basic impersonation
alex wennerberg alex@alexwennerberg.com
Sun, 06 Dec 2020 01:51:32 -0800
3 files changed,
24 insertions(+),
10 deletions(-)
M
http.go
→
http.go
@@ -366,7 +366,14 @@ }
func logoutHandler(w http.ResponseWriter, r *http.Request) { session, _ := SessionStore.Get(r, "cookie-session") - session.Options.MaxAge = -1 + impers, ok := session.Values["impersonating_user"].(string) + if ok { + session.Values["auth_user"] = impers + session.Values["impersonating_user"] = nil // TODO expire this automatically + // session.Values["admin"] = nil // TODO fix admin + } else { + session.Options.MaxAge = -1 + } session.Save(r, w) http.Redirect(w, r, "/", http.StatusSeeOther) }@@ -467,11 +474,10 @@ return
} data := struct { Users []User - LoggedIn bool - IsAdmin bool + AuthUser AuthUser PageTitle string Host string - }{allUsers, true, true, "Admin", c.Host} + }{allUsers, user, "Admin", c.Host} err = t.ExecuteTemplate(w, "admin.html", data) if err != nil { panic(err)@@ -572,8 +578,13 @@ action := components[4]
var err error if action == "activate" { err = activateUser(userName) - } else if action == "delete" { - err = deleteUser(userName) + } else if action == "impersonate" { + session, _ := SessionStore.Get(r, "cookie-session") + session.Values["auth_user"] = userName + session.Values["impersonating_user"] = user.Username + session.Save(r, w) + http.Redirect(w, r, "/", http.StatusSeeOther) + return } if err != nil { log.Println(err)
M
templates/admin.html
→
templates/admin.html
@@ -22,12 +22,11 @@ </form>
</p> {{ end }} <p> -<form action="/admin/user/{{.Username}}/delete" method="POST" class="inline"> +<form action="/admin/user/{{.Username}}/impersonate" method="POST" class="inline"> <input - class="button delete" + class="button" type="submit" - onclick="return confirm('Are you SURE you want to delete this user?');" - value="delete" + value="impersonate" /> </form> </div>