Add impersonification

2025-07-07 00:24:02 +02:00 · 2020-10-19 16:08:42 +02:00
parent d940acb226
commit 28e2fa10c3
3 changed files with 38 additions and 3 deletions
--- a/apps/registration/views.py
+++ b/apps/registration/views.py
@ -212,3 +212,35 @@ class PhotoAuthorizationView(LoginRequiredMixin, View):
        ext = mime_type.split("/")[1].replace("jpeg", "jpg")
        true_file_name = _("Photo authorization of {student}.{ext}").format(student=str(student), ext=ext)
        return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
+
+
+class UserImpersonateView(LoginRequiredMixin, RedirectView):
+    def dispatch(self, request, *args, **kwargs):
+        """
+        An administrator can log in through this page as someone else, and act as this other person.
+        """
+        if self.request.user.registration.is_admin:
+            if not User.objects.filter(pk=kwargs["pk"]).exists():
+                raise Http404
+            session = request.session
+            session["admin"] = request.user.pk
+            session["_fake_user_id"] = kwargs["pk"]
+            return redirect(request.path)
+        return super().dispatch(request, *args, **kwargs)
+
+    def get_redirect_url(self, *args, **kwargs):
+        return reverse_lazy("registration:user_detail", args=(kwargs["pk"],))
+
+
+class ResetAdminView(LoginRequiredMixin, View):
+    """
+    Return to admin view, clear the session field that let an administrator to log in as someone else.
+    """
+
+    def dispatch(self, request, *args, **kwargs):
+        user = request.user
+        if not user.is_authenticated:
+            return self.handle_no_permission()
+        if "_fake_user_id" in request.session:
+            del request.session["_fake_user_id"]
+        return redirect(request.GET.get("path", "/"))