:name)
-    end
-
-    def name_updatable?
-      can?(current_user, :update_name, @user)
-    end
-
    def assign_attributes
      @user.assign_attributes(params.except(*identity_attributes)) unless params.empty?
    end

--- a/app/views/admin/application_settings/_account_and_limit.html.haml
+++ b/app/views/admin/application_settings/_account_and_limit.html.haml
@@ -51,13 +51,8 @@
        = f.check_box :user_show_add_ssh_key_message, class: 'form-check-input'
        = f.label :user_show_add_ssh_key_message, class: 'form-check-label' do
          = _("Inform users without uploaded SSH keys that they can't push over SSH until one is added")
-    .form-group
-      = f.label :updating_name_disabled_for_users, _('User restrictions'), class: 'label-bold'
-      .form-check
-        = f.check_box :updating_name_disabled_for_users, class: 'form-check-input'
-        = f.label :updating_name_disabled_for_users, class: 'form-check-label' do
-          = _("Prevent users from changing their profile name")

+    = render_if_exists 'admin/application_settings/updating_name_disabled_for_users', form: f
    = render_if_exists 'admin/application_settings/availability_on_namespace_setting', form: f

  = f.submit _('Save changes'), class: 'btn btn-success qa-save-changes-button'
--- a/app/views/profiles/_name.html.haml
+++ b/app/views/profiles/_name.html.haml
 - if user.read_only_attribute?(:name)
  = form.text_field :name, required: true, readonly: true, wrapper: { class: 'col-md-9 qa-full-name rspec-full-name' },
  help: s_("Profiles|Your name was automatically set based on your %{provider_label} account, so people you know can recognize you") % { provider_label: attribute_provider_label(:name) }
- elsif can?(current_user, :update_name, user)
-  = form.text_field :name, label: s_('Profiles|Full name'), required: true, title: s_("Profiles|Using emojis in names seems fun, but please try to set a status message instead"), wrapper: { class: 'col-md-9 qa-full-name rspec-full-name' }, help: s_("Profiles|Enter your name, so people you know can recognize you")
 - else
-  = form.text_field :name, required: true, readonly: true, wrapper: { class: 'col-md-9 qa-full-name rspec-full-name' },
-  help: s_("Profiles|The ability to update your name has been disabled by your administrator.")
+  = form.text_field :name, label: s_('Profiles|Full name'), required: true, title: s_("Profiles|Using emojis in names seems fun, but please try to set a status message instead"), wrapper: { class: 'col-md-9 qa-full-name rspec-full-name' }, help: s_("Profiles|Enter your name, so people you know can recognize you")
--- a/doc/user/admin_area/settings/account_and_limit_settings.md
+++ b/doc/user/admin_area/settings/account_and_limit_settings.md
@@ -117,7 +117,7 @@ Once a lifetime for personal access tokens is set, GitLab will:
  allowed lifetime. Three hours is given to allow administrators to change the allowed lifetime,
  or remove it, before revocation takes place.

-## Disabling user profile name changes **(CORE ONLY)**
+## Disabling user profile name changes **(PREMIUM ONLY)**

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/24605) in GitLab 12.7.


--- a/ee/app/controllers/ee/admin/application_settings_controller.rb
+++ b/ee/app/controllers/ee/admin/application_settings_controller.rb
@@ -46,6 +46,10 @@ module EE
          attrs << :required_instance_ci_template
        end

+        if License.feature_available?(:disable_name_update_for_users)
+          attrs << :updating_name_disabled_for_users
+        end
+
        attrs
      end


--- a/ee/app/helpers/ee/application_settings_helper.rb
+++ b/ee/app/helpers/ee/application_settings_helper.rb
@@ -89,6 +89,7 @@ module EE
        file_template_project_id
        default_project_deletion_protection
        deletion_adjourned_period
+        updating_name_disabled_for_users
      ]
    end
  end

--- a/ee/app/models/license.rb
+++ b/ee/app/models/license.rb
@@ -64,6 +64,7 @@ class License < ApplicationRecord
    dependency_proxy
    deploy_board
    design_management
+    disable_name_update_for_users
    email_additional_text
    extended_audit_events
    external_authorization_service_api_management

--- a/ee/app/policies/ee/user_policy.rb
+++ b/ee/app/policies/ee/user_policy.rb
+# frozen_string_literal: true
+
+module EE
+  module UserPolicy
+    extend ActiveSupport::Concern
+
+    prepended do
+      condition(:updating_name_disabled_for_users) do
+        ::License.feature_available?(:disable_name_update_for_users) &&
+        ::Gitlab::CurrentSettings.current_application_settings.updating_name_disabled_for_users
+      end
+
+      rule { can?(:update_user) }.enable :update_name
+
+      rule do
+        updating_name_disabled_for_users &
+        ~admin
+      end.prevent :update_name
+    end
+  end
+end
--- a/ee/app/services/ee/users/update_service.rb
+++ b/ee/app/services/ee/users/update_service.rb
@@ -31,6 +31,21 @@ module EE
        @user
      end

+      override :discard_read_only_attributes
+      def discard_read_only_attributes
+        super
+
+        discard_name unless name_updatable?
+      end
+
+      def discard_name
+        params.delete(:name)
+      end
+
+      def name_updatable?
+        can?(current_user, :update_name, model)
+      end
+
      override :identity_params
      def identity_params
        if group_id_for_saml.present?

--- a/ee/app/views/admin/application_settings/_updating_name_disabled_for_users.html.haml
+++ b/ee/app/views/admin/application_settings/_updating_name_disabled_for_users.html.haml
+- return unless ::License.feature_available?(:disable_name_update_for_users)
+
+- form = local_assigns.fetch(:form)
+
+.form-group
+  = form.label :updating_name_disabled_for_users, _('User restrictions'), class: 'label-bold'
+  .form-check
+    = form.check_box :updating_name_disabled_for_users, class: 'form-check-input'
+    = form.label :updating_name_disabled_for_users, class: 'form-check-label' do
+      = _("Prevent users from changing their profile name")
--- a/ee/app/views/profiles/_name.html.haml
+++ b/ee/app/views/profiles/_name.html.haml
+- if user.read_only_attribute?(:name)
+  = form.text_field :name, required: true, readonly: true, wrapper: { class: 'col-md-9 qa-full-name rspec-full-name' },
+  help: s_("Profiles|Your name was automatically set based on your %{provider_label} account, so people you know can recognize you") % { provider_label: attribute_provider_label(:name) }
+- elsif can?(current_user, :update_name, user)
+  = form.text_field :name, label: s_('Profiles|Full name'), required: true, title: s_("Profiles|Using emojis in names seems fun, but please try to set a status message instead"), wrapper: { class: 'col-md-9 qa-full-name rspec-full-name' }, help: s_("Profiles|Enter your name, so people you know can recognize you")
+- else
+  = form.text_field :name, required: true, readonly: true, wrapper: { class: 'col-md-9 qa-full-name rspec-full-name' },
+  help: s_("Profiles|The ability to update your name has been disabled by your administrator.")
--- a/ee/changelogs/unreleased/24605-move-allow-admins-to-disable-users-ability-to-change-profile-to-premium.yml
+++ b/ee/changelogs/unreleased/24605-move-allow-admins-to-disable-users-ability-to-change-profile-to-premium.yml
+---
+title: Move 'Allow admins to disable users ability to change profile name' feature to Premium tier
+merge_request: 23034
+author:
+type: changed
--- a/ee/lib/ee/api/entities.rb
+++ b/ee/lib/ee/api/entities.rb
@@ -209,6 +209,7 @@ module EE
          expose :file_template_project_id, if: ->(_instance, _opts) { ::License.feature_available?(:custom_file_templates) }
          expose :default_project_deletion_protection, if: ->(_instance, _opts) { ::License.feature_available?(:default_project_deletion_protection) }
          expose :deletion_adjourned_period, if: ->(_instance, _opts) { ::License.feature_available?(:marking_project_for_deletion) }
+          expose :updating_name_disabled_for_users, if: ->(_instance, _opts) { ::License.feature_available?(:disable_name_update_for_users) }
        end
      end


--- a/ee/lib/ee/api/helpers/settings_helpers.rb
+++ b/ee/lib/ee/api/helpers/settings_helpers.rb
@@ -37,6 +37,7 @@ module EE
            optional :file_template_project_id, type: Integer, desc: 'ID of project where instance-level file templates are stored.'
            optional :repository_storages, type: Array[String], desc: 'A list of names of enabled storage paths, taken from `gitlab.yml`. New projects will be created in one of these stores, chosen at random.'
            optional :usage_ping_enabled, type: Grape::API::Boolean, desc: 'Every week GitLab will report license usage back to GitLab, Inc.'
+            optional :updating_name_disabled_for_users, type: Grape::API::Boolean, desc: 'Flag indicating if users are permitted to update their profile name'
          end
        end


--- a/ee/lib/ee/api/settings.rb
+++ b/ee/lib/ee/api/settings.rb
@@ -31,6 +31,10 @@ module EE
              attrs = attrs.except(:deletion_adjourned_period)
            end

+            unless License.feature_available?(:disable_name_update_for_users)
+              attrs = attrs.except(:updating_name_disabled_for_users)
+            end
+
            attrs
          end
        end

--- a/ee/spec/controllers/admin/application_settings_controller_spec.rb
+++ b/ee/spec/controllers/admin/application_settings_controller_spec.rb
@@ -104,6 +104,13 @@ describe Admin::ApplicationSettingsController do
      it_behaves_like 'settings for licensed features'
    end

+    context 'updating name disabled for users setting' do
+      let(:settings) { { updating_name_disabled_for_users: true } }
+      let(:feature) { :disable_name_update_for_users }
+
+      it_behaves_like 'settings for licensed features'
+    end
+
    context 'project deletion adjourned period' do
      let(:settings) { { deletion_adjourned_period: 6 } }
      let(:feature) { :marking_project_for_deletion }

--- a/ee/spec/controllers/admin/users_controller_spec.rb
+++ b/ee/spec/controllers/admin/users_controller_spec.rb
@@ -10,6 +10,56 @@ describe Admin::UsersController do
    sign_in(admin)
  end

+  describe 'POST update' do
+    context 'updating name' do
+      shared_examples_for 'admin can update the name of a user' do
+        it 'updates the name' do
+          params = {
+            id: user.to_param,
+            user: {
+              name: 'New Name'
+            }
+          }
+
+          put :update, params: params
+
+          expect(response).to redirect_to(admin_user_path(user))
+          expect(user.reload.name).to eq('New Name')
+        end
+      end
+
+      context 'when `disable_name_update_for_users` feature is available' do
+        before do
+          stub_licensed_features(disable_name_update_for_users: true)
+        end
+
+        context 'when the ability to update their name is disabled for users' do
+          before do
+            stub_application_setting(updating_name_disabled_for_users: true)
+          end
+
+          it_behaves_like 'admin can update the name of a user'
+        end
+
+        context 'when the ability to update their name is not disabled for users' do
+          before do
+            stub_application_setting(updating_name_disabled_for_users: false)
+          end
+
+          it_behaves_like 'admin can update the name of a user'
+        end
+      end
+
+      context 'when `disable_name_update_for_users` feature is not available' do
+        before do
+          stub_licensed_features(disable_name_update_for_users: false)
+        end
+
+        it_behaves_like 'admin can update the name of a user'
+      end
+    end
+  end
+
  describe 'POST #reset_runner_minutes' do
    subject { post :reset_runners_minutes, params: { id: user } }


--- a/ee/spec/controllers/profiles_controller_spec.rb
+++ b/ee/spec/controllers/profiles_controller_spec.rb
+# frozen_string_literal: true
+
+require('spec_helper')
+
+describe ProfilesController, :request_store do
+  let_it_be(:user) { create(:user) }
+  let_it_be(:admin) { create(:admin) }
+
+  describe 'PUT update' do
+    context 'updating name' do
+      subject { put :update, params: { user: { name: 'New Name' } } }
+
+      shared_examples_for 'a user can update their name' do
+        before do
+          sign_in(current_user)
+        end
+
+        it 'updates their name' do
+          subject
+
+          expect(response.status).to eq(302)
+          expect(current_user.reload.name).to eq('New Name')
+        end
+      end
+
+      context 'when `disable_name_update_for_users` feature is available' do
+        before do
+          stub_licensed_features(disable_name_update_for_users: true)
+        end
+
+        context 'when the ability to update thier name is not disabled for users' do
+          before do
+            stub_application_setting(updating_name_disabled_for_users: false)
+          end
+
+          it_behaves_like 'a user can update their name' do
+            let(:current_user) { user }
+          end
+
+          it_behaves_like 'a user can update their name' do
+            let(:current_user) { admin }
+          end
+        end
+
+        context 'when the ability to update their name is disabled for users' do
+          before do
+            stub_application_setting(updating_name_disabled_for_users: true)
+          end
+
+          context 'as a regular user' do
+            before do
+              sign_in(user)
+            end
+
+            it 'does not update their name' do
+              subject
+
+              expect(response.status).to eq(302)
+              expect(user.reload.name).not_to eq('New Name')
+            end
+          end
+
+          it_behaves_like 'a user can update their name' do
+            let(:current_user) { admin }
+          end
+        end
+      end
+
+      context 'when `disable_name_update_for_users` feature is not available' do
+        before do
+          stub_licensed_features(disable_name_update_for_users: false)
+        end
+
+        it_behaves_like 'a user can update their name' do
+          let(:current_user) { user }
+        end
+
+        it_behaves_like 'a user can update their name' do
+          let(:current_user) { admin }
+        end
+      end
+    end
+  end
+end
--- a/ee/spec/policies/user_policy_spec.rb
+++ b/ee/spec/policies/user_policy_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe UserPolicy do
+  let(:current_user) { create(:user) }
+  let(:user) { create(:user) }
+
+  subject { described_class.new(current_user, user) }
+
+  shared_examples 'changing a user' do |ability|
+    context 'when a regular user tries to update another regular user' do
+      it { is_expected.not_to be_allowed(ability) }
+    end
+
+    context 'when a regular user tries to update themselves' do
+      let(:current_user) { user }
+
+      it { is_expected.to be_allowed(ability) }
+    end
+
+    context 'when an admin user tries to update a regular user' do
+      let(:current_user) { create(:user, :admin) }
+
+      it { is_expected.to be_allowed(ability) }
+    end
+
+    context 'when an admin user tries to update a ghost user' do
+      let(:current_user) { create(:user, :admin) }
+      let(:user) { create(:user, :ghost) }
+
+      it { is_expected.not_to be_allowed(ability) }
+    end
+  end
+
+  describe "updating a user's name" do
+    context 'when `disable_name_update_for_users` feature is available' do
+      before do
+        stub_licensed_features(disable_name_update_for_users: true)
+      end
+
+      context 'when the ability to update their name is not disabled for users' do
+        before do
+          stub_application_setting(updating_name_disabled_for_users: false)
+        end
+
+        it_behaves_like 'changing a user', :update_name
+      end
+
+      context 'when the ability to update their name is disabled for users' do
+        before do
+          stub_application_setting(updating_name_disabled_for_users: true)
+        end
+
+        context 'for a regular user' do
+          it { is_expected.not_to be_allowed(:update_name) }
+        end
+
+        context 'for a ghost user' do
+          let(:current_user) { create(:user, :ghost) }
+
+          it { is_expected.not_to be_allowed(:update_name) }
+        end
+
+        context 'for an admin user' do
+          let(:current_user) { create(:admin) }
+
+          it { is_expected.to be_allowed(:update_name) }
+        end
+      end
+    end
+
+    context 'when `disable_name_update_for_users` feature is not available' do
+      before do
+        stub_licensed_features(disable_name_update_for_users: false)
+      end
+
+      it_behaves_like 'changing a user', :update_name
+    end
+  end
+end
--- a/ee/spec/requests/api/settings_spec.rb
+++ b/ee/spec/requests/api/settings_spec.rb
@@ -156,4 +156,11 @@ describe API::Settings, 'EE Settings' do

