protect internal users from impersonation

dfe41c15 · http://jneen.net/ · 0ea04cc5 · dfe41c15
Commit dfe41c15 authored Feb 28, 2017 by http://jneen.net/
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

app/controllers/admin/users_controller.rb app/controllers/admin/users_controller.rb +4 -0

No files found.
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -32,6 +32,10 @@ class Admin::UsersController < Admin::ApplicationController
    if user.blocked?
      flash[:alert] = "You cannot impersonate a blocked user"

+      redirect_to admin_user_path(user)
+    elsif user.internal?
+      flash[:alert] = "You cannot impersonate an internal user"
+
      redirect_to admin_user_path(user)
    else
      session[:impersonator_id] = current_user.id