4dfdef2ddf
- Currently, (for example) admins can't delete snippets for blocked users, which is an unexpected limitation. - We modify `authenticate!` to conduct the `access_api` policy check against the `initial_current_user`, instead of the user being impersonated. - Update CHANGELOG for !10842
4 lines
90 B
YAML
4 lines
90 B
YAML
---
|
|
title: Allow admins to sudo to blocked users via the API
|
|
merge_request: 10842
|
|
author:
|