diff --git a/app/controllers/admin/impersonate_controller.rb b/app/controllers/admin/impersonate_controller.rb index 8e3129942da..f57692d923b 100644 --- a/app/controllers/admin/impersonate_controller.rb +++ b/app/controllers/admin/impersonate_controller.rb @@ -4,11 +4,13 @@ class Admin::ImpersonateController < Admin::AdminController params.require(:username_or_email) user = User.find_by_username_or_email(params[:username_or_email]) - raise Discourse::NotFound if user.blank? guardian.ensure_can_impersonate!(user) + # log impersonate + StaffActionLogger.new(current_user).log_impersonate(user) + # Log on as the user log_on_user(user) diff --git a/app/models/user_history.rb b/app/models/user_history.rb index a5f8a61165e..e10cdd97605 100644 --- a/app/models/user_history.rb +++ b/app/models/user_history.rb @@ -32,7 +32,8 @@ class UserHistory < ActiveRecord::Base :auto_trust_level_change, :check_email, :delete_post, - :delete_topic) + :delete_topic, + :impersonate) end # Staff actions is a subset of all actions, used to audit actions taken by staff users. @@ -48,7 +49,8 @@ class UserHistory < ActiveRecord::Base :revoke_badge, :check_email, :delete_post, - :delete_topic] + :delete_topic, + :impersonate] end def self.staff_action_ids diff --git a/app/services/staff_action_logger.rb b/app/services/staff_action_logger.rb index 509328f3333..dfd6e281c84 100644 --- a/app/services/staff_action_logger.rb +++ b/app/services/staff_action_logger.rb @@ -156,6 +156,14 @@ class StaffActionLogger SQL end + def log_impersonate(user, opts={}) + raise Discourse::InvalidParameters.new("user is nil") unless user + UserHistory.create(params(opts).merge({ + action: UserHistory.actions[:impersonate], + target_user_id: user.id + })) + end + private def params(opts) diff --git a/config/locales/client.en.yml b/config/locales/client.en.yml index c6e67eebae1..7168ac4899c 100644 --- a/config/locales/client.en.yml +++ b/config/locales/client.en.yml @@ -1833,6 +1833,7 @@ en: check_email: "check email" delete_topic: "delete topic" delete_post: "delete post" + impersonate: "impersonate" screened_emails: title: "Screened Emails" description: "When someone tries to create a new account, the following email addresses will be checked and the registration will be blocked, or some other action performed." diff --git a/spec/controllers/admin/impersonate_controller_spec.rb b/spec/controllers/admin/impersonate_controller_spec.rb index 1bd528d3f3e..841e72ff34f 100644 --- a/spec/controllers/admin/impersonate_controller_spec.rb +++ b/spec/controllers/admin/impersonate_controller_spec.rb @@ -6,7 +6,6 @@ describe Admin::ImpersonateController do (Admin::ImpersonateController < Admin::AdminController).should == true end - context 'while logged in as an admin' do let!(:admin) { log_in(:admin) } let(:user) { Fabricate(:user) } @@ -21,7 +20,7 @@ describe Admin::ImpersonateController do context 'create' do it 'requires a username_or_email parameter' do - lambda { xhr :put, :create }.should raise_error(ActionController::ParameterMissing) + -> { xhr :put, :create }.should raise_error(ActionController::ParameterMissing) end it 'returns 404 when that user does not exist' do @@ -37,6 +36,11 @@ describe Admin::ImpersonateController do context 'success' do + it "logs the impersonation" do + StaffActionLogger.any_instance.expects(:log_impersonate) + xhr :post, :create, username_or_email: user.username + end + it "changes the current user session id" do xhr :post, :create, username_or_email: user.username session[:current_user_id].should == user.id @@ -58,6 +62,4 @@ describe Admin::ImpersonateController do end - - end