user_impersonate2 0.9.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 682a1471167a96c1fbf29afe05c351f5672c323d
+  data.tar.gz: 8b3324d882edf3c2bdbb8f1c8952469126ee6589
+SHA512:
+  metadata.gz: e968520eb6e202e4423a9636d007568f58e486f8ddd079497ce451c10d21020deda7dc780c1a168686a46eb1b3d99ad12fa406041caea1091763939dd3e504e0
+  data.tar.gz: 0e43043f7da986d10a310fe7f3b7c0991dfd284184e81a40232eaca6b558ba3d67d5992a5bdfe2f76de4b699d22d0ca8b6acced1ddacb66f38522c864917f9ae

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2012 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,231 @@
+# `user_impersonate2`
+
+[![Install gem](https://badge.fury.io/rb/user_impersonate2.png)](https://rubygems.org/gems/user_impersonate2)
+[![Build status](https://travis-ci.org/rcook/user_impersonate2.png)](https://travis-ci.org/rcook/user_impersonate2)
+[![Coverage status](https://coveralls.io/repos/rcook/user_impersonate2/badge.png?branch=master)](https://coveralls.io/r/rcook/user_impersonate2)
+
+# Note
+
+This is a fork of Engine Yard's no-longer-maintained
+[User Impersonate](https://github.com/engineyard/user_impersonate) gem. It supports Rails 3.2.x and
+later as well as Rails 4.
+
+# Overview
+
+Allow staff users to impersonate your normal users: see what they see, only do what they can do.
+
+This concept and code was extracted from [Engine Yard Cloud](http://www.engineyard.com/products/cloud), which we use when we want to help support a customer remotely.
+
+This Rails engine currently supports the following Rails authentication systems:
+
+* [Devise](https://github.com/plataformatec/devise)
+
+# Example usage
+
+When you are impersonating a user you see what they see, with a header section above:
+
+<img src="https://img.skitch.com/20120919-c8382rgdcub7gsh2p82k8reng3.png" alt="Impersonating a user" />
+
+# Installation
+
+Add the gem to your Rails application's Gemfile and run `bundle`:
+
+``` ruby
+gem 'user_impersonate2', :require => 'user_impersonate'
+```
+
+Note that `:require => 'user_impersonate'` is required as this gem currently
+maintains the same internal directory structure as the original
+[User Impersonate](https://github.com/engineyard/user_impersonate) gem. This may
+change in future versions.
+
+Run the (sort of optional) generator:
+
+```
+bundle
+rails g user_impersonate
+```
+
+This adds the following line within your `config/routes.rb`:
+
+``` ruby
+mount UserImpersonate::Engine => "/impersonate", as: "impersonate_engine"
+```
+
+Include in your layout files support for `flash[:error]` and `flash[:notice]`, such as:
+
+``` erb
+<p class="notice"><%= flash[:notice] %></p>
+<p class="alert"><%= flash[:error] %></p>
+```
+
+Next, add the impersonation header to your layouts:
+
+``` erb
+<% if current_staff_user %>
+  <%= render 'user_impersonate/header' %>
+<% end %>
+```
+
+Next, add staff concept to your User model.
+
+To test the engine out, make all users staff!
+
+``` ruby
+# app/models/user.rb
+
+def staff?
+  true
+end
+
+# String to represent a user (email, name, etc)
+def to_s
+  email
+end
+```
+
+You can now go to [http://localhost:3000/impersonate](http://localhost:3000/impersonate) to see the list of users, except your own user account. If you impersonate one you will see the magic!
+
+# Integration
+
+To support this Rails engine, you need to add some things.
+
+* `current_user` helper within controllers & helpers
+* `current_user.staff?` - your `User` model needs a `staff?` to identify if the current user is allowed to impersonate other users; if missing, no user can access impersonation system
+
+## User#staff?
+
+One way to add this helper is to add a column to your User model:
+
+```
+rails g migration add_staff_flag_to_users staff:boolean
+rake db:migrate db:test:prepare
+```
+
+# Customization
+
+## Header
+
+
+You can override the bright red header by creating a `app/views/user_impersonate/_header.html.erb` file (or whatever template system you like).
+
+For example, the Engine Yard Cloud uses a header that looks like:
+
+![](https://img.skitch.com/20120915-mk8mnpdsu5nuym3bxs678qf1a8.png)
+
+The `app/views/user_impersonate/_header.html.haml` HAML partial for this header would be:
+
+``` haml
+%div#impersonating
+  .impersonate-controls.page
+    .impersonate-info.grid_12
+      You (
+      %span.admin_name= current_staff_user
+      ) are impersonating
+      %span.user_name= link_to current_user, url_for([:admin, current_user])
+      ( User id:
+      %span.user_id= current_user.id
+      )
+      - if current_user.no_accounts?
+        ( No accounts )
+      - else
+        ( Account name:
+        %span.account_id= link_to current_user.accounts.first, url_for([:admin, current_user.accounts.first])
+        , id:
+        %strong= current_user.accounts.first.id
+        )
+    .impersonate-buttons.grid_12
+      = form_tag url_for([:ssh_key, :admin, current_user]), :method => "put" do
+        %span Support SSH Key
+        = select_tag 'public_key', options_for_select(current_staff_user.keys.map {|k| k})
+        %button{:type => "submit"} Install SSH Key
+      or
+      = form_tag [:admin, :revert], :method => :delete, :class => 'revert-form' do
+        %button{:type => "submit"} Revert to admin
+```
+
+## Redirects
+
+By default, when you impersonate and when you stop impersonating a user you are redirected to the root url.
+
+Configure alternate paths in `config/initializers/user_impersonate.rb`, which is created by the generator above.
+
+``` ruby
+# config/initializers/user_impersonate.rb
+module UserImpersonate
+  class Engine < Rails::Engine
+    config.redirect_on_impersonate = "/"
+    config.redirect_on_revert = "/impersonate"
+  end
+end
+```
+
+## User model & lookup
+
+By default, it assumes the User model is `User`, that you use `User.find(id)` to find a user, and `aUser.id` to get the related id value.
+
+You can fix this default behavior in `config/initializers/user_impersonate.rb`, which is created by the generator above.
+
+``` ruby
+# config/initializers/user_impersonate.rb
+module UserImpersonate
+  class Engine < Rails::Engine
+    config.user_class           = "User"
+    config.user_finder          = "find"   # User.find
+    config.user_id_column       = "id"     # Such that User.find(aUser.id) works
+    config.user_is_staff_method = "staff?" # current_user.staff?
+  end
+end
+```
+
+## Spree specific stuff
+
+Modify User and add current_user helper
+``` ruby
+Spree::User.class_eval do
+  def staff?
+    has_spree_role?('admin')
+  end
+
+  def to_s
+    email
+  end
+end
+
+ApplicationController.class_eval do
+  helper_method :current_user
+  def current_user
+    spree_current_user
+  end
+end
+```
+
+Initializer
+``` ruby
+# config/initializers/user_impersonate.rb
+module UserImpersonate
+  class Engine < Rails::Engine
+    config.user_class           = "Spree::User"
+    config.user_finder          = "find"   # User.find
+    config.user_id_column       = "id"     # Such that User.find(aUser.id) works
+    config.user_is_staff_method = "staff?" # current_user.staff?
+    config.authenticate_user_method = "authenticate_spree_user!"
+    config.redirect_on_impersonate = "/"
+    config.redirect_on_revert = "/"
+    config.user_name_column = "users"
+  end
+end
+```
+
+Deface to add header
+``` ruby
+Deface::Override.new(:virtual_path => "spree/layouts/spree_application",
+                     :name => "impersonate_header", 
+                     :insert_before => "div.container",
+                     :text => "<% if current_staff_user %><%= render 'user_impersonate/header' %><% end %>")
+```
+
+# Licence
+
+`user_impersonate2` is released under the MIT licence.
+

data/Rakefile

@@ -0,0 +1,41 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'UserImpersonate'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task :cucumber => 'app:cucumber'
+# task :default => [:test, :spec, :cucumber]
+task :default => [:test, :cucumber]

data/app/assets/javascripts/user_impersonate/application.js

@@ -0,0 +1,15 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
+// GO AFTER THE REQUIRES BELOW.
+//
+//= require jquery
+//= require jquery_ujs
+//= require_tree .

data/app/assets/javascripts/user_impersonate/impersonate.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/app/assets/stylesheets/user_impersonate/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+ */

data/app/assets/stylesheets/user_impersonate/impersonate.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/controllers/user_impersonate/application_controller.rb

@@ -0,0 +1,4 @@
+module UserImpersonate
+  class ApplicationController < ::ApplicationController
+  end
+end

data/app/controllers/user_impersonate/impersonate_controller.rb

@@ -0,0 +1,146 @@
+require_dependency "user_impersonate/application_controller"
+
+module UserImpersonate
+  class ImpersonateController < ApplicationController
+    before_filter :authenticate_the_user
+    before_filter :current_user_must_be_staff!, except: ["destroy"]
+
+    # Display list of all users, except current (staff) user
+    # Is this exclusion unnecessary complexity?
+    # Normal apps wouldn't bother with this action; rather they would
+    # go straight to GET /impersonate/user/123 (create action)
+    def index
+      users_table = Arel::Table.new(user_table.to_sym) # e.g. :users
+      id_column = users_table[user_id_column.to_sym]   # e.g. users_table[:id]
+      @users = user_class.order("updated_at DESC").
+                    where(
+                      id_column.not_in [
+                        current_user.send(user_id_column.to_sym) # e.g. current_user.id
+                      ])
+      if params[:search]
+        @users = @users.where("#{user_name_column} like ?", "%#{params[:search]}%")
+      end
+    end
+
+    # Perform the user impersonate action
+    # GET /impersonate/user/123
+    def create
+      @user = find_user(params[:user_id])
+      impersonate(@user)
+      redirect_on_impersonate(@user)
+    end
+
+    # Revert the user impersonation
+    # DELETE /impersonation/revert
+    def destroy
+      unless current_staff_user
+        flash[:notice] = "You weren't impersonating anyone"
+        redirect_on_revert and return
+      end
+      user = current_user
+      revert_impersonate
+      if user
+        flash[:notice] = "No longer impersonating #{user}"
+        redirect_on_revert(user)
+      else
+        flash[:notice] = "No longer impersonating a user"
+        redirect_on_revert
+      end
+    end
+
+    private
+    def current_user_must_be_staff!
+      unless user_is_staff?(current_user)
+        flash[:error] = "You don't have access to this section."
+        redirect_to :back
+      end
+    rescue ActionController::RedirectBackError
+      redirect_to '/'
+    end
+
+    # current_user changes from a staff user to
+    # +new_user+; current user stored in +session[:staff_user_id]+
+    def impersonate(new_user)
+      session[:staff_user_id] = current_user.id #
+      sign_in_user new_user
+    end
+
+    # revert the +current_user+ back to the staff user
+    # stored in +session[:staff_user_id]+
+    def revert_impersonate
+      return unless current_staff_user
+      sign_in_user current_staff_user
+      session[:staff_user_id] = nil
+    end
+
+    def sign_in_user(user)
+      method = config_or_default :sign_in_user_method, "sign_in"
+      self.send(method.to_sym, user)
+    end
+
+    def authenticate_the_user
+      method = config_or_default :authenticate_user_method, "authenticate_user!"
+      self.send(method.to_sym)
+    end
+
+    # Helper to load a User, using all the UserImpersonate config options
+    def find_user(id)
+      user_class.send(user_finder_method, id)
+    end
+
+    # Similar to user.staff?
+    # Using all the UserImpersonate config options
+    def user_is_staff?(user)
+      current_user.respond_to?(user_is_staff_method.to_sym) &&
+        current_user.send(user_is_staff_method.to_sym)
+    end
+
+    def user_finder_method
+      (config_or_default :user_finder, "find").to_sym
+    end
+
+    def user_class_name
+      config_or_default :user_class, "User"
+    end
+
+    def user_class
+      user_class_name.constantize
+    end
+
+    def user_table
+      user_class_name.tableize.tr('/', '_')
+    end
+
+    def user_id_column
+      config_or_default :user_id_column, "id"
+    end
+
+    def user_name_column
+      config_or_default :user_name_column, "name"
+    end
+
+    def user_is_staff_method
+      config_or_default :user_is_staff_method, "staff?"
+    end
+
+    def redirect_on_impersonate(impersonated_user)
+      url = config_or_default :redirect_on_impersonate, root_url
+      redirect_to url
+    end
+
+    def redirect_on_revert(impersonated_user = nil)
+      url = config_or_default :redirect_on_revert, root_url
+      redirect_to url
+    end
+
+    # gets overridden config value for engine, else returns default
+    def config_or_default(attribute, default)
+      attribute = attribute.to_sym
+      if UserImpersonate::Engine.config.respond_to?(attribute)
+        UserImpersonate::Engine.config.send(attribute)
+      else
+        default
+      end
+    end
+  end
+end