From 758177d14cd946ed1bd8d9bd9609d9d8d4a378dc Mon Sep 17 00:00:00 2001 From: Zeger-Jan van de Weg Date: Mon, 25 Jan 2016 20:08:29 +0100 Subject: Warn admin of granting admin rights during OAuth Fixes #3951 Warning style the same as the warning a user sees on a archived project. --- CHANGELOG | 1 + app/views/doorkeeper/authorizations/new.html.haml | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 858c5dd96a2..b7eddb25bce 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -16,6 +16,7 @@ v 8.4.1 and Nokogiri (1.6.7.2) - Fix redirect loop during import - Fix diff highlighting for all syntax themes + - Warn admin during OAuth of granting admin rights (Zeger-Jan van de Weg) v 8.4.0 - Allow LDAP users to change their email if it was not set by the LDAP server diff --git a/app/views/doorkeeper/authorizations/new.html.haml b/app/views/doorkeeper/authorizations/new.html.haml index 15f9ee266c1..185182a10de 100644 --- a/app/views/doorkeeper/authorizations/new.html.haml +++ b/app/views/doorkeeper/authorizations/new.html.haml @@ -4,6 +4,13 @@ Authorize %strong.text-info= @pre_auth.client.name to use your account? + + - if current_user.admin? + .text-warning.prepend-top-20 + %p + = icon("exclamation-triangle fw") + Caution! You are admin, and thus will grant admin permission to #{@pre_auth.client.name}. + - if @pre_auth.scopes #oauth-permissions %p This application will be able to: @@ -25,4 +32,4 @@ = hidden_field_tag :state, @pre_auth.state = hidden_field_tag :response_type, @pre_auth.response_type = hidden_field_tag :scope, @pre_auth.scope - = submit_tag "Deny", class: "btn btn-danger prepend-left-10" \ No newline at end of file + = submit_tag "Deny", class: "btn btn-danger prepend-left-10" -- cgit v1.2.1