Contents

require 'devise/strategies/authenticatable'
require 'devise/strategies/base'

module Devise
  module Strategies
    class ImpersonateStrategy < Authenticatable
      include ::G5Authenticatable::ImpersonateSessionable

      # Prevents unauthorized users to impersonate another user when visiting the correct URL
      def valid?
        allowed = user_to_impersonate.present? &&
                    able_to_impersonate?(impersonation_user, user_to_impersonate)
        return allowed if allowed
        clear_impersonation_keys
        true
      rescue # Safety net
        clear_impersonation_keys
        false
      end

      def authenticate!
        if user_to_impersonate.present?
          success!(user_to_impersonate)
        else
          clear_impersonation_keys
          fail('You do not have sufficient access to this account')
        end
      end
    end
  end
end

Version data entries

8 entries across 8 versions & 1 rubygems

Version	Path
g5_authenticatable-0.9.1.pre.2	config/initializers/impersonate_strategy.rb
g5_authenticatable-0.8.1.pre	config/initializers/impersonate_strategy.rb
g5_authenticatable-0.8.0	config/initializers/impersonate_strategy.rb
g5_authenticatable-0.8.0.beta1	config/initializers/impersonate_strategy.rb
g5_authenticatable-0.7.5	config/initializers/impersonate_strategy.rb
g5_authenticatable-0.7.5.beta	config/initializers/impersonate_strategy.rb
g5_authenticatable-0.7.4	config/initializers/impersonate_strategy.rb
g5_authenticatable-0.7.4.beta.1	config/initializers/impersonate_strategy.rb