Skip to content

Commit

Permalink
require superuser status to impersonate others (#241)
Browse files Browse the repository at this point in the history 
Co-authored-by: Jake Rosenberg <[email protected]>
  • Loading branch information
@jarosenb
jarosenb and Jake Rosenberg authored Jun 1, 2023
1 parent d977726 commit a133799
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion apps/tup-cms/src/apps/portal/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ def LogoutView(request):

def ImpersonateView(request):
resp = HttpResponseRedirect("/portal/dashboard")
if not request.user.is_staff:
if not request.user.is_superuser:
return resp

headers = {"x-tup-token": settings.TUP_SERVICES_ADMIN_JWT}
Expand Down
2 changes: 1 addition & 1 deletion apps/tup-cms/src/apps/portal_nav/templates/portal_nav/nav_portal.raw.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
<a class="dropdown-item" href="/portal/account">
<i class="icon icon-user"></i> Manage Account
</a>
{% if user.is_staff %}
{% if user.is_superuser %}
<a class="dropdown-item" href="/portal/impersonation">
<i class="icon icon-user"></i> Impersonate User
</a>
Expand Down

0 comments on commit a133799

Please sign in to comment.