This is now in trunk and seems to work. Please give it a try.
1) use auth and register two users (id=1,name='you')
(id=2,name='other')
2) login as 1
3) create a test controller that displays the session
4) in model auth.add_permission(1,'impersonate','auth_user',2)
5) call the URL
http://..../user/impersonate/2
to impersonate 2 and
http://..../user/impersonate/0
to be back to yourself (are restore your session).
Notice that you can recursively impersonate other users if the users
you are impersonating have permission to impersonate other users.
I agree with Yarko, this is very useful.
Massimo
On 24 Apr, 16:18, Yarko Tymciurak <[email protected]> wrote:
> as Massimo shows here, the kind of thing this does is implement a heirarchy
> of permissions - allowing one with more permission to (attempt) to operate
> at a lower level (certainly a different level).
> In general, this is a useful facility for an application writer to have at
> their disposal to use in implementing many useful behaviors; help desk
> managers is one concept; a hierarchy of groups (in something like a church
> or community group) is another.
>
> For testing, I can imagine creating a series of test users with various
> permissions, and a test framework driving a test suite...
>
> On unix / Linux, su and sudo implement this kind of thing, so the concept is
> an old one.
>
> You can probably think of many, many more uses.
>
> On Fri, Apr 24, 2009 at 3:00 PM, mdipierro <[email protected]> wrote:
>
> > I am doing this in trunk and actually I am allowing A to impersonate B
> > (if A has permission) which can impersonates C (if B has permission)
> > etc etc recursively. Needs a little bit more work and testing.
>
> > Massimo
>
> > On Apr 24, 9:19 am, Yarko Tymciurak <[email protected]> wrote:
> > > management function for an application.
> > > Imagine someone asking for help to check some information on their form,
> > and
> > > you have dozens of even managers to help people...
>
> > > Admin view of tables is not so safe, or so useful (how can someone at a
> > desk
> > > help if they do not see what the end user sees, or even more - see a
> > balance
> > > due when it is calculated from several tables).
>
> > > For this, an "impersonate" is useful - allows a manager to say things
> > like
> > > "let's look at your balance" or "let me have your receipt for you when
> > you
> > > come to the registration desk." ....
>
> > > On Fri, Apr 24, 2009 at 6:00 AM, Francisco Gama <[email protected]
> > >wrote:
>
> > > > it's nice to have more power to do the things users want, go for it
> > > > but please mind me asking...
> > > > why would anyone want to impersonate a different user while logged in?
> > > > Isn't that what a good authentication system isn't trying to avoid as
> > > > a possibility?
>
> > > > Thank you
>
> > > > On Apr 24, 5:27 am, mdipierro <[email protected]> wrote:
> > > > > will do that...
>
> > > > > On 23 Apr, 18:32, TheDude <[email protected]> wrote:
>
> > > > > > Yes we should :) Also, another class/key that checks of the person
> > is
> > > > > > impersonating or not. :D
>
> > > > > > @auth.is_impersonating() returns boolean
>
> > > > > > On Apr 23, 3:07 pm, mdipierro <[email protected]> wrote:
>
> > > > > > > If you are using Auth you may want to be able to impersonate a
> > > > > > > different user without logout and without resetting all your
> > session
> > > > > > > variables.
>
> > > > > > > This is how you can do it
>
> > > > > > > #optonal: @auth.requires_permission
> > > > > > > ('impersonate',auth.table_user,request.args[0] if request.args
> > else
> > > > 0)
> > > > > > > def impersonate():
> > > > > > > """ usagehttp://..../impersonate/[id] """
> > > > > > > auth.original_user = auth.user
> > > > > > > auth.user = auth.table_user._filter_fields(auth.table_user
> > > > > > > [request.args[0]],True)
> > > > > > > return dict()
>
> > > > > > > def un_impersonate():
> > > > > > > if auth.original_user:
> > > > > > > auth.user = auth.original_user
> > > > > > > auth.original_user = None
> > > > > > > return dict()
>
> > > > > > > You can already do this. Should we make it easier and make them
> > > > > > > methods of the Auth class?
>
> > > > > > > Massimo
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
