Dropdown to view a page as different user roles while admin?
12 views
Skip to first unread message
Zach
Dec 14, 2012, 8:05:22 PM12/14/12
to newha...@googlegroups.com
I've got an interesting problem and I described it basically in a Stackoverflow question...
Overall, I need some kind of dropdown on a page to provide a "view as [role x]". In order to check formatting I need to keep logging in and out of test accounts and it's pretty miserable. This would be useful for moderators as well in the production system, so I'm hoping to come up with a solution.
Any suggestions?
I'm thinking of possibly providing a dropdown to change some session information and providing some user methods to check if the user can view that specific "perspective". Is that a reasonable solution?
-Zach
Diego Scataglini
Dec 14, 2012, 10:25:52 PM12/14/12
to newha...@googlegroups.com
The quick and dirty solution that we've done in our system is to assume somebody identity. You can manipulate your session to resolve to a different user id.
It's dirty because you have to log out and then log back in as yourself.
It looks like you're using cancan. So what I'd do is this:
Where you setup your abilities put a guard for some session variable (or database "override" field on current_user).
If that variable is available use that setting, otherwise use the default.
Then all the dropdown has to do is to set either the session variable or the "override" field on current_user.
Diego Scataglini
work: http://www.junivi.com
blog: http://www.diegoscataglini.com
twitter: http://twitter.com/_sc
wwr: http://www.workingwithrails.com/person/5269-diego-scataglini
skype: dscataglini
cell. 561-856-5622
work: http://www.junivi.com
blog: http://www.diegoscataglini.com
twitter: http://twitter.com/_sc
wwr: http://www.workingwithrails.com/person/5269-diego-scataglini
skype: dscataglini
cell. 561-856-5622
Diego Scataglini
Dec 14, 2012, 10:29:15 PM12/14/12
to newha...@googlegroups.com
I guess I didn't read your whole post on stackoverflow.
Not user specific methods & not url parameter.
Diego Scataglini
work: http://www.junivi.com
blog: http://www.diegoscataglini.com
twitter: http://twitter.com/_sc
wwr: http://www.workingwithrails.com/person/5269-diego-scataglini
skype: dscataglini
cell. 561-856-5622
work: http://www.junivi.com
blog: http://www.diegoscataglini.com
twitter: http://twitter.com/_sc
wwr: http://www.workingwithrails.com/person/5269-diego-scataglini
skype: dscataglini
cell. 561-856-5622
Joel Nimety
Dec 14, 2012, 10:51:03 PM12/14/12
to newha...@googlegroups.com
If the end goal is to reduce test time how about setting up capybara and writing some tests checking for proper markup? Or use one of the many multi browser screens shot services out there so you only have to look over the screenshots to verify formatting. Don't forget that many browser vendors and versions have their own rendering quirks...
We also do something along the lines of what Diego was talking about. Using devise it was simple to create a second session controller that lets you assume the identity of another user and stores the original as another warden "user". In this scenario signing out of the assumed user session signs you back in as your original user. It's been a while since I set this up so the following simplified code may leave out some key bits but I'm 99% sure this is all you'd need:
# app/controllers/assume_user_sessions_controller.rb
class AssumeUserSessionsController < ApplicationController
authorize_resource :class => false # Make sure current_user is allowed to do this! Otherwise serious security implications.
def create
sign_in :user, User.find(params[:assume_user_id])
sign_in :original_user, current_user
redirect_to some_path
end
def destroy
sign_in :user, original_user
sign_out :original_user
redirect_to some_path
end
end
# app/controllers/application_controller.rb
def original_user
warden.user(:orginal_user)
end
# config/routes.rb
# change class_name as appropriate
devise_for :assume_user, :class_name => 'User', :only => []
resource :assume_user_session do
delete :destroy, :as => "destroy" # devise compatibility
end
Joel Nimety
Dec 14, 2012, 10:52:52 PM12/14/12
to newha...@googlegroups.com
I already see a typo
warden.user(:orginal_user)
should be
warden.user(:original_user)
Zach Morek
Dec 15, 2012, 1:36:46 PM12/15/12
to newha...@googlegroups.com
Looking at Gary's answer on SO, I think since I'm more interested in trickling down to a more restricted user `role`, rather than logging in as a different user, I'm going to modify the user class to have some kind of "viewing_as_role" attribute which I can then key my permissions against without having to hack user sessions. This also has the added benefit that I don't have to rework how I handled conditionals in my views so far since they're based on cancan and I can now base cancan on both real and "perceived" roles.
Thanks for the advice guys!
David Backeberg
Dec 17, 2012, 9:44:30 AM12/17/12
to newha...@googlegroups.com
I'm late to the party, but you can play with a demo at
authenticate as admin/admin
Then in the top left, there's a key icon to control the "impersonation" feature. You can use the magnifying glass as a picker to choose the user to emulate.
This particular feature is nice in that this implementation isn't full-blown logout / login.
Similar features in other systems call this "emulation".
Reply all
Reply to author
Forward
0 new messages