Now I think 3 should be the solution but it should be an option and not default behavior. Nowhere we say that impersonate should behave has linux sudo permissions. The way it is intended to work is that when you impersonate another user you become that other use and you see what the other user would see. So by default you only get the same permissions as the user you impersonate. this is not by design, and not an oversight. I see that sometimes you want something different. I guess the impersonate method could have an option that supports your option 3.
On Sunday, 5 April 2015 13:51:53 UTC-5, Louis Amon wrote: > > When you "impersonate" a user in web2py, your whole auth session gets > replaced with the user's, and that means you lose access to whatever > permissions you used to have ( > http://web2py.readthedocs.org/en/latest/tools.html#gluon.tools.Auth.impersonate > ) > > Practically : if you're a staff member (Support Team, not geek) and you're > using a permission-locked back-office to impersonate a user, that means you > won't be able to access the back-office to check for extra data until you > impersonate(0) to go back to your own session and permissions. > > So far I've just asked my team to chew on it and just de-impersonate every > time they need to go back to the back-office... but they keep complaining > about it and they're quite right. > > > I've been thinking about how to improve this, and so far I've only managed > to narrow down a few options : > > 1. Building a second Session() object to manage both sessions > separately > 2. Using session.connect(masterapp="...") to use another application's > sessions (between main app and back-office app for instance, if those are > separate... which is a pain in terms of model management) > 3. Messing with the permission system to add up permissions (staff > member's permissions + impersonated user's permissions) before permission > checks > > > I'm really not sure what strategy I should adopt here and how I should go > about implementing this. > > Pointers would be very welcome :) > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
