Merge branch 'override-user' into 'master'

Parameter for admins to login as a different user See merge request !938

Merge branch 'override-user' into 'master'
Parameter for admins to login as a different user See merge request !938
Braulio Bhavamitra
2 parents 5bac7a05 4fdce824
Showing 4 changed files with 55 additions and 8 deletions Show diff stats
app/concerns/authenticated_system.rb
app/helpers/url_helper.rb
test/functional/application_controller_test.rb
test/unit/url_helper_test.rb
@@ -2,15 +2,18 @@ module AuthenticatedSystem
   protected
-    def self.included base
-      if base < ActionController::Base
-        base.around_filter :user_set_current
-        base.before_filter :login_from_cookie
+    extend ActiveSupport::Concern
+
+    included do
+      if self < ActionController::Base
+        around_filter :user_set_current
+        before_filter :override_user
+        before_filter :login_from_cookie
       end
       # Inclusion hook to make #current_user and #logged_in?
       # available as ActionView helper methods.
-      base.helper_method :current_user, :logged_in?
+      helper_method :current_user, :logged_in?
     end
     # Returns true or false if the user is logged in.
@@ -20,10 +23,9 @@ module AuthenticatedSystem
     end
     # Accesses the current user from the session.
-    def current_user
+    def current_user user_id = session[:user]
       @current_user ||= begin
-        id = session[:user]
-        user = User.where(id: id).first if id
+        user = User.find_by id: user_id if user_id
         user.session = session if user
         User.current = user
         user
@@ -141,6 +143,13 @@ module AuthenticatedSystem
       end
     end
+    def override_user
+      return if params[:override_user].blank?
+      return unless logged_in? and user.is_admin? environment
+      @current_user = nil
+      current_user params[:override_user]
+    end
+
     # When called with before_filter :login_from_cookie will check for an :auth_token
     # cookie and log the user back in if apropriate
     def login_from_cookie
@@ -4,4 +4,12 @@ module UrlHelper
     'javascript:history.back()'
   end
+  def default_url_options
+    options = {}
+
+    options[:override_user] = params[:override_user] if params[:override_user].present?
+
+    options
+  end
+
 end
@@ -506,6 +506,21 @@ class ApplicationControllerTest &lt; ActionController::TestCase
     assert_redirected_to :controller => 'account', :action => 'login'
   end
+  should 'override user when current is an admin' do
+    user        = create_user
+    other_user  = create_user
+    environment = Environment.default
+    login_as user.login
+    @controller.stubs(:environment).returns(environment)
+
+    get :index, override_user: other_user.id
+    assert_equal user, assigns(:current_user)
+
+    environment.add_admin user.person
+    get :index, override_user: other_user.id
+    assert_equal other_user, assigns(:current_user)
+  end
+
   should 'do not allow member not included in whitelist to access an restricted environment' do
     user = create_user
     e = Environment.default
@@ -0,0 +1,15 @@
+require 'test_helper'
+
+class UrlHelperTest < ActionView::TestCase
+
+  include UrlHelper
+
+  def setup
+  end
+
+  should 'preserve override_user if present' do
+    params[:override_user] = 1
+    assert_equal default_url_options[:override_user], params[:override_user]
+  end
+
+end
	@@ -4,4 +4,12 @@ module UrlHelper		@@ -4,4 +4,12 @@ module UrlHelper
4	'javascript:history.back()'	4	'javascript:history.back()'
5	end	5	end
6		6
		7	+ def default_url_options
		8	+ options = {}
		9	+
		10	+ options[:override_user] = params[:override_user] if params[:override_user].present?
		11	+
		12	+ options
		13	+ end
		14	+
7	end	15	end
	@@ -506,6 +506,21 @@ class ApplicationControllerTest < ActionController::TestCase		@@ -506,6 +506,21 @@ class ApplicationControllerTest < ActionController::TestCase
506	assert_redirected_to :controller => 'account', :action => 'login'	506	assert_redirected_to :controller => 'account', :action => 'login'
507	end	507	end
508		508
		509	+ should 'override user when current is an admin' do
		510	+ user = create_user
		511	+ other_user = create_user
		512	+ environment = Environment.default
		513	+ login_as user.login
		514	+ @controller.stubs(:environment).returns(environment)
		515	+
		516	+ get :index, override_user: other_user.id
		517	+ assert_equal user, assigns(:current_user)
		518	+
		519	+ environment.add_admin user.person
		520	+ get :index, override_user: other_user.id
		521	+ assert_equal other_user, assigns(:current_user)
		522	+ end
		523	+
509	should 'do not allow member not included in whitelist to access an restricted environment' do	524	should 'do not allow member not included in whitelist to access an restricted environment' do
510	user = create_user	525	user = create_user
511	e = Environment.default	526	e = Environment.default
@@ -0,0 +1,15 @@		@@ -0,0 +1,15 @@
	1	+require 'test_helper'
	2	+
	3	+class UrlHelperTest < ActionView::TestCase
	4	+
	5	+ include UrlHelper
	6	+
	7	+ def setup
	8	+ end
	9	+
	10	+ should 'preserve override_user if present' do
	11	+ params[:override_user] = 1
	12	+ assert_equal default_url_options[:override_user], params[:override_user]
	13	+ end
	14	+
	15	+end