[web2py] Re: impersonate any user

Thu, 11 Apr 2013 04:44:57 -0700 

Even worse, the impersonate action is never logged in the auth_event.

It seems that in the impersonate definition (tools.py), the self.log_event 
is not reached, due to the callback above it, which is a
redirect_after_login ..
It seems like a bug to me. 


if onaccept:
                form = Storage(dict(vars=self.user))
                if not isinstance(onaccept,(list, tuple)):
                    onaccept = [onaccept]
                for callback in onaccept:
                    *callback(form)*
            log = self.messages.impersonate_log
            self.log_event(log, dict(id=current_id, other_id=auth.user.id))

if the logging action goes directly after the onaccept evaluation, the 
impersonation logging works properly:
if onaccept:
                *log = self.messages.impersonate_log
                self.log_event(log, dict(id=current_id, other_id=auth.user.
id))*
                form = Storage(dict(vars=self.user))
                if not isinstance(onaccept,(list, tuple)):
                    onaccept = [onaccept]
                for callback in onaccept:
                    callback(form)

And here is the correct logging (auth_event), after moving up those 2 lines 
of code:
*"id", "time_stamp", "client_ip", "user_id", "origin", "description"*
"84", "2013-04-11 12:26:41", "127.0.0.1", "9", "auth", "User 9 Logged-in"
"85", "2013-04-11 12:27:10", "127.0.0.1", "7", "auth", "User 9 is 
impersonating 7"

On Wednesday, April 10, 2013 5:07:54 PM UTC+1, Kostas M wrote:
>
> Is the reversion back to the initial user working properly?
>
> I can impersonate a user, entering a user id in the 
> http://.../user/impersonate form, 
> but when I go back to that form, and entering 0 , although it seems 
> momentarily to change the user name greeting in the upper right of the app,
> if I go to the http://.../user/profile or anywhere else, still the 
> impersonated user appears.
>
> Have anyone noticed this behaviour?
>
>
> On Tuesday, April 19, 2011 10:30:47 PM UTC+1, Massimo Di Pierro wrote:
>>
>> First at some point do 
>>
>> gid = auth.add_group('impersonators') 
>> auth.add_permission(gid,'impersonate','auth_user') 
>> auth.add_membership(gid,your_authuser_id) 
>>
>> then just visit 
>>
>> http://.../user/impersonate 
>>
>> and it prompt you a form about which user you want to impersonate. 0 
>> for reverting back to yourself. 
>>
>>
>>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to