flounder

A simple gemini site builder
Log | Files | Refs | README | LICENSE

commit f516ef62ea08f7a54e40aabba9931f65d87dde05
parent d273c3eb6ba40ad98435b9da60bcc78672afde7c
Author: alex wennerberg <alex@alexwennerberg.com>
Date:   Sun,  6 Dec 2020 01:51:32 -0800

basic impersonation

Diffstat:
Mhttp.go | 23+++++++++++++++++------
Mtemplates/admin.html | 7+++----
Mtemplates/nav.html | 4++++
3 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/http.go b/http.go @@ -366,7 +366,14 @@ func loginHandler(w http.ResponseWriter, r *http.Request) { func logoutHandler(w http.ResponseWriter, r *http.Request) { session, _ := SessionStore.Get(r, "cookie-session") - session.Options.MaxAge = -1 + impers, ok := session.Values["impersonating_user"].(string) + if ok { + session.Values["auth_user"] = impers + session.Values["impersonating_user"] = nil // TODO expire this automatically + // session.Values["admin"] = nil // TODO fix admin + } else { + session.Options.MaxAge = -1 + } session.Save(r, w) http.Redirect(w, r, "/", http.StatusSeeOther) } @@ -467,11 +474,10 @@ func adminHandler(w http.ResponseWriter, r *http.Request) { } data := struct { Users []User - LoggedIn bool - IsAdmin bool + AuthUser AuthUser PageTitle string Host string - }{allUsers, true, true, "Admin", c.Host} + }{allUsers, user, "Admin", c.Host} err = t.ExecuteTemplate(w, "admin.html", data) if err != nil { panic(err) @@ -572,8 +578,13 @@ func adminUserHandler(w http.ResponseWriter, r *http.Request) { var err error if action == "activate" { err = activateUser(userName) - } else if action == "delete" { - err = deleteUser(userName) + } else if action == "impersonate" { + session, _ := SessionStore.Get(r, "cookie-session") + session.Values["auth_user"] = userName + session.Values["impersonating_user"] = user.Username + session.Save(r, w) + http.Redirect(w, r, "/", http.StatusSeeOther) + return } if err != nil { log.Println(err) diff --git a/templates/admin.html b/templates/admin.html @@ -22,12 +22,11 @@ </p> {{ end }} <p> -<form action="/admin/user/{{.Username}}/delete" method="POST" class="inline"> +<form action="/admin/user/{{.Username}}/impersonate" method="POST" class="inline"> <input - class="button delete" + class="button" type="submit" - onclick="return confirm('Are you SURE you want to delete this user?');" - value="delete" + value="impersonate" /> </form> </div> diff --git a/templates/nav.html b/templates/nav.html @@ -7,8 +7,12 @@ <a href="/admin">admin</a> {{ end }} <a href="/logout">logout</a> + {{ if .AuthUser.ImpersonatingUