Leave a comment

Impersonate an user in Rails


Food for Thought

I have been using Rick Olson’s restful_authentication plugin for quite some time now.

Recently I came across a requirement where the Site Admin was required to be able, to impersonate any user on the site.

Here’s how I achieved this:

Approach:

When “Site Admin” logs-in on the site, I create two sessions namely:

session[:user_id]
session[:original_user_id]

If the Site Admin impersonates an user on the site,

replace the “session[:user_id]” with the id of the user we wish to impersonate.

So the Site Admin becomes the intended user.

Whenever Site Admin wants to stop impersonating,

replace “session[:user_id]” data with “session[:original_user_id]”

Site Admin regains original admin profile.

Implementation:

lib/authenticated_system.rb (Generated by restful_authentication plugin)

# Store the given user id in the session.
def current_user=(new_user)
session[:user_id] = new_user ? new_user.id : nil
@current_user = new_user || false
end

I overloaded this method in my Application Controller:

def current_user=(new_user)
super

if new_user &&…

View original post 207 more words

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: