Skip to content

User impersonation button UX

geriley requested to merge geriley/gitlab:103068-user-impersonation into master

What does this MR do and why?

Solves 381635. MR disables "Impersonate" button and provides a tooltip explaining why user cannot be impersonated.

Screenshots or screen recordings

image

How to set up and validate locally

User with Expired Password

  1. Update password_expires_at to a value in the past for any user in users table
  2. Log in as admin user
  3. Visit http://localhost:3000/admin/users and select user with expired password

Expected: Disabled Impersonate button displays tool-tip when hovered over with text: "You cannot impersonate a user with an expired password"

Blocked User

  1. Log in as admin user
  2. Visit http://localhost:3000/admin/users and block any user
  3. Navigate to blocked user's details

Expected: Disabled Impersonate button displays tool-tip when hovered over with text: "You cannot impersonate a blocked user"

User that cannot log in

  1. Attempt to login as any user 6 times with an incorrect password until user's account is locked
  2. Log in as admin user
  3. Visit http://localhost:3000/admin/users and select locked user

Expected: Disabled Impersonate button displays tool-tip when hovered over with text: "You cannot impersonate a user who cannot log in"

Internal User

  1. Log in as admin user
  2. Visit http://localhost:3000/admin/users and select a bot user

Expected: Disabled Impersonate button displays tool-tip when hovered over with text: "You cannot impersonate an internal user"

Impersonation already in progress

Prerequisite: Ensure there are two admin users

  1. Log in a first admin user
  2. Visit http://localhost:3000/admin/users and select second admin user
  3. Click the Impersonate button
  4. Visit http://localhost:3000/admin/users and select any active user

Expected: Disabled Impersonate button displays tool-tip when hovered over with text: "You are already impersonating another user"

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by geriley

Merge request reports