From 5df5c75dd977a6c95aa6478f523b9c30aed1891f Mon Sep 17 00:00:00 2001 From: iseessel Date: Wed, 7 Feb 2018 14:42:24 -0500 Subject: [PATCH 1/2] Removed trackable for impersonation requests --- api/app/controllers/mno_enterprise/impersonate_controller.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/api/app/controllers/mno_enterprise/impersonate_controller.rb b/api/app/controllers/mno_enterprise/impersonate_controller.rb index 80c2049ff..549a383f6 100644 --- a/api/app/controllers/mno_enterprise/impersonate_controller.rb +++ b/api/app/controllers/mno_enterprise/impersonate_controller.rb @@ -2,6 +2,7 @@ module MnoEnterprise class ImpersonateController < ApplicationController include MnoEnterprise::ImpersonateHelper + before_filter :skip_trackable, only: [:create] before_filter :authenticate_user!, except: [:destroy] before_filter :current_user_must_be_admin!, except: [:destroy] @@ -39,6 +40,10 @@ def destroy private + def skip_trackable + request.env["devise.skip_trackable"] = true + end + def current_user_must_be_admin! unless current_user.admin_role.present? flash[:error] = "You don't have access to this section." From 239bb83b50af12aa7bd0d0be772595990624f5ae Mon Sep 17 00:00:00 2001 From: iseessel Date: Wed, 7 Feb 2018 23:32:08 -0500 Subject: [PATCH 2/2] Refactored impersonate #skip_devise_trackable --- .../controllers/mno_enterprise/impersonate_controller.rb | 6 +----- .../controllers/mno_enterprise/application_controller.rb | 6 +++++- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/api/app/controllers/mno_enterprise/impersonate_controller.rb b/api/app/controllers/mno_enterprise/impersonate_controller.rb index 549a383f6..9a5ef6e67 100644 --- a/api/app/controllers/mno_enterprise/impersonate_controller.rb +++ b/api/app/controllers/mno_enterprise/impersonate_controller.rb @@ -2,7 +2,7 @@ module MnoEnterprise class ImpersonateController < ApplicationController include MnoEnterprise::ImpersonateHelper - before_filter :skip_trackable, only: [:create] + before_filter :skip_devise_trackable!, only: [:create] before_filter :authenticate_user!, except: [:destroy] before_filter :current_user_must_be_admin!, except: [:destroy] @@ -40,10 +40,6 @@ def destroy private - def skip_trackable - request.env["devise.skip_trackable"] = true - end - def current_user_must_be_admin! unless current_user.admin_role.present? flash[:error] = "You don't have access to this section." diff --git a/core/app/controllers/mno_enterprise/application_controller.rb b/core/app/controllers/mno_enterprise/application_controller.rb index f5d905fb5..caea44b1a 100644 --- a/core/app/controllers/mno_enterprise/application_controller.rb +++ b/core/app/controllers/mno_enterprise/application_controller.rb @@ -66,10 +66,14 @@ def set_default_meta # user action and should therefore be taken into account def skip_devise_trackable_on_xhr if request.format == 'application/json' && request.get? - request.env["devise.skip_trackable"] = true + skip_devise_trackable! end end + def skip_devise_trackable! + request.env["devise.skip_trackable"] = true + end + # Return the user to the 'return_to' url if one was specified # previously. Only if user is signed in def perform_return_to