Add latest changes from gitlab-org/security/gitlab@14-1-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-08-03 12:00:08 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-08-03 12:00:08 +0000
commit: b1bbcf85684cee176ed5bb7eb43dd487a75f18fa (patch)
tree: bda68adaad2e197482bf02f476e94b5908da1518 /app/controllers
parent: c7c74818948dbc63a284bb617b2af1937f999cc8 (diff)
download: gitlab-ce-b1bbcf85684cee176ed5bb7eb43dd487a75f18fa.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/app/controllers/admin/impersonation_tokens_controller.rb b/app/controllers/admin/impersonation_tokens_controller.rb
index c3166d5dd82..eb279298baf 100644
--- a/app/controllers/admin/impersonation_tokens_controller.rb
+++ b/app/controllers/admin/impersonation_tokens_controller.rb
@@ -2,6 +2,7 @@
 
 class Admin::ImpersonationTokensController < Admin::ApplicationController
   before_action :user
+  before_action :verify_impersonation_enabled!
 
   feature_category :authentication_and_authorization
 
@@ -41,6 +42,10 @@ class Admin::ImpersonationTokensController < Admin::ApplicationController
   end
   # rubocop: enable CodeReuse/ActiveRecord
 
+  def verify_impersonation_enabled!
+    access_denied! unless helpers.impersonation_enabled?
+  end
+
   def finder(options = {})
     PersonalAccessTokensFinder.new({ user: user, impersonation: true }.merge(options))
   end
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-08-03 12:00:08 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-08-03 12:00:08 +0000
commit	b1bbcf85684cee176ed5bb7eb43dd487a75f18fa (patch)
tree	bda68adaad2e197482bf02f476e94b5908da1518 /app/controllers
parent	c7c74818948dbc63a284bb617b2af1937f999cc8 (diff)
download	gitlab-ce-b1bbcf85684cee176ed5bb7eb43dd487a75f18fa.tar.gz