Admin can change his/her effective user ID
This task concerns itself with making somewhat of a "sudo" system for the NAV web UI, enabling the administrator to act as other NAV users.
This idea arises from the oft requested need to edit a mortal user's alert profile. A general "sudo"-like mechanism of the web UI should not be too difficult to implement.
* A "sudo" tool will move the session's //user// attribute into a //realUser// attribute, and attach the effective account object to the session's //user// attribute. This should work for the entire web interface.
* The MainTemplate must be able to differentiate whether a real user is logged in, or if someone is just effectively operating as that user. MainTemplate must clearly signify this state in the interface, so the administrator knows why his/her effective privileges have been dropped.
* The "sudo" tool must have a "return to being the administrator" function, which should be available from the MainTemplate near the "logout user" and/or "currently logged in as user" elements.
* The ability to to "sudo" in the web interface should be a configurable privilege in the user admin panel.
Blueprint information
- Status:
- Complete
- Approver:
- Morten Brekkevold
- Priority:
- Medium
- Drafter:
- Morten Brekkevold
- Direction:
- Approved
- Assignee:
- Magnus Eide
- Definition:
- Approved
- Series goal:
- Accepted for 3.7
- Implementation:
- Implemented
- Milestone target:
- 3.7.0
- Started by
- Magnus Eide
- Completed by
- Morten Brekkevold
Related branches
Related bugs
Sprints
Whiteboard
Button to "assume direct control" on account detail page under user administration.
When posing as another user, a bar at the top of the page will remind the user of this, and also allow him/her to stop posing and become their own user again.
A sudoers session dict will look something like this:
session['user'] = {
'id': posing_as.id,
'login': posing_as.login,
'name': posing_as.name,
'sudoer': {
'id': original_user.id
'login': original_
'name': original_user.name,
}
}
This feature branch has now been merged to default.