diff --git a/app/controllers/admin/impersonation_tokens_controller.rb b/app/controllers/admin/impersonation_tokens_controller.rb
index dd69166aae38d5a2495ed06e29531059764b8835..60dc5b69c694f543e4dfb093d125c5df53192555 100644
--- a/app/controllers/admin/impersonation_tokens_controller.rb
+++ b/app/controllers/admin/impersonation_tokens_controller.rb
@@ -45,7 +45,7 @@ def user
# rubocop: enable CodeReuse/ActiveRecord
def verify_impersonation_enabled!
- access_denied! unless helpers.impersonation_enabled?
+ access_denied! unless helpers.impersonation_tokens_enabled?
end
def finder(options = {})
diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb
index 8004b777d7463a301ccdb3c3d3ceba22c574202f..44028bb876d8e6a89d5ff8aff0b0430447c7f77b 100644
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -102,6 +102,10 @@ def impersonation_enabled?
Gitlab.config.gitlab.impersonation_enabled
end
+ def impersonation_tokens_enabled?
+ impersonation_enabled?
+ end
+
def can_impersonate_user(user, impersonation_in_progress)
can?(user, :log_in) && !user.password_expired? && !impersonation_in_progress
end
diff --git a/app/views/admin/users/_head.html.haml b/app/views/admin/users/_head.html.haml
index 40fa4e9e52b8130f8f6005eb42806c1ba9a69e30..843af3d1da9a2448a4fd66d18bf2e0c47460b1ff 100644
--- a/app/views/admin/users/_head.html.haml
+++ b/app/views/admin/users/_head.html.haml
@@ -40,6 +40,6 @@
= gl_tab_link_to _("Groups and projects"), projects_admin_user_path(@user)
= gl_tab_link_to _("SSH keys"), keys_admin_user_path(@user)
= gl_tab_link_to _("Identities"), admin_user_identities_path(@user)
- - if impersonation_enabled?
+ - if impersonation_tokens_enabled?
= gl_tab_link_to _("Impersonation Tokens"), admin_user_impersonation_tokens_path(@user), data: { testid: 'impersonation-tokens-tab' }
.gl-mb-3
diff --git a/ee/app/helpers/ee/users_helper.rb b/ee/app/helpers/ee/users_helper.rb
index 775ac5df5d98c46e19d8829b579b4d9b65841e6e..d30898fd773438724aafb137615a6db01131cc3c 100644
--- a/ee/app/helpers/ee/users_helper.rb
+++ b/ee/app/helpers/ee/users_helper.rb
@@ -12,8 +12,8 @@ def display_public_email?(user)
!::Feature.enabled?(:hide_public_email_on_profile, user.provisioned_by_group)
end
- override :impersonation_enabled?
- def impersonation_enabled?
+ override :impersonation_tokens_enabled?
+ def impersonation_tokens_enabled?
super && !::Gitlab::CurrentSettings.personal_access_tokens_disabled?
end
diff --git a/ee/spec/helpers/users_helper_spec.rb b/ee/spec/helpers/users_helper_spec.rb
index 4aca9655c63e73135af453923679675f55f9fdfa..7fd9c36474ea230296d1e1efaba42983351cce07 100644
--- a/ee/spec/helpers/users_helper_spec.rb
+++ b/ee/spec/helpers/users_helper_spec.rb
@@ -182,7 +182,13 @@
stub_ee_application_setting(personal_access_tokens_disabled?: true)
end
- it { is_expected.to eq(false) }
+ it 'allows the admin to impersonate the user' do
+ expect(helper.impersonation_enabled?).to eq(true)
+ end
+
+ it 'disables impersonation_tokens' do
+ expect(helper.impersonation_tokens_enabled?).to eq(false)
+ end
end
end
diff --git a/spec/helpers/users_helper_spec.rb b/spec/helpers/users_helper_spec.rb
index 5d9d7d52c74b103b9086302d2a045e6696ef4d07..4d31cd3da50e394cf5a24396fc20c698ead08f84 100644
--- a/spec/helpers/users_helper_spec.rb
+++ b/spec/helpers/users_helper_spec.rb
@@ -183,6 +183,22 @@ def filter_ee_badges(badges)
end
end
+ describe '#impersonation_enabled' do
+ context 'when impersonation is enabled' do
+ before do
+ stub_config_setting(impersonation_enabled: true)
+ end
+
+ it 'allows the admin to impersonate a user' do
+ expect(helper.impersonation_enabled?).to eq(true)
+ end
+
+ it 'allows impersonation tokens' do
+ expect(helper.impersonation_tokens_enabled?).to eq(true)
+ end
+ end
+ end
+
describe '#can_impersonate_user' do
let(:user) { create(:user) }
let(:impersonation_in_progress) { false }