Commit 4272dff1 authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Merge branch 'jl-allowlist-gitlab-bots-spam' into 'master'

Allowlist GitLab-owned bots for SpamActionService

See merge request gitlab-org/gitlab!42905
parents 694ce5cb 2fa187ab
...@@ -45,7 +45,7 @@ module Spam ...@@ -45,7 +45,7 @@ module Spam
attr_reader :user, :context attr_reader :user, :context
def allowlisted?(user) def allowlisted?(user)
user.respond_to?(:gitlab_employee) && user.gitlab_employee? user.try(:gitlab_employee?) || user.try(:gitlab_bot?)
end end
def perform_spam_service_check(api) def perform_spam_service_check(api)
......
...@@ -358,6 +358,12 @@ module EE ...@@ -358,6 +358,12 @@ module EE
end end
end end
def gitlab_bot?
strong_memoize(:gitlab_bot) do
bot? && ::Gitlab::Com.gitlab_com_group_member_id?(id)
end
end
def security_dashboard def security_dashboard
InstanceSecurityDashboard.new(self) InstanceSecurityDashboard.new(self)
end end
......
---
title: Allowlist GitLab-owned bots for SpamActionService
merge_request: 42905
author:
type: changed
...@@ -1286,6 +1286,62 @@ RSpec.describe User do ...@@ -1286,6 +1286,62 @@ RSpec.describe User do
end end
end end
describe '#gitlab_bot?' do
subject { user.gitlab_bot? }
let_it_be(:gitlab_group) { create(:group, name: 'gitlab-com') }
let_it_be(:random_group) { create(:group, name: 'random-group') }
context 'based on group membership' do
context 'when user belongs to gitlab-com group' do
let(:user) { create(:user, user_type: :alert_bot) }
before do
allow(Gitlab).to receive(:com?).and_return(true)
gitlab_group.add_user(user, Gitlab::Access::DEVELOPER)
end
it { is_expected.to be true }
end
context 'when user does not belongs to gitlab-com group' do
let(:user) { create(:user, user_type: :alert_bot) }
before do
allow(Gitlab).to receive(:com?).and_return(true)
random_group.add_user(user, Gitlab::Access::DEVELOPER)
end
it { is_expected.to be false }
end
end
context 'based on user type' do
before do
allow(Gitlab).to receive(:com?).and_return(true)
gitlab_group.add_user(user, Gitlab::Access::DEVELOPER)
end
context 'when user is a bot' do
let(:user) { create(:user, user_type: :alert_bot) }
it { is_expected.to be true }
end
context 'when user is a human' do
let(:user) { create(:user, user_type: :human) }
it { is_expected.to be false }
end
context 'when user is ghost' do
let(:user) { create(:user, :ghost) }
it { is_expected.to be false }
end
end
end
describe '#security_dashboard' do describe '#security_dashboard' do
let(:user) { create(:user) } let(:user) { create(:user) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment