switch_user 0.9.2 → 0.9.3

data/README.md

@@ -1,6 +1,6 @@
 # switch_user
 
-Inspired from [hobo][0], switch_user provides a convenient way to switch current user that speeds up your development and reproduce user specified error on production.
+Inspired from [hobo][0], switch_user provides a convenient way to switch current user without needing to log out and log in manually.
 
 ## Use Case
 
@@ -19,9 +19,9 @@ And source code here: <https://github.com/flyerhzm/switch_user_example>
 ## Install
 
 Add in Gemfile.
-
-    gem "switch_user"
-
+```ruby
+gem "switch_user"
+```
 ## Usage
 
 Add following code into your layout page.
@@ -42,90 +42,109 @@ If there are too many users (on production), the switch_user_select is not a goo
     = link_to user.login, "/switch_user?scope_identifier=user_#{user.id}"
     = link_to admin.login, "/switch_user?scope_identifier=admin_#{admin.id}"
 
-If you use it in a Rails 2 project, you have to add a route manually.
-
-    # config/routes.rb
-    map.switch_user '/switch_user', :controller => 'switch_user', :action => 'set_current_user'
-
-If you have a wildcard route in your Rails 3 project, add a route before the wildcard route.
-
-    # config/routes.rb
-    match 'switch_user' => 'switch_user#set_current_user'
-    # wildcard route that will match anything
-    match ':id' => 'pages#show'
-
+If you have a wildcard route in your project, add a route before the wildcard route.
+```ruby
+# config/routes.rb
+match 'switch_user' => 'switch_user#set_current_user'
+# wildcard route that will match anything
+match ':id' => 'pages#show'
+```
 ## Configuration
 
-By default, you can switch between Guest and all users in users table, you don't need to do anything. The following is the default configuration.
-
-    SwitchUser.setup do |config|
-      # provider may be :devise, :authlogic, :clearance, :restful_authentication or :sorcery
-      config.provider = :devise
-
-      # available_users is a hash,
-      # key is the model name of user (:user, :admin, or any name you use),
-      # value is a block that return the users that can be switched.
-      config.available_users = { :user => lambda { User.all } }
-
-      # available_users_identifiers is a hash,
-      # keys in this hash should match a key in the available_users hash
-      # value is the name of the identifying column to find by,
-      # defaults to id
-      # this hash is to allow you to specify a different column to
-      # expose for instance a username on a User model instead of id
-      config.available_users_identifiers = { :user => :id }
-
-      # available_users_names is a hash,
-      # keys in this hash should match a key in the available_users hash
-      # value is the column name which will be displayed in select box
-      config.available_users_names = { :user => :email }
-
-      # controller_guard is a block,
-      # if it returns true, the request will continue,
-      # else the request will be refused and returns "Permission Denied"
-      # if you switch from "admin" to user, the current_user param is "admin"
-      config.controller_guard = lambda { |current_user, request| Rails.env.development? }
-
-      # view_guard is a block,
-      # if it returns true, the switch user select box will be shown,
-      # else the select box will not be shown
-      # if you switch from admin to "user", the current_user param is "user"
-      config.view_guard = lambda { |current_user, request| Rails.env.development? }
-
-      # redirect_path is a block, it returns which page will be redirected
-      # after switching a user.
-      config.redirect_path = lambda { |request, params| '/' }
-    end
-
-If the default configuration can't meet your requirement, you can define your customized configuration in <code>config/initializers/switch_user.rb</code>
+By default, you can switch between Guest and all users in users table, you don't need to do anything. The following is some of the more commonly used configuration options.
+```ruby
+SwitchUser.setup do |config|
+  # provider may be :devise, :authlogic, :clearance, :restful_authentication or :sorcery
+  config.provider = :devise
+
+  # available_users is a hash,
+  # key is the model name of user (:user, :admin, or any name you use),
+  # value is a block that return the users that can be switched.
+  config.available_users = { :user => lambda { User.all } }
+
+  # available_users_identifiers is a hash,
+  # keys in this hash should match a key in the available_users hash
+  # value is the name of the identifying column to find by,
+  # defaults to id
+  # this hash is to allow you to specify a different column to
+  # expose for instance a username on a User model instead of id
+  config.available_users_identifiers = { :user => :id }
+
+  # available_users_names is a hash,
+  # keys in this hash should match a key in the available_users hash
+  # value is the column name which will be displayed in select box
+  config.available_users_names = { :user => :email }
+
+  # controller_guard is a block,
+  # if it returns true, the request will continue,
+  # else the request will be refused and returns "Permission Denied"
+  # if you switch from "admin" to user, the current_user param is "admin"
+  config.controller_guard = lambda { |current_user, request| Rails.env.development? }
+
+  # view_guard is a block,
+  # if it returns true, the switch user select box will be shown,
+  # else the select box will not be shown
+  # if you switch from admin to "user", the current_user param is "user"
+  config.view_guard = lambda { |current_user, request| Rails.env.development? }
+
+  # redirect_path is a block, it returns which page will be redirected
+  # after switching a user.
+  config.redirect_path = lambda { |request, params| '/' }
+end
+```
+If you need to override the default configuration, run <code>rails g switch_user:install</code> and a copy of the configuration file will be copied to <code>config/initializers/switch_user.rb</code> in your project.
 
