Admin users clicking confirmation links

Fixes #446. See issue for details.

2 files changed, 8 insertions, 1 deletions

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index b681f455d..434f12a49 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -294,6 +294,7 @@ class ApplicationController < ActionController::Base
         if params[:post_redirect] and session[:post_redirect_token]
             post_redirect = PostRedirect.find_by_token(session[:post_redirect_token])
             params.update(post_redirect.post_params)
+            params[:post_redirect_user] = post_redirect.user
         end
     end
 
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index 313a57d7d..96c501755 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -344,7 +344,13 @@ class RequestController < ApplicationController
             return
         end
 
-        @info_request.user = authenticated_user
+        if params[:post_redirect_user]
+            # If an admin has clicked the confirmation link on a users behalf,
+            # we don’t want to reassign the request to the administrator.
+            @info_request.user = params[:post_redirect_user]
+        else
+            @info_request.user = authenticated_user
+        end
         # This automatically saves dependent objects, such as @outgoing_message, in the same transaction
         @info_request.save!
         # XXX send_message needs the database id, so we send after saving, which isn't ideal if the request broke here.