diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/controllers/admin_user_controller.rb | 1 | ||||
| -rw-r--r-- | app/controllers/user_controller.rb | 8 | ||||
| -rw-r--r-- | app/models/user.rb | 6 |
3 files changed, 12 insertions, 3 deletions
diff --git a/app/controllers/admin_user_controller.rb b/app/controllers/admin_user_controller.rb index 12b4e553f..b2c084739 100644 --- a/app/controllers/admin_user_controller.rb +++ b/app/controllers/admin_user_controller.rb @@ -77,6 +77,7 @@ class AdminUserController < AdminController post_redirect = PostRedirect.new( :uri => main_url(user_url(@admin_user)), :user_id => @admin_user.id) post_redirect.save! url = main_url(confirm_url(:email_token => post_redirect.email_token, :only_path => true)) + session[:user_id] = nil # Log out current (usually admin) user, so we get logged in as the other user redirect_to url end diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index f49fc9165..403cb9684 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -182,9 +182,11 @@ class UserController < ApplicationController return end - @user = post_redirect.user - @user.email_confirmed = true - @user.save! + if !User.stay_logged_in_on_redirect?(@user) + @user = post_redirect.user + @user.email_confirmed = true + @user.save! + end session[:user_id] = @user.id session[:user_circumstance] = post_redirect.circumstance diff --git a/app/models/user.rb b/app/models/user.rb index 28d130c46..691a59e48 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -264,6 +264,12 @@ class User < ActiveRecord::Base def User.view_hidden_requests?(user) !user.nil? && user.admin_level == 'super' end + + # Should the user be kept logged into their own account + # if they follow a /c/ redirect link belonging to another user? + def User.stay_logged_in_on_redirect?(user) + !user.nil? && user.admin_level == 'super' + end # Does the user get "(admin)" links on each page on the main site? def admin_page_links? |