From 28e2fa10c3f82c3b9d01bb572bd36f65ce84124c Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <yohann.danello@gmail.com>
Date: Mon, 19 Oct 2020 16:08:42 +0200
Subject: [PATCH] Add impersonification

---
 apps/registration/urls.py  |  7 +++++--
 apps/registration/views.py | 32 ++++++++++++++++++++++++++++++++
 templates/base.html        |  2 +-
 3 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/apps/registration/urls.py b/apps/registration/urls.py
index 76e2461..bce8aa8 100644
--- a/apps/registration/urls.py
+++ b/apps/registration/urls.py
@@ -1,7 +1,8 @@
 from django.urls import path
 
-from .views import MyAccountDetailView, SignupView, UserDetailView, UserResendValidationEmailView,\
-    UserUpdateView, UserUploadPhotoAuthorizationView, UserValidateView, UserValidationEmailSentView
+from .views import MyAccountDetailView, ResetAdminView, SignupView, UserDetailView, UserImpersonateView, \
+    UserResendValidationEmailView, UserUpdateView, UserUploadPhotoAuthorizationView, UserValidateView, \
+    UserValidationEmailSentView
 
 app_name = "registration"
 
@@ -16,4 +17,6 @@ urlpatterns = [
     path("user/<int:pk>/update/", UserUpdateView.as_view(), name="update_user"),
     path("user/<int:pk>/upload-photo-authorization/", UserUploadPhotoAuthorizationView.as_view(),
          name="upload_user_photo_authorization"),
+    path("user/<int:pk>/impersonate/", UserImpersonateView.as_view(), name="user_impersonate"),
+    path("reset-admin/", ResetAdminView.as_view(), name="reset_admin"),
 ]
diff --git a/apps/registration/views.py b/apps/registration/views.py
index 1b8acf7..a29b9a8 100644
--- a/apps/registration/views.py
+++ b/apps/registration/views.py
@@ -212,3 +212,35 @@ class PhotoAuthorizationView(LoginRequiredMixin, View):
         ext = mime_type.split("/")[1].replace("jpeg", "jpg")
         true_file_name = _("Photo authorization of {student}.{ext}").format(student=str(student), ext=ext)
         return FileResponse(open(path, "rb"), content_type=mime_type, filename=true_file_name)
+
+
+class UserImpersonateView(LoginRequiredMixin, RedirectView):
+    def dispatch(self, request, *args, **kwargs):
+        """
+        An administrator can log in through this page as someone else, and act as this other person.
+        """
+        if self.request.user.registration.is_admin:
+            if not User.objects.filter(pk=kwargs["pk"]).exists():
+                raise Http404
+            session = request.session
+            session["admin"] = request.user.pk
+            session["_fake_user_id"] = kwargs["pk"]
+            return redirect(request.path)
+        return super().dispatch(request, *args, **kwargs)
+
+    def get_redirect_url(self, *args, **kwargs):
+        return reverse_lazy("registration:user_detail", args=(kwargs["pk"],))
+
+
+class ResetAdminView(LoginRequiredMixin, View):
+    """
+    Return to admin view, clear the session field that let an administrator to log in as someone else.
+    """
+
+    def dispatch(self, request, *args, **kwargs):
+        user = request.user
+        if not user.is_authenticated:
+            return self.handle_no_permission()
+        if "_fake_user_id" in request.session:
+            del request.session["_fake_user_id"]
+        return redirect(request.GET.get("path", "/"))
diff --git a/templates/base.html b/templates/base.html
index 9a34f40..5bc6855 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -111,7 +111,7 @@
                 {% endif %}
                 {% if "_fake_user_id" in request.session %}
                     <li class="nav-item active">
-                        <a class="nav-link" href="{% url "member:reset_admin" %}?path={{ request.path }}"><i class="fas fa-tools"></i> {% trans "Return to admin view" %}</a>
+                        <a class="nav-link" href="{% url "registration:reset_admin" %}?path={{ request.path }}"><i class="fas fa-tools"></i> {% trans "Return to admin view" %}</a>
                     </li>
                 {% endif %}
                 {% if not user.is_authenticated %}