Class: Rails::Auth::ImpersonationsController

Inherits:

ApplicationController

• Object
• ApplicationController
• ApplicationController
• Rails::Auth::ImpersonationsController

Defined in:

app/controllers/rails/auth/impersonations_controller.rb

Instance Method Summary

• #create ⇒ Object
• #destroy ⇒ Object

Instance Method Details

#create ⇒ Object

# File 'app/controllers/rails/auth/impersonations_controller.rb', line 7

def create
  user = Rails::Auth.user_class.find(params[:user_id])

  if user == current_user
    redirect_to main_app.root_path, alert: "You cannot impersonate yourself."
    return
  end

  # Store the current admin session so we can go back
  admin_user = current_user

  # Sign out current session (admin)
  sign_out

  # Sign in as the target user, but mark it as impersonated
  sign_in(user, impersonated_by: admin_user)

  redirect_to main_app.root_path, notice: "You are now impersonating #{user.email}."
end

#destroy ⇒ Object

# File 'app/controllers/rails/auth/impersonations_controller.rb', line 27

def destroy
  unless impersonating?
    redirect_to main_app.root_path, alert: "You are not impersonating anyone."
    return
  end

  admin_user = true_user

  # Sign out of the impersonated session
  current_user.log_security_event!(:impersonation_stopped, request, { impersonated_by_id: admin_user.id })
  sign_out

  # Sign back in as the admin
  sign_in(admin_user)

  redirect_to main_app.root_path, notice: "Impersonation stopped. Welcome back, #{admin_user.email}."
end