github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-03-22 06:15:34 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: log impersonations

Browse Source
This commit is contained in:
Régis Hanol 2014-11-06 10:58:47 +01:00
parent 246f77c98d
commit bb2d538194
5 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/admin/impersonate_controller.rb
View File

@ -4,11 +4,13 @@ class Admin::ImpersonateController < Admin::AdminController
params.require(:username_or_email) params.require(:username_or_email)
user = User.find_by_username_or_email(params[:username_or_email]) user = User.find_by_username_or_email(params[:username_or_email])
raise Discourse::NotFound if user.blank? raise Discourse::NotFound if user.blank?
guardian.ensure_can_impersonate!(user) guardian.ensure_can_impersonate!(user)
# log impersonate
StaffActionLogger.new(current_user).log_impersonate(user)
# Log on as the user # Log on as the user
log_on_user(user) log_on_user(user)

6
app/models/user_history.rb
View File

@ -32,7 +32,8 @@ class UserHistory < ActiveRecord::Base
:auto_trust_level_change, :auto_trust_level_change,
:check_email, :check_email,
:delete_post, :delete_post,
:delete_topic) :delete_topic,
:impersonate)
end end
# Staff actions is a subset of all actions, used to audit actions taken by staff users. # Staff actions is a subset of all actions, used to audit actions taken by staff users.
@ -48,7 +49,8 @@ class UserHistory < ActiveRecord::Base
:revoke_badge, :revoke_badge,
:check_email, :check_email,
:delete_post, :delete_post,
:delete_topic] :delete_topic,
:impersonate]
end end
def self.staff_action_ids def self.staff_action_ids

8
app/services/staff_action_logger.rb
View File

@ -156,6 +156,14 @@ class StaffActionLogger
SQL SQL
end end
def log_impersonate(user, opts={})
raise Discourse::InvalidParameters.new("user is nil") unless user
UserHistory.create(params(opts).merge({
action: UserHistory.actions[:impersonate],
target_user_id: user.id
}))
end
private private
def params(opts) def params(opts)

1
config/locales/client.en.yml
View File

@ -1833,6 +1833,7 @@ en:
check_email: "check email" check_email: "check email"
delete_topic: "delete topic" delete_topic: "delete topic"
delete_post: "delete post" delete_post: "delete post"
impersonate: "impersonate"
screened_emails: screened_emails:
title: "Screened Emails" title: "Screened Emails"
description: "When someone tries to create a new account, the following email addresses will be checked and the registration will be blocked, or some other action performed." description: "When someone tries to create a new account, the following email addresses will be checked and the registration will be blocked, or some other action performed."

10
spec/controllers/admin/impersonate_controller_spec.rb
View File

@ -6,7 +6,6 @@ describe Admin::ImpersonateController do
(Admin::ImpersonateController < Admin::AdminController).should == true (Admin::ImpersonateController < Admin::AdminController).should == true
end end
context 'while logged in as an admin' do context 'while logged in as an admin' do
let!(:admin) { log_in(:admin) } let!(:admin) { log_in(:admin) }
let(:user) { Fabricate(:user) } let(:user) { Fabricate(:user) }
@ -21,7 +20,7 @@ describe Admin::ImpersonateController do
context 'create' do context 'create' do
it 'requires a username_or_email parameter' do it 'requires a username_or_email parameter' do
lambda { xhr :put, :create }.should raise_error(ActionController::ParameterMissing) -> { xhr :put, :create }.should raise_error(ActionController::ParameterMissing)
end end
it 'returns 404 when that user does not exist' do it 'returns 404 when that user does not exist' do
@ -37,6 +36,11 @@ describe Admin::ImpersonateController do
context 'success' do context 'success' do
it "logs the impersonation" do
StaffActionLogger.any_instance.expects(:log_impersonate)
xhr :post, :create, username_or_email: user.username
end
it "changes the current user session id" do it "changes the current user session id" do
xhr :post, :create, username_or_email: user.username xhr :post, :create, username_or_email: user.username
session[:current_user_id].should == user.id session[:current_user_id].should == user.id
@ -58,6 +62,4 @@ describe Admin::ImpersonateController do
end end
end end