Move login button to user page, switched to POST method

eb9528b8 · Pavel Forkert · 83347954 · eb9528b8 · eb9528b8 · eb9528b8
Commit eb9528b8 authored Sep 24, 2015 by Pavel Forkert
5 changed files
--- a/app/views/admin/users/_head.html.haml
+++ b/app/views/admin/users/_head.html.haml
@@ -6,6 +6,8 @@
    %span.cred (Admin)
  .pull-right
+    - unless @user == current_user
+      = link_to 'Log in as this user', login_as_admin_user_path(@user), method: :post, class: "btn btn-grouped btn-info"
    = link_to edit_admin_user_path(@user), class: "btn btn-grouped" do
      %i.fa.fa-pencil-square-o
      Edit

--- a/app/views/admin/users/index.html.haml
+++ b/app/views/admin/users/index.html.haml
@@ -90,7 +90,6 @@
              &nbsp;
              = link_to 'Edit', edit_admin_user_path(user), id: "edit_#{dom_id(user)}", class: "btn btn-xs"
              - unless user == current_user
-                = link_to 'Log in', login_as_admin_user_path(user), method: :put, class: "btn btn-xs btn-primary"
                - if user.blocked?
                  = link_to 'Unblock', unblock_admin_user_path(user), method: :put, class: "btn btn-xs btn-success"
                - else

--- a/config/routes.rb
+++ b/config/routes.rb
@@ -262,7 +262,7 @@ Gitlab::Application.routes.draw do
        put :unblock
        put :unlock
        put :confirm
-        put :login_as
+        post :login_as
        patch :disable_two_factor
        delete 'remove/:email_id', action: 'remove_email', as: 'remove_email'
      end

--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@@ -7,17 +7,17 @@ describe Admin::UsersController do
    sign_in(admin)
  end
-  describe 'PUT login_as' do
+  describe 'POST login_as' do
    let(:user) { create(:user) }
    it 'logs admin as another user' do
      expect(warden.authenticate(scope: :user)).not_to eq(user)
-      put :login_as, id: user.username
+      post :login_as, id: user.username
      expect(warden.authenticate(scope: :user)).to eq(user)
    end
    it 'redirects user to homepage' do
-      put :login_as, id: user.username
+      post :login_as, id: user.username
      expect(response).to redirect_to(root_path)
    end
  end

--- a/spec/features/admin/admin_users_spec.rb
+++ b/spec/features/admin/admin_users_spec.rb
@@ -111,6 +111,27 @@ describe "Admin::Users", feature: true  do
      expect(page).to have_content(@user.name)
    end
+    describe 'Login as another user' do
+      it 'should show login button for other users' do
+        another_user = create(:user)
+        visit admin_user_path(another_user)
+        click_link 'Log in as this user'
+        expect(page).to have_content("Logged in as #{another_user.username}")
+        page.within '.sidebar-user .username' do
+          expect(page).to have_content(another_user.username)
+        end
+      end
+      it 'should not show login button for admin itself' do
+        visit admin_user_path(@user)
+        expect(page).not_to have_content('Log in as this user')
+      end
+    end
    describe 'Two-factor Authentication status' do
      it 'shows when enabled' do
        @user.update_attribute(:two_factor_enabled, true)
@@ -166,20 +187,4 @@ describe "Admin::Users", feature: true  do
      end
    end
  end
-  it 'should be able to log in as another user' do
-    another_user = create(:user)
-    visit admin_users_path
-    page.within ".user-#{another_user.id}" do
-      click_link 'Log in'
-    end
-    expect(page).to have_content("Logged in as #{another_user.username}")
-    page.within '.sidebar-user .username' do
-      expect(page).to have_content(another_user.username)
-    end
-  end
 end