Merge pull request #1746 from codidact/0valt/dev-impersonate

Oaphi · web-flow · commit 2d653a64ae86 · 2025-08-05T15:11:35.000+03:00
Allow dev mode to impersonate users directly
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
@@ -4,6 +4,7 @@ class AdminController < ApplicationController
   before_action :verify_global_admin, only: [:admin_email, :send_admin_email, :new_site, :create_site, :setup,
                                              :setup_save, :hellban, :all_email, :send_all_email]
   before_action :verify_developer, only: [:change_users, :impersonate]
+  before_action :set_user, only: [:change_users, :hellban, :impersonate]
 
   def index; end
 
@@ -182,20 +183,19 @@ def setup_save
   end
 
   def hellban
-    @user = User.find params[:id]
     @user.block("user manually blocked by admin ##{current_user.id}")
     flash[:success] = t 'admin.user_fed_stat'
     redirect_back fallback_location: admin_path
   end
 
   def impersonate
-    @user = User.find params[:id]
+    if Rails.env.development?
+      change_users
+    end
   end
 
   def change_users
-    @user = User.find params[:id]
-
-    unless params[:comment].present?
+    unless params[:comment].present? || Rails.env.development?
       flash[:danger] = 'Please explain why you are impersonating this user.'
       render :impersonate
       return
@@ -246,4 +246,10 @@ def do_email_query
     end
     render :email_query
   end
+
+  private
+
+  def set_user
+    @user = User.find(params[:id])
+  end
 end
diff --git a/app/views/admin/impersonate.html.erb b/app/views/admin/impersonate.html.erb
@@ -28,4 +28,4 @@
       <%= submit_tag 'Impersonate', class: 'button is-danger h-m-b-2' %>
     </div>
   </div>
-<% end %>
+<% end %>
diff --git a/test/controllers/admin_controller_test.rb b/test/controllers/admin_controller_test.rb
@@ -165,4 +165,35 @@ class AdminControllerTest < ActionController::TestCase
     assert_response(:success)
     assert_not_nil assigns(:logs)
   end
+
+  test 'hellban should correctly block the user' do
+    sign_in users(:global_admin)
+
+    user = users(:standard_user)
+    try_hellban_user(user)
+    user.reload
+
+    assert_response(:found)
+    assert BlockedItem.where(item_type: 'email', value: user.email).any?
+  end
+
+  test 'impersonate should bypass reason in dev env' do
+    sign_in users(:developer)
+
+    Rails.env.stub(:development?, true) do
+      try_impersonate_user(users(:standard_user))
+      assert_response(:found)
+      assert_redirected_to root_path
+    end
+  end
+
+  private
+
+  def try_hellban_user(user)
+    post :hellban, params: { id: user.id }
+  end
+
+  def try_impersonate_user(user)
+    get :impersonate, params: { id: user.id }
+  end
 end
diff --git a/test/fixtures/community_users.yml b/test/fixtures/community_users.yml
@@ -61,6 +61,13 @@ sample_global_admin:
   is_moderator: false
   reputation: 1
 
+sample_developer:
+  user: developer
+  community: sample
+  is_admin: true
+  is_moderator: false
+  reputation: 1
+
 sample_staff:
   user: staff
   community: sample
