Connect as other people

apps/member/urls.py

@@ -2,7 +2,7 @@ from django.urls import path
 from django.views.generic import RedirectView
 
 from .views import CreateUserView, MyAccountView, UserDetailView,\
-    ProfileListView, OrphanedProfileListView, OrganizersListView
+    ProfileListView, OrphanedProfileListView, OrganizersListView, ResetAdminView
 
 app_name = "member"
 
@@ -17,4 +17,5 @@ urlpatterns = [
     path("profiles/", ProfileListView.as_view(), name="all_profiles"),
     path("orphaned-profiles/", OrphanedProfileListView.as_view(), name="orphaned_profiles"),
     path("organizers/", OrganizersListView.as_view(), name="organizers"),
+    path("reset-admin/", ResetAdminView.as_view(), name="reset_admin"),
 ]

apps/member/views.py

@@ -1,7 +1,9 @@
 from django.contrib.auth.mixins import LoginRequiredMixin
+from django.contrib.auth.models import AnonymousUser
 from django.core.exceptions import PermissionDenied
 from django.db.models import Q
 from django.http import FileResponse
+from django.shortcuts import redirect
 from django.utils.translation import gettext_lazy as _
 from django.views import View
 from django.views.generic import CreateView, UpdateView, DetailView
@@ -31,15 +33,29 @@ class MyAccountView(LoginRequiredMixin, UpdateView):
 class UserDetailView(LoginRequiredMixin, DetailView):
     model = TFJMUser
     form_class = TFJMUserForm
-    context_object_name = "user"
+    context_object_name = "tfjmuser"
 
     def dispatch(self, request, *args, **kwargs):
+        if isinstance(request.user, AnonymousUser):
+            raise PermissionDenied
+
+        self.object = self.get_object()
+
         if not request.user.admin \
-                and (self.object.team is not None and request.user not in self.object.team.tournament.organizers)\
+                and (self.object.team is not None and request.user not in self.object.team.tournament.organizers.all())\
                 and self.request.user != self.object:
             raise PermissionDenied
         return super().dispatch(request, *args, **kwargs)
 
+    def post(self, request, *args, **kwargs):
+        if "view_as" in request.POST:
+            session = request.session
+            session["admin"] = request.user.pk
+            obj = self.get_object()
+            session["_fake_user_id"] = obj.pk
+            return redirect(request.path)
+        return self.get(request, *args, **kwargs)
+
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
 
@@ -82,3 +98,10 @@ class OrganizersListView(AdminMixin, SingleTableView):
     table_class = UserTable
     template_name = "member/profile_list.html"
     extra_context = dict(title=_("Organizers"))
+
+
+class ResetAdminView(AdminMixin, View):
+    def dispatch(self, request, *args, **kwargs):
+        if "_fake_user_id" in request.session:
+            del request.session["_fake_user_id"]
+        return redirect(request.GET["path"])

templates/base.html

@@ -141,6 +141,11 @@
                 {% endif %}
             </ul>
             <ul class="navbar-nav">
+                {% if "_fake_user_id" in request.session %}
+                    <li class="nav-item active">
+                        <a class="nav-link" href="{% url "member:reset_admin" %}?path={{ request.path }}"><i class="fas fa-cog"></i> {% trans "Return to admin view" %}</a>
+                    </li>
+                {% endif %}
                 {% if not user.is_authenticated %}
                     <li class="nav-item active">
                         <a class="nav-link" href="{% url "login" %}"><i class="fas fa-sign-in-alt"></i> {% trans "Log in" %}</a>

templates/member/tfjmuser_detail.html

@@ -10,52 +10,52 @@
         <div class="card-body">
             <dl class="row">
                 <dt class="col-xl-6 text-right">{% trans 'role'|capfirst %}</dt>
-                <dd class="col-xl-6">{{ user.get_role_display }}</dd>
+                <dd class="col-xl-6">{{ tfjmuser.get_role_display }}</dd>
 
                 <dt class="col-xl-6 text-right">{% trans 'team'|capfirst %}</dt>
-                <dd class="col-xl-6"><a href="{% url "tournament:team_detail" pk=user.team.pk %}">{{ user.team }}</a></dd>
+                <dd class="col-xl-6"><a href="{% url "tournament:team_detail" pk=tfjmuser.team.pk %}">{{ tfjmuser.team }}</a></dd>
 
                 <dt class="col-xl-6 text-right">{% trans 'birth date'|capfirst %}</dt>
-                <dd class="col-xl-6">{{ user.birth_date }}</dd>
+                <dd class="col-xl-6">{{ tfjmuser.birth_date }}</dd>
 
                 <dt class="col-xl-6 text-right">{% trans 'gender'|capfirst %}</dt>
-                <dd class="col-xl-6">{{ user.get_gender_display }}</dd>
+                <dd class="col-xl-6">{{ tfjmuser.get_gender_display }}</dd>
 
                 <dt class="col-xl-6 text-right">{% trans 'address'|capfirst %}</dt>
-                <dd class="col-xl-6">{{ user.address }}, {{ user.postal_code }}, {{ user.city }}{% if user.country != "France" %}, {{ user.country }}{% endif %}</dd>
+                <dd class="col-xl-6">{{ tfjmuser.address }}, {{ tfjmuser.postal_code }}, {{ tfjmuser.city }}{% if tfjmuser.country != "France" %}, {{ tfjmuser.country }}{% endif %}</dd>
 
                 <dt class="col-xl-6 text-right">{% trans 'email'|capfirst %}</dt>
-                <dd class="col-xl-6"><a href="mailto:{{ user.email }}">{{ user.email }}</a></dd>
+                <dd class="col-xl-6"><a href="mailto:{{ tfjmuser.email }}">{{ tfjmuser.email }}</a></dd>
 
                 <dt class="col-xl-6 text-right">{% trans 'phone number'|capfirst %}</dt>
-                <dd class="col-xl-6">{{ user.phone_number }}</dd>
+                <dd class="col-xl-6">{{ tfjmuser.phone_number }}</dd>
 
-                {% if user.role == '3participant' %}
+                {% if tfjmuser.role == '3participant' %}
                     <dt class="col-xl-6 text-right">{% trans 'school'|capfirst %}</dt>
-                    <dd class="col-xl-6">{{ user.school }}</dd>
+                    <dd class="col-xl-6">{{ tfjmuser.school }}</dd>
 
                     <dt class="col-xl-6 text-right">{% trans 'class'|capfirst %}</dt>
-                    <dd class="col-xl-6">{{ user.get_student_class_display }}</dd>
+                    <dd class="col-xl-6">{{ tfjmuser.get_student_class_display }}</dd>
 
-                    {% if user.responsible_name %}
+                    {% if tfjmuser.responsible_name %}
                         <dt class="col-xl-6 text-right">{% trans 'responsible name'|capfirst %}</dt>
-                        <dd class="col-xl-6">{{ user.responsible_name }}</dd>
+                        <dd class="col-xl-6">{{ tfjmuser.responsible_name }}</dd>
                     {% endif %}
 
-                    {% if user.responsible_phone %}
+                    {% if tfjmuser.responsible_phone %}
                         <dt class="col-xl-6 text-right">{% trans 'responsible phone'|capfirst %}</dt>
-                        <dd class="col-xl-6">{{ user.responsible_phone }}</dd>
+                        <dd class="col-xl-6">{{ tfjmuser.responsible_phone }}</dd>
                     {% endif %}
 
-                    {% if user.responsible_email %}
+                    {% if tfjmuser.responsible_email %}
                         <dt class="col-xl-6 text-right">{% trans 'responsible email'|capfirst %}</dt>
-                        <dd class="col-xl-6"><a href="{{ user.responsible_email }}">{{ user.responsible_email }}</a></dd>
+                        <dd class="col-xl-6"><a href="{{ tfjmuser.responsible_email }}">{{ tfjmuser.responsible_email }}</a></dd>
                     {% endif %}
                 {% endif %}
 
-                {% if user.role == '2coach' %}
+                {% if tfjmuser.role == '2coach' %}
                     <dt class="col-xl-6 text-right">{% trans 'description'|capfirst %}</dt>
-                    <dd class="col-xl-6">{{ user.description }}</dd>
+                    <dd class="col-xl-6">{{ tfjmuser.description }}</dd>
                 {% endif %}
             </dl>
         </div>
@@ -66,4 +66,12 @@
     <h4>{% trans "Documents" %}</h4>
 
     {# TODO Display documents #}
+
+    {% if request.user.is_superuser %}
+        <hr>
+        <form method="post">
+            {% csrf_token %}
+            <button name="view_as" class="btn btn-block btn-warning">{% blocktrans %}View site as {{ tfjmuser }}{% endblocktrans %}</button>
+        </form>
+    {% endif %}
 {% endblock %}

tfjm/middlewares.py

@@ -2,12 +2,14 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 from django.conf import settings
-from django.contrib.auth.models import AnonymousUser, User
+from django.contrib.auth.models import AnonymousUser
 
 from threading import local
 
 from django.contrib.sessions.backends.db import SessionStore
 
+from member.models import TFJMUser
+
 USER_ATTR_NAME = getattr(settings, 'LOCAL_USER_ATTR_NAME', '_current_user')
 SESSION_ATTR_NAME = getattr(settings, 'LOCAL_SESSION_ATTR_NAME', '_current_session')
 IP_ATTR_NAME = getattr(settings, 'LOCAL_IP_ATTR_NAME', '_current_ip')
@@ -21,7 +23,7 @@ def _set_current_user_and_ip(user=None, session=None, ip=None):
     setattr(_thread_locals, IP_ATTR_NAME, ip)
 
 
-def get_current_user() -> User:
+def get_current_user() -> TFJMUser:
     return getattr(_thread_locals, USER_ATTR_NAME, None)
 
 
@@ -49,7 +51,11 @@ class SessionMiddleware(object):
         self.get_response = get_response
 
     def __call__(self, request):
+        if "_fake_user_id" in request.session:
+            request.user = TFJMUser.objects.get(pk=request.session["_fake_user_id"])
+
         user = request.user
+        print(user)
         if 'HTTP_X_FORWARDED_FOR' in request.META:
             ip = request.META.get('HTTP_X_FORWARDED_FOR')
         else:

tfjm/settings.py

@@ -65,6 +65,7 @@ MIDDLEWARE = [
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'django.middleware.locale.LocaleMiddleware',
     'django.contrib.sites.middleware.CurrentSiteMiddleware',
+    'tfjm.middlewares.SessionMiddleware',
     'tfjm.middlewares.TurbolinksMiddleware',
 ]