Well the easy answer is to simply open the impersonated user in a different browser (eg, have Support Team login in chrome and impersonated user login in firefox).
For us it is important that impersonate is restricted to the user's permissions...we have several classes of user and it is essential to see what the site looks like from their "environment". On Monday, 6 April 2015 06:51:53 UTC+12, Louis Amon wrote: > > When you "impersonate" a user in web2py, your whole auth session gets > replaced with the user's, and that means you lose access to whatever > permissions you used to have ( > http://web2py.readthedocs.org/en/latest/tools.html#gluon.tools.Auth.impersonate > ) > > Practically : if you're a staff member (Support Team, not geek) and you're > using a permission-locked back-office to impersonate a user, that means you > won't be able to access the back-office to check for extra data until you > impersonate(0) to go back to your own session and permissions. > > So far I've just asked my team to chew on it and just de-impersonate every > time they need to go back to the back-office... but they keep complaining > about it and they're quite right. > > > I've been thinking about how to improve this, and so far I've only managed > to narrow down a few options : > > 1. Building a second Session() object to manage both sessions > separately > 2. Using session.connect(masterapp="...") to use another application's > sessions (between main app and back-office app for instance, if those are > separate... which is a pain in terms of model management) > 3. Messing with the permission system to add up permissions (staff > member's permissions + impersonated user's permissions) before permission > checks > > > I'm really not sure what strategy I should adopt here and how I should go > about implementing this. > > Pointers would be very welcome :) > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