    it_behaves_like 'settings for licensed features'
  end
+
+  context 'updating name disabled for users' do
+    let(:settings) { { updating_name_disabled_for_users: true } }
+    let(:feature) { :disable_name_update_for_users }
+
+    it_behaves_like 'settings for licensed features'
+  end
 end
--- a/ee/spec/requests/api/users_spec.rb
+++ b/ee/spec/requests/api/users_spec.rb
@@ -6,6 +6,47 @@ describe API::Users do
  let(:user)  { create(:user) }
  let(:admin) { create(:admin) }

+  context 'updating name' do
+    shared_examples_for 'admin can update the name of a user' do
+      it 'updates the user with new name' do
+        put api("/users/#{user.id}", admin), params: { name: 'New Name' }
+
+        expect(response).to have_gitlab_http_status(200)
+        expect(json_response['name']).to eq('New Name')
+      end
+    end
+
+    context 'when `disable_name_update_for_users` feature is available' do
+      before do
+        stub_licensed_features(disable_name_update_for_users: true)
+      end
+
+      context 'when the ability to update their name is disabled for users' do
+        before do
+          stub_application_setting(updating_name_disabled_for_users: true)
+        end
+
+        it_behaves_like 'admin can update the name of a user'
+      end
+
+      context 'when the ability to update their name is not disabled for users' do
+        before do
+          stub_application_setting(updating_name_disabled_for_users: false)
+        end
+
+        it_behaves_like 'admin can update the name of a user'
+      end
+    end
+
+    context 'when `disable_name_update_for_users` feature is not available' do
+      before do
+        stub_licensed_features(disable_name_update_for_users: false)
+      end
+
+      it_behaves_like 'admin can update the name of a user'
+    end
+  end
+
  context 'extended audit events' do
    describe "PUT /users/:id" do
      it "creates audit event when updating user with new password" do

--- a/ee/spec/services/users/update_service_spec.rb
+++ b/ee/spec/services/users/update_service_spec.rb
@@ -5,6 +5,72 @@ describe Users::UpdateService do
  let(:user) { create(:user) }

  describe '#execute' do
+    context 'updating name' do
+      let(:admin) { create(:admin) }
+
+      shared_examples_for 'a user can update the name' do
+        it 'updates the name' do
+          result = described_class.new(current_user, { user: user, name: 'New Name' }).execute!
+
+          expect(result).to be_truthy
+          expect(user.name).to eq('New Name')
+        end
+      end
+
+      context 'when `disable_name_update_for_users` feature is available' do
+        before do
+          stub_licensed_features(disable_name_update_for_users: true)
+        end
+
+        context 'when the ability to update their name is not disabled for users' do
+          before do
+            stub_application_setting(updating_name_disabled_for_users: false)
+          end
+
+          it_behaves_like 'a user can update the name' do
+            let(:current_user) { user }
+          end
+
+          it_behaves_like 'a user can update the name' do
+            let(:current_user) { admin }
+          end
+        end
+
+        context 'when the ability to update their name is disabled for users' do
+          before do
+            stub_application_setting(updating_name_disabled_for_users: true)
+          end
+
+          context 'as a regular user' do
+            it 'does not update the name' do
+              result = update_user(user, name: 'New Name')
+
+              expect(result).to be_truthy
+              expect(user.name).not_to eq('New Name')
+            end
+          end
+
+          it_behaves_like 'a user can update the name' do
+            let(:current_user) { admin }
+          end
+        end
+      end
+
+      context 'when `disable_name_update_for_users` feature is not available' do
+        before do
+          stub_licensed_features(disable_name_update_for_users: false)
+        end
+
+        it_behaves_like 'a user can update the name' do
+          let(:current_user) { user }
+        end
+
+        it_behaves_like 'a user can update the name' do
+          let(:current_user) { admin }
+        end
+      end
+    end
+
    it 'does not update email if an user has group managed account' do
      allow(user).to receive(:group_managed_account?).and_return(true)


