Prevent impersonation if blocked

author: Andrew Tomaka <atomaka@gmail.com> 2015-12-01 23:40:24 -0500
committer: Andrew Tomaka <atomaka@gmail.com> 2015-12-02 08:07:29 -0500
commit: daca985a6e75d6f43c5cc5b487a0942d5bf93f68 (patch)
tree: 579e8734014953e8aaa1c784cd4a857e50c6ed79 /app/controllers
parent: 09e712c0fb721059e4b2619eb9fc104257fc492d (diff)
download: gitlab-ce-daca985a6e75d6f43c5cc5b487a0942d5bf93f68.tar.gz
1 files changed, 11 insertions, 5 deletions
diff --git a/app/controllers/admin/impersonation_controller.rb b/app/controllers/admin/impersonation_controller.rb
index 0382402afa6..102dd437402 100644
--- a/app/controllers/admin/impersonation_controller.rb
+++ b/app/controllers/admin/impersonation_controller.rb
@@ -5,14 +5,20 @@ class Admin::ImpersonationController < Admin::ApplicationController
   before_action :authorize_impersonator!
 
   def create
-    session[:impersonator_id] = current_user.username
-    session[:impersonator_return_to] = request.env['HTTP_REFERER']
+    if @user.blocked?
+      flash[:alert] = "You cannot impersonate a blocked user"
 
-    warden.set_user(user, scope: 'user')
+      redirect_to admin_user_path(@user)
+    else
+      session[:impersonator_id] = current_user.username
+      session[:impersonator_return_to] = request.env['HTTP_REFERER']
+
+      warden.set_user(user, scope: 'user')
 
-    flash[:alert] = "You are impersonating #{user.username}."
+      flash[:alert] = "You are impersonating #{user.username}."
 
-    redirect_to root_path
+      redirect_to root_path
+    end
   end
 
   def destroy
author	Andrew Tomaka <atomaka@gmail.com>	2015-12-01 23:40:24 -0500
committer	Andrew Tomaka <atomaka@gmail.com>	2015-12-02 08:07:29 -0500
commit	daca985a6e75d6f43c5cc5b487a0942d5bf93f68 (patch)
tree	579e8734014953e8aaa1c784cd4a857e50c6ed79 /app/controllers
parent	09e712c0fb721059e4b2619eb9fc104257fc492d (diff)
download	gitlab-ce-daca985a6e75d6f43c5cc5b487a0942d5bf93f68.tar.gz