Commit 4fdce824ea3f74db7a751d2de1b6cd97868eabeb
1 parent
0cf297a8
Exists in
ratings_minor_fixes
and in
3 other branches
Option for admins to login as a different user
Showing
4 changed files
with
55 additions
and
8 deletions
Show diff stats
app/concerns/authenticated_system.rb
| @@ -2,15 +2,18 @@ module AuthenticatedSystem | @@ -2,15 +2,18 @@ module AuthenticatedSystem | ||
| 2 | 2 | ||
| 3 | protected | 3 | protected |
| 4 | 4 | ||
| 5 | - def self.included base | ||
| 6 | - if base < ActionController::Base | ||
| 7 | - base.around_filter :user_set_current | ||
| 8 | - base.before_filter :login_from_cookie | 5 | + extend ActiveSupport::Concern |
| 6 | + | ||
| 7 | + included do | ||
| 8 | + if self < ActionController::Base | ||
| 9 | + around_filter :user_set_current | ||
| 10 | + before_filter :override_user | ||
| 11 | + before_filter :login_from_cookie | ||
| 9 | end | 12 | end |
| 10 | 13 | ||
| 11 | # Inclusion hook to make #current_user and #logged_in? | 14 | # Inclusion hook to make #current_user and #logged_in? |
| 12 | # available as ActionView helper methods. | 15 | # available as ActionView helper methods. |
| 13 | - base.helper_method :current_user, :logged_in? | 16 | + helper_method :current_user, :logged_in? |
| 14 | end | 17 | end |
| 15 | 18 | ||
| 16 | # Returns true or false if the user is logged in. | 19 | # Returns true or false if the user is logged in. |
| @@ -20,10 +23,9 @@ module AuthenticatedSystem | @@ -20,10 +23,9 @@ module AuthenticatedSystem | ||
| 20 | end | 23 | end |
| 21 | 24 | ||
| 22 | # Accesses the current user from the session. | 25 | # Accesses the current user from the session. |
| 23 | - def current_user | 26 | + def current_user user_id = session[:user] |
| 24 | @current_user ||= begin | 27 | @current_user ||= begin |
| 25 | - id = session[:user] | ||
| 26 | - user = User.where(id: id).first if id | 28 | + user = User.find_by id: user_id if user_id |
| 27 | user.session = session if user | 29 | user.session = session if user |
| 28 | User.current = user | 30 | User.current = user |
| 29 | user | 31 | user |
| @@ -141,6 +143,13 @@ module AuthenticatedSystem | @@ -141,6 +143,13 @@ module AuthenticatedSystem | ||
| 141 | end | 143 | end |
| 142 | end | 144 | end |
| 143 | 145 | ||
| 146 | + def override_user | ||
| 147 | + return if params[:override_user].blank? | ||
| 148 | + return unless logged_in? and user.is_admin? environment | ||
| 149 | + @current_user = nil | ||
| 150 | + current_user params[:override_user] | ||
| 151 | + end | ||
| 152 | + | ||
| 144 | # When called with before_filter :login_from_cookie will check for an :auth_token | 153 | # When called with before_filter :login_from_cookie will check for an :auth_token |
| 145 | # cookie and log the user back in if apropriate | 154 | # cookie and log the user back in if apropriate |
| 146 | def login_from_cookie | 155 | def login_from_cookie |
app/helpers/url_helper.rb
| @@ -4,4 +4,12 @@ module UrlHelper | @@ -4,4 +4,12 @@ module UrlHelper | ||
| 4 | 'javascript:history.back()' | 4 | 'javascript:history.back()' |
| 5 | end | 5 | end |
| 6 | 6 | ||
| 7 | + def default_url_options | ||
| 8 | + options = {} | ||
| 9 | + | ||
| 10 | + options[:override_user] = params[:override_user] if params[:override_user].present? | ||
| 11 | + | ||
| 12 | + options | ||
| 13 | + end | ||
| 14 | + | ||
| 7 | end | 15 | end |
test/functional/application_controller_test.rb
| @@ -506,6 +506,21 @@ class ApplicationControllerTest < ActionController::TestCase | @@ -506,6 +506,21 @@ class ApplicationControllerTest < ActionController::TestCase | ||
| 506 | assert_redirected_to :controller => 'account', :action => 'login' | 506 | assert_redirected_to :controller => 'account', :action => 'login' |
| 507 | end | 507 | end |
| 508 | 508 | ||
| 509 | + should 'override user when current is an admin' do | ||
| 510 | + user = create_user | ||
| 511 | + other_user = create_user | ||
| 512 | + environment = Environment.default | ||
| 513 | + login_as user.login | ||
| 514 | + @controller.stubs(:environment).returns(environment) | ||
| 515 | + | ||
| 516 | + get :index, override_user: other_user.id | ||
| 517 | + assert_equal user, assigns(:current_user) | ||
| 518 | + | ||
| 519 | + environment.add_admin user.person | ||
| 520 | + get :index, override_user: other_user.id | ||
| 521 | + assert_equal other_user, assigns(:current_user) | ||
| 522 | + end | ||
| 523 | + | ||
| 509 | should 'do not allow member not included in whitelist to access an restricted environment' do | 524 | should 'do not allow member not included in whitelist to access an restricted environment' do |
| 510 | user = create_user | 525 | user = create_user |
| 511 | e = Environment.default | 526 | e = Environment.default |
| @@ -0,0 +1,15 @@ | @@ -0,0 +1,15 @@ | ||
| 1 | +require 'test_helper' | ||
| 2 | + | ||
| 3 | +class UrlHelperTest < ActionView::TestCase | ||
| 4 | + | ||
| 5 | + include UrlHelper | ||
| 6 | + | ||
| 7 | + def setup | ||
| 8 | + end | ||
| 9 | + | ||
| 10 | + should 'preserve override_user if present' do | ||
| 11 | + params[:override_user] = 1 | ||
| 12 | + assert_equal default_url_options[:override_user], params[:override_user] | ||
| 13 | + end | ||
| 14 | + | ||
| 15 | +end |