56 lines
1.7 KiB
Python
56 lines
1.7 KiB
Python
|
"""passbook impersonation views"""
|
||
|
|
||
|
from django.http import HttpRequest, HttpResponse
|
||
|
from django.shortcuts import get_object_or_404, redirect
|
||
|
from django.views import View
|
||
|
from structlog import get_logger
|
||
|
|
||
|
from passbook.core.middleware import (
|
||
|
SESSION_IMPERSONATE_ORIGINAL_USER,
|
||
|
SESSION_IMPERSONATE_USER,
|
||
|
)
|
||
|
from passbook.core.models import User
|
||
|
|
||
|
LOGGER = get_logger()
|
||
|
|
||
|
|
||
|
class ImpersonateInitView(View):
|
||
|
"""Initiate Impersonation"""
|
||
|
|
||
|
def get(self, request: HttpRequest, user_id: int) -> HttpResponse:
|
||
|
"""Impersonation handler, checks permissions"""
|
||
|
if not request.user.has_perm("impersonate"):
|
||
|
LOGGER.debug(
|
||
|
"User attempted to impersonate without permissions", user=request.user
|
||
|
)
|
||
|
return HttpResponse("Unauthorized", status=401)
|
||
|
|
||
|
user_to_be = get_object_or_404(User, pk=user_id)
|
||
|
|
||
|
request.session[SESSION_IMPERSONATE_ORIGINAL_USER] = request.user
|
||
|
request.session[SESSION_IMPERSONATE_USER] = user_to_be
|
||
|
|
||
|
# TODO Audit log entry
|
||
|
|
||
|
return redirect("passbook_core:overview")
|
||
|
|
||
|
|
||
|
class ImpersonateEndView(View):
|
||
|
"""End User impersonation"""
|
||
|
|
||
|
def get(self, request: HttpRequest) -> HttpResponse:
|
||
|
"""End Impersonation handler"""
|
||
|
if (
|
||
|
SESSION_IMPERSONATE_USER not in request.session
|
||
|
or SESSION_IMPERSONATE_ORIGINAL_USER not in request.session
|
||
|
):
|
||
|
LOGGER.debug("Can't end impersonation", user=request.user)
|
||
|
return redirect("passbook_core:overview")
|
||
|
|
||
|
del request.session[SESSION_IMPERSONATE_USER]
|
||
|
del request.session[SESSION_IMPERSONATE_ORIGINAL_USER]
|
||
|
|
||
|
# TODO: Audit log entry
|
||
|
|
||
|
return redirect("passbook_core:overview")
|