[admin] allow impersonation for superusers, for debigging purposes

2022-01-15 21:50:33 +01:00 · 2022-01-15 21:50:33 +01:00 · 70716e72a2
parent 015a55ae55
commit 70716e72a2
2 changed files with 8 additions and 1 deletions
--- a/routes/admin.vue
+++ b/routes/admin.vue
@ -56,6 +56,7 @@
                        <template v-slot:row="s">
                            <td>
                                <a :href="'https://pronouns.page/@' + s.el.username">@{{s.el.username}}</a>
+                                <a href="#" class="badge bg-primary text-white" @click.prevent="impersonate(s.el.username)"><Icon v="user-secret"/></a>
                            </td>
                            <td>
                                {{$datetime($ulidTime(s.el.id))}}
--- a/server/routes/user.js
+++ b/server/routes/user.js
@ -550,8 +550,14 @@ router.get('/user/logout-universal', handleErrorAsync(async (req, res) => {
    return res.json('Token removed');
 }));

+const canImpersonate = (req) => {
+    return req.isGranted('*') || (
+        req.isGranted('users') && ['example@pronouns.page'].includes(req.params.email)
+    );
+}
+
 router.get('/admin/impersonate/:email', handleErrorAsync(async (req, res) => {
-    if (!req.isGranted('users') || !['example@pronouns.page'].includes(req.params.email)) {
+    if (!canImpersonate(req)) {
        return res.status(401).json({error: 'Unauthorised'});
    }