BigW Consortium Gitlab

impersonation_controller.rb 943 Bytes
Newer Older
1 2 3 4 5 6 7
class Admin::ImpersonationController < Admin::ApplicationController
  skip_before_action :authenticate_admin!, only: :destroy

  before_action :user
  before_action :authorize_impersonator!

  def create
8 9
    if @user.blocked?
      flash[:alert] = "You cannot impersonate a blocked user"
10

11 12 13
      redirect_to admin_user_path(@user)
    else
      session[:impersonator_id] = current_user.username
14
      session[:impersonator_return_to] = admin_user_path(@user)
15 16

      warden.set_user(user, scope: 'user')
17

18
      flash[:alert] = "You are impersonating #{user.username}."
19

20 21
      redirect_to root_path
    end
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
  end

  def destroy
    redirect = session[:impersonator_return_to]

    warden.set_user(user, scope: 'user')

    session[:impersonator_return_to] = nil
    session[:impersonator_id] = nil

    redirect_to redirect || root_path
  end

  def user
    @user ||= User.find_by!(username: params[:id] || session[:impersonator_id])
  end
end