def impersonate(self, user_id=DEFAULT):
""" To use this make a POST to `http://..../impersonate request.post_vars.user_id=<id>` Set request.post_vars.user_id to 0 to restore original user. requires impersonator is logged in and:: has_permission('impersonate', 'auth_user', user_id) """
request = current.request
session = current.session
auth = session.auth
table_user = self.table_user()
if not self.is_logged_in():
raise HTTP(401, "Not Authorized")
current_id = auth.user.id
requested_id = user_id
user = None
if user_id is DEFAULT:
user_id = current.request.post_vars.user_id
if user_id and user_id != self.user.id and user_id != '0':
# joe's rules!
if not (self.has_membership('root') or
(self.has_membership('manager') and
not self.has_membership('manager',user_id) and
not self.has_membership('root',user_id))):
raise HTTP(403, "Forbidden")
user = table_user(user_id)
if not user:
raise HTTP(401, "Not Authorized")
auth.impersonator = pickle.dumps(session, pickle.HIGHEST_PROTOCOL)
auth.user.update(
table_user._filter_fields(user, True))
self.user = auth.user
self.update_groups()
log = self.messages['impersonate_log']
self.log_event(log, dict(id=current_id, other_id=auth.user.id))
self.run_login_onaccept()
elif user_id in (0, '0'):
if self.is_impersonating():
session.clear()
session.update(pickle.loads(auth.impersonator))
self.user = session.auth.user
self.update_groups()
self.run_login_onaccept()
return None
if requested_id is DEFAULT and not request.post_vars:
return SQLFORM.factory(Field('user_id', 'integer'))
elif not user:
return None
else:
return SQLFORM(table_user, user.id, readonly=True)
def user():
if request.args(0) == 'impersonate':
[Joe's rules]
return dict(form=auth())