Merge pull request #503 from CanineHQ/chriszhu__impersonation

added impersonation controller
2026-01-31 08:29:53 -06:00 · 2026-01-16 11:33:36 -08:00
parent f267f8e688 b2509ddc42
commit fcaacd028f
6 changed files with 31 additions and 11 deletions
--- a/app/avo/resources/user.rb
+++ b/app/avo/resources/user.rb
@@ -10,6 +10,8 @@ class Avo::Resources::User < Avo::BaseResource
  }

  def fields
+    tool Avo::ResourceTools::User, only_on: :show
+
    field :id, as: :id
    field :email, as: :text, link_to_record: true
    field :first_name, as: :text
--- a/app/controllers/avo/impersonations_controller.rb
+++ b/app/controllers/avo/impersonations_controller.rb
@@ -0,0 +1,24 @@
+class Avo::ImpersonationsController < Avo::ApplicationController
+  impersonates :user
+
+  before_action :require_admin, only: :create
+
+  def create
+    user = User.find(params[:user_id])
+    impersonate_user(user)
+    redirect_to main_app.root_path, notice: "Now impersonating #{user.name}"
+  end
+
+  def destroy
+    stop_impersonating_user
+    redirect_to main_app.root_path, notice: "Stopped impersonating"
+  end
+
+  private
+
+  def require_admin
+    unless true_user&.admin?
+      redirect_to main_app.root_path, alert: "Not authorized"
+    end
+  end
+end
--- a/app/controllers/avo/tools_controller.rb
+++ b/app/controllers/avo/tools_controller.rb
@@ -5,10 +5,4 @@ class Avo::ToolsController < Avo::ApplicationController
    @page_title = "Dashboard"
    add_breadcrumb "Dashboard"
  end
-
-  def login_as
-    user = User.find(params[:id])
-    sign_in(user)
-    redirect_to root_path
-  end
 end
--- a/app/views/avo/resource_tools/_user.html.erb
+++ b/app/views/avo/resource_tools/_user.html.erb
@@ -10,7 +10,7 @@
      <div class="flex flex-col p-4 min-h-24">
        <div class="space-y-4">
          <h3>Manage User</h3>
-          <%= form_with url: login_as_path(@resource.record.id), method: :post, data: { turbo: false } do |f| %>
+          <%= form_with url: avo.impersonation_path(user_id: @resource.record.id), method: :post, data: { turbo: false } do |f| %>
            <%= f.submit "Login As", class: Avo::Config.button_css %>
          <% end %>
          <%
--- a/app/views/shared/_navbar.html.erb
+++ b/app/views/shared/_navbar.html.erb
@@ -1,7 +1,7 @@
 <% if current_user != true_user %>
-  <div class="alert alert-warning text-center">
-    You're logged in as <b><%= current_user.name %> (<%= current_user.email %>)</b>
-    <%= link_to stop_impersonating_madmin_impersonates_path, method: :post do %><%= icon("fas", "times") %> Logout <% end %>
+  <div class="bg-warning text-warning-content text-center py-2 px-4 font-medium flex items-center justify-center gap-2">
+    <span>You are impersonating <b><%= current_user.name %> (<%= current_user.email %>)</b></span>
+    <%= button_to "Stop Impersonating", avo.impersonation_path, method: :delete, class: "btn btn-sm btn-ghost" %>
  </div>
 <% end %>

--- a/config/routes.rb
+++ b/config/routes.rb
@@ -64,7 +64,7 @@ Rails.application.routes.draw do
    Avo::Engine.routes.draw do
      # This route is not protected, secure it with authentication if needed.
      get "dashboard", to: "tools#dashboard", as: :dashboard
-      post "login_as/:id", to: "tools#login_as", as: :login_as
+      resource :impersonation, only: [ :create, :destroy ]
    end
  end
  resources :accounts, only: [ :create ] do