I just tested impersonation with last trunk version and is working fine Here's what I did:
Register two users Added an impersonate record in db.auth_permission (1 has permission to impersonate 2) with appadmin Logged in as 1 Went to <app>/default/user/impersonate and submitted the form with value 2 However, I think there's a problem with this line in the book (ch. 9) "... *impersonate* allows a user to "impersonate" another user. This is important for debugging and for support purposes. request.args[0] is the id of the user to be impersonated..." Where request.args[0] is "mpersonate" for the refered case and going to <app>/default/user/impersonate/<id> does not automatically impersonates. Also, on submission, the impersonation action returns the Row object of the impersonated user. I think it shoul be more appropiate to present a readonly form with that information. El sábado, 15 de septiembre de 2012 18:47:35 UTC-3, Michael Ellis escribió: > > I haven't worked with impersonate before. Thought I understood from the > manual how to set it up, but apparently not. When I try to impersonate > another user, I get "Forbidden" when I hit Submit after entering the user > id. I'm running on localhost. Here's what the shell says I have in the > auth tables. > > $ python web2py.py -S init -M > Version 1.99.7 (2012-03-04 22:12:08) stable > > *I have 2 users,* > >>> print db(db.auth_user.id>0).select() > auth_user.id,auth_user.first_name,auth_user.last_name, ... > 1,Michael,Ellis, ... *(me)* > 2,John,Bigbooty, ... > > *and one group called 'admin',* > >>> print db(db.auth_group.id>0).select() > auth_group.id,auth_group.role,auth_group.description > 1,admin,App administrator has permission to do anything including > impersonation. > > *I'm a member of admin,* > >>> print db(db.auth_membership.id>0).select() > auth_membership.id,auth_membership.user_id,auth_membership.group_id > 1,1,1 > > *and admin has permission to impersonate John (record 2 in db.auth_user)* > >>> print db(db.auth_permission.id>0).select() > auth_permission.id,auth_permission.group_id,auth_permission.name > ,auth_permission.table_name,auth_permission.record_id > 1,1,impersonate,db.auth_user,2 > > What am I doing wrong? > > Thanks, > Mike > --
