give god rights of impersonation to developers, must be edited into the production.rb config file

config/environments/production.rb.sample

@@ -66,4 +66,9 @@ Discourse::Application.configure do
   # For origin pull cdns all you need to do is register an account and configure
   # config.action_controller.asset_host = "http://YOUR_CDN_HERE"
 
+  # a comma delimited list of emails your devs have
+  # developers have god like rights and may impersonate anyone in the system
+  # normal admins may only impersonate other moderators (not admins)
+  config.developer_emails = []
+
 end

lib/guardian.rb

@@ -9,6 +9,7 @@ class Guardian
     def secure_category_ids; []; end
     def topic_create_allowed_category_ids; []; end
     def has_trust_level?(level); false; end
+    def email; nil; end
   end
 
   def initialize(user=nil)
@@ -36,6 +37,13 @@ class Guardian
     @user.staff?
   end
 
+  def is_developer?
+    @user &&
+    is_admin? &&
+    Rails.configuration.respond_to?(:developer_emails) &&
+    Rails.configuration.developer_emails.include?(@user.email)
+  end
+
   # Can the user see the object?
   def can_see?(obj)
     if obj
@@ -89,8 +97,8 @@ class Guardian
     # You must be an admin to impersonate
     is_admin? &&
 
-    # You may not impersonate other admins
-    not(target.admin?)
+    # You may not impersonate other admins unless you are a dev
+    (!target.admin? || is_developer?)
 
     # Additionally, you may not impersonate yourself;
     # but the two tests for different admin statuses

spec/components/guardian_spec.rb

@@ -175,6 +175,9 @@ describe Guardian do
       Guardian.new(admin).can_impersonate?(another_admin).should be_false
       Guardian.new(admin).can_impersonate?(user).should be_true
       Guardian.new(admin).can_impersonate?(moderator).should be_true
+
+      Rails.configuration.stubs(:developer_emails).returns([admin.email])
+      Guardian.new(admin).can_impersonate?(another_admin).should be_true
     end
   end