Pretender
As an admin, there are times you want to see exactly what another user sees or take action on behalf of a user. Meet Pretender.
- Easy to switch back and forth between roles
- Minimal code changes
- Plays nicely with auditing tools - this is crucial
Rock on :boom:
Pretender is also flexible and lightweight - less than 40 lines of code :-)
Pretender works with Rails 2.3+ and almost any authentication system. (devise, authlogic, sorcery, and many more - it’s agnostic)
Get started
Add this line to your application’s Gemfile:
# Gemfile
gem 'pretender'
And add this line to your ApplicationController:
# app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
impersonates :user
end
This adds three methods to your controllers:
true_user
# returns authenticated user
impersonate_user(user)
# allows you to login as another user
stop_impersonating_user
# become yourself again
And changes the behavior of another:
current_user
# now returns:
# - if impersonating, the impersonated user
# - otherwise, the true user
Note: the name of this method is configurable (details at the end)
Now we need to set up a way to login as another user. Pretender makes no assumptions about how you want to do this. I like to add this to my admin dashboard.
Sample Implementation
class Admin::UsersController < ApplicationController
before_filter :require_admin
def impersonate
user = User.find(params[:id])
impersonate_user(user)
redirect_to root_path
end
def stop_impersonating
stop_impersonating_user
redirect_to root_path
end
end
Show Admins
You may want to make it obvious to an admin when he / she is signed in as another user. I like to add this to the application layout.
Haml / Slim
- # app/views/layouts/application.html.haml
- if current_user != true_user
.alert
You (#{true_user.name}) are signed in as #{current_user.name}
= link_to "Back to admin", stop_impersonating_path
Audits
If you keep audit logs with a library like audited, make sure it uses the true user.
Audited.current_user_method = :true_user
Configuration
Pretender is super flexible. You can change the names of methods and even impersonate multiple roles at the same time. Here’s the default configuration.
# app/controllers/application_controller.rb
impersonates :user,
:method => :current_user,
:with => proc{|id| User.where(:id => id).first }
Mold it to fit your application.
# app/controllers/application_controller.rb
impersonates :account,
:method => :authenticated_account,
:with => proc{|id| EnterpriseAccount.where(:id => id).first }
This creates three methods:
true_account
impersonate_account
stop_impersonating_account
Also, authenticated_account is overridden with EnterpriseAccount.where(:id => id).first
Contributing
Everyone is encouraged to help improve this project. Here are a few ways you can help:
- Report bugs
- Fix bugs and submit pull requests
- Write, clarify, or fix documentation
- Suggest or add new features
That’s all folks!