Skip to content

Add config to disable the Fully Enable button#979

Merged
jnunemaker merged 4 commits intomainfrom
worktree-wild-watching-cloud
Feb 26, 2026
Merged

Add config to disable the Fully Enable button#979
jnunemaker merged 4 commits intomainfrom
worktree-wild-watching-cloud

Conversation

@jnunemaker
Copy link
Collaborator

@jnunemaker jnunemaker commented Feb 26, 2026

Summary

  • Adds disable_fully_enable config option to Flipper::UI that prevents full-enabling features from the web UI
  • Single option accepts true (default message), a string (custom message), or nil/false (enabled, the default)
  • Server-side 403 enforcement when bypassing the disabled button (curl, devtools, etc.)
  • Based on Add config to disable the Fully Enable button #973 with review feedback applied: renamed from fully_enable_disabled/fully_enable_disabled_with, collapsed to single config option, 403 template uses configured message

Usage

# Disable with default message
Flipper::UI.configure do |config|
  config.disable_fully_enable = true
end

# Disable with custom message
Flipper::UI.configure do |config|
  config.disable_fully_enable = "Use deploy pipeline instead."
end

Note: This only affects the UI. If flipper-api is mounted, full enable is still possible via the API.

Test plan

  • Config defaults to nil, accepts true, false, and string values
  • disable_fully_enable_message returns default message for true, custom string when set
  • Server returns 403 with configured message when fully enable is disabled
  • Disable action still works when fully enable is disabled
  • Explicit false does not block enabling
  • Button renders as disabled with tooltip in the UI
  • Custom message shown in both tooltip and 403 response
  • Full RSpec suite passes (2813 examples, 0 failures)

Closes #973

🤖 Generated with Claude Code

elShiaLabeouf and others added 4 commits February 18, 2026 11:15
@elShiaLabeouf
Added config to disable the Fully Enable button
f43fb02
@jnunemaker
Merge branch 'pr-973' into worktree-wild-watching-cloud
f2beb44
@jnunemaker @claude
Rework disable fully enable config per PR #973 review
a189ede 
Collapse two config options (fully_enable_disabled, fully_enable_disabled_with)
into a single disable_fully_enable option that accepts true for a default
message or a string for a custom message. Update 403 template to use the
configured message instead of hardcoding. Add note about UI config test
pattern to CLAUDE.md.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jnunemaker @claude
Clean up disable_fully_enable review feedback
640f32f 
Move DEFAULT_DISABLE_FULLY_ENABLE_MESSAGE constant next to other
constants. Rename template from fully_enable_disabled.erb to
disable_fully_enable.erb for naming consistency. Add test for explicit
false value.

XSS is a non-issue: Erubi escape: true auto-escapes <%= %> output.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jnunemaker jnunemaker self-assigned this Feb 26, 2026
@jnunemaker jnunemaker merged commit 04215f7 into main Feb 26, 2026
46 checks passed
@jnunemaker jnunemaker deleted the worktree-wild-watching-cloud branch February 26, 2026 14:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jnunemaker jnunemaker

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jnunemaker @elShiaLabeouf