I suppose you could also move the "Joe's rules" logic to the user()
function (or whatever action you use to control impersonation):
def user():
if request.args(0) == 'impersonate':
[Joe's rules]
return dict(form=auth())
Anthony
On Monday, October 3, 2016 at 3:47:27 PM UTC-4, Massimo Di Pierro wrote:
>
> Hello Joe,
>
> sorry this fell through the cracks. The easiest way is this:
>
>
> class JoeAuth(Auth):
>
> def impersonate(self, user_id=DEFAULT):
>
> """
>
> To
> use this make a POST to
>
> `http://..../impersonate
> request.post_vars.user_id=<id>`
>
> Set request.post_vars.user_id to 0 to restore original user.
>
> requires impersonator is logged in and::
>
>
> has_permission('impersonate', 'auth_user', user_id)
>
> """
>
> request = current.request
>
> session = current.session
>
> auth = session.auth
>
> table_user = self.table_user()
>
> if not self.is_logged_in():
>
> raise HTTP(401, "Not Authorized")
>
> current_id = auth.user.id
>
> requested_id = user_id
>
> user = None
>
> if user_id is DEFAULT:
>
> user_id = current.request.post_vars.user_id
>
> if user_id and user_id != self.user.id and user_id != '0':
>
>
> # joe's rules!
>
> if not (self.has_membership('root') or
>
> (self.has_membership('manager') and
>
> not self.has_membership('manager',user_id) and
>
> not self.has_membership('root',user_id))):
>
> raise HTTP(403, "Forbidden")
>
>
> user = table_user(user_id)
>
> if not user:
>
> raise HTTP(401, "Not Authorized")
>
> auth.impersonator = pickle.dumps(session,
> pickle.HIGHEST_PROTOCOL)
>
> auth.user.update(
>
> table_user._filter_fields(user, True))
>
> self.user = auth.user
>
> self.update_groups()
>
> log = self.messages['impersonate_log']
>
> self.log_event(log, dict(id=current_id, other_id=auth.user.id
> ))
>
> self.run_login_onaccept()
>
> elif user_id in (0, '0'):
>
> if self.is_impersonating():
>
> session.clear()
>
> session.update(pickle.loads(auth.impersonator))
>
> self.user = session.auth.user
>
> self.update_groups()
>
> self.run_login_onaccept()
>
> return None
>
> if requested_id is DEFAULT and not request.post_vars:
>
> return SQLFORM.factory(Field('user_id', 'integer'))
>
> elif not user:
>
> return None
>
> else:
>
> return SQLFORM(table_user, user.id, readonly=True)
>
> put it in a module, import it, than use JoeAuth in place of Auth.
>
>
> On Saturday, 1 October 2016 03:56:11 UTC-5, Joe Barnhart wrote:
>>
>> Still looking for a reply for this message! C'mon, it's only
>> been...what... 2-1/2 years?? Seriously. I was just looking at this again
>> and thought to myself, "I remember asking that on web2py-user... I wonder
>> if I missed the response?" Turns out I didn't!
>>
>> -- Joe
>>
>>
>> On Thursday, April 17, 2014 at 12:26:11 AM UTC-7, Joe Barnhart wrote:
>>>
>>> I find I need the "impersonate" feature for a website I'm building -- it
>>> is the perfect solution to supporting users who forget how to work the
>>> website or need help setting up their profile information. In fact, I have
>>> a group called "support" who I am tasking with this chore and I want them
>>> to be able impersonate any of the users.
>>>
>>> EXCEPT, of course, me. I have a group for the people who run and
>>> control every aspect of the website, and only my partner and I have logons
>>> at this level. I don't want any "support" group members to be able to
>>> impersonate my "root" group. I may add a "manager" group at some point who
>>> should also not be accessible to the support staff. I guess I should also
>>> prevent support staff from impersonating each other as well. I'm no
>>> killjoy, but I want to prevent "pranking" and epic April Fools jokes
>>> between my support reps before they even get started.
>>>
>>> And I, of course, as "root" want to be able to impersonate anybody on my
>>> site. The only difference between me and the NSA is that my employees
>>> won't have to wonder or guess if I'm looking over their shoulder -- I'll
>>> tell them straight up! (just kidding. NSA also has a larger budget and
>>> cooler toys. there are actually several differences)
>>>
>>> I can see how I can add an "impersonate" group, and add it to either the
>>> auth_user table or specific rows, but that doesn't give me the layers I'm
>>> looking for. That is:
>>>
>>> support --> impersonate users
>>> managers --> impersonate support, users
>>> root --> impersonate all of the above
>>>
>>> Have I missed something obvious?
>>>
>>> -- Joe "benevolent dictator" B.
>>>
>>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
