Add new table to store email domain

In order to save user preferences regarding user emails allowed to be invited to group Add foreign_key and down method Change adding foreign key Add partial call to view Add changelog entry Fix schema

Add new table to store email domain
In order to save user preferences regarding user emails allowed to be invited to group Add foreign_key and down method Change adding foreign key Add partial call to view Add changelog entry Fix schema
3b32ac56 · Gosia Ksionek · Paul Slaughter · 0baadb42 · 3b32ac56 · 3b32ac56
5 changed file
--- a/app/views/groups/settings/_permissions.html.haml
+++ b/app/views/groups/settings/_permissions.html.haml
@@ -18,6 +18,7 @@
          %span.descr.text-muted= share_with_group_lock_help_text(@group)

    = render_if_exists 'groups/settings/ip_restriction', f: f, group: @group
+    = render_if_exists 'groups/settings/allowed_email_domain', f: f, group: @group
    = render 'groups/settings/lfs', f: f
    = render 'groups/settings/project_creation_level', f: f, group: @group
    = render 'groups/settings/subgroup_creation_level', f: f, group: @group

--- a/changelogs/unreleased/10972-be-allow-restricting-group-members-by-a-domain-whitelist-ce.yml
+++ b/changelogs/unreleased/10972-be-allow-restricting-group-members-by-a-domain-whitelist-ce.yml
+---
+title: Add new table to store email domain per group
+merge_request: 31071
+author:
+type: added
--- a/db/migrate/20190723153247_create_allowed_email_domains_for_groups.rb
+++ b/db/migrate/20190723153247_create_allowed_email_domains_for_groups.rb
+# frozen_string_literal: true
+
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class CreateAllowedEmailDomainsForGroups < ActiveRecord::Migration[5.2]
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+
+  def change
+    create_table :allowed_email_domains do |t|
+      t.timestamps_with_timezone null: false
+      t.references :group, references: :namespace,
+        column: :group_id,
+        type: :integer,
+        null: false,
+        index: true
+      t.foreign_key :namespaces, column: :group_id, on_delete: :cascade
+      t.string :domain, null: false, limit: 255
+    end
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -26,6 +26,14 @@ ActiveRecord::Schema.define(version: 2019_08_15_093949) do
    t.integer "cached_markdown_version"
  end

+  create_table "allowed_email_domains", force: :cascade do |t|
+    t.datetime_with_timezone "created_at", null: false
+    t.datetime_with_timezone "updated_at", null: false
+    t.integer "group_id", null: false
+    t.string "domain", limit: 255, null: false
+    t.index ["group_id"], name: "index_allowed_email_domains_on_group_id"
+  end
+
  create_table "analytics_cycle_analytics_group_stages", force: :cascade do |t|
    t.datetime_with_timezone "created_at", null: false
    t.datetime_with_timezone "updated_at", null: false
@@ -3670,6 +3678,7 @@ ActiveRecord::Schema.define(version: 2019_08_15_093949) do
    t.index ["type"], name: "index_web_hooks_on_type"
  end

+  add_foreign_key "allowed_email_domains", "namespaces", column: "group_id", on_delete: :cascade
  add_foreign_key "analytics_cycle_analytics_group_stages", "labels", column: "end_event_label_id", on_delete: :cascade
  add_foreign_key "analytics_cycle_analytics_group_stages", "labels", column: "start_event_label_id", on_delete: :cascade
  add_foreign_key "analytics_cycle_analytics_group_stages", "namespaces", column: "group_id", on_delete: :cascade

--- a/doc/user/group/index.md
+++ b/doc/user/group/index.md
@@ -350,6 +350,38 @@ Restriction currently applies to UI, API access is not restricted.
 To avoid accidental lock-out, admins and group owners are are able to access
 the group regardless of the IP restriction.

+#### Allowed domain restriction **(PREMIUM ONLY)**
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/issues/7297) in
+[GitLab Premium](https://about.gitlab.com/pricing/) 12.2.
+
+You can restrict access to groups and their underlying projects by
+allowing only users with email addresses in particular domains to be added to the group.
+
+Add email domains you want to whitelist and users with emails from different 
+domains won't be allowed to be added to this group.
+
+Some domains cannot be restricted. These are the most popular public email domains, such as:
+
+- `gmail.com`
+- `yahoo.com`
+- `hotmail.com`
+- `aol.com`
+- `msn.com`
+- `hotmail.co.uk`
+- `hotmail.fr`
+- `live.com`
+- `outlook.com`
+- `icloud.com`
+
+To enable this feature:
+
+1. Navigate to the group's **Settings > General** page.
+1. Expand the **Permissions, LFS, 2FA** section, and enter domain name into **Restrict membership by email** field.
+1. Click **Save changes**.
+
+This will enable the domain-checking for all new users added to the group from this moment on.
+
 #### Group file templates **(PREMIUM)**

 Group file templates allow you to share a set of templates for common file