protect internal users from impersonation
This commit is contained in:
parent
0ea04cc5bf
commit
dfe41c1556
|
@ -32,6 +32,10 @@ class Admin::UsersController < Admin::ApplicationController
|
|||
if user.blocked?
|
||||
flash[:alert] = "You cannot impersonate a blocked user"
|
||||
|
||||
redirect_to admin_user_path(user)
|
||||
elsif user.internal?
|
||||
flash[:alert] = "You cannot impersonate an internal user"
|
||||
|
||||
redirect_to admin_user_path(user)
|
||||
else
|
||||
session[:impersonator_id] = current_user.id
|
||||
|
|
Loading…
Reference in New Issue