--- a/lib/api/settings.rb
+++ b/lib/api/settings.rb
@@ -142,7 +142,6 @@ module API
        requires :sourcegraph_url, type: String, desc: 'The configured Sourcegraph instance URL'
      end
      optional :terminal_max_session_time, type: Integer, desc: 'Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.'
-      optional :updating_name_disabled_for_users, type: Boolean, desc: 'Flag indicating if users are permitted to update their profile name'
      optional :usage_ping_enabled, type: Boolean, desc: 'Every week GitLab will report license usage back to GitLab, Inc.'
      optional :instance_statistics_visibility_private, type: Boolean, desc: 'When set to `true` Instance statistics will only be available to admins'
      optional :local_markdown_version, type: Integer, desc: 'Local markdown version, increase this value when any cached markdown should be invalidated'

--- a/spec/controllers/admin/application_settings_controller_spec.rb
+++ b/spec/controllers/admin/application_settings_controller_spec.rb
@@ -102,13 +102,6 @@ describe Admin::ApplicationSettingsController do
      expect(ApplicationSetting.current.minimum_password_length).to eq(10)
    end

-    it 'updates updating_name_disabled_for_users setting' do
-      put :update, params: { application_setting: { updating_name_disabled_for_users: true } }
-
-      expect(response).to redirect_to(admin_application_settings_path)
-      expect(ApplicationSetting.current.updating_name_disabled_for_users).to eq(true)
-    end
-
    context 'external policy classification settings' do
      let(:settings) do
        {

--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@@ -257,28 +257,6 @@ describe Admin::UsersController do
  end

  describe 'POST update' do
-    context 'updating name' do
-      context 'when the ability to update their name is disabled for users' do
-        before do
-          stub_application_setting(updating_name_disabled_for_users: true)
-        end
-
-        it 'updates the name' do
-          params = {
-            id: user.to_param,
-            user: {
-              name: 'New Name'
-            }
-          }
-
-          put :update, params: params
-
-          expect(response).to redirect_to(admin_user_path(user))
-          expect(user.reload.name).to eq('New Name')
-        end
-      end
-    end
-
    context 'when the password has changed' do
      def update_password(user, password, password_confirmation = nil)
        params = {

--- a/spec/controllers/profiles_controller_spec.rb
+++ b/spec/controllers/profiles_controller_spec.rb
@@ -81,54 +81,6 @@ describe ProfilesController, :request_store do
      expect(ldap_user.location).to eq('City, Country')
    end

-    context 'updating name' do
-      subject { put :update, params: { user: { name: 'New Name' } } }
-
-      context 'when the ability to update thier name is not disabled for users' do
-        before do
-          stub_application_setting(updating_name_disabled_for_users: false)
-          sign_in(user)
-        end
-
-        it 'updates the name' do
-          subject
-
-          expect(response.status).to eq(302)
-          expect(user.reload.name).to eq('New Name')
-        end
-      end
-
-      context 'when the ability to update their name is disabled for users' do
-        before do
-          stub_application_setting(updating_name_disabled_for_users: true)
-        end
-
-        context 'as a regular user' do
-          it 'does not update the name' do
-            sign_in(user)
-
-            subject
-
-            expect(response.status).to eq(302)
-            expect(user.reload.name).not_to eq('New Name')
-          end
-        end
-
-        context 'as an admin user' do
-          it 'updates the name' do
-            admin = create(:admin)
-
-            sign_in(admin)
-
-            subject
-
-            expect(response.status).to eq(302)
-            expect(admin.reload.name).to eq('New Name')
-          end
-        end
-      end
-    end
-
    it 'allows setting a user status' do
      sign_in(user)


--- a/spec/policies/user_policy_spec.rb
+++ b/spec/policies/user_policy_spec.rb
@@ -48,36 +48,4 @@ describe UserPolicy do
  describe "updating a user" do
    it_behaves_like 'changing a user', :update_user
  end
-
-  describe "updating a user's name" do
-    context 'when the ability to update their name is not disabled for users' do
-      before do
-        stub_application_setting(updating_name_disabled_for_users: false)
-      end
-
-      it_behaves_like 'changing a user', :update_name
-    end
-
-    context 'when the ability to update their name is disabled for users' do
-      before do
-        stub_application_setting(updating_name_disabled_for_users: true)
-      end
-
-      context 'for a regular user' do
-        it { is_expected.not_to be_allowed(:update_name) }
-      end
-
-      context 'for a ghost user' do
-        let(:current_user) { create(:user, :ghost) }
-
-        it { is_expected.not_to be_allowed(:update_name) }
-      end
-
-      context 'for an admin user' do
-        let(:current_user) { create(:admin) }
-
-        it { is_expected.to be_allowed(:update_name) }
-      end
-    end
-  end
 end
--- a/spec/requests/api/settings_spec.rb
+++ b/spec/requests/api/settings_spec.rb
@@ -136,14 +136,6 @@ describe API::Settings, 'Settings' do
      expect(json_response['performance_bar_allowed_group_id']).to eq(group.id)
    end

-    it "supports updating_name_disabled_for_users" do
-      put api("/application/settings", admin),
-        params: { updating_name_disabled_for_users: true }
-
-      expect(response).to have_gitlab_http_status(200)
-      expect(json_response['updating_name_disabled_for_users']).to eq(true)
-    end
-
    it "supports legacy performance_bar_enabled" do
      put api("/application/settings", admin),
        params: {

--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -645,21 +645,6 @@ describe API::Users do
      expect(response).to have_gitlab_http_status(200)
    end

-    context 'updating name' do
-      context 'when the ability to update their name is disabled for users' do
-        before do
-          stub_application_setting(updating_name_disabled_for_users: true)
-        end
-
-        it 'updates the user with new name' do
-          put api("/users/#{user.id}", admin), params: { name: 'New Name' }
-
-          expect(response).to have_gitlab_http_status(200)
-          expect(json_response['name']).to eq('New Name')
-        end
-      end
-    end
-
    it "updates user with new bio" do
      put api("/users/#{user.id}", admin), params: { bio: 'new test bio' }


--- a/spec/services/users/update_service_spec.rb
+++ b/spec/services/users/update_service_spec.rb
@@ -6,46 +6,6 @@ describe Users::UpdateService do
  let(:user) { create(:user) }

  describe '#execute' do
-    context 'updating name' do
-      context 'when the ability to update their name is not disabled for users' do
-        before do
-          stub_application_setting(updating_name_disabled_for_users: false)
-        end
-
-        it 'updates the name' do
-          result = update_user(user, name: 'New Name')
-
-          expect(result).to eq(status: :success)
-          expect(user.name).to eq('New Name')
-        end
-      end
-
-      context 'when the ability to update their name is disabled for users' do
-        before do
-          stub_application_setting(updating_name_disabled_for_users: true)
-        end
-
-        context 'executing as a regular user' do
-          it 'does not update the name' do
-            result = update_user(user, name: 'New Name')
-
-            expect(result).to eq(status: :success)
-            expect(user.name).not_to eq('New Name')
-          end
-        end
-
-        context 'executing as an admin user' do
-          it 'updates the name' do
-            admin = create(:admin)
-            result = described_class.new(admin, { user: user, name: 'New Name' }).execute
-
-            expect(result).to eq(status: :success)
-            expect(user.name).to eq('New Name')
-          end
-        end
-      end
-    end
-
    it 'updates time preferences' do
      result = update_user(user, timezone: 'Europe/Warsaw', time_display_relative: true, time_format_in_24h: false)