I agree that impersonate is just right the way it is. -Jim
On Sunday, April 5, 2015 at 6:00:52 PM UTC-5, Limedrop wrote: > > Well the easy answer is to simply open the impersonated user in a > different browser (eg, have Support Team login in chrome and impersonated > user login in firefox). > > For us it is important that impersonate is restricted to the user's > permissions...we have several classes of user and it is essential to see > what the site looks like from their "environment". > > > On Monday, 6 April 2015 06:51:53 UTC+12, Louis Amon wrote: >> >> When you "impersonate" a user in web2py, your whole auth session gets >> replaced with the user's, and that means you lose access to whatever >> permissions you used to have ( >> http://web2py.readthedocs.org/en/latest/tools.html#gluon.tools.Auth.impersonate >> ) >> >> Practically : if you're a staff member (Support Team, not geek) and >> you're using a permission-locked back-office to impersonate a user, that >> means you won't be able to access the back-office to check for extra data >> until you impersonate(0) to go back to your own session and permissions. >> >> So far I've just asked my team to chew on it and just de-impersonate >> every time they need to go back to the back-office... but they keep >> complaining about it and they're quite right. >> >> >> I've been thinking about how to improve this, and so far I've only >> managed to narrow down a few options : >> >> 1. Building a second Session() object to manage both sessions >> separately >> 2. Using session.connect(masterapp="...") to use another >> application's sessions (between main app and back-office app for >> instance, >> if those are separate... which is a pain in terms of model management) >> 3. Messing with the permission system to add up permissions (staff >> member's permissions + impersonated user's permissions) before permission >> checks >> >> >> I'm really not sure what strategy I should adopt here and how I should go >> about implementing this. >> >> Pointers would be very welcome :) >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
