From fd02589a3107d0fd02a26668c44ecbff7c729081 Mon Sep 17 00:00:00 2001 From: Tom Clegg Date: Wed, 5 Mar 2014 00:30:12 -0500 Subject: [PATCH] Add "Log in as user" button in Admin pane on users#show. refs #2189 --- .../app/controllers/users_controller.rb | 18 ++++++++++ .../app/views/users/_show_admin.html.erb | 7 ++++ apps/workbench/config/routes.rb | 1 + .../api_client_authorizations_controller.rb | 1 + services/api/app/models/arvados_model.rb | 2 +- .../api_client_authorizations_api_test.rb | 36 +++++++++++++++++++ 6 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 apps/workbench/app/views/users/_show_admin.html.erb diff --git a/apps/workbench/app/controllers/users_controller.rb b/apps/workbench/app/controllers/users_controller.rb index 3ccaa525ce..c33de2d034 100644 --- a/apps/workbench/app/controllers/users_controller.rb +++ b/apps/workbench/app/controllers/users_controller.rb @@ -1,6 +1,7 @@ class UsersController < ApplicationController skip_before_filter :find_object_by_uuid, :only => :welcome skip_around_filter :thread_with_mandatory_api_token, :only => :welcome + before_filter :ensure_current_user_is_admin, only: :sudo def welcome if current_user @@ -9,6 +10,23 @@ class UsersController < ApplicationController end end + def show_pane_list + if current_user.andand.is_admin + super | %w(Admin) + else + super + end + end + + def sudo + resp = $arvados_api_client.api(ApiClientAuthorization, '', { + api_client_authorization: { + owner_uuid: @object.uuid + } + }) + redirect_to root_url(api_token: resp[:api_token]) + end + def home @showallalerts = false @my_ssh_keys = AuthorizedKey.where(authorized_user_uuid: current_user.uuid) diff --git a/apps/workbench/app/views/users/_show_admin.html.erb b/apps/workbench/app/views/users/_show_admin.html.erb new file mode 100644 index 0000000000..6e60b5d64b --- /dev/null +++ b/apps/workbench/app/views/users/_show_admin.html.erb @@ -0,0 +1,7 @@ +

As an admin, you can log in as this user. When you’ve +finished, you will need to log out and log in again with your own +account.

+ +
+<%= button_to "Log in as #{@object.full_name}", sudo_user_url(id: @object.uuid), class: 'btn btn-primary' %> +
diff --git a/apps/workbench/config/routes.rb b/apps/workbench/config/routes.rb index 5330a9148a..527d6efef5 100644 --- a/apps/workbench/config/routes.rb +++ b/apps/workbench/config/routes.rb @@ -19,6 +19,7 @@ ArvadosWorkbench::Application.routes.draw do resources :users do get 'home', :on => :member get 'welcome', :on => :collection + post 'sudo', :on => :member end resources :logs resources :factory_jobs diff --git a/services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb b/services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb index 10a009807c..8fd915ddfb 100644 --- a/services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb +++ b/services/api/app/controllers/arvados/v1/api_client_authorizations_controller.rb @@ -28,6 +28,7 @@ class Arvados::V1::ApiClientAuthorizationsController < ApplicationController resource_attrs[:user_id] = User.where(uuid: resource_attrs.delete(:owner_uuid)).first.andand.id end + resource_attrs[:api_client_id] = Thread.current[:api_client].id super end diff --git a/services/api/app/models/arvados_model.rb b/services/api/app/models/arvados_model.rb index 8ee14b7936..c89efdf404 100644 --- a/services/api/app/models/arvados_model.rb +++ b/services/api/app/models/arvados_model.rb @@ -136,7 +136,7 @@ class ArvadosModel < ActiveRecord::Base def update_modified_by_fields self.created_at ||= Time.now - self.owner_uuid ||= current_default_owner + self.owner_uuid ||= current_default_owner if self.respond_to? :owner_uuid= self.modified_at = Time.now self.modified_by_user_uuid = current_user ? current_user.uuid : nil self.modified_by_client_uuid = current_api_client ? current_api_client.uuid : nil diff --git a/services/api/test/integration/api_client_authorizations_api_test.rb b/services/api/test/integration/api_client_authorizations_api_test.rb index 5c3c0ddfea..fef4b5bb21 100644 --- a/services/api/test/integration/api_client_authorizations_api_test.rb +++ b/services/api/test/integration/api_client_authorizations_api_test.rb @@ -8,4 +8,40 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest assert_response :success end + test "create token for different user" do + post "/arvados/v1/api_client_authorizations", { + :format => :json, + :api_client_authorization => { + :owner_uuid => users(:spectator).uuid + } + }, {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:admin_trustedclient).api_token}"} + assert_response :success + + get "/arvados/v1/users/current", { + :format => :json + }, {'HTTP_AUTHORIZATION' => "OAuth2 #{jresponse['api_token']}"} + @jresponse = nil + assert_equal users(:spectator).uuid, jresponse['uuid'] + end + + test "refuse to create token for different user if not trusted client" do + post "/arvados/v1/api_client_authorizations", { + :format => :json, + :api_client_authorization => { + :owner_uuid => users(:spectator).uuid + } + }, {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:admin).api_token}"} + assert_response 403 + end + + test "refuse to create token for different user if not admin" do + post "/arvados/v1/api_client_authorizations", { + :format => :json, + :api_client_authorization => { + :owner_uuid => users(:spectator).uuid + } + }, {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:active_trustedclient).api_token}"} + assert_response 403 + end + end -- 2.39.5