 If you want to switch both available users and available admins
-
-    config.available_users = { :user => lambda { User.available }, :admin => lambda { Admin.available } }
-
+```ruby
+config.available_users = { :user => lambda { User.available }, :admin => lambda { Admin.available } }
+```
 If you want to use name column as the user identifier
-
-    config.available_users_identifiers => { :user => :name }
-
+```ruby
+config.available_users_identifiers => { :user => :name }
+```
 If you want to display the login field in switch user select box
-
-    config.available_users_names = { :user => :login }
-
+```ruby
+config.available_users_names = { :user => :login }
+```
 If you only allow switching from admin to user in production environment
-
-    config.controller_guard = lambda { |current_user, request| Rails.env == "production" and current_user.admin? }
-
+```ruby
+config.controller_guard = lambda { |current_user, request| Rails.env == "production" and current_user.admin? }
+```
 If you only want to display switch user select box for admins in production environment
-
-    config.view_guard = lambda { |current_user, request| Rails.env == "production" and current_user and current_user.admin? }
-
+```ruby
+config.view_guard = lambda { |current_user, request| Rails.env == "production" and current_user and current_user.admin? }
+```
 If you want to redirect user to "/dashboard" page
-
-    config.redirect_path = lambda { |request, params| "/dashboard" }
-
+```ruby
+config.redirect_path = lambda { |request, params| "/dashboard" }
+```
 If you want to hide a 'Guest' item in the helper dropdown list
-
-    config.helper_with_guest = false
+```ruby
+config.helper_with_guest = false
+```
+## Switch Back
+Sometimes you'll want to be able to switch to an unprivileged user and then back again. This can be especially useful in production when trying to reproduce a problem a user is having. The problem is that once you switch to that unprivileged user, you don't have a way to safely switch_back without knowing who the original user was. That's what this feature is for.
+
+You will need to make the following modifications to your configuration:
+```ruby
+config.switch_user = true
+config.controller_guard = lambda { |current_user, request, original_user|
+  current_user && current_user.admin? || original_user && original_user.super_admin?
+}
+# Do something similar for the view_guard as well.
+```
+This example would allow an admin user to user switch_user, but would only let you switch back to another user if the original user was a super admin.
+
+### How it works
+
+Click the checkbox next to switch_user_select menu to remember that user for this session. Once this
+has been checked, that user is passed in as the 3rd option to the view and controller guards. 
+This allows you to check against current_user as well as that original_user to see if the
+switch_user action should be allowed.
+
+### Warning
+
+This feature should be used with extreme caution because of the security implications. This is especially true in a production environment.
 
 ## Credit
 

data/app/controllers/switch_user_controller.rb

@@ -23,9 +23,7 @@ class SwitchUserController < ApplicationController
   end
 
   def available?
-    SwitchUser.controller_guard(provider.current_user,
-                                request,
-                                provider.original_user)
+    SwitchUser.guard_class.new(self, provider).controller_available?
   end
 
   def handle_request(params)
@@ -33,11 +31,17 @@ class SwitchUserController < ApplicationController
       provider.logout_all
     else
       loader = SwitchUser::UserLoader.prepare(params)
-      provider.login_exclusive(loader.user, :scope => loader.scope)
+      if SwitchUser.login_exclusive
+        provider.login_exclusive(loader.user, :scope => loader.scope)
+      else
+        provider.login_inclusive(loader.user, :scope => loader.scope)
+      end
     end
   end
 
+  # TODO make helper methods, so this can be eliminated from the
+  # SwitchUserHelper
   def provider
-    SwitchUser.provider_class.new(self)
+    SwitchUser::Provider.init(self)
   end
 end

data/app/helpers/switch_user_helper.rb

@@ -1,33 +1,29 @@
 module SwitchUserHelper
+  class SelectOption < Struct.new(:label, :scope_id); end
   def switch_user_select
-    # TODO this should be moved in to a view file
     return unless available?
-    options = ''
+    options = []
+    selected_user = nil
 
-    options += content_tag(:option, 'Guest', :value => '', :selected => !current_user) if SwitchUser.helper_with_guest
+    options << SelectOption.new("Guest", "") if SwitchUser.helper_with_guest
     SwitchUser.available_users.each do |scope, user_proc|
-
       current_user = provider.current_user(scope)
       id_name = SwitchUser.available_users_identifiers[scope]
       name = SwitchUser.available_users_names[scope]
 
       user_proc.call.each do |user|
-        user_match = (user == current_user)
-        options += content_tag(:option,
-                               tag_label(user, name),
-                               :value => tag_value(user, id_name, scope),
-                               :selected => user_match)
+        if user == current_user
+          selected_user = tag_value(user, id_name, scope)
+        end
+        options << SelectOption.new(tag_label(user, name), tag_value(user, id_name, scope))
       end
     end
 
-    if options.respond_to?(:html_safe)
-      options = options.html_safe
-    end
-    if SwitchUser.switch_back
-      concat check_box_tag "remember_user", "remember_user", provider.original_user.present?, :onchange => "location.href = 'switch_user/remember_user?remember=' + encodeURIComponent(this.checked)"
-    end
-    select_tag "switch_user_identifier", options,
-      :onchange => "location.href = '/switch_user?scope_identifier=' + encodeURIComponent(this.options[this.selectedIndex].value)"
+    render :partial => "switch_user/widget",
+           :locals => {
+             :options => options,
+             :current_scope => selected_user
+           }
   end
 
   private
@@ -43,11 +39,10 @@ module SwitchUserHelper
   end
 
   def available?
-    user = provider.current_users_without_scope.first
-    SwitchUser.view_guard(user, request)
+    SwitchUser.guard_class.new(controller, provider).view_available?
   end
 
   def provider
-    SwitchUser.provider_class.new(controller)
+    SwitchUser::Provider.init(controller)
   end
 end

data/app/views/switch_user/_widget.html.erb

@@ -0,0 +1,4 @@
+<% if SwitchUser.switch_back %>
+  <%= check_box_tag "remember_user", "remember_user", provider.original_user.present?, :onchange => "location.href = 'switch_user/remember_user?remember=' + encodeURIComponent(this.checked)" %>
+<% end %>
+<%= select_tag "switch_user_identifier", options_from_collection_for_select(options, :scope_id, :label, current_scope), :onchange => "location.href = '/switch_user?scope_identifier=' + encodeURIComponent(this.options[this.selectedIndex].value)" %>

data/config/routes.rb

@@ -1,12 +1,4 @@
-# TODO can this be writting once so that it is rails3 and rails4 compatible?
-if Rails.version =~ /^3/
-  Rails.application.routes.draw do
-    match 'switch_user' => 'switch_user#set_current_user'
-    match 'switch_user/remember_user' => 'switch_user#remember_user'
-  end
-elsif Rails.version =~ /^4/
-  Rails.application.routes.draw do
-    get :switch_user, :to => 'switch_user#set_current_user'
-    get 'switch_user/remember_user', :to => 'switch_user#remember_user'
-  end
+Rails.application.routes.draw do
+  get :switch_user, :to => 'switch_user#set_current_user'
+  get 'switch_user/remember_user', :to => 'switch_user#remember_user'
 end

data/lib/generators/switch_user/install/templates/switch_user.rb

@@ -1,5 +1,5 @@
 SwitchUser.setup do |config|
-  # provider may be :devise, :authlogic, :clearance, :restful_authentication or :sorcery
+  # provider may be :devise, :authlogic, :clearance, :restful_authentication, :sorcery, or :session
   config.provider = :devise
 
   # available_users is a hash,
@@ -39,4 +39,12 @@ SwitchUser.setup do |config|
   # helper_with_guest is a boolean value, if it set to false
   # the guest item in the helper won't be shown
   config.helper_with_guest = true
-end
+
+  # false = login from one scope to another and you are logged in only in both scopes
+  # true = you are logged only into one scope at a time
+  config.login_exclusive = true
+
+  # switch_back allows you to switch back to a previously selected user. See
+  # README for more details.
+  config.switch_back = false
+end

data/lib/switch_user.rb

@@ -1,9 +1,12 @@
-require 'switch_user/rails'
-require 'switch_user/provider'
-require 'active_support/core_ext'
+if defined?(Rails)
+  require 'switch_user/rails'
+end
 
 module SwitchUser
   autoload :UserLoader, "switch_user/user_loader"
+  autoload :Provider, "switch_user/provider"
+  autoload :BaseGuard, "switch_user/base_guard"
+  autoload :LambdaGuard, 'switch_user/lambda_guard'
 
   class InvalidScope < Exception; end
 
@@ -15,28 +18,22 @@ module SwitchUser
   mattr_accessor :session_key
   mattr_accessor :helper_with_guest
   mattr_accessor :switch_back
+  mattr_accessor :login_exclusive
+  mattr_accessor :controller_guard
+  mattr_accessor :view_guard
+  mattr_reader   :guard_class
 
   def self.setup
     yield self
   end
 
-  def self.provider_class
-    "SwitchUser::Provider::#{provider.to_s.classify}".constantize
-  end
-
   def self.available_scopes
     available_users.keys
   end
 
-  def self.controller_guard(*args)
-    call_guard(@@controller_guard, args)
+  def self.guard_class=(klass)
+    @@guard_class = klass.constantize
   end
-  mattr_writer :controller_guard
-
-  def self.view_guard(*args)
-    call_guard(@@view_guard, args)
-  end
-  mattr_writer :view_guard
 
   private
 
@@ -45,17 +42,14 @@ module SwitchUser
     self.available_users = { :user => lambda { User.all } }
     self.available_users_identifiers = { :user => :id }
     self.available_users_names = { :user => :email }
+    self.guard_class = "SwitchUser::LambdaGuard"
     self.controller_guard = lambda { |current_user, request| Rails.env.development? }
     self.view_guard = lambda { |current_user, request| Rails.env.development? }
     self.redirect_path = lambda { |request, params| request.env["HTTP_REFERER"] ? :back : root_path }
     self.session_key = :user_id
     self.helper_with_guest = true
     self.switch_back = false
-  end
-
-  def self.call_guard(guard, args)
-    arity = guard.arity
-    guard.call(*args[0...arity])
+    self.login_exclusive = true
   end
 
   reset_config

data/lib/switch_user/base_guard.rb

@@ -0,0 +1,20 @@
+module SwitchUser
+  class BaseGuard
+    # TODO is this the best arguments for the initializer ?
+    # TODO should @provider be set and current/original_user be added as # accessors ?
+    def initialize(controller, provider)
+      @controller    = controller
+      @request       = controller.request
+      @current_user  = provider.current_user
+      @original_user = provider.original_user
+    end
+
+    def controller_available?
+      raise NotImplementedError.new("you must implement controller_available?")
+    end
+
+    def view_available?
+      controller_available?
+    end
+  end
+end

data/lib/switch_user/lambda_guard.rb

@@ -0,0 +1,22 @@
+module SwitchUser
+  class LambdaGuard < BaseGuard
+    def controller_available?
+      call(SwitchUser.controller_guard)
+    end
+
+    def view_available?
+      call(SwitchUser.view_guard)
+    end
+
+    private
+
+    def args
+      [@current_user, @request, @original_user, @controller]
+    end
+
+    def call(guard)
+      arity = guard.arity
+      guard.call(*args[0...arity])
+    end
+  end
+end

data/lib/switch_user/provider.rb

@@ -8,5 +8,12 @@ module SwitchUser
     autoload :Sorcery, "switch_user/provider/sorcery"
     autoload :Dummy, "switch_user/provider/dummy"
     autoload :Session, "switch_user/provider/session"
+
+    def self.init(controller)
+      klass_part = SwitchUser.provider.to_s.classify
+      klass    = "SwitchUser::Provider::#{klass_part}".constantize
+
+      klass.new(controller)
+    end
   end
 end

data/lib/switch_user/provider/base.rb

@@ -16,6 +16,13 @@ module SwitchUser
         login(user, requested_scope)
       end
 
+      def login_inclusive(user, args)
+        requested_scope = args.fetch(:scope, :user).to_sym
+
+        logout(requested_scope)
+        login(user, requested_scope)
+      end
+
       def logout_all
         SwitchUser.available_scopes.each do |scope|
           logout(scope)

data/lib/switch_user/rails.rb

@@ -1,19 +1,9 @@
-if defined?(Rails)
-  if defined? Rails::Engine
-    module SwitchUser
-      class Engine < Rails::Engine
-        config.to_prepare do
-          ActionView::Base.send :include, SwitchUserHelper
-        end
+module SwitchUser
+  class Engine < Rails::Engine
+    initializer "switch_user.view" do
+      ActiveSupport.on_load(:action_view) do
+        include SwitchUserHelper
       end
     end
-  else
-    %w(controllers helpers).each do |dir|
-      path = File.join(File.dirname(__FILE__), '..', 'app', dir)
-      $LOAD_PATH << path
-      ActiveSupport::Dependencies.load_paths << path
-      ActiveSupport::Dependencies.load_once_paths.delete(path)
-      ActionView::Base.send :include, SwitchUserHelper
-    end
   end
 end

data/lib/switch_user/version.rb

@@ -1,3 +1,3 @@
 module SwitchUser
-  VERSION = "0.9.2"
+  VERSION = "0.9.3"
 end

data/spec/provider_spec.rb

@@ -0,0 +1,10 @@
+require 'spec_helper'
+
+module SwitchUser
+  describe Provider do
+    it "initializes the provider" do
+      SwitchUser.provider = :dummy
+      Provider.init(stub(:controller)).should be_a(Provider::Dummy)
+    end
+  end
+end

data/spec/support/provider.rb

@@ -20,6 +20,10 @@ shared_examples_for "a provider" do
     provider.should respond_to(:login_exclusive)
   end
 
+  it "responds to login_exclusive" do
+    provider.should respond_to(:login_inclusive)
+  end
+
   it "knows if there are any users logged in" do
     provider.login(user)
 

data/spec/switch_user/lambda_guard_spec.rb

@@ -0,0 +1,19 @@
+require 'spec_helper'
+
+module SwitchUser
+  describe LambdaGuard do
+    describe "#controller_available?" do
+      it "calls the controller_guard proc" do
+        controller = stub.as_null_object
+        provider = stub.as_null_object
+        guard = SwitchUser::LambdaGuard.new(controller, provider)
+
+        SwitchUser.controller_guard = lambda {|a| a }
+        guard.should be_controller_available
+
+        SwitchUser.controller_guard = lambda {|a| !a }
+        guard.should_not be_controller_available
+      end
+    end
+  end
+end

data/spec/switch_user_spec.rb

@@ -14,26 +14,5 @@ describe SwitchUser do
       SwitchUser.provider = :sorcery
       SwitchUser.provider.should == :sorcery
     end
-    it "sets the provider class" do
-      SwitchUser.provider = :devise
-      SwitchUser.provider_class.should == SwitchUser::Provider::Devise
-    end
-  end
-
-  describe "guards" do
-    it "can have a 1 argument lambda" do
-      a = 0
-      SwitchUser.controller_guard = lambda {|p1| a = p1 }
-      SwitchUser.controller_guard(1,2,3)
-
-      a.should == 1
-    end
-    it "can have a 3 argument lambda" do
-      a = 0
-      SwitchUser.view_guard = lambda {|p1,p2,p3| a = p3 }
-      SwitchUser.view_guard(1,2,3)
-
-      a.should == 3
-    end
   end
 end

metadata

@@ -2,7 +2,7 @@
 name: switch_user
 version: !ruby/object:Gem::Version
   prerelease: 
-  version: 0.9.2
+  version: 0.9.3
 platform: ruby
 authors:
 - Richard Huang
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-05-02 00:00:00.000000000 Z
+date: 2013-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   version_requirements: !ruby/object:Gem::Requirement
@@ -123,11 +123,14 @@ files:
 - Rakefile
 - app/controllers/switch_user_controller.rb
 - app/helpers/switch_user_helper.rb
+- app/views/switch_user/_widget.html.erb
 - config/routes.rb
 - lib/generators/switch_user/install/USAGE
 - lib/generators/switch_user/install/install_generator.rb
 - lib/generators/switch_user/install/templates/switch_user.rb
 - lib/switch_user.rb
+- lib/switch_user/base_guard.rb
+- lib/switch_user/lambda_guard.rb
 - lib/switch_user/provider.rb
 - lib/switch_user/provider/authlogic.rb
 - lib/switch_user/provider/base.rb
@@ -140,7 +143,6 @@ files:
 - lib/switch_user/rails.rb
 - lib/switch_user/user_loader.rb
 - lib/switch_user/version.rb
-- rails/init.rb
 - spec/controllers/switch_user_controller_spec.rb
 - spec/provider/authlogic_spec.rb
 - spec/provider/clearance_spec.rb
@@ -149,9 +151,11 @@ files:
 - spec/provider/restful_authentication_spec.rb
 - spec/provider/session_spec.rb
 - spec/provider/sorcery_spec.rb
+- spec/provider_spec.rb
 - spec/spec_helper.rb
 - spec/support/application.rb
 - spec/support/provider.rb
+- spec/switch_user/lambda_guard_spec.rb
 - spec/switch_user/user_loader_spec.rb
 - spec/switch_user_spec.rb
 - switch_user.gemspec

data/rails/init.rb

@@ -1 +0,0 @@
-require 'switch_user'