flipper-ui 1.4.0 → 1.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 00b09ef9134ecfe7b076edae579e9ff91827964ada4053fa8d5b5167b2965992
-  data.tar.gz: 22b200ae581fd91ced63c0936bfa03ce9ee306779bf09c7ed40809ec97e9d4c6
+  metadata.gz: 0cb0f4ab52d69d747f65f3a49aa89656138bb326434e0d4b9e21a6827479fea0
+  data.tar.gz: 227e30ad6e4d67f2b69e73a4aed099c8e91fb7651aad1c4a5bb54881ab925f97
 SHA512:
-  metadata.gz: d85919950864694f4156846ffd1cf20c758451821409c6ae7fb566b11759740842368af8393669617c5d8c5764ac5a9d11c7f91207641c51892dec0169cd09ad
-  data.tar.gz: 62b4831c0a38c4321ab627480e79ab5043140d4b57869c80a3792288d9b2d21421133f701ba1a8df72b6d5d707854df65714cce7009cb383aee039c04177718a
+  metadata.gz: bd9a23b242736d416fc7ea1a84a5c8af833916211ba6963340d30025b625bb16a4addc0342df706fdf10a528f93f2817c3dd1f7ff6f45a53d974e74de6b0edb7
+  data.tar.gz: 564f9d333365d60310f141efd208de1c3a5957c3c20b828f2f024922952d79992eb833073d4634813c4c6f208de8e75d04a1fb1a5492356ba08a84cf6cca9958

data/lib/flipper/ui/actions/boolean_gate.rb

@@ -16,6 +16,10 @@ module Flipper
           @feature = Decorators::Feature.new(feature)
 
           if params['action'] == 'Enable'
+            if Flipper::UI.configuration.disable_fully_enable
+              status 403
+              halt view_response(:disable_fully_enable)
+            end
             feature.enable
           else
             feature.disable

data/lib/flipper/ui/actions/import.rb

@@ -8,6 +8,7 @@ module Flipper
         route %r{\A/settings\/import/?\Z}
 
         def post
+          render_read_only if read_only?
           contents = params['file'][:tempfile].read
           export = Flipper::Exporters::Json::Export.new(contents: contents)
           flipper.import(export)

data/lib/flipper/ui/configuration.rb

@@ -45,6 +45,11 @@ module Flipper
       # false and it will go away. Defaults to true.
       attr_accessor :cloud_recommendation
 
+      # Public: Set to false to disable the version check that fetches the
+      # latest release from flippercloud.io. Useful when a strict Content
+      # Security Policy is in place. Defaults to true.
+      attr_accessor :version_check_enabled
+
       # Public: What should show up in the form to add actors. This can be
       # different per application since flipper_id's can be whatever an
       # application needs. Defaults to "a flipper id".
@@ -77,6 +82,20 @@ module Flipper
       # Default is false.
       attr_accessor :confirm_disable
 
+      # Public: Set to disable the Fully Enable button in the UI, preventing
+      # users from fully enabling features via the web interface. Set to true
+      # for a default message, or a string for a custom message. Defaults to nil.
+      #
+      # Note: This only affects the UI. If flipper-api is mounted, full enable
+      # is still possible via the API.
+      #
+      # Examples:
+      #
+      #   config.disable_fully_enable = true
+      #   config.disable_fully_enable = "Use deploy pipeline instead."
+      #
+      attr_accessor :disable_fully_enable
+
       VALID_BANNER_CLASS_VALUES = %w(
         danger
         dark
@@ -90,6 +109,7 @@ module Flipper
 
       DEFAULT_DESCRIPTIONS_SOURCE = ->(_keys) { {} }
       DEFAULT_ACTOR_NAMES_SOURCE = ->(_keys) { {} }
+      DEFAULT_DISABLE_FULLY_ENABLE_MESSAGE = "Fully enabling features via the UI is disabled."
 
       def initialize
         @delete = Option.new("Danger Zone", "Deleting a feature removes it from the list of features and disables it for everyone.")
@@ -99,6 +119,7 @@ module Flipper
         @feature_removal_enabled = true
         @fun = true
         @cloud_recommendation = true
+        @version_check_enabled = true
         @add_actor_placeholder = "a flipper id"
         @descriptions_source = DEFAULT_DESCRIPTIONS_SOURCE
         @actor_names_source = DEFAULT_ACTOR_NAMES_SOURCE
@@ -106,6 +127,7 @@ module Flipper
         @actors_separator = ','
         @confirm_fully_enable = false
         @confirm_disable = true
+        @disable_fully_enable = nil
         @read_only = false
         @nav_items = [
           { title: "Features", href: "features" },
@@ -121,6 +143,14 @@ module Flipper
         using_descriptions? && @show_feature_description_in_list
       end
 
+      def disable_fully_enable_message
+        if @disable_fully_enable.is_a?(String)
+          @disable_fully_enable
+        else
+          DEFAULT_DISABLE_FULLY_ENABLE_MESSAGE
+        end
+      end
+
       def banner_class=(value)
         unless VALID_BANNER_CLASS_VALUES.include?(value)
           raise InvalidConfigurationValue, "The banner_class provided '#{value}' is " \

data/lib/flipper/ui/views/disable_fully_enable.erb

@@ -0,0 +1,3 @@
+<div class="alert alert-danger">
+  <%= Flipper::UI.configuration.disable_fully_enable_message %>
+</div>

data/lib/flipper/ui/views/feature.erb

@@ -255,16 +255,24 @@
             <div class="row">
               <% unless @feature.boolean_value %>
                 <div class="col d-grid">
-                  <button type="submit" name="action" value="Enable" class="btn btn-outline-success"
-                    <% if Flipper::UI.configuration.confirm_fully_enable %>
-                      data-confirmation-prompt="Are you sure you want to fully enable this feature for everyone? Please enter the name of the feature to confirm it: <%= feature_name %>"
-                      data-confirmation-text="<%= feature_name %>"
-                    <% end %>
-                  >
-                    <span class="d-block" data-bs-toggle="tooltip" title="Enable for everyone">
-                      Fully Enable
+                  <% if Flipper::UI.configuration.disable_fully_enable %>
+                    <span class="d-inline-block" tabindex="0" data-bs-toggle="tooltip" title="<%= Flipper::UI.configuration.disable_fully_enable_message %>">
+                      <button type="submit" name="action" value="Enable" class="btn btn-outline-success w-100" disabled style="pointer-events: none;">
+                        Fully Enable
+                      </button>
                     </span>
-                  </button>
+                  <% else %>
+                    <button type="submit" name="action" value="Enable" class="btn btn-outline-success"
+                      <% if Flipper::UI.configuration.confirm_fully_enable %>
+                        data-confirmation-prompt="Are you sure you want to fully enable this feature for everyone? Please enter the name of the feature to confirm it: <%= feature_name %>"
+                        data-confirmation-text="<%= feature_name %>"
+                      <% end %>
+                    >
+                      <span class="d-block" data-bs-toggle="tooltip" title="Enable for everyone">
+                        Fully Enable
+                      </span>
+                    </button>
+                  <% end %>
                 </div>
               <% end %>
 

data/lib/flipper/ui/views/layout.erb

@@ -18,8 +18,10 @@
       <%- end -%>
 
       <div class="text-muted small text-end">
-        <a href="#" class="badge text-bg-warning ms-2 d-none" style="font-size:100%" id="new-version-badge" data-version="<%= Flipper::VERSION %>">
-        </a>
+        <% if Flipper::UI.configuration.version_check_enabled %>
+          <a href="#" class="badge text-bg-warning ms-2 d-none" style="font-size:100%" id="new-version-badge" data-version="<%= Flipper::VERSION %>">
+          </a>
+        <% end %>
 
         <% if Flipper.deprecated_ruby_version? %>
           <a href="https://github.com/flippercloud/flipper/pull/776" class="badge text-bg-danger ms-2" style="font-size:100%">
@@ -83,6 +85,8 @@
     <script src="<%= script_name + popper_js[:src] %>" integrity="<%= popper_js[:hash] %>" crossorigin="anonymous"></script>
     <script src="<%= script_name + bootstrap_js[:src] %>" integrity="<%= bootstrap_js[:hash] %>" crossorigin="anonymous"></script>
     <script src="<%= script_name %>/js/application.js?v=<%= Flipper::VERSION %>"></script>
-    <script src="<%= script_name %>/js/version.js?v=<%= Flipper::VERSION %>"></script>
+    <% if Flipper::UI.configuration.version_check_enabled %>
+      <script src="<%= script_name %>/js/version.js?v=<%= Flipper::VERSION %>"></script>
+    <% end %>
   </body>
 </html>

data/lib/flipper/ui/views/settings.erb

@@ -38,6 +38,7 @@
   </div>
 </div>
 
+<% if write_allowed? %>
 <div class="card">
   <div class="card-header">
     <h4 class="m-0">Import</h4>
@@ -51,3 +52,4 @@
     </form>
   </div>
 </div>
+<% end %>

data/lib/flipper/version.rb

@@ -1,5 +1,5 @@
 module Flipper
-  VERSION = '1.4.0'.freeze
+  VERSION = '1.4.2'.freeze
 
   REQUIRED_RUBY_VERSION = '2.6'.freeze
   NEXT_REQUIRED_RUBY_VERSION = '3.0'.freeze

data/spec/flipper/ui/actions/boolean_gate_spec.rb

@@ -64,5 +64,76 @@ RSpec.describe Flipper::UI::Actions::BooleanGate do
         expect(last_response.headers['location']).to eq('/features/search')
       end
     end
+
+    context 'when disable_fully_enable is false' do
+      before { Flipper::UI.configuration.disable_fully_enable = false }
+      after { Flipper::UI.configuration.disable_fully_enable = nil }
+
+      it 'allows enabling the feature' do
+        flipper.disable :search
+        post 'features/search/boolean',
+             { 'action' => 'Enable', 'authenticity_token' => token },
+             'rack.session' => session
+        expect(flipper.enabled?(:search)).to be(true)
+      end
+    end
+
+    context 'when disable_fully_enable is true' do
+      before { Flipper::UI.configuration.disable_fully_enable = true }
+      after { Flipper::UI.configuration.disable_fully_enable = nil }
+
+      context 'with enable' do
+        before do
+          flipper.disable :search
+          post 'features/search/boolean',
+               { 'action' => 'Enable', 'authenticity_token' => token },
+               'rack.session' => session
+        end
+
+        it 'does not enable the feature' do
+          expect(flipper.enabled?(:search)).to be(false)
+        end
+
+        it 'returns 403 status' do
+          expect(last_response.status).to be(403)
+        end
+
+        it 'renders the default disabled message' do
+          expect(last_response.body).to include('Fully enabling features via the UI is disabled.')
+        end
+      end
+
+      context 'with disable' do
+        before do
+          flipper.enable :search
+          post 'features/search/boolean',
+               { 'action' => 'Disable', 'authenticity_token' => token },
+               'rack.session' => session
+        end
+
+        it 'still allows disabling the feature' do
+          expect(flipper.enabled?(:search)).to be(false)
+        end
+
+        it 'redirects back to feature' do
+          expect(last_response.status).to be(302)
+          expect(last_response.headers['location']).to eq('/features/search')
+        end
+      end
+    end
+
+    context 'when disable_fully_enable is a custom message' do
+      before { Flipper::UI.configuration.disable_fully_enable = "Use deploy pipeline instead." }
+      after { Flipper::UI.configuration.disable_fully_enable = nil }
+
+      it 'renders the custom message on 403' do
+        flipper.disable :search
+        post 'features/search/boolean',
+             { 'action' => 'Enable', 'authenticity_token' => token },
+             'rack.session' => session
+        expect(last_response.status).to be(403)
+        expect(last_response.body).to include('Use deploy pipeline instead.')
+      end
+    end
   end
 end

data/spec/flipper/ui/actions/feature_spec.rb

@@ -125,6 +125,32 @@ RSpec.describe Flipper::UI::Actions::Feature do
       end
     end
 
+    context "when disable_fully_enable is true" do
+      before { Flipper::UI.configuration.disable_fully_enable = true }
+      after { Flipper::UI.configuration.disable_fully_enable = nil }
+
+      it 'renders the Fully Enable button as disabled' do
+        get '/features/search'
+        expect(last_response.body).to include('Fully Enable')
+        expect(last_response.body).to match(/disabled\s*>/)
+      end
+
+      it 'shows the default disabled tooltip' do
+        get '/features/search'
+        expect(last_response.body).to include('Fully enabling features via the UI is disabled.')
+      end
+    end
+
+    context "when disable_fully_enable is a custom message" do
+      before { Flipper::UI.configuration.disable_fully_enable = "Use deploy pipeline instead." }
+      after { Flipper::UI.configuration.disable_fully_enable = nil }
+
+      it 'shows custom disabled tooltip' do
+        get '/features/search'
+        expect(last_response.body).to include('Use deploy pipeline instead.')
+      end
+    end
+
     context 'custom actor names' do
       before do
         actor = Flipper::Actor.new('some_actor_name')

data/spec/flipper/ui/actions/import_spec.rb

@@ -11,11 +11,12 @@ RSpec.describe Flipper::UI::Actions::Import do
     { :csrf => token, 'csrf' => token, '_csrf_token' => token }
   end
 
+  let(:path) { FlipperRoot.join("spec", "fixtures", "flipper_pstore_1679087600.json") }
+
   describe "POST /settings/import" do
     before do
       flipper.enable :plausible
       flipper.disable :google_analytics
-      path = FlipperRoot.join("spec", "fixtures", "flipper_pstore_1679087600.json")
 
       post '/settings/import',
         {
@@ -37,5 +38,26 @@ RSpec.describe Flipper::UI::Actions::Import do
       expect(last_response.status).to be(302)
       expect(last_response.headers['location']).to eq('/features')
     end
+
+    context "when in read only mode" do
+      before do
+        allow(flipper).to receive(:read_only?) { true }
+
+        post '/settings/import',
+          {
+            'authenticity_token' => token,
+            'file' => Rack::Test::UploadedFile.new(path, "application/json"),
+          },
+          'rack.session' => session
+      end
+
+      it 'returns 403' do
+        expect(last_response.status).to be(403)
+      end
+
+      it 'renders read only template' do
+        expect(last_response.body).to include('read only')
+      end
+    end
   end
 end

data/spec/flipper/ui/configuration_spec.rb

@@ -73,6 +73,17 @@ RSpec.describe Flipper::UI::Configuration do
     end
   end
 
+  describe "#version_check_enabled" do
+    it "has default value" do
+      expect(configuration.version_check_enabled).to eq(true)
+    end
+
+    it "can be updated" do
+      configuration.version_check_enabled = false
+      expect(configuration.version_check_enabled).to eq(false)
+    end
+  end
+
   describe "#feature_removal_enabled" do
     it "has default value" do
       expect(configuration.feature_removal_enabled).to eq(true)
@@ -146,6 +157,39 @@ RSpec.describe Flipper::UI::Configuration do
     end
   end
 
+  describe "#disable_fully_enable" do
+    it "defaults to nil" do
+      expect(configuration.disable_fully_enable).to be_nil
+    end
+
+    it "can be set to true" do
+      configuration.disable_fully_enable = true
+      expect(configuration.disable_fully_enable).to eq(true)
+    end
+
+    it "can be set to false" do
+      configuration.disable_fully_enable = false
+      expect(configuration.disable_fully_enable).to eq(false)
+    end
+
+    it "can be set to a custom message" do
+      configuration.disable_fully_enable = "Use deploy pipeline instead."
+      expect(configuration.disable_fully_enable).to eq("Use deploy pipeline instead.")
+    end
+  end
+
+  describe "#disable_fully_enable_message" do
+    it "returns default message when set to true" do
+      configuration.disable_fully_enable = true
+      expect(configuration.disable_fully_enable_message).to eq("Fully enabling features via the UI is disabled.")
+    end
+
+    it "returns custom message when set to a string" do
+      configuration.disable_fully_enable = "Use deploy pipeline instead."
+      expect(configuration.disable_fully_enable_message).to eq("Use deploy pipeline instead.")
+    end
+  end
+
   describe "#show_feature_description_in_list" do
     it "has default value" do
       expect(configuration.show_feature_description_in_list).to eq(false)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: flipper-ui
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.4.2
 platform: ruby
 authors:
 - John Nunemaker
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-02-26 00:00:00.000000000 Z
+date: 2026-05-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -76,14 +76,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.4.0
+        version: 1.4.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.4.0
+        version: 1.4.2
 - !ruby/object:Gem::Dependency
   name: erubi
   requirement: !ruby/object:Gem::Requirement
@@ -166,6 +166,7 @@ files:
 - lib/flipper/ui/views/add_actor.erb
 - lib/flipper/ui/views/add_feature.erb
 - lib/flipper/ui/views/add_group.erb
+- lib/flipper/ui/views/disable_fully_enable.erb
 - lib/flipper/ui/views/feature.erb
 - lib/flipper/ui/views/feature_creation_disabled.erb
 - lib/flipper/ui/views/feature_removal_disabled.erb
@@ -202,7 +203,7 @@ metadata:
   homepage_uri: https://www.flippercloud.io
   source_code_uri: https://github.com/flippercloud/flipper
   bug_tracker_uri: https://github.com/flippercloud/flipper/issues
-  changelog_uri: https://github.com/flippercloud/flipper/releases/tag/v1.4.0
+  changelog_uri: https://github.com/flippercloud/flipper/releases/tag/v1.4.2
   funding_uri: https://github.com/sponsors/flippercloud
 post_install_message:
 rdoc_options: []