summaryrefslogtreecommitdiff
path: root/app/controllers/admin
diff options
context:
space:
mode:
authorJames Newton <hello@jamesnewton.com>2015-10-28 16:39:23 +0100
committerJames Newton <hello@jamesnewton.com>2015-10-29 11:00:17 +0100
commit3bb626f91cb50bd2eff58681e22db942b7d6a087 (patch)
tree643e740b70f97bd647c89ca46234c1d5e65f4f4e /app/controllers/admin
parent98cc695afb2fc97a1ca897ad28741612bcde88a3 (diff)
downloadgitlab-ce-3bb626f91cb50bd2eff58681e22db942b7d6a087.tar.gz
refactor login as to be impersonation with better login/logout
Modifies the existing "login as" feature to be called impersonation, as well as keeping track of who is impersonating to revert back to that user without having to log out.
Diffstat (limited to 'app/controllers/admin')
-rw-r--r--app/controllers/admin/application_controller.rb6
-rw-r--r--app/controllers/admin/impersonation_controller.rb32
-rw-r--r--app/controllers/admin/users_controller.rb6
3 files changed, 38 insertions, 6 deletions
diff --git a/app/controllers/admin/application_controller.rb b/app/controllers/admin/application_controller.rb
index 56e24386463..9083bfb41cf 100644
--- a/app/controllers/admin/application_controller.rb
+++ b/app/controllers/admin/application_controller.rb
@@ -8,4 +8,10 @@ class Admin::ApplicationController < ApplicationController
def authenticate_admin!
return render_404 unless current_user.is_admin?
end
+
+ def authorize_impersonator!
+ if session[:impersonator_id]
+ User.find_by!(username: session[:impersonator_id]).admin?
+ end
+ end
end
diff --git a/app/controllers/admin/impersonation_controller.rb b/app/controllers/admin/impersonation_controller.rb
new file mode 100644
index 00000000000..0382402afa6
--- /dev/null
+++ b/app/controllers/admin/impersonation_controller.rb
@@ -0,0 +1,32 @@
+class Admin::ImpersonationController < Admin::ApplicationController
+ skip_before_action :authenticate_admin!, only: :destroy
+
+ before_action :user
+ before_action :authorize_impersonator!
+
+ def create
+ session[:impersonator_id] = current_user.username
+ session[:impersonator_return_to] = request.env['HTTP_REFERER']
+
+ warden.set_user(user, scope: 'user')
+
+ flash[:alert] = "You are impersonating #{user.username}."
+
+ redirect_to root_path
+ end
+
+ def destroy
+ redirect = session[:impersonator_return_to]
+
+ warden.set_user(user, scope: 'user')
+
+ session[:impersonator_return_to] = nil
+ session[:impersonator_id] = nil
+
+ redirect_to redirect || root_path
+ end
+
+ def user
+ @user ||= User.find_by!(username: params[:id] || session[:impersonator_id])
+ end
+end
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index c63d0793e31..d7c927d444c 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -63,12 +63,6 @@ class Admin::UsersController < Admin::ApplicationController
end
end
- def login_as
- sign_in(user)
- flash[:alert] = "Logged in as #{user.username}"
- redirect_to root_path
- end
-
def disable_two_factor
user.disable_two_factor!
redirect_to admin_user_path(user),
View Lorry Controller Status