Well maybe I’m just biased then. I think of web2py as THE framework for startups, and in that regard an easy-to-use user management system seems to me like a priority.
With all due respect to Support Team members across the globe, using two browsers isn’t something you should expect from them. Maybe it’s important to « impersonate » exactly a user, being being able to do it ergonomically is just as -if not more- important. I agree with Massimo’s take on this : there should be an option that allows you to keep groups & permissions or not when impersonating. I tried implementing it on my own but no luck so far... > Le 6 avr. 2015 à 17:05, Jim S <j...@qlf.com> a écrit : > > I agree that impersonate is just right the way it is. > > -Jim > > On Sunday, April 5, 2015 at 6:00:52 PM UTC-5, Limedrop wrote: > Well the easy answer is to simply open the impersonated user in a different > browser (eg, have Support Team login in chrome and impersonated user login in > firefox). > > For us it is important that impersonate is restricted to the user's > permissions...we have several classes of user and it is essential to see what > the site looks like from their "environment". > > > On Monday, 6 April 2015 06:51:53 UTC+12, Louis Amon wrote: > When you "impersonate" a user in web2py, your whole auth session gets > replaced with the user's, and that means you lose access to whatever > permissions you used to have > (http://web2py.readthedocs.org/en/latest/tools.html#gluon.tools.Auth.impersonate > > <http://web2py.readthedocs.org/en/latest/tools.html#gluon.tools.Auth.impersonate>) > > > Practically : if you're a staff member (Support Team, not geek) and you're > using a permission-locked back-office to impersonate a user, that means you > won't be able to access the back-office to check for extra data until you > impersonate(0) to go back to your own session and permissions. > > So far I've just asked my team to chew on it and just de-impersonate every > time they need to go back to the back-office... but they keep complaining > about it and they're quite right. > > > I've been thinking about how to improve this, and so far I've only managed to > narrow down a few options : > Building a second Session() object to manage both sessions separately > Using session.connect(masterapp="...") to use another application's sessions > (between main app and back-office app for instance, if those are separate... > which is a pain in terms of model management) > Messing with the permission system to add up permissions (staff member's > permissions + impersonated user's permissions) before permission checks > > I'm really not sure what strategy I should adopt here and how I should go > about implementing this. > > Pointers would be very welcome :) > > -- > Resources: > - http://web2py.com <http://web2py.com/> > - http://web2py.com/book <http://web2py.com/book> (Documentation) > - http://github.com/web2py/web2py <http://github.com/web2py/web2py> (Source > code) > - https://code.google.com/p/web2py/issues/list > <https://code.google.com/p/web2py/issues/list> (Report Issues) > --- > You received this message because you are subscribed to a topic in the Google > Groups "web2py-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/web2py/POYrBeZwvBk/unsubscribe > <https://groups.google.com/d/topic/web2py/POYrBeZwvBk/unsubscribe>. > To unsubscribe from this group and all its topics, send an email to > web2py+unsubscr...@googlegroups.com > <mailto:web2py+unsubscr...@googlegroups.com>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
