changeset 1933:19e3af7cabcd

change the set user functionality to use the session storage and keep track of who the user was, this way you can switch back to your own user account
author Johannes Berg <johannes AT sipsolutions DOT net>
date Tue, 03 Apr 2007 18:22:58 +0200
parents 8916520c8314
children 1040f23023a9
files MoinMoin/request/__init__.py MoinMoin/userform.py
diffstat 2 files changed, 31 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/request/__init__.py	Tue Apr 03 18:21:34 2007 +0200
+++ b/MoinMoin/request/__init__.py	Tue Apr 03 18:22:58 2007 +0200
@@ -157,6 +157,10 @@
         # created, but we should always set request.session
         self.session = None
 
+        # setuid handling requires an attribute in the request
+        # that stores the real user
+        self._setuid_real_user = None
+
         # Check for dumb proxy requests
         # TODO relying on request_uri will not work on all servers, especially
         # not on external non-Apache servers
@@ -209,6 +213,12 @@
             i18n.i18n_init(self)
 
             self.user = self.get_user_from_form()
+            # setuid handling
+            if self.session and 'setuid' in self.session:
+                self._setuid_real_user = self.user
+                uid = self.session['setuid']
+                self.user = user.User(self, uid)
+                self.user.disabled = None
 
             if self.action != 'xmlrpc':
                 if not self.forbidden and self.isForbidden():
--- a/MoinMoin/userform.py	Tue Apr 03 18:21:34 2007 +0200
+++ b/MoinMoin/userform.py	Tue Apr 03 18:22:58 2007 +0200
@@ -152,19 +152,28 @@
             return result
 
 
-        # Select user profile (su user) - only works with cookie auth active.
+        # Select user profile (su user) - only works with logged-in user session support
         if form.has_key('select_user'):
-            if (wikiutil.checkTicket(self.request, self.request.form['ticket'][0]) and
+            if (self.request.session and
+                wikiutil.checkTicket(self.request, self.request.form['ticket'][0]) and
                 self.request.request_method == 'POST' and
-                self.request.user.isSuperUser()):
+                (self.request.user.isSuperUser() or
+                 (not self.request._setuid_real_user is None
+                  and (self.request._setuid_real_user.isSuperUser())))):
                 su_user = form.get('selected_user', [''])[0]
                 uid = user.getUserId(self.request, su_user)
-                theuser = user.User(self.request, uid)
-                theuser.disabled = None
-                theuser.save()
-                from MoinMoin import auth
-                auth.setSessionCookie(self.request, theuser)
-                self.request.user = theuser
+                if (not self.request._setuid_real_user is None
+                    and uid == self.request._setuid_real_user.id):
+                    del self.request.session['setuid']
+                    self.request.user = self.request._setuid_real_user
+                    self.request._setuid_real_user = None
+                else:
+                    theuser = user.User(self.request, uid)
+                    theuser.disabled = None
+                    self.request.session['setuid'] = uid
+                    self.request._setuid_real_user = self.request.user
+                    # now continue as the other user
+                    self.request.user = theuser
                 return  _("Use UserPreferences to change settings of the selected user account")
             else:
                 return _("Use UserPreferences to change your settings or create an account.")
@@ -466,7 +475,9 @@
         _ = self._
         self.make_form()
 
-        if self.request.user.isSuperUser():
+        if (self.request.user.isSuperUser() or
+            (not self.request._setuid_real_user is None and
+             self.request._setuid_real_user.isSuperUser())):
             ticket = wikiutil.createTicket(self.request)
             self.make_row(_('Select User'), [self._user_select()])
             self._form.append(html.INPUT(type="hidden", name="ticket", value="%s" % ticket))