From 97d69c5f36e5b5f7d99ef4220e73aa421852b851 Mon Sep 17 00:00:00 2001 From: Samir Tapiero Date: Wed, 16 Oct 2024 14:35:06 -0500 Subject: [PATCH 1/2] Refactor impersonation action to prevent the redirect when admin session expired --- app/admin/user.rb | 22 ++++++++++------------ app/policies/admin/user_policy.rb | 6 +++++- spec/policies/admin/user_policy_spec.rb | 17 +++++++++++++++++ 3 files changed, 32 insertions(+), 13 deletions(-) diff --git a/app/admin/user.rb b/app/admin/user.rb index 5b0b8e05..42d838b3 100644 --- a/app/admin/user.rb +++ b/app/admin/user.rb @@ -3,6 +3,13 @@ ActiveAdmin.register User do permit_params :email, :first_name, :last_name, :username, :password, :password_confirmation + member_action :impersonate, method: :post do + signed_data = Impersonation::Verifier.new.sign!( + user_id: resource.id, admin_user_id: current_admin_user.id + ) + redirect_to "#{ENV.fetch('IMPERSONATION_URL')}?auth=#{signed_data}", allow_other_host: true + end + form do |f| f.inputs 'Details' do f.input :email @@ -55,18 +62,9 @@ end if ENV['IMPERSONATION_URL'].present? - action_item :user_impersonation, only: :show do - signed_data = Impersonation::Verifier.new.sign!( - user_id: resource.id, admin_user_id: current_admin_user.id - ) - - link_to_if Flipper[:impersonation_tool].enabled?, - " - - Impersonate User - - ".html_safe, # rubocop:disable Rails/OutputSafety - "#{ENV.fetch('IMPERSONATION_URL')}?auth=#{signed_data}" + action_item :user_impersonation, only: :show, if: proc { Flipper.enabled?(:impersonation_tool) } do + link_to 'Impersonate User', impersonate_admin_user_path(resource), method: :post, + target: '_blank', rel: 'noopener' end end end diff --git a/app/policies/admin/user_policy.rb b/app/policies/admin/user_policy.rb index 99418964..10f23d14 100644 --- a/app/policies/admin/user_policy.rb +++ b/app/policies/admin/user_policy.rb @@ -1,5 +1,9 @@ # frozen_string_literal: true module Admin - class UserPolicy < Admin::ApplicationPolicy; end + class UserPolicy < Admin::ApplicationPolicy + def impersonate? + create? && Flipper.enabled?(:impersonation_tool) + end + end end diff --git a/spec/policies/admin/user_policy_spec.rb b/spec/policies/admin/user_policy_spec.rb index 795bdda9..ff8f2d21 100644 --- a/spec/policies/admin/user_policy_spec.rb +++ b/spec/policies/admin/user_policy_spec.rb @@ -11,4 +11,21 @@ expect(subject).to permit(admin, user) end end + + permissions :impersonate? do + let(:admin) { create(:admin_user) } + let(:user) { create(:user) } + + it 'allow access when impersonate_tool is enable' do + allow(Flipper).to receive(:enabled?).with(:impersonation_tool).and_return(true) + + expect(subject).to permit(admin, user) + end + + it 'denies access when impersonate_tool is disable' do + allow(Flipper).to receive(:enabled?).with(:impersonation_tool).and_return(false) + + expect(subject).not_to permit(admin, user) + end + end end From 3710ca9d804227a83103a328b81d2ecc38392757 Mon Sep 17 00:00:00 2001 From: Samir Tapiero Date: Mon, 11 Nov 2024 17:37:16 -0500 Subject: [PATCH 2/2] Add validation to add the member action --- app/admin/user.rb | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/app/admin/user.rb b/app/admin/user.rb index 42d838b3..9778d093 100644 --- a/app/admin/user.rb +++ b/app/admin/user.rb @@ -3,11 +3,13 @@ ActiveAdmin.register User do permit_params :email, :first_name, :last_name, :username, :password, :password_confirmation - member_action :impersonate, method: :post do - signed_data = Impersonation::Verifier.new.sign!( - user_id: resource.id, admin_user_id: current_admin_user.id - ) - redirect_to "#{ENV.fetch('IMPERSONATION_URL')}?auth=#{signed_data}", allow_other_host: true + if ENV['IMPERSONATION_URL'].present? + member_action :impersonate, method: :post do + signed_data = Impersonation::Verifier.new.sign!( + user_id: resource.id, admin_user_id: current_admin_user.id + ) + redirect_to "#{ENV.fetch('IMPERSONATION_URL')}?auth=#{signed_data}", allow_other_host: true + end end form do |f|