FEATURE: allow site owners to disable impersonation (#20783)
Site owners can now disable impersonation using the global setting `allow_impersonation` (Eg: DISCOURSE_ALLOW_IMPERSONATION: false) see: https://meta.discourse.org/t/thoughts-about-impersonate-user/258795
This commit is contained in:
parent
4fe79ccc79
commit
d87e78616d
|
@ -373,4 +373,7 @@ pg_force_readonly_mode = false
|
||||||
dns_query_timeout_secs =
|
dns_query_timeout_secs =
|
||||||
|
|
||||||
# Default global regex timeout
|
# Default global regex timeout
|
||||||
regex_timeout_seconds =
|
regex_timeout_seconds =
|
||||||
|
|
||||||
|
# Allow impersonation function on the cluster to admins
|
||||||
|
allow_impersonation = true
|
||||||
|
|
|
@ -297,7 +297,7 @@ class Guardian
|
||||||
|
|
||||||
# Can we impersonate this user?
|
# Can we impersonate this user?
|
||||||
def can_impersonate?(target)
|
def can_impersonate?(target)
|
||||||
target &&
|
GlobalSetting.allow_impersonation && target &&
|
||||||
# You must be an admin to impersonate
|
# You must be an admin to impersonate
|
||||||
is_admin? &&
|
is_admin? &&
|
||||||
# You may not impersonate other admins unless you are a dev
|
# You may not impersonate other admins unless you are a dev
|
||||||
|
|
|
@ -539,6 +539,10 @@ RSpec.describe Guardian do
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "can_impersonate?" do
|
describe "can_impersonate?" do
|
||||||
|
it "disallows impersonation when disabled globally" do
|
||||||
|
global_setting :allow_impersonation, false
|
||||||
|
expect(Guardian.new(admin).can_impersonate?(moderator)).to be_falsey
|
||||||
|
end
|
||||||
it "allows impersonation correctly" do
|
it "allows impersonation correctly" do
|
||||||
expect(Guardian.new(admin).can_impersonate?(nil)).to be_falsey
|
expect(Guardian.new(admin).can_impersonate?(nil)).to be_falsey
|
||||||
expect(Guardian.new.can_impersonate?(user)).to be_falsey
|
expect(Guardian.new.can_impersonate?(user)).to be_falsey
|
||||||
|
|
Loading…
Reference in New Issue