Allow administrators to impersonate other users

2026-05-08 15:44:02 +00:00 · 2018-01-29 11:15:32 +01:00
parent 3a713541a2
commit 14da25bd9e
8 changed files with 64 additions and 1 deletions
--- a/src/pretix/control/templates/pretixcontrol/base.html
+++ b/src/pretix/control/templates/pretixcontrol/base.html
@@ -1,6 +1,7 @@
 {% load compress %}
 {% load staticfiles %}
 {% load i18n %}
+{% load hijack_tags %}
 {% load statici18n %}
 {% load eventurl %}
 <!DOCTYPE html>
@@ -258,6 +259,19 @@
                    </div>
                </div>
            </nav>
+            {% if request|is_hijacked %}
+                <div class="impersonate-warning">
+                    <span class="fa fa-user-secret"></span>
+                    {% blocktrans with user=request.user%}You are currently working on behalf of {{ user }}.{% endblocktrans %}
+
+                    <form action="{% url 'control:users.impersonate.stop' %}" method="post" class="helper-display-inline">
+                        {% csrf_token %}
+                        <button class="btn btn-default btn-sm">
+                            {% trans "Stop impersonating" %}
+                        </button>
+                    </form>
+                </div>
+            {% endif %}
            <div id="page-wrapper">
                <div class="container-fluid">
                    {% if messages %}
--- a/src/pretix/control/templates/pretixcontrol/users/form.html
+++ b/src/pretix/control/templates/pretixcontrol/users/form.html
@@ -9,6 +9,10 @@
            {% csrf_token %}
            <button class="btn btn-default">{% trans "Send password reset email" %}</button>
        </form>
+        <form action="{% url "control:users.impersonate" id=user.pk %}" method="post" class="form-inline helper-display-inline">
+            {% csrf_token %}
+            <button class="btn btn-default">{% trans "Impersonate user" %}</button>
+        </form>
    </p>
    <div class="row">
        <div class="col-md-10 col-xs-12">
--- a/src/pretix/control/urls.py
+++ b/src/pretix/control/urls.py
@@ -21,8 +21,10 @@ urlpatterns = [
    url(r'^users/$', users.UserListView.as_view(), name='users'),
    url(r'^users/select2$', typeahead.users_select2, name='users.select2'),
    url(r'^users/add$', users.UserCreateView.as_view(), name='users.add'),
+    url(r'^users/impersonate/stop', users.UserImpersonateStopView.as_view(), name='users.impersonate.stop'),
    url(r'^users/(?P<id>\d+)/$', users.UserEditView.as_view(), name='users.edit'),
    url(r'^users/(?P<id>\d+)/reset$', users.UserResetView.as_view(), name='users.reset'),
+    url(r'^users/(?P<id>\d+)/impersonate', users.UserImpersonateView.as_view(), name='users.impersonate'),
    url(r'^settings/?$', user.UserSettings.as_view(), name='user.settings'),
    url(r'^settings/history/$', user.UserHistoryView.as_view(), name='user.settings.history'),
    url(r'^settings/notifications/$', user.UserNotificationsEditView.as_view(), name='user.settings.notifications'),
--- a/src/pretix/control/views/users.py
+++ b/src/pretix/control/views/users.py
@@ -1,11 +1,13 @@
 from django.conf import settings
 from django.contrib import messages
+from django.contrib.auth.mixins import LoginRequiredMixin
 from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse
 from django.utils.functional import cached_property
 from django.utils.translation import ugettext_lazy as _
 from django.views import View
 from django.views.generic import ListView
+from hijack.helpers import login_user, release_hijack

 from pretix.base.models import User
 from pretix.base.services.mail import SendMailException
@@ -76,6 +78,9 @@ class UserEditView(AdministratorPermissionRequiredMixin, RecentAuthenticationReq

 class UserResetView(AdministratorPermissionRequiredMixin, RecentAuthenticationRequiredMixin, View):

+    def get(self, request, *args, **kwargs):
+        return redirect(reverse('control:users.edit', kwargs=self.kwargs))
+
    def post(self, request, *args, **kwargs):
        self.object = get_object_or_404(User, pk=self.kwargs.get("id"))
        try:
@@ -93,6 +98,24 @@ class UserResetView(AdministratorPermissionRequiredMixin, RecentAuthenticationRe
        return reverse('control:users.edit', kwargs=self.kwargs)


+class UserImpersonateView(AdministratorPermissionRequiredMixin, RecentAuthenticationRequiredMixin, View):
+
+    def get(self, request, *args, **kwargs):
+        return redirect(reverse('control:users.edit', kwargs=self.kwargs))
+
+    def post(self, request, *args, **kwargs):
+        self.object = get_object_or_404(User, pk=self.kwargs.get("id"))
+        login_user(request, self.object)
+        return redirect(reverse('control:index'))
+
+
+class UserImpersonateStopView(LoginRequiredMixin, View):
+
+    def post(self, request, *args, **kwargs):
+        release_hijack(request)
+        return redirect(reverse('control:index'))
+
+
 class UserCreateView(AdministratorPermissionRequiredMixin, RecentAuthenticationRequiredMixin, CreateView):
    template_name = 'pretixcontrol/users/create.html'
    context_object_name = 'user'