diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-11-14 09:04:10 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-11-14 09:04:10 +0000 |
| commit | aec9f211e534900f602e769dcdd6f69730849f92 (patch) | |
| tree | 1dc20c8300782edb2fa7db1f646938d555950538 /app/controllers/admin | |
| parent | da8ca8b217d0c060ec509fd385842da29e4e4a86 (diff) | |
| parent | 3bb626f91cb50bd2eff58681e22db942b7d6a087 (diff) | |
| download | gitlab-ce-aec9f211e534900f602e769dcdd6f69730849f92.tar.gz | |
Merge branch 'impersonate' into 'master'
refactor login as to be impersonation with better login/logout
Modifies the existing "login as" feature to be called impersonation.
This also adds:
* Application keep track of who is impersonating the user so they can revert back to the original user without having to log out.
* Stores the user profile via `HTTP_REFERER` so you get redirected back to the person you have impersonated once you stop.
## Screenshots:
See merge request !1702
Diffstat (limited to 'app/controllers/admin')
| -rw-r--r-- | app/controllers/admin/application_controller.rb | 6 | ||||
| -rw-r--r-- | app/controllers/admin/impersonation_controller.rb | 32 | ||||
| -rw-r--r-- | app/controllers/admin/users_controller.rb | 6 |
3 files changed, 38 insertions, 6 deletions
diff --git a/app/controllers/admin/application_controller.rb b/app/controllers/admin/application_controller.rb index 56e24386463..9083bfb41cf 100644 --- a/app/controllers/admin/application_controller.rb +++ b/app/controllers/admin/application_controller.rb @@ -8,4 +8,10 @@ class Admin::ApplicationController < ApplicationController def authenticate_admin! return render_404 unless current_user.is_admin? end + + def authorize_impersonator! + if session[:impersonator_id] + User.find_by!(username: session[:impersonator_id]).admin? + end + end end diff --git a/app/controllers/admin/impersonation_controller.rb b/app/controllers/admin/impersonation_controller.rb new file mode 100644 index 00000000000..0382402afa6 --- /dev/null +++ b/app/controllers/admin/impersonation_controller.rb @@ -0,0 +1,32 @@ +class Admin::ImpersonationController < Admin::ApplicationController + skip_before_action :authenticate_admin!, only: :destroy + + before_action :user + before_action :authorize_impersonator! + + def create + session[:impersonator_id] = current_user.username + session[:impersonator_return_to] = request.env['HTTP_REFERER'] + + warden.set_user(user, scope: 'user') + + flash[:alert] = "You are impersonating #{user.username}." + + redirect_to root_path + end + + def destroy + redirect = session[:impersonator_return_to] + + warden.set_user(user, scope: 'user') + + session[:impersonator_return_to] = nil + session[:impersonator_id] = nil + + redirect_to redirect || root_path + end + + def user + @user ||= User.find_by!(username: params[:id] || session[:impersonator_id]) + end +end diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index c63d0793e31..d7c927d444c 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -63,12 +63,6 @@ class Admin::UsersController < Admin::ApplicationController end end - def login_as - sign_in(user) - flash[:alert] = "Logged in as #{user.username}" - redirect_to root_path - end - def disable_two_factor user.disable_two_factor! redirect_to admin_user_path(user), |