Add feature flag support via Flipper (#663)

mwtrew · web-flow · commit 549f7813ca21 · 2026-02-03T15:30:11.000Z
## Status - Closes [#1101](RaspberryPiFoundation/digital-editor-issues#1101) - Related to RaspberryPiFoundation/editor-standalone#723 ## Points for consideration: ### Security - Adds a new admin panel at `/admin/flipper`. This uses a route constraint to deny access to non-admin users (based on session cookie). - Disabled feature flags are not shared with the client. However, at present all enabled features are shared with the client, regardless of whether they're expected to have any effect on the client. ### Performance - In this implementation, each School is a potential Actor (in Flipper terms). Flipper prefers to load feature data once per request and perform membership checks in memory to reduce the number of calls to the DB, but this can be less efficient if there are many Actors. Therefore, by default, there is a limit of 100 Actors per feature. See the [Flipper docs - Actors](https://www.flippercloud.io/docs/features/actors#limitations). - See also [Flipper docs - Performance](https://www.flippercloud.io/docs/optimization) ## What's changed? - Adds Flipper UI, allowing admin users to manage feature flags, and an endpoint that exposes enabled feature flags to the client. ## Steps to perform after deploying to production - Migration(?)
diff --git a/Gemfile b/Gemfile
@@ -14,6 +14,8 @@ gem 'countries'
 gem 'email_validator'
 gem 'faker'
 gem 'faraday'
+gem 'flipper', '~> 1.3'
+gem 'flipper-active_record', '~> 1.3'
 gem 'github_webhook', '~> 1.4'
 gem 'globalid'
 gem 'good_job', '~> 4.3'
@@ -76,3 +78,5 @@ group :test do
   gem 'webdrivers'
   gem 'webmock'
 end
+
+gem 'flipper-ui', '~> 1.3'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -186,6 +186,18 @@ GEM
     ffi (1.17.2-arm64-darwin)
     ffi (1.17.2-x86_64-linux-gnu)
     fiber-storage (1.0.1)
+    flipper (1.3.6)
+      concurrent-ruby (< 2)
+    flipper-active_record (1.3.6)
+      activerecord (>= 4.2, < 9)
+      flipper (~> 1.3.6)
+    flipper-ui (1.3.6)
+      erubi (>= 1.0.0, < 2.0.0)
+      flipper (~> 1.3.6)
+      rack (>= 1.4, < 4)
+      rack-protection (>= 1.5.3, < 5.0.0)
+      rack-session (>= 1.0.2, < 3.0.0)
+      sanitize (< 8)
     fugit (1.11.2)
       et-orbi (~> 1, >= 1.2.11)
       raabro (~> 1.4)
@@ -481,6 +493,9 @@ GEM
       ffi (~> 1.12)
       logger
     rubyzip (3.0.2)
+    sanitize (7.0.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.16.8)
     sassc (2.4.0)
       ffi (~> 1.9)
     sassc-rails (2.1.2)
@@ -579,6 +594,9 @@ DEPENDENCIES
   factory_bot_rails
   faker
   faraday
+  flipper (~> 1.3)
+  flipper-active_record (~> 1.3)
+  flipper-ui (~> 1.3)
   github_webhook (~> 1.4)
   globalid
   good_job (~> 4.3)
diff --git a/app/controllers/api/features_controller.rb b/app/controllers/api/features_controller.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Api
+  class FeaturesController < ApiController
+    def index
+      school = current_user&.schools&.first
+
+      enabled_feature_keys = Flipper.features
+                                    .select { |feature| Flipper.enabled?(feature.key, school) }
+                                    .map(&:key)
+
+      render json: { enabled: enabled_feature_keys }
+    end
+  end
+end
diff --git a/config/initializers/flipper.rb b/config/initializers/flipper.rb
@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+Rails.application.configure do
+  ## Memoization ensures that only one adapter call is made per feature per request.
+  ## For more info, see https://www.flippercloud.io/docs/optimization#memoization
+  # config.flipper.memoize = true
+
+  ## Flipper preloads all features before each request, which is recommended if:
+  ##   * you have a limited number of features (< 100?)
+  ##   * most of your requests depend on most of your features
+  ##   * you have limited gate data combined across all features (< 1k enabled gates, like individual actors, across all features)
+  ##
+  ## For more info, see https://www.flippercloud.io/docs/optimization#preloading
+  # config.flipper.preload = true
+
+  ## Warn or raise an error if an unknown feature is checked
+  ## Can be set to `:warn`, `:raise`, or `false`
+  # config.flipper.strict = Rails.env.development? && :warn
+
+  ## Show Flipper checks in logs
+  # config.flipper.log = true
+
+  ## Reconfigure Flipper to use the Memory adapter and disable Cloud in tests
+  # config.flipper.test_help = true
+
+  ## The path that Flipper Cloud will use to sync features
+  # config.flipper.cloud_path = "_flipper"
+
+  ## The instrumenter that Flipper will use. Defaults to ActiveSupport::Notifications.
+  # config.flipper.instrumenter = ActiveSupport::Notifications
+end
+
+Flipper.configure do |config|
+  ## Configure other adapters that you want to use here:
+  ## See http://flippercloud.io/docs/adapters
+  # config.use Flipper::Adapters::ActiveSupportCacheStore, Rails.cache, expires_in: 5.minutes
+end
+
+## Register a group that can be used for enabling features.
+##
+##   Flipper.enable_group :my_feature, :admins
+##
+## See https://www.flippercloud.io/docs/features#enablement-group
+#
+# Flipper.register(:admins) do |actor|
+#  actor.respond_to?(:admin?) && actor.admin?
+# end
diff --git a/config/routes.rb b/config/routes.rb
@@ -5,6 +5,9 @@
     mount GoodJob::Engine => 'good_job'
     resources :components
 
+    mount Flipper::UI.app(Flipper) => '/flipper',
+          constraints: AdminSessionConstraint.new
+
     resources :projects do
       delete :images, on: :member, action: :destroy_image
     end
@@ -87,6 +90,8 @@
     resources :school_import_jobs, only: %i[show]
 
     post '/google/auth/exchange-code', to: 'google_auth#exchange_code', defaults: { format: :json }
+
+    resources :features, only: %i[index]
   end
 
   resource :github_webhooks, only: :create, defaults: { formats: :json }
diff --git a/db/migrate/20260126130135_create_flipper_tables.rb b/db/migrate/20260126130135_create_flipper_tables.rb
@@ -0,0 +1,22 @@
+class CreateFlipperTables < ActiveRecord::Migration[7.2]
+  def up
+    create_table :flipper_features do |t|
+      t.string :key, null: false
+      t.timestamps null: false
+    end
+    add_index :flipper_features, :key, unique: true
+
+    create_table :flipper_gates do |t|
+      t.string :feature_key, null: false
+      t.string :key, null: false
+      t.text :value
+      t.timestamps null: false
+    end
+    add_index :flipper_gates, [:feature_key, :key, :value], unique: true, length: { value: 255 }
+  end
+
+  def down
+    drop_table :flipper_gates
+    drop_table :flipper_features
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
diff --git a/lib/helpers/admin_session_constraint.rb b/lib/helpers/admin_session_constraint.rb
@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+class AdminSessionConstraint
+  def matches?(request)
+    current_user = request.session[:current_user]
+    return false unless current_user
+
+    User.new(current_user).admin?
+  end
+end
diff --git a/spec/requests/admin/flipper_spec.rb b/spec/requests/admin/flipper_spec.rb
@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Flipper' do
+  let(:school) { create(:school) }
+  let(:student) { create(:student, school:) }
+  let(:teacher) { create(:teacher, school:) }
+  let(:admin_user) { create(:admin_user) }
+
+  describe 'Feature flag web interface' do
+    it 'is hidden from unauthenticated users' do
+      # Act
+      get '/admin/flipper/features'
+
+      # Assert
+      expect(response).to have_http_status(:not_found)
+    end
+
+    it 'is hidden from student users' do
+      # Arrange
+      sign_in student
+
+      # Act
+      get '/admin/flipper/features'
+
+      # Assert
+      expect(response).to have_http_status(:not_found)
+    end
+
+    it 'is hidden from teacher users' do
+      # Arrange
+      sign_in teacher
+
+      # Act
+      get '/admin/flipper/features'
+
+      # Assert
+      expect(response).to have_http_status(:not_found)
+    end
+
+    it 'is visible to admins' do
+      # Arrange
+      sign_in admin_user
+
+      # Act
+      get '/admin/flipper/features'
+
+      # Assert
+      expect(response).to have_http_status(:success)
+    end
+  end
+end
diff --git a/spec/requests/api/features_spec.rb b/spec/requests/api/features_spec.rb
@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Features' do
+  let(:headers) { { Authorization: UserProfileMock::TOKEN } }
+  let(:school_class) { create(:school_class, teacher_ids: [teacher.id], school:) }
+  let(:school) { create(:school) }
+  let(:student) { create(:student, school:) }
+  let(:teacher) { create(:teacher, school:) }
+  let(:admin_user) { create(:admin_user) }
+
+  describe 'Feature flag API' do
+    it 'returns a globally-disabled feature as disabled' do
+      # Arrange
+      Flipper.disable :some_global_feature
+
+      # Act
+      get '/api/features'
+
+      # Assert
+      expect(response.body).not_to include('some_global_feature')
+    end
+
+    it 'returns a globally-enabled feature as enabled' do
+      # Arrange
+      Flipper.enable :some_global_feature
+
+      # Act
+      get '/api/features'
+
+      # Assert
+      expect(response.body).to include('some_global_feature')
+    end
+
+    it 'returns a school-level feature as disabled for logged-out user' do
+      # Arrange
+      Flipper.enable_actor :some_school_level_feature, school
+
+      # Act
+      get '/api/features'
+
+      # Assert
+      expect(response.body).not_to include('some_school_level_feature')
+    end
+
+    it 'returns a school-level feature as enabled for a student in that school' do
+      # Arrange
+      authenticated_in_hydra_as(student)
+
+      Flipper.enable_actor :some_school_level_feature, school
+
+      # Act
+      get '/api/features', headers: headers
+
+      # Assert
+      expect(response.body).to include('some_school_level_feature')
+    end
+
+    it 'returns both school-level and global features as enabled for a student in a school' do
+      # Arrange
+      authenticated_in_hydra_as(student)
+
+      Flipper.enable_actor :some_school_level_feature, school
+      Flipper.enable :some_global_feature
+
+      # Act
+      get '/api/features', headers: headers
+
+      # Assert
+      expect(response.body).to include('some_school_level_feature')
+      expect(response.body).to include('some_global_feature')
+    end
+  end
+end
