Hello Joe,
sorry this fell through the cracks. The easiest way is this:
class JoeAuth(Auth):
def impersonate(self, user_id=DEFAULT):
"""
To use
this make a POST to
`http://..../impersonate
request.post_vars.user_id=<id>`
Set request.post_vars.user_id to 0 to restore original user.
requires impersonator is logged in and::
has_permission('impersonate', 'auth_user', user_id)
"""
request = current.request
session = current.session
auth = session.auth
table_user = self.table_user()
if not self.is_logged_in():
raise HTTP(401, "Not Authorized")
current_id = auth.user.id
requested_id = user_id
user = None
if user_id is DEFAULT:
user_id = current.request.post_vars.user_id
if user_id and user_id != self.user.id and user_id != '0':
# joe's rules!
if not (self.has_membership('root') or
(self.has_membership('manager') and
not self.has_membership('manager',user_id) and
not self.has_membership('root',user_id))):
raise HTTP(403, "Forbidden")
user = table_user(user_id)
if not user:
raise HTTP(401, "Not Authorized")
auth.impersonator = pickle.dumps(session,
pickle.HIGHEST_PROTOCOL)
auth.user.update(
table_user._filter_fields(user, True))
self.user = auth.user
self.update_groups()
log = self.messages['impersonate_log']
self.log_event(log, dict(id=current_id, other_id=auth.user.id))
self.run_login_onaccept()
elif user_id in (0, '0'):
if self.is_impersonating():
session.clear()
session.update(pickle.loads(auth.impersonator))
self.user = session.auth.user
self.update_groups()
self.run_login_onaccept()
return None
if requested_id is DEFAULT and not request.post_vars:
return SQLFORM.factory(Field('user_id', 'integer'))
elif not user:
return None
else:
return SQLFORM(table_user, user.id, readonly=True)
put it in a module, import it, than use JoeAuth in place of Auth.
On Saturday, 1 October 2016 03:56:11 UTC-5, Joe Barnhart wrote:
>
> Still looking for a reply for this message! C'mon, it's only
> been...what... 2-1/2 years?? Seriously. I was just looking at this again
> and thought to myself, "I remember asking that on web2py-user... I wonder
> if I missed the response?" Turns out I didn't!
>
> -- Joe
>
>
> On Thursday, April 17, 2014 at 12:26:11 AM UTC-7, Joe Barnhart wrote:
>>
>> I find I need the "impersonate" feature for a website I'm building -- it
>> is the perfect solution to supporting users who forget how to work the
>> website or need help setting up their profile information. In fact, I have
>> a group called "support" who I am tasking with this chore and I want them
>> to be able impersonate any of the users.
>>
>> EXCEPT, of course, me. I have a group for the people who run and control
>> every aspect of the website, and only my partner and I have logons at this
>> level. I don't want any "support" group members to be able to impersonate
>> my "root" group. I may add a "manager" group at some point who should also
>> not be accessible to the support staff. I guess I should also prevent
>> support staff from impersonating each other as well. I'm no killjoy, but I
>> want to prevent "pranking" and epic April Fools jokes between my support
>> reps before they even get started.
>>
>> And I, of course, as "root" want to be able to impersonate anybody on my
>> site. The only difference between me and the NSA is that my employees
>> won't have to wonder or guess if I'm looking over their shoulder -- I'll
>> tell them straight up! (just kidding. NSA also has a larger budget and
>> cooler toys. there are actually several differences)
>>
>> I can see how I can add an "impersonate" group, and add it to either the
>> auth_user table or specific rows, but that doesn't give me the layers I'm
>> looking for. That is:
>>
>> support --> impersonate users
>> managers --> impersonate support, users
>> root --> impersonate all of the above
>>
>> Have I missed something obvious?
>>
>> -- Joe "benevolent dictator" B.
>>
>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
