Why `back` method needs authorization?

Question

lcjury opened this issue a year ago · comments

I want to allow admins to masquerade other users, because of this, I override the masquerade_authorized? method with something like:

def masquerade_authorized?
  admin?
end

The "back_masquerade_path" also uses masquerade_authorized?; since I'm masquerading as a non-admin user, I cannot return to my previous user.

I'm doing something wrong?

Martin Sugasti · Answer 1 · Mon Aug 28 2023 03:57:08 GMT+0800 (China Standard Time)

You could do something like

def masquerade_authorized?
  admin? || params[:action] == 'back'
end