Skip to content

Restrict cloud site admin access to user settings

Administrator requested to merge flying-robot/restrict-view-user-settings into main

Created by: flying-robot

Cloud site admins should not have access to user settings[0]. This change adds an additional set of clauses that will:

  1. Show a danger alert when an admin is viewing another user's settings.

  2. Hide the settings editor from the admin.

  3. Restrict programmatic access to the settings.

[0] https://sourcegraph.atlassian.net/browse/COREAPP-138

Screenshots

Viewing same user Screen Shot 2021-07-14 at 8 01 22 AM

Viewing different user Screen Shot 2021-07-14 at 8 01 34 AM

Querying same user Screen Shot 2021-07-14 at 8 01 58 AM

Querying different user Screen Shot 2021-07-14 at 8 02 16 AM

Mutating same user Screen Shot 2021-07-14 at 8 02 42 AM

Mutating different user Screen Shot 2021-07-14 at 8 03 02 AM

Merge request reports