Prevent impersonation if blocked
Created by: atomaka
Issue #9872 (closed) notes that impersonating a blocked user will log you out of your account. A more desirable result is for the administrator to be notified that a blocked user cannot be impersonated. This pull request addresses that in two ways:
When viewing a users page in the administration panel, the Impersonate button will not be present when the user is blocked:
If an attempt to post against the impersonate URL for a blocked user occurs, a flash message will display notifying the administrator that a blocked user cannot be impersonated:
Test cases are included for both of these changes.
I have also included a minor change that explicitly defines the impersonator_return_to location instead of relying on HTTP_REFERER.