Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-ce
Commits
cc525133
Commit
cc525133
authored
Dec 02, 2015
by
Stan Hu
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #9873 from atomaka/atomaka/feature/prevent-blocked-impersonation
Prevent impersonation if blocked
parents
efead2cf
ec754d22
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
41 additions
and
6 deletions
+41
-6
app/controllers/admin/impersonation_controller.rb
app/controllers/admin/impersonation_controller.rb
+11
-5
app/views/admin/users/_head.html.haml
app/views/admin/users/_head.html.haml
+1
-1
spec/controllers/admin/impersonation_controller_spec.rb
spec/controllers/admin/impersonation_controller_spec.rb
+19
-0
spec/features/admin/admin_users_spec.rb
spec/features/admin/admin_users_spec.rb
+10
-0
No files found.
app/controllers/admin/impersonation_controller.rb
View file @
cc525133
...
...
@@ -5,8 +5,13 @@ class Admin::ImpersonationController < Admin::ApplicationController
before_action
:authorize_impersonator!
def
create
if
@user
.
blocked?
flash
[
:alert
]
=
"You cannot impersonate a blocked user"
redirect_to
admin_user_path
(
@user
)
else
session
[
:impersonator_id
]
=
current_user
.
username
session
[
:impersonator_return_to
]
=
request
.
env
[
'HTTP_REFERER'
]
session
[
:impersonator_return_to
]
=
admin_user_path
(
@user
)
warden
.
set_user
(
user
,
scope:
'user'
)
...
...
@@ -14,6 +19,7 @@ class Admin::ImpersonationController < Admin::ApplicationController
redirect_to
root_path
end
end
def
destroy
redirect
=
session
[
:impersonator_return_to
]
...
...
app/views/admin/users/_head.html.haml
View file @
cc525133
...
...
@@ -6,7 +6,7 @@
%span
.cred
(Admin)
.pull-right
-
unless
@user
==
current_user
-
unless
@user
==
current_user
||
@user
.
blocked?
=
link_to
'Impersonate'
,
impersonate_admin_user_path
(
@user
),
method: :post
,
class:
"btn btn-grouped btn-info"
=
link_to
edit_admin_user_path
(
@user
),
class:
"btn btn-grouped"
do
%i
.fa.fa-pencil-square-o
...
...
spec/controllers/admin/impersonation_controller_spec.rb
0 → 100644
View file @
cc525133
require
'spec_helper'
describe
Admin
::
ImpersonationController
do
let
(
:admin
)
{
create
(
:admin
)
}
before
do
sign_in
(
admin
)
end
describe
'CREATE #impersonation when blocked'
do
let
(
:blocked_user
)
{
create
(
:user
,
state: :blocked
)
}
it
'does not allow impersonation'
do
post
:create
,
id:
blocked_user
.
username
expect
(
flash
[
:alert
]).
to
eq
'You cannot impersonate a blocked user'
end
end
end
spec/features/admin/admin_users_spec.rb
View file @
cc525133
...
...
@@ -128,6 +128,16 @@ describe "Admin::Users", feature: true do
expect
(
page
).
not_to
have_content
(
'Impersonate'
)
end
it
'should not show impersonate button for blocked user'
do
another_user
.
block
visit
admin_user_path
(
another_user
)
expect
(
page
).
not_to
have_content
(
'Impersonate'
)
another_user
.
activate
end
end
context
'when impersonating'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment