as Massimo shows here, the kind of thing this does is implement a heirarchy of permissions - allowing one with more permission to (attempt) to operate at a lower level (certainly a different level). In general, this is a useful facility for an application writer to have at their disposal to use in implementing many useful behaviors; help desk managers is one concept; a hierarchy of groups (in something like a church or community group) is another.
For testing, I can imagine creating a series of test users with various permissions, and a test framework driving a test suite... On unix / Linux, su and sudo implement this kind of thing, so the concept is an old one. You can probably think of many, many more uses. On Fri, Apr 24, 2009 at 3:00 PM, mdipierro <[email protected]> wrote: > > I am doing this in trunk and actually I am allowing A to impersonate B > (if A has permission) which can impersonates C (if B has permission) > etc etc recursively. Needs a little bit more work and testing. > > Massimo > > On Apr 24, 9:19 am, Yarko Tymciurak <[email protected]> wrote: > > management function for an application. > > Imagine someone asking for help to check some information on their form, > and > > you have dozens of even managers to help people... > > > > Admin view of tables is not so safe, or so useful (how can someone at a > desk > > help if they do not see what the end user sees, or even more - see a > balance > > due when it is calculated from several tables). > > > > For this, an "impersonate" is useful - allows a manager to say things > like > > "let's look at your balance" or "let me have your receipt for you when > you > > come to the registration desk." .... > > > > On Fri, Apr 24, 2009 at 6:00 AM, Francisco Gama <[email protected] > >wrote: > > > > > > > > > it's nice to have more power to do the things users want, go for it > > > but please mind me asking... > > > why would anyone want to impersonate a different user while logged in? > > > Isn't that what a good authentication system isn't trying to avoid as > > > a possibility? > > > > > Thank you > > > > > On Apr 24, 5:27 am, mdipierro <[email protected]> wrote: > > > > will do that... > > > > > > On 23 Apr, 18:32, TheDude <[email protected]> wrote: > > > > > > > Yes we should :) Also, another class/key that checks of the person > is > > > > > impersonating or not. :D > > > > > > > @auth.is_impersonating() returns boolean > > > > > > > On Apr 23, 3:07 pm, mdipierro <[email protected]> wrote: > > > > > > > > If you are using Auth you may want to be able to impersonate a > > > > > > different user without logout and without resetting all your > session > > > > > > variables. > > > > > > > > This is how you can do it > > > > > > > > #optonal: @auth.requires_permission > > > > > > ('impersonate',auth.table_user,request.args[0] if request.args > else > > > 0) > > > > > > def impersonate(): > > > > > > """ usagehttp://..../impersonate/[id] """ > > > > > > auth.original_user = auth.user > > > > > > auth.user = auth.table_user._filter_fields(auth.table_user > > > > > > [request.args[0]],True) > > > > > > return dict() > > > > > > > > def un_impersonate(): > > > > > > if auth.original_user: > > > > > > auth.user = auth.original_user > > > > > > auth.original_user = None > > > > > > return dict() > > > > > > > > You can already do this. Should we make it easier and make them > > > > > > methods of the Auth class? > > > > > > > > Massimo > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
