[admin] allow impersonation for superusers, for debigging purposes

This commit is contained in:
Andrea 2022-01-15 21:50:33 +01:00
parent 015a55ae55
commit 70716e72a2
2 changed files with 8 additions and 1 deletions

View File

@ -56,6 +56,7 @@
<template v-slot:row="s">
<td>
<a :href="'https://pronouns.page/@' + s.el.username">@{{s.el.username}}</a>
<a href="#" class="badge bg-primary text-white" @click.prevent="impersonate(s.el.username)"><Icon v="user-secret"/></a>
</td>
<td>
{{$datetime($ulidTime(s.el.id))}}

View File

@ -550,8 +550,14 @@ router.get('/user/logout-universal', handleErrorAsync(async (req, res) => {
return res.json('Token removed');
}));
const canImpersonate = (req) => {
return req.isGranted('*') || (
req.isGranted('users') && ['example@pronouns.page'].includes(req.params.email)
);
}
router.get('/admin/impersonate/:email', handleErrorAsync(async (req, res) => {
if (!req.isGranted('users') || !['example@pronouns.page'].includes(req.params.email)) {
if (!canImpersonate(req)) {
return res.status(401).json({error: 'Unauthorised'});
}