give god rights of impersonation to developers, must be edited into the production.rb config file
This commit is contained in:
parent
4933e9d6ab
commit
5b08f73561
|
@ -66,4 +66,9 @@ Discourse::Application.configure do
|
|||
# For origin pull cdns all you need to do is register an account and configure
|
||||
# config.action_controller.asset_host = "http://YOUR_CDN_HERE"
|
||||
|
||||
# a comma delimited list of emails your devs have
|
||||
# developers have god like rights and may impersonate anyone in the system
|
||||
# normal admins may only impersonate other moderators (not admins)
|
||||
config.developer_emails = []
|
||||
|
||||
end
|
||||
|
|
|
@ -9,6 +9,7 @@ class Guardian
|
|||
def secure_category_ids; []; end
|
||||
def topic_create_allowed_category_ids; []; end
|
||||
def has_trust_level?(level); false; end
|
||||
def email; nil; end
|
||||
end
|
||||
|
||||
def initialize(user=nil)
|
||||
|
@ -36,6 +37,13 @@ class Guardian
|
|||
@user.staff?
|
||||
end
|
||||
|
||||
def is_developer?
|
||||
@user &&
|
||||
is_admin? &&
|
||||
Rails.configuration.respond_to?(:developer_emails) &&
|
||||
Rails.configuration.developer_emails.include?(@user.email)
|
||||
end
|
||||
|
||||
# Can the user see the object?
|
||||
def can_see?(obj)
|
||||
if obj
|
||||
|
@ -89,8 +97,8 @@ class Guardian
|
|||
# You must be an admin to impersonate
|
||||
is_admin? &&
|
||||
|
||||
# You may not impersonate other admins
|
||||
not(target.admin?)
|
||||
# You may not impersonate other admins unless you are a dev
|
||||
(!target.admin? || is_developer?)
|
||||
|
||||
# Additionally, you may not impersonate yourself;
|
||||
# but the two tests for different admin statuses
|
||||
|
|
|
@ -175,6 +175,9 @@ describe Guardian do
|
|||
Guardian.new(admin).can_impersonate?(another_admin).should be_false
|
||||
Guardian.new(admin).can_impersonate?(user).should be_true
|
||||
Guardian.new(admin).can_impersonate?(moderator).should be_true
|
||||
|
||||
Rails.configuration.stubs(:developer_emails).returns([admin.email])
|
||||
Guardian.new(admin).can_impersonate?(another_admin).should be_true
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue