I'm using devise and devise-basecamper for authentication with my subdomain based web app.
I would like to allow super users to access any of the accounts (basically any subdomain).
I'm not sure how i would go about implementing this so that a user can be authenticated into any subdomain since a user is currently validated against a specific subdomain.
Any ideas?
If I understood correctly your needs, the st approach is to perform the following steps:
Becoming user
This is necessary if you need to perform actions as another user, or "see what he sees"
First you need to implement the devise's official way (this is pseudo-code, I let you adapt it to your personal situation)
# the usage of session[:original_user_id] is explained later
def become
if admin? or session[:original_user_id]
if session[:original_user_id] == params[:id]
session[:original_user_id] = nil # This is intended to clean-up stuff after you become your self back again
else
session[:original_user_id] = current_user.id # This is to record your real identity while you are becoming some one else
end
sign_in(:user, User.find(params[:id]))
end
end
As you see, we "become" the requested user, plus we record in session your real user.id
. Note that if you choose this solution you MUST set-up rails to save session data in database, to avoid avoid having those data roaming around in wild cookies.
Becoming your self back again
Second you need somewhere in your view a link to "become back your self", I suggest header as a good location
if session[:original_user_id]
link_to 'Be my self', become_path(session[:original_user_id])
end
This will create a link, visible only for admin that "became" someone else, and the link will allow you to "become" the user with ID that correspond to your real user account. Clicking on it will bring back your real identity.
Keep your admin privileges while you became another user
Then you want to keep you admin privilege, we need to cheat the system to make him believe that the user you "became" is an admin, but we must protect the application so it won't do unwanted save of this "fake privilege" in the database
In your application controller, implement a before filter
before_filter :fake_admin
def fake_admin
if session[:original_user_id]
current_user.fake_admin = true
current_user.admin = true
end
end
Then to protect you user record to gain unwanted admin privilege, in your user model you can set a before_save_filter (or before_validation_filter, depending on your architecture)
before_save :check_for_fake_admin
def check_for_fake_admin
self.admin = false if self.fake_admin
end
Avoid logs to mention the name of the user you became
You have no choice than manually hack all places in your application where an action needs to mention the admin name instead of the user you "became"'s name. Axample in records updated_by
must be set to session[:original_user_id]
if it is not nil
Now that's needed not only in the logs, but for any other thing. It all depend on your application and it can become very tedious to maintain.
Disclamer
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With