Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kazuhiko Shiozaki
gitlab-ce
Commits
daca985a
Commit
daca985a
authored
Dec 01, 2015
by
Andrew Tomaka
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Prevent impersonation if blocked
parent
09e712c0
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
41 additions
and
6 deletions
+41
-6
app/controllers/admin/impersonation_controller.rb
app/controllers/admin/impersonation_controller.rb
+11
-5
app/views/admin/users/_head.html.haml
app/views/admin/users/_head.html.haml
+1
-1
spec/controllers/admin/impersonation_controller_spec.rb
spec/controllers/admin/impersonation_controller_spec.rb
+19
-0
spec/features/admin/admin_users_spec.rb
spec/features/admin/admin_users_spec.rb
+10
-0
No files found.
app/controllers/admin/impersonation_controller.rb
View file @
daca985a
...
...
@@ -5,14 +5,20 @@ class Admin::ImpersonationController < Admin::ApplicationController
before_action
:authorize_impersonator!
def
create
session
[
:impersonator_id
]
=
current_user
.
username
session
[
:impersonator_return_to
]
=
request
.
env
[
'HTTP_REFERER'
]
if
@user
.
blocked?
flash
[
:alert
]
=
"You cannot impersonate a blocked user"
warden
.
set_user
(
user
,
scope:
'user'
)
redirect_to
admin_user_path
(
@user
)
else
session
[
:impersonator_id
]
=
current_user
.
username
session
[
:impersonator_return_to
]
=
request
.
env
[
'HTTP_REFERER'
]
warden
.
set_user
(
user
,
scope:
'user'
)
flash
[
:alert
]
=
"You are impersonating
#{
user
.
username
}
."
flash
[
:alert
]
=
"You are impersonating
#{
user
.
username
}
."
redirect_to
root_path
redirect_to
root_path
end
end
def
destroy
...
...
app/views/admin/users/_head.html.haml
View file @
daca985a
...
...
@@ -6,7 +6,7 @@
%span
.cred
(Admin)
.pull-right
-
unless
@user
==
current_user
-
unless
@user
==
current_user
||
@user
.
blocked?
=
link_to
'Impersonate'
,
impersonate_admin_user_path
(
@user
),
method: :post
,
class:
"btn btn-grouped btn-info"
=
link_to
edit_admin_user_path
(
@user
),
class:
"btn btn-grouped"
do
%i
.fa.fa-pencil-square-o
...
...
spec/controllers/admin/impersonation_controller_spec.rb
0 → 100644
View file @
daca985a
require
'spec_helper'
describe
Admin
::
ImpersonationController
do
let
(
:admin
)
{
create
(
:admin
)
}
before
do
sign_in
(
admin
)
end
describe
'CREATE #impersonation when blocked'
do
let
(
:blocked_user
)
{
create
(
:user
,
state: :blocked
)
}
it
'does not allow impersonation'
do
post
:create
,
id:
blocked_user
.
username
expect
(
flash
[
:alert
]).
to
eq
'You cannot impersonate a blocked user'
end
end
end
spec/features/admin/admin_users_spec.rb
View file @
daca985a
...
...
@@ -128,6 +128,16 @@ describe "Admin::Users", feature: true do
expect
(
page
).
not_to
have_content
(
'Impersonate'
)
end
it
'should not show impersonate button for blocked user'
do
another_user
.
block
visit
admin_user_path
(
another_user
)
expect
(
page
).
not_to
have_content
(
'Impersonate'
)
another_user
.
activate
end
end
context
'when impersonating'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment