FEATURE: log impersonations
This commit is contained in:
Régis Hanol
parent
246f77c98d
commit
bb2d538194
|
|
@ -4,11 +4,13 @@ class Admin::ImpersonateController < Admin::AdminController
|
|||
params.require(:username_or_email)
|
||||
|
||||
user = User.find_by_username_or_email(params[:username_or_email])
|
||||
|
||||
raise Discourse::NotFound if user.blank?
|
||||
|
||||
guardian.ensure_can_impersonate!(user)
|
||||
|
||||
# log impersonate
|
||||
StaffActionLogger.new(current_user).log_impersonate(user)
|
||||
|
||||
# Log on as the user
|
||||
log_on_user(user)
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,8 @@ class UserHistory < ActiveRecord::Base
|
|||
:auto_trust_level_change,
|
||||
:check_email,
|
||||
:delete_post,
|
||||
:delete_topic)
|
||||
:delete_topic,
|
||||
:impersonate)
|
||||
end
|
||||
|
||||
# Staff actions is a subset of all actions, used to audit actions taken by staff users.
|
||||
|
|
@ -48,7 +49,8 @@ class UserHistory < ActiveRecord::Base
|
|||
:revoke_badge,
|
||||
:check_email,
|
||||
:delete_post,
|
||||
:delete_topic]
|
||||
:delete_topic,
|
||||
:impersonate]
|
||||
end
|
||||
|
||||
def self.staff_action_ids
|
||||
|
|
|
|||
|
|
@ -156,6 +156,14 @@ class StaffActionLogger
|
|||
SQL
|
||||
end
|
||||
|
||||
def log_impersonate(user, opts={})
|
||||
raise Discourse::InvalidParameters.new("user is nil") unless user
|
||||
UserHistory.create(params(opts).merge({
|
||||
action: UserHistory.actions[:impersonate],
|
||||
target_user_id: user.id
|
||||
}))
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def params(opts)
|
||||
|
|
|
|||
|
|
@ -1833,6 +1833,7 @@ en:
|
|||
check_email: "check email"
|
||||
delete_topic: "delete topic"
|
||||
delete_post: "delete post"
|
||||
impersonate: "impersonate"
|
||||
screened_emails:
|
||||
title: "Screened Emails"
|
||||
description: "When someone tries to create a new account, the following email addresses will be checked and the registration will be blocked, or some other action performed."
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ describe Admin::ImpersonateController do
|
|||
(Admin::ImpersonateController < Admin::AdminController).should == true
|
||||
end
|
||||
|
||||
|
||||
context 'while logged in as an admin' do
|
||||
let!(:admin) { log_in(:admin) }
|
||||
let(:user) { Fabricate(:user) }
|
||||
|
|
@ -21,7 +20,7 @@ describe Admin::ImpersonateController do
|
|||
context 'create' do
|
||||
|
||||
it 'requires a username_or_email parameter' do
|
||||
lambda { xhr :put, :create }.should raise_error(ActionController::ParameterMissing)
|
||||
-> { xhr :put, :create }.should raise_error(ActionController::ParameterMissing)
|
||||
end
|
||||
|
||||
it 'returns 404 when that user does not exist' do
|
||||
|
|
@ -37,6 +36,11 @@ describe Admin::ImpersonateController do
|
|||
|
||||
context 'success' do
|
||||
|
||||
it "logs the impersonation" do
|
||||
StaffActionLogger.any_instance.expects(:log_impersonate)
|
||||
xhr :post, :create, username_or_email: user.username
|
||||
end
|
||||
|
||||
it "changes the current user session id" do
|
||||
xhr :post, :create, username_or_email: user.username
|
||||
session[:current_user_id].should == user.id
|
||||
|
|
@ -58,6 +62,4 @@ describe Admin::ImpersonateController do
|
|||
|
||||
end
|
||||
|
||||
|
||||
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue