gitcoinco · coderberry · Mar 27, 2018 · Mar 26, 2018 · Mar 26, 2018 · Mar 26, 2018
diff --git a/lib/code_sponsor_web/controllers/user_controller.ex b/lib/code_sponsor_web/controllers/user_controller.ex
@@ -4,9 +4,32 @@ defmodule CodeSponsorWeb.UserController do
   alias CodeSponsor.Repo
   alias CodeSponsor.Schema.User
 
-  plug CodeSponsorWeb.Plugs.RequireAnyRole, [roles: ["admin"]]
+  plug CodeSponsorWeb.Plugs.RequireAnyRole, [roles: ["admin"]] when action in [:index, :masquerade]
+  use Coherence.Config
 
   def index(conn, _params) do
     render conn, "index.html", users: Repo.all from u in User, preload: [:properties]
   end
+
+  def masquerade(conn, %{"id" => user_id}) do
+    Repo.get(User, user_id)
+    |> handle_masquerade(conn)
+    |> put_session("admin_user", conn.assigns.current_user)
+    |> put_flash(:notice, "You have successfully begun masquerading.")
+    |> redirect(to: dashboard_path(conn, :index))
+  end
+
+  def end_masquerade(conn, _params) do
+    conn
+    |> get_session("admin_user")
+    |> handle_masquerade(conn)
+    |> delete_session("admin_user")
+    |> put_flash(:notice, "You have successfully ended masquerading.")
+    |> redirect(to: dashboard_path(conn, :index))
+  end
+
+  defp handle_masquerade(user, conn) do
+    Config.auth_module()
+    |> apply(Config.create_login(), [conn, user, [id_key: Config.schema_key()]])
+  end
 end
diff --git a/lib/code_sponsor_web/router.ex b/lib/code_sponsor_web/router.ex
@@ -84,6 +84,8 @@ defmodule CodeSponsorWeb.Router do
     resources "/templates", TemplateController
     resources "/themes", ThemeController
     resources "/users", UserController, only: [:index]
+    get "/users/:id/masquerade", UserController, :masquerade
+    get "/users/end_masquerade", UserController, :end_masquerade
   end
 
   scope "/", CodeSponsorWeb do

diff --git a/lib/code_sponsor_web/templates/layout/admin.html.eex b/lib/code_sponsor_web/templates/layout/admin.html.eex
@@ -74,6 +74,17 @@
     <div class="sidebar">
       <nav class="sidebar-nav">
         <ul class="nav">
+          <%= if Plug.Conn.get_session(@conn, "admin_user") != nil do %>
+            <li class="nav-item">
+              <%= active_link(@conn, to: user_path(
+                  @conn,
+                  :end_masquerade),
+                  class: "nav-link") do %>
+                <i class="icon-speedometer"></i>
+                Leave Masquerade
+              <% end %>
+            </li>
+          <% end %>
           <li class="nav-item">
             <%= active_link(@conn, to: dashboard_path(@conn, :index), class: "nav-link") do %>
               <i class="icon-speedometer"></i>
@@ -123,18 +134,18 @@
                 Themes
               <% end %>
             </li>
+            <li class="nav-item">
+              <%= active_link(@conn, to: user_path(@conn, :index), class: "nav-link") do %>
+                <i class="icon-user"></i>
+                Users
+            <% end %>
           <% end %>
           <li class="nav-item">
             <%= active_link(@conn, to: registration_path(@conn, :show), class: "nav-link") do %>
               <i class="icon-user"></i>
               Profile
             <% end %>
           </li>
-          <li class="nav-item">
-            <%= active_link(@conn, to: user_path(@conn, :index), class: "nav-link") do %>
-              <i class="icon-user"></i>
-              Users
-            <% end %>
           </li>
         </ul>
       </nav>

diff --git a/lib/code_sponsor_web/templates/user/index.html.eex b/lib/code_sponsor_web/templates/user/index.html.eex
@@ -16,6 +16,7 @@
                 <th>Name</th>
                 <th>Email</th>
                 <th>Number of Properties</th>
+                <th>Actions</th>
               </tr>
             </thead>
             <tbody>
@@ -24,6 +25,7 @@
                   <td><%= "#{user.first_name} #{user.last_name}" %></td>
                   <td><%= user.email %></td>
                   <td><%= user.properties |> Enum.count %></td>
+                  <td><%= link("Masquerade", to: user_path(@conn, :masquerade, user))%></td>
                 </tr>
               <% end %>
             </tbody>

diff --git a/test/code_sponsor_web/controllers/user_controller_test.exs b/test/code_sponsor_web/controllers/user_controller_test.exs
@@ -4,8 +4,9 @@ defmodule CodeSponsorWeb.UserControllerTest do
 
   setup do
     normal_user = insert(:user)
+    admin_user = insert(:user, %{roles: ["admin"]})
 
-    {:ok, %{normal_user: normal_user}}
+    {:ok, %{normal_user: normal_user, admin_user: admin_user}}
   end
 
   describe "index" do
@@ -17,9 +18,7 @@ defmodule CodeSponsorWeb.UserControllerTest do
       assert get_flash(conn, :error) == "You are not authorized to view this page."
     end
 
-    test "lists users if signed in as admin", %{conn: conn, normal_user: normal_user} do
-      admin_user = insert(:user, %{roles: ["admin"]})
-
+    test "lists users if signed in as admin", %{conn: conn, normal_user: normal_user, admin_user: admin_user} do
       conn = assign conn, :current_user, admin_user
 
       conn = get conn, user_path(conn, :index)
@@ -31,4 +30,34 @@ defmodule CodeSponsorWeb.UserControllerTest do
       ] |> CodeSponsor.Repo.preload([:properties])
     end
   end
+
+  describe "masquerade" do
+    test "it redirects if the user is not an admin", %{conn: conn, normal_user: normal_user} do
+      conn = assign conn, :current_user, normal_user
+
+      conn = get conn, user_path(conn, :masquerade, normal_user)
+      assert redirected_to(conn, 302) == "/dashboard"
+      assert get_flash(conn, :error) == "You are not authorized to view this page."
+    end
+
+    test "it allows admin users to masquerade", %{conn: conn, normal_user: normal_user, admin_user: admin_user} do
+      conn = assign conn, :current_user, admin_user
+
+      conn = get conn, user_path(conn, :masquerade, normal_user)
+      assert redirected_to(conn, 302) == "/dashboard"
+      assert get_flash(conn, :notice) == "You have successfully begun masquerading."
+      assert Plug.Conn.get_session(conn, "admin_user") == admin_user
+    end
+  end
+
+  describe "end_masquerade" do
+    test "it allows admin users to return to their previous user login", %{conn: conn, admin_user: admin_user} do
+      conn = assign conn, :current_user, admin_user
+
+      conn = get conn, user_path(conn, :end_masquerade)
+      assert redirected_to(conn, 302) == "/dashboard"
+      assert get_flash(conn, :notice) == "You have successfully ended masquerading."
+      assert Plug.Conn.get_session(conn, "admin_user") == nil
+    end
+  end
 end