Network Administration Visualized

Admin can change his/her effective user ID

Registered by Thomas Adamcik on 2008-09-11

This task concerns itself with making somewhat of a "sudo" system for the NAV web UI, enabling the administrator to act as other NAV users.
This idea arises from the oft requested need to edit a mortal user's alert profile. A general "sudo"-like mechanism of the web UI should not be too difficult to implement.

  * A "sudo" tool will move the session's //user// attribute into a //realUser// attribute, and attach the effective account object to the session's //user// attribute. This should work for the entire web interface.
  * The MainTemplate must be able to differentiate whether a real user is logged in, or if someone is just effectively operating as that user. MainTemplate must clearly signify this state in the interface, so the administrator knows why his/her effective privileges have been dropped.
  * The "sudo" tool must have a "return to being the administrator" function, which should be available from the MainTemplate near the "logout user" and/or "currently logged in as user" elements.
  * The ability to to "sudo" in the web interface should be a configurable privilege in the user admin panel.

Read the full specification

Blueprint information

Status:: Complete

Approver:: Morten Brekkevold

Priority:: Medium

Drafter:: Morten Brekkevold

Direction:: Approved

Assignee:: Magnus Eide

Definition:: Approved

Series goal:: Accepted for 3.7

Implementation:: Implemented

Milestone target:: 3.7.0

Started by: Magnus Eide on 2010-06-25

Completed by: Morten Brekkevold on 2010-11-10

Related branches

Related bugs

Sprints

Whiteboard

Button to "assume direct control" on account detail page under user administration.

When posing as another user, a bar at the top of the page will remind the user of this, and also allow him/her to stop posing and become their own user again.

A sudoers session dict will look something like this:
session['user'] = {
    'id': posing_as.id,
    'login': posing_as.login,
    'name': posing_as.name,
    'sudoer': {
        'id': original_user.id
        'login': original_user.login,
        'name': original_user.name,
    }
}

This feature branch has now been merged to default.

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.