[Git][noosfero/noosfero][master] 2 commits: Option for admins to login as a different user
Bráulio Bhavamitra
gitlab at mg.gitlab.com
Mon May 30 16:15:36 BRT 2016
Bráulio Bhavamitra pushed to branch master at Noosfero / noosfero
Commits:
4fdce824 by Braulio Bhavamitra at 2016-05-23T16:45:58-03:00
Option for admins to login as a different user
- - - - -
a9ba6bfa by Bráulio Bhavamitra at 2016-05-30T19:12:30+00:00
Merge branch 'override-user' into 'master'
Parameter for admins to login as a different user
See merge request !938
- - - - -
4 changed files:
- app/concerns/authenticated_system.rb
- app/helpers/url_helper.rb
- test/functional/application_controller_test.rb
- + test/unit/url_helper_test.rb
Changes:
=====================================
app/concerns/authenticated_system.rb
=====================================
--- a/app/concerns/authenticated_system.rb
+++ b/app/concerns/authenticated_system.rb
@@ -2,15 +2,18 @@ module AuthenticatedSystem
protected
- def self.included base
- if base < ActionController::Base
- base.around_filter :user_set_current
- base.before_filter :login_from_cookie
+ extend ActiveSupport::Concern
+
+ included do
+ if self < ActionController::Base
+ around_filter :user_set_current
+ before_filter :override_user
+ before_filter :login_from_cookie
end
# Inclusion hook to make #current_user and #logged_in?
# available as ActionView helper methods.
- base.helper_method :current_user, :logged_in?
+ helper_method :current_user, :logged_in?
end
# Returns true or false if the user is logged in.
@@ -20,10 +23,9 @@ module AuthenticatedSystem
end
# Accesses the current user from the session.
- def current_user
+ def current_user user_id = session[:user]
@current_user ||= begin
- id = session[:user]
- user = User.where(id: id).first if id
+ user = User.find_by id: user_id if user_id
user.session = session if user
User.current = user
user
@@ -141,6 +143,13 @@ module AuthenticatedSystem
end
end
+ def override_user
+ return if params[:override_user].blank?
+ return unless logged_in? and user.is_admin? environment
+ @current_user = nil
+ current_user params[:override_user]
+ end
+
# When called with before_filter :login_from_cookie will check for an :auth_token
# cookie and log the user back in if apropriate
def login_from_cookie
=====================================
app/helpers/url_helper.rb
=====================================
--- a/app/helpers/url_helper.rb
+++ b/app/helpers/url_helper.rb
@@ -4,4 +4,12 @@ module UrlHelper
'javascript:history.back()'
end
+ def default_url_options
+ options = {}
+
+ options[:override_user] = params[:override_user] if params[:override_user].present?
+
+ options
+ end
+
end
=====================================
test/functional/application_controller_test.rb
=====================================
--- a/test/functional/application_controller_test.rb
+++ b/test/functional/application_controller_test.rb
@@ -506,6 +506,21 @@ class ApplicationControllerTest < ActionController::TestCase
assert_redirected_to :controller => 'account', :action => 'login'
end
+ should 'override user when current is an admin' do
+ user = create_user
+ other_user = create_user
+ environment = Environment.default
+ login_as user.login
+ @controller.stubs(:environment).returns(environment)
+
+ get :index, override_user: other_user.id
+ assert_equal user, assigns(:current_user)
+
+ environment.add_admin user.person
+ get :index, override_user: other_user.id
+ assert_equal other_user, assigns(:current_user)
+ end
+
should 'do not allow member not included in whitelist to access an restricted environment' do
user = create_user
e = Environment.default
=====================================
test/unit/url_helper_test.rb
=====================================
--- /dev/null
+++ b/test/unit/url_helper_test.rb
@@ -0,0 +1,15 @@
+require 'test_helper'
+
+class UrlHelperTest < ActionView::TestCase
+
+ include UrlHelper
+
+ def setup
+ end
+
+ should 'preserve override_user if present' do
+ params[:override_user] = 1
+ assert_equal default_url_options[:override_user], params[:override_user]
+ end
+
+end
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/5bac7a05a76d1a38dbd733deca77c1e308c3c408...a9ba6bfaa291967adb5cde021e27d8a9f84cdbb3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20160530/d94e4e66/attachment-0001.html>
More information about the Noosfero-dev
mailing list