Fix hasattr impersonator usage

davegaeddert · davegaeddert · commit 548a3859f53c · 2025-10-22T10:48:34.000-05:00
diff --git a/plain-auth/plain/auth/views.py b/plain-auth/plain/auth/views.py
@@ -23,6 +23,11 @@
 if TYPE_CHECKING:
     from plain.http import Request
 
+try:
+    from plain.admin.impersonate import get_request_impersonator
+except ImportError:
+    get_request_impersonator: Any = None
+
 
 class LoginRequired(Exception):
     def __init__(self, login_url: str | None = None, redirect_field_name: str = "next"):
@@ -65,14 +70,17 @@ def check_auth(self) -> None:
         if self.admin_required:
             # At this point, we know user is authenticated (from check above)
             # Check if impersonation is active
-            if impersonator := getattr(self, "impersonator", None):
-                # Impersonators should be able to view admin pages while impersonating.
-                # There's probably never a case where an impersonator isn't admin, but it can be configured.
-                if not impersonator.is_admin:
-                    raise PermissionDenied(
-                        "You do not have permission to access this page."
-                    )
-            elif not self.user.is_admin:
+            if get_request_impersonator:
+                if impersonator := get_request_impersonator(self.request):
+                    # Impersonators should be able to view admin pages while impersonating.
+                    # There's probably never a case where an impersonator isn't admin, but it can be configured.
+                    if not impersonator.is_admin:
+                        raise PermissionDenied(
+                            "You do not have permission to access this page."
+                        )
+                    return
+
+            if not self.user.is_admin:
                 # Show a 404 so we don't expose admin urls to non-admin users
                 raise Http404()
 
diff --git a/plain-pageviews/plain/pageviews/models.py b/plain-pageviews/plain/pageviews/models.py
@@ -22,6 +22,11 @@
 except ImportError:
     get_request_session: Any = None
 
+try:
+    from plain.admin.impersonate import get_request_impersonator
+except ImportError:
+    get_request_impersonator: Any = None
+
 
 @models.register_model
 class Pageview(models.Model):
@@ -89,7 +94,7 @@ def create_from_request(
         Returns:
             Pageview instance or None if user is being impersonated
         """
-        if getattr(request, "impersonator", None):
+        if get_request_impersonator and get_request_impersonator(request):
             return None
 
         if url is None:
diff --git a/plain-toolbar/plain/toolbar/toolbar.py b/plain-toolbar/plain/toolbar/toolbar.py
@@ -21,6 +21,11 @@
 except ImportError:
     get_request_user: Any = None
 
+try:
+    from plain.admin.impersonate import get_request_impersonator
+except ImportError:
+    get_request_impersonator: Any = None
+
 
 class Toolbar:
     def __init__(self, context: Context) -> None:
@@ -32,8 +37,9 @@ def should_render(self) -> bool:
         if settings.DEBUG:
             return True
 
-        if impersonator := getattr(self.request, "impersonator", None):
-            return getattr(impersonator, "is_admin", False)
+        if get_request_impersonator:
+            if impersonator := get_request_impersonator(self.request):
+                return getattr(impersonator, "is_admin", False)
 
         user = get_request_user(self.request) if get_request_user else None
         if user:
