Add Users#disguise/#revert

2023-05-13 23:38:07 +02:00 · 2023-05-13 23:38:07 +02:00 · 459836ca38
commit 459836ca38
parent a7fce807c5
8 changed files with 59 additions and 11 deletions
--- a/app/assets/images/pictograms/incognito-off.svg
+++ b/app/assets/images/pictograms/incognito-off.svg
@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" id="icon" viewBox="0 0 24 24"><path d="M22.11 21.46L2.39 1.73L1.11 3L6.31 8.2L6 9H7.11L8.61 10.5H2V12H10.11L13.5 15.37C13.38 15.61 13.3 15.85 13.24 16.1C12.29 15.69 11.41 15.8 10.76 16.09C10.35 14.31 8.79 13 6.94 13C4.77 13 3 14.79 3 17C3 19.21 4.77 21 6.94 21C9 21 10.68 19.38 10.84 17.32C11.18 17.08 12.07 16.63 13.16 17.34C13.34 19.39 15 21 17.06 21C17.66 21 18.22 20.86 18.72 20.61L20.84 22.73L22.11 21.46M6.94 19.86C5.38 19.86 4.13 18.58 4.13 17C4.13 15.42 5.39 14.14 6.94 14.14C8.5 14.14 9.75 15.42 9.75 17C9.75 18.58 8.5 19.86 6.94 19.86M17.06 19.86C15.5 19.86 14.25 18.58 14.25 17C14.25 16.74 14.29 16.5 14.36 16.25L17.84 19.73C17.59 19.81 17.34 19.86 17.06 19.86M22 12H15.2L13.7 10.5H22V12M17.06 13C19.23 13 21 14.79 21 17C21 17.25 20.97 17.5 20.93 17.73L19.84 16.64C19.68 15.34 18.66 14.32 17.38 14.17L16.29 13.09C16.54 13.03 16.8 13 17.06 13M12.2 9L7.72 4.5L8.43 2.68C8.63 2.17 9.19 1.89 9.72 2.04L9.77 2.05L12 2.79L14.22 2.05C14.75 1.88 15.32 2.14 15.54 2.63L15.56 2.68L18 9H12.2Z" /></svg>
--- a/app/assets/images/pictograms/incognito.svg
+++ b/app/assets/images/pictograms/incognito.svg
@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" id="icon" viewBox="0 0 24 24"><path d="M17.06 13C15.2 13 13.64 14.33 13.24 16.1C12.29 15.69 11.42 15.8 10.76 16.09C10.35 14.31 8.79 13 6.94 13C4.77 13 3 14.79 3 17C3 19.21 4.77 21 6.94 21C9 21 10.68 19.38 10.84 17.32C11.18 17.08 12.07 16.63 13.16 17.34C13.34 19.39 15 21 17.06 21C19.23 21 21 19.21 21 17C21 14.79 19.23 13 17.06 13M6.94 19.86C5.38 19.86 4.13 18.58 4.13 17S5.39 14.14 6.94 14.14C8.5 14.14 9.75 15.42 9.75 17S8.5 19.86 6.94 19.86M17.06 19.86C15.5 19.86 14.25 18.58 14.25 17S15.5 14.14 17.06 14.14C18.62 14.14 19.88 15.42 19.88 17S18.61 19.86 17.06 19.86M22 10.5H2V12H22V10.5M15.53 2.63C15.31 2.14 14.75 1.88 14.22 2.05L12 2.79L9.77 2.05L9.72 2.04C9.19 1.89 8.63 2.17 8.43 2.68L6 9H18L15.56 2.68L15.53 2.63Z" /></svg>
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,4 +1,6 @@
 class ApplicationController < ActionController::Base
+  helper_method :current_user_disguised?
+
  before_action :authenticate_user!

  class AccessForbidden < StandardError
@ -6,6 +8,10 @@ class ApplicationController < ActionController::Base

  protected

+  def current_user_disguised?
+    session[:revert_to_id].present?
+  end
+
  def after_sign_in_path_for(scope)
    if current_user.at_least(:admin)
      users_path
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -1,8 +1,13 @@
 class UsersController < ApplicationController
-  before_action :find_user, only: [:show]
-  before_action do
+  helper_method :allow_disguise?
+
+  before_action :find_user, only: [:show, :disguise]
+  before_action except: :revert do
    raise AccessForbidden unless current_user.at_least(:admin)
  end
+  before_action only: :revert do
+    raise AccessForbidden unless current_user_disguised?
+  end

  def index
    @users = User.all
@ -11,16 +16,35 @@ class UsersController < ApplicationController
  def show
  end

+  def disguise
+    raise ActionController::BadRequest unless allow_disguise?(@user)
+    session[:revert_to_id] = current_user.id
+    bypass_sign_in(@user)
+    redirect_to root_url
+  end
+
+  def revert
+    @user = User.find(session.delete(:revert_to_id))
+    bypass_sign_in(@user)
+    redirect_to users_url
+  end
+
  # TODO: add #update to change user status
-  # TODO: add #become/#revert to change to user view

  # NOTE: limited actions availabe to :admin by design. Users are meant to
  # manage their accounts by themselves through registrations. In future :admin
  # may be allowed to sing-in as user and make changes there.

+  protected
+
+  def allow_disguise?(user)
+    user&.confirmed? && (user != current_user) && !current_user_disguised?
+  end
+
  private

  def find_user
    @user = User.find(params[:id])
  end
+
 end
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@ -13,10 +13,15 @@
  <body>
    <div class="app-menu">
      <% if user_signed_in? %>
-        <%= image_link_to t(:sign_out), "logout", destroy_user_session_path,
-              data: { turbo: true, turbo_method: :delete } %>
-        <%= image_link_to t(:profile), "account-wrench-outline", edit_user_registration_path,
-              current: :hide %>
+        <% if current_user_disguised? %>
+          <%= image_link_to t(:revert), "incognito-off", revert_users_path,
+            data: {turbo: true, turbo_method: :post} %>
+        <% else %>
+          <%= image_link_to t(:sign_out), "logout", destroy_user_session_path,
+            data: {turbo: true, turbo_method: :delete} %>
+        <% end %>
+        <%= image_link_to current_user.email, "account-wrench-outline",
+              edit_user_registration_path, current: :hide %>
      <% else %>
        <%= image_link_to t(:register), "account-plus-outline", new_user_registration_path,
              current: :hide %>
--- a/app/views/users/index.html.erb
+++ b/app/views/users/index.html.erb
@ -5,7 +5,7 @@
      <th><%= User.human_attribute_name(:status).capitalize %></th>
      <th><%= User.human_attribute_name(:confirmed_at).capitalize %></th>
      <th><%= User.human_attribute_name(:created_at).capitalize %> <sup>UTC</sup></th>
-      <!-- <th><%#= t :actions %></th> -->
+      <th><%= t :actions %></th>
    </tr>
  </thead>
  <tbody>
@ -17,7 +17,10 @@
          <%= svg_tag "pictograms/checkbox-marked-outline" if user.confirmed_at.present? %>
        </td>
        <td><%= user.created_at.to_fs(:db_without_sec) %></td>
-        <!-- <td class="actions"></td> -->
+        <td class="actions">
+          <%= image_link_to t(".disguise"), "incognito", disguise_user_path(user),
+            data: {turbo: true, turbo_method: :post} if allow_disguise?(user) %>
+        </td>
      </tr>
    <% end %>
  </tbody>
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -10,7 +10,7 @@ en:
        unconfirmed_email: Awaiting confirmation for
  users:
    index:
-      become: View as...
+      disguise: View as...
    passwords:
      edit:
        new_password: New password
@ -34,6 +34,7 @@ en:
        remember_me: Remember me
  layouts:
    application:
+      revert: Revert
      users: Users
  actions: Actions
  back: Back
--- a/config/routes.rb
+++ b/config/routes.rb
@ -2,7 +2,14 @@ Rails.application.routes.draw do
  devise_for :users, path: '', path_names: {registration: 'profile'},
    controllers: {registrations: :registrations}

-  resources :users, only: [:index, :show]
+  resources :users, only: [:index, :show] do
+    member do
+      post :disguise
+    end
+    collection do
+      post :revert
+    end
+  end

  devise_scope :user do
    root to: "devise/sessions#new"
				`@ -0,0 +1 @@`
				<svg xmlns="http://www.w3.org/2000/svg" id="icon" viewBox="0 0 24 24"><path d="M22.11 21.46L2.39 1.73L1.11 3L6.31 8.2L6 9H7.11L8.61 10.5H2V12H10.11L13.5 15.37C13.38 15.61 13.3 15.85 13.24 16.1C12.29 15.69 11.41 15.8 10.76 16.09C10.35 14.31 8.79 13 6.94 13C4.77 13 3 14.79 3 17C3 19.21 4.77 21 6.94 21C9 21 10.68 19.38 10.84 17.32C11.18 17.08 12.07 16.63 13.16 17.34C13.34 19.39 15 21 17.06 21C17.66 21 18.22 20.86 18.72 20.61L20.84 22.73L22.11 21.46M6.94 19.86C5.38 19.86 4.13 18.58 4.13 17C4.13 15.42 5.39 14.14 6.94 14.14C8.5 14.14 9.75 15.42 9.75 17C9.75 18.58 8.5 19.86 6.94 19.86M17.06 19.86C15.5 19.86 14.25 18.58 14.25 17C14.25 16.74 14.29 16.5 14.36 16.25L17.84 19.73C17.59 19.81 17.34 19.86 17.06 19.86M22 12H15.2L13.7 10.5H22V12M17.06 13C19.23 13 21 14.79 21 17C21 17.25 20.97 17.5 20.93 17.73L19.84 16.64C19.68 15.34 18.66 14.32 17.38 14.17L16.29 13.09C16.54 13.03 16.8 13 17.06 13M12.2 9L7.72 4.5L8.43 2.68C8.63 2.17 9.19 1.89 9.72 2.04L9.77 2.05L12 2.79L14.22 2.05C14.75 1.88 15.32 2.14 15.54 2.63L15.56 2.68L18 9H12.2Z" /></svg>