protect internal users from impersonation

author: http://jneen.net/ <jneen@jneen.net> 2017-02-28 13:35:37 -0800
committer: http://jneen.net/ <jneen@jneen.net> 2017-03-09 11:49:52 -0800
commit: dfe41c1556a5e31480a230e13033dd523ef51ba3 (patch)
tree: b139083ad8842f4fcf9a1b55df0026aefc00147f /app/controllers/admin/users_controller.rb
parent: 0ea04cc5bfcc125875a6e0f46702389f0e2e19c0 (diff)
download: gitlab-ce-dfe41c1556a5e31480a230e13033dd523ef51ba3.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index 7ffde71c3b1..7f86723b921 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -33,6 +33,10 @@ class Admin::UsersController < Admin::ApplicationController
       flash[:alert] = "You cannot impersonate a blocked user"
 
       redirect_to admin_user_path(user)
+    elsif user.internal?
+      flash[:alert] = "You cannot impersonate an internal user"
+
+      redirect_to admin_user_path(user)
     else
       session[:impersonator_id] = current_user.id
author	http://jneen.net/ <jneen@jneen.net>	2017-02-28 13:35:37 -0800
committer	http://jneen.net/ <jneen@jneen.net>	2017-03-09 11:49:52 -0800
commit	dfe41c1556a5e31480a230e13033dd523ef51ba3 (patch)
tree	b139083ad8842f4fcf9a1b55df0026aefc00147f /app/controllers/admin/users_controller.rb
parent	0ea04cc5bfcc125875a6e0f46702389f0e2e19c0 (diff)
download	gitlab-ce-dfe41c1556a5e31480a230e13033dd523ef51ba3.tar.gz