Move login button to user page, switched to POST method

app/views/admin/users/_head.html.haml

@@ -6,6 +6,8 @@
     %span.cred (Admin)
 
   .pull-right
+    - unless @user == current_user
+      = link_to 'Log in as this user', login_as_admin_user_path(@user), method: :post, class: "btn btn-grouped btn-info"
     = link_to edit_admin_user_path(@user), class: "btn btn-grouped" do
       %i.fa.fa-pencil-square-o
       Edit

app/views/admin/users/index.html.haml

@@ -90,7 +90,6 @@
                
               = link_to 'Edit', edit_admin_user_path(user), id: "edit_#{dom_id(user)}", class: "btn btn-xs"
               - unless user == current_user
-                = link_to 'Log in', login_as_admin_user_path(user), method: :put, class: "btn btn-xs btn-primary"
                 - if user.blocked?
                   = link_to 'Unblock', unblock_admin_user_path(user), method: :put, class: "btn btn-xs btn-success"
                 - else

config/routes.rb

@@ -262,7 +262,7 @@ Gitlab::Application.routes.draw do
         put :unblock
         put :unlock
         put :confirm
-        put :login_as
+        post :login_as
         patch :disable_two_factor
         delete 'remove/:email_id', action: 'remove_email', as: 'remove_email'
       end

spec/controllers/admin/users_controller_spec.rb

@@ -7,17 +7,17 @@ describe Admin::UsersController do
     sign_in(admin)
   end
 
-  describe 'PUT login_as' do
+  describe 'POST login_as' do
     let(:user) { create(:user) }
 
     it 'logs admin as another user' do
       expect(warden.authenticate(scope: :user)).not_to eq(user)
-      put :login_as, id: user.username
+      post :login_as, id: user.username
       expect(warden.authenticate(scope: :user)).to eq(user)
     end
 
     it 'redirects user to homepage' do
-      put :login_as, id: user.username
+      post :login_as, id: user.username
       expect(response).to redirect_to(root_path)
     end
   end

spec/features/admin/admin_users_spec.rb

@@ -111,6 +111,27 @@ describe "Admin::Users", feature: true  do
       expect(page).to have_content(@user.name)
     end
 
+    describe 'Login as another user' do
+      it 'should show login button for other users' do
+        another_user = create(:user)
+
+        visit admin_user_path(another_user)
+
+        click_link 'Log in as this user'
+
+        expect(page).to have_content("Logged in as #{another_user.username}")
+
+        page.within '.sidebar-user .username' do
+          expect(page).to have_content(another_user.username)
+        end
+      end
+
+      it 'should not show login button for admin itself' do
+        visit admin_user_path(@user)
+        expect(page).not_to have_content('Log in as this user')
+      end
+    end
+
     describe 'Two-factor Authentication status' do
       it 'shows when enabled' do
         @user.update_attribute(:two_factor_enabled, true)
@@ -166,20 +187,4 @@ describe "Admin::Users", feature: true  do
       end
     end
   end
-
-  it 'should be able to log in as another user' do
-    another_user = create(:user)
-
-    visit admin_users_path
-
-    page.within ".user-#{another_user.id}" do
-      click_link 'Log in'
-    end
-
-    expect(page).to have_content("Logged in as #{another_user.username}")
-
-    page.within '.sidebar-user .username' do
-      expect(page).to have_content(another_user.username)
-    end
-  end
 end