Need help with impersonate

[Michael Ellis]

I haven't worked with impersonate before.  Thought I understood from the manual how to set it up, but apparently not. When I try to impersonate another user,  I get "Forbidden" when I hit Submit after entering the user id.  I'm running on localhost.   Here's what the shell says I have in the auth tables.

$ python web2py.py -S init -M

Version 1.99.7 (2012-03-04 22:12:08) stable

I have 2 users,

>>> print db(db.auth_user.id>0).select()

auth_user.id,auth_user.first_name,auth_user.last_name, ...

1,Michael,Ellis, ... (me)

2,John,Bigbooty, ...

and one group called 'admin',

>>> print db(db.auth_group.id>0).select()

auth_group.id,auth_group.role,auth_group.description

1,admin,App administrator has permission to do anything including impersonation.

I'm a member of admin,

>>> print db(db.auth_membership.id>0).select()

auth_membership.id,auth_membership.user_id,auth_membership.group_id

1,1,1

and admin has permission to impersonate John (record 2 in db.auth_user)

>>> print db(db.auth_permission.id>0).select()

auth_permission.id,auth_permission.group_id,auth_permission.name,auth_permission.table_name,auth_permission.record_id

1,1,impersonate,db.auth_user,2

What am I doing wrong?

Thanks,

Mike

[Alan Etkin]

I just tested impersonation with last trunk version and is working fine

Here's what I did:

Register two users
Added an impersonate record in db.auth_permission (1 has permission to impersonate 2) with appadmin
Logged in as 1
Went to <app>/default/user/impersonate and submitted the form with value 2

However, I think there's a problem with this line in the book (ch. 9)

"... impersonate allows a user to "impersonate" another user. This is important for debugging and for support purposes. request.args[0] is the id of the user to be impersonated..."

Where request.args[0] is "mpersonate" for the refered case and going to <app>/default/user/impersonate/<id> does not automatically impersonates.

Also, on submission, the impersonation action returns the Row object of the impersonated user. I think it shoul be more appropiate to present a readonly form with that information.

[Massimo Di Pierro]

I agree. Can you send me a patch?

[Alan Etkin]

El domingo, 16 de septiembre de 2012 11:30:32 UTC-3, Massimo Di Pierro escribió:

I agree. Can you send me a patch?

A patch for the two issues mentioned. Now impersonate looks for args before returning a form.
On impersonation, it returns a readonly form with the user data

The book should read "... request.args[1] is the id..."

[Michael Ellis]

Thanks Alan and Massimo.  I will retest with sources from trunk as soon as I get a chance to spend some time on it.   Am I right that the patch is simply a fix to the web presentation,  i.e. the impersonate functionality to should work without it?
Cheers,
Mike

--
 
 
 

[Michael Ellis]

SOLVED (6 months later)

I put this aside six months ago when I couldn't make it work. Today I really needed it so I dug out pdb and drilled down into auth.has_permission().  Finally, the light dawned on me. The table_name field is a string! Changing it to "auth_user" fixed the problem.  May I suggest a couple of changes to keep others from stumbling where I did?

The online book current has (emphasis mine):

"""

impersonate allows a user to "impersonate" another user. This is important for debugging and for support purposes. request.args[0] is the id of the user to be impersonated. This is only allowed if the logged in userhas_permission('impersonate', db.auth_user, user_id).

"""

That should be changed to has_permission('impersonate', "auth_user", user_id)

It would also help if auth.has_permission threw a ticket if given a bad table_name argument, maybe something like:

if not hasattr(db, table_name) and isinstance(getattr(db, table_name), db.Table):
    raise ValueError("Table {} doesn't exist in db".format(table_name))

Thanks,

Mike