Skip to content

G
gitlab-ce
Commit dfe41c15 authored by http://jneen.net/'s avatar http://jneen.net/
Browse files
Options

protect internal users from impersonation

parent 0ea04cc5
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 0 deletions
app/controllers/admin/users_controller.rb
View file @ dfe41c15
...@@ -32,6 +32,10 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -32,6 +32,10 @@ class Admin::UsersController < Admin::ApplicationController
if user.blocked? if user.blocked?
flash[:alert] = "You cannot impersonate a blocked user" flash[:alert] = "You cannot impersonate a blocked user"
redirect_to admin_user_path(user)
elsif user.internal?
flash[:alert] = "You cannot impersonate an internal user"
redirect_to admin_user_path(user) redirect_to admin_user_path(user)
else else
session[:impersonator_id] = current_user.id session[:impersonator_id] = current_user.id
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7