Commit cc525133 authored by Stan Hu's avatar Stan Hu

Merge pull request #9873 from atomaka/atomaka/feature/prevent-blocked-impersonation

Prevent impersonation if blocked
parents efead2cf ec754d22
......@@ -5,14 +5,20 @@ class Admin::ImpersonationController < Admin::ApplicationController
before_action :authorize_impersonator!
def create
session[:impersonator_id] = current_user.username
session[:impersonator_return_to] = request.env['HTTP_REFERER']
if @user.blocked?
flash[:alert] = "You cannot impersonate a blocked user"
warden.set_user(user, scope: 'user')
redirect_to admin_user_path(@user)
else
session[:impersonator_id] = current_user.username
session[:impersonator_return_to] = admin_user_path(@user)
warden.set_user(user, scope: 'user')
flash[:alert] = "You are impersonating #{user.username}."
flash[:alert] = "You are impersonating #{user.username}."
redirect_to root_path
redirect_to root_path
end
end
def destroy
......
......@@ -6,7 +6,7 @@
%span.cred (Admin)
.pull-right
- unless @user == current_user
- unless @user == current_user || @user.blocked?
= link_to 'Impersonate', impersonate_admin_user_path(@user), method: :post, class: "btn btn-grouped btn-info"
= link_to edit_admin_user_path(@user), class: "btn btn-grouped" do
%i.fa.fa-pencil-square-o
......
require 'spec_helper'
describe Admin::ImpersonationController do
let(:admin) { create(:admin) }
before do
sign_in(admin)
end
describe 'CREATE #impersonation when blocked' do
let(:blocked_user) { create(:user, state: :blocked) }
it 'does not allow impersonation' do
post :create, id: blocked_user.username
expect(flash[:alert]).to eq 'You cannot impersonate a blocked user'
end
end
end
......@@ -128,6 +128,16 @@ describe "Admin::Users", feature: true do
expect(page).not_to have_content('Impersonate')
end
it 'should not show impersonate button for blocked user' do
another_user.block
visit admin_user_path(another_user)
expect(page).not_to have_content('Impersonate')
another_user.activate
end
end
context 'when impersonating' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment