Expose all snippets to /snippets endpoint for GitLab Admin
Problem to solve
Snippet spam is a problem for public GitLab instances, both self-managed and GitLab.com. Because of the spam issues with snippets Administrators are introducing additional tooling to help combat that spam. Unfortunately, there is not currently a way for a GitLab administrator to retrieve all Snippets on the system regardless of visibility or scope.
Intended users
Proposal
A new parameter should be available to the /snippets endpoint for GitLab Instance Administrators that allows them to retrieve all the Snippets on the instance.
Possible: ?scope=all
Testing Activity
- Add specs to ensure we include snippets with internal visibility in that endpoint
@vij:
- Test visible snippets are correct
MR Breakdown
- We would need to change the scope we use for retrieving the public snippets and retrieve also internal (Maybe it would be better to include the SnippetFinder there?)
Documentation
Docs need to be updated to specify that this parameter is Admin only and that it returns all snippets.
Original Description
### Problem to solveSnippet spam is still a problem, including on https://gitlab.com. With the recent addition of the /snippets/public endpoint things have become much better: I wrote a script that deletes recent users that create accounts and immediately a snippet on our instance (same for users with unreasonably long bio written in Vietnamese). Unfortunately some spammers seem to also make snippets with internal visibility level.
Intended users
Proposal
I propose for the /snippets/public API endpoint to return all snippets visible to the current user, and not only snippets with public visibility. Alternatively I propose to introduce another endpoint that allows to list all snippets.
Permissions and Security
No permissions necessary, and no potential for security problems.