Make the sudo timeout configurable (#19851).

git-svn-id: http://svn.redmine.org/redmine/trunk@14353 e93f8b46-1217-0410-a6f0-8f06a7374b81

2 files changed, 9 insertions, 8 deletions

diff --git a/config/configuration.yml.example b/config/configuration.yml.example
index 1ce65e31d..db22fb0f4 100644
--- a/config/configuration.yml.example
+++ b/config/configuration.yml.example
@@ -172,10 +172,11 @@ default:
 
   # Requires users to re-enter their password for sensitive actions (editing
   # of account data, project memberships, application settings, user, group,
-  # role, auth source management and project deletion).
-  # Disabled by default.
+  # role, auth source management and project deletion). Disabled by default.
+  # Timeout is set in minutes.
   #
   #sudo_mode: true
+  #sudo_mode_timeout: 15
 
   # Absolute path (e.g. /usr/bin/convert, c:/im/convert.exe) to
   # the ImageMagick's `convert` binary. Used to generate attachment thumbnails.
diff --git a/lib/redmine/sudo_mode.rb b/lib/redmine/sudo_mode.rb
index bcbdd28f2..afb510ea4 100644
--- a/lib/redmine/sudo_mode.rb
+++ b/lib/redmine/sudo_mode.rb
@@ -4,10 +4,6 @@ require 'rack/utils'
 module Redmine
   module SudoMode
 
-    # timespan after which sudo mode expires when unused.
-    MAX_INACTIVITY = 15.minutes
-
-
     class SudoRequired < StandardError
     end
 
@@ -132,7 +128,7 @@ module Redmine
       end
 
       def sudo_timestamp_valid?
-        session[:sudo_timestamp].to_i > MAX_INACTIVITY.ago.to_i
+        session[:sudo_timestamp].to_i > SudoMode.timeout.ago.to_i
       end
 
       def update_sudo_timestamp!(new_value = Time.now.to_i)
@@ -218,6 +214,10 @@ module Redmine
     def self.enabled?
       Redmine::Configuration['sudo_mode'] && !RequestStore.store[:sudo_mode_disabled]
     end
+
+    # Timespan after which sudo mode expires when unused.
+    def self.timeout
+      Redmine::Configuration['sudo_mode_timeout'].to_i.minutes
+    end
   end
 end
-