Commit dfe41c15 authored by http://jneen.net/'s avatar http://jneen.net/

protect internal users from impersonation

parent 0ea04cc5
......@@ -32,6 +32,10 @@ class Admin::UsersController < Admin::ApplicationController
if user.blocked?
flash[:alert] = "You cannot impersonate a blocked user"
redirect_to admin_user_path(user)
elsif user.internal?
flash[:alert] = "You cannot impersonate an internal user"
redirect_to admin_user_path(user)
else
session[:impersonator_id] = current_user.id
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment