I do not know if it can help you but we use a function like this to
switch to a specific user:
Pay attention that the function will make your admin lose
administration privileges as it will become the other user.
And the function can stop working if your repoze configuration is
different or some part of repoze change.
def force_login_as_user(user_name):
request = tg.request
response = tg.response
request.cookies.clear()
authentication_plugins = request.environ['repoze.who.plugins']
identifier = authentication_plugins['main_identifier']
try:
response.headers = identifier.remember(request.environ,
{'repoze.who.userid':user_name})
except:
pass
On Thu, Dec 2, 2010 at 1:38 PM, A.Nedos <[email protected]> wrote:
> On Dec 2, 12:02 pm, Christoph Zwerschke <[email protected]> wrote:
>> Am 02.12.2010 12:38 schrieb A.Nedos:
>>
>> > Is there a way to masquerade as a user with repoze.what in a TG2 app ?
>> > What I want is the ability for a site administrator to be able to log-
>> > in as another user, without obviously knowing the user's password.
>>
>> A simple solution is to set a master passwort in development.ini and/or
>> production.ini and add the following to the validate_password method of
>> the User model class in model/auth.oy:
>>
>> master_password = config.get('master_password')
>> if master_password and password == master_password:
>> log.warn(
>> 'User %s logged in using master password',
>> self.user_name)
>> return True
>>
>
> Thanks,
>
> That could work I guess, though it can quickly become cumbersome if an
> admin has to log-in to a large number of accounts.
>
> So, I guess for the specific use-case I have in my mind - site admins
> masquerading as users without needing passwd authentication -
> one has to write a repoze.who Identity plugin ?
>
> I'm quite surprise that this use-case is not catered for, I would have
> thought that it's salient feature for any app exceeding the 10-user
> ceiling.
> I could be missing something in the TG2 architecture of course ;)
>
> Regards,
> Andronikos
>
> --
> You received this message because you are subscribed to the Google Groups
> "TurboGears" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/turbogears?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en.
