Add impersonification

2020-10-19 16:08:42 +02:00 · 2020-10-19 16:08:42 +02:00 · 28e2fa10c3
parent d940acb226
commit 28e2fa10c3
3 changed files with 38 additions and 3 deletions
--- a/apps/registration/urls.py
+++ b/apps/registration/urls.py
@ -1,7 +1,8 @@
 from django.urls import path

-from .views import MyAccountDetailView, SignupView, UserDetailView, UserResendValidationEmailView,\
-    UserUpdateView, UserUploadPhotoAuthorizationView, UserValidateView, UserValidationEmailSentView
+from .views import MyAccountDetailView, ResetAdminView, SignupView, UserDetailView, UserImpersonateView, \
+    UserResendValidationEmailView, UserUpdateView, UserUploadPhotoAuthorizationView, UserValidateView, \
+    UserValidationEmailSentView

 app_name = "registration"

@ -16,4 +17,6 @@ urlpatterns = [
    path("user/<int:pk>/update/", UserUpdateView.as_view(), name="update_user"),
    path("user/<int:pk>/upload-photo-authorization/", UserUploadPhotoAuthorizationView.as_view(),
         name="upload_user_photo_authorization"),
+    path("user/<int:pk>/impersonate/", UserImpersonateView.as_view(), name="user_impersonate"),
+    path("reset-admin/", ResetAdminView.as_view(), name="reset_admin"),
 ]
--- a/apps/registration/views.py
+++ b/apps/registration/views.py
@ -212,3 +212,35 @@ class PhotoAuthorizationView(LoginRequiredMixin, View):
        ext = mime_type.split("/")[1].replace("jpeg", "jpg")
        true_file_name = _("Photo authorization of {student}.{ext}").format(student=str(student), ext=ext)
        return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
+
+
+class UserImpersonateView(LoginRequiredMixin, RedirectView):
+    def dispatch(self, request, *args, **kwargs):
+        """
+        An administrator can log in through this page as someone else, and act as this other person.
+        """
+        if self.request.user.registration.is_admin:
+            if not User.objects.filter(pk=kwargs["pk"]).exists():
+                raise Http404
+            session = request.session
+            session["admin"] = request.user.pk
+            session["_fake_user_id"] = kwargs["pk"]
+            return redirect(request.path)
+        return super().dispatch(request, *args, **kwargs)
+
+    def get_redirect_url(self, *args, **kwargs):
+        return reverse_lazy("registration:user_detail", args=(kwargs["pk"],))
+
+
+class ResetAdminView(LoginRequiredMixin, View):
+    """
+    Return to admin view, clear the session field that let an administrator to log in as someone else.
+    """
+
+    def dispatch(self, request, *args, **kwargs):
+        user = request.user
+        if not user.is_authenticated:
+            return self.handle_no_permission()
+        if "_fake_user_id" in request.session:
+            del request.session["_fake_user_id"]
+        return redirect(request.GET.get("path", "/"))
--- a/templates/base.html
+++ b/templates/base.html
@ -111,7 +111,7 @@
                {% endif %}
                {% if "_fake_user_id" in request.session %}
                    <li class="nav-item active">
-                        <a class="nav-link" href="{% url "member:reset_admin" %}?path={{ request.path }}"><i class="fas fa-tools"></i> {% trans "Return to admin view" %}</a>
+                        <a class="nav-link" href="{% url "registration:reset_admin" %}?path={{ request.path }}"><i class="fas fa-tools"></i> {% trans "Return to admin view" %}</a>
                    </li>
                {% endif %}
                {% if not user.is_authenticated %}