refactors documentation and personal access tokens form to not allow admins to generate non impersionation tokens

author: Tiago Botelho <tiagonbotelho@hotmail.com> 2017-02-09 15:21:09 +0000
committer: Tiago Botelho <tiagonbotelho@hotmail.com> 2017-02-28 22:15:40 +0000
commit: f0ea7130f7bf0e7a3702d863b4d246f524b6c14a (patch)
tree: ec626d2d42c7942fa1cbc1505275ed7d4de52fa5 /app/controllers/admin
parent: c2b1cdef7e8cdaec35bd0844301ce8f06ed742b7 (diff)
download: gitlab-ce-f0ea7130f7bf0e7a3702d863b4d246f524b6c14a.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/app/controllers/admin/personal_access_tokens_controller.rb b/app/controllers/admin/personal_access_tokens_controller.rb
index 7202d80ce1b..f32a4160433 100644
--- a/app/controllers/admin/personal_access_tokens_controller.rb
+++ b/app/controllers/admin/personal_access_tokens_controller.rb
@@ -6,7 +6,8 @@ class Admin::PersonalAccessTokensController < Admin::ApplicationController
   end
 
   def create
-    @personal_access_token = user.personal_access_tokens.generate(personal_access_token_params)
+    # We never want to non-impersonate a user
+    @personal_access_token = user.personal_access_tokens.generate(personal_access_token_params.merge(impersonation: true))
 
     if @personal_access_token.save
       flash[:personal_access_token] = @personal_access_token.token
author	Tiago Botelho <tiagonbotelho@hotmail.com>	2017-02-09 15:21:09 +0000
committer	Tiago Botelho <tiagonbotelho@hotmail.com>	2017-02-28 22:15:40 +0000
commit	f0ea7130f7bf0e7a3702d863b4d246f524b6c14a (patch)
tree	ec626d2d42c7942fa1cbc1505275ed7d4de52fa5 /app/controllers/admin
parent	c2b1cdef7e8cdaec35bd0844301ce8f06ed742b7 (diff)
download	gitlab-ce-f0ea7130f7bf0e7a3702d863b4d246f524b6c14a.tar.gz