[Catalyst] Re: superuser "switch-user" session function?
will trillich
will.trillich at serensoft.com
Sun Sep 25 19:37:49 GMT 2011
Mwa ha ha! It was $c->SET_AUTHENTICATED all along! This is how you
switch-user/become-user/super-user inside Catalyst.
Try this on for size:
sub su : Chained('/is_admin') PathPart('su') Args(1) {
my ( $self, $c, $id ) =3D @_;
my $user_was =3D $c->user;
my $user_is =3D $c->find_user({ id =3D> $id }); # Do some error trappin=
g of
course...
$c->*set_authenticated*( $user_is );
$c->stash( message =3D> join ' ', 'Switched
from',$user_was->name,'to',$user_is->name );
}
Voila! Now $c->user is "$user_is" and no longer "$user_was". Neat!
Any bad carma expected here? This is so admin-types can help non-admin-types
diagnose issues...
On Tue, Nov 30, 2010 at 3:18 PM, Hernan Lopes <hernanlopes at gmail.com> wrote:
> Indeed, i think it should login as a new user not changing the actual
> session.
> maybe something like:
>
> admin clicks "login as joeuser">open a new browser window as admin>verify
> its admin and re-login as a new user. register on session user is admin so
> he can log back in.
> Then add button "terminate session, close window and logout and log back =
in
> with adminfoologin on parent.window"
>
>
> --Hernan
>
>
> On Tue, Nov 30, 2010 at 1:01 PM, Peter Karman <peter at peknet.com> wrote:
>
>> will trillich wrote on 11/29/2010 05:37 PM:
>> > Aha! It looks like a sneaky, evil, wrong, mean, horrid way to
>> > switch-user in the middle of a session is to
>> >
>> > $c->session->{__user}{id} =3D $new_id_here; # since "id" =3D PK
>> >
>> > But that's undoubtedly bad form of the worst kind.
>> >
>> > What's the canonical non-sneaky above-board friendly golden way to do
>> this?
>> >
>>
>> I don't know that there is a canonical way. This is Perl.
>>
>> As I mentioned in my reply to this thread in July[0], one way is to
>> login as the new user and store the original username in the new user's
>> session. That way the app knows that the new user is allowed to revert
>> to the original user, but otherwise the app treats the current session
>> just as it would if the new user had logged in normally.
>>
>>
>> [0] http://www.mail-archive.com/catalyst@lists.scsys.co.uk/msg09968.html
>>
>> --
>> Peter Karman . http://peknet.com/ . peter at peknet.com
>>
>> _______________________________________________
>> List: Catalyst at lists.scsys.co.uk
>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> Searchable archive:
>> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>> Dev site: http://dev.catalyst.perl.org/
>>
>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>
-- =
"The very nucleus of Character: to do what you know you should do, when you
don't want to do it." Stephen Covey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20110925/b3fb0=
aee/attachment.htm
More information about the Catalyst
mailing list