Tighter Guards on Admin Impersonation
ImprovementWeek of May 6, 2026
A few related changes to who can do what when impersonating an advocate:
- Per-admin impersonation permissions. Whether an admin can impersonate is now governed by an explicit permission (via Pundit) rather than being implicit in their admin role. Existing admins keep their current ability; the permission is now visible and editable.
- Only active advocates can be impersonated. Suspended, archived, or otherwise inactive advocates can no longer be impersonated — closing a small but real footgun where an admin could act as an account that shouldn’t be acting.
- Non-active advocates don’t trigger intro initiation. Related cleanup: introduction-initiation flows skip non-active advocates entirely instead of attempting and silently failing.
No admin action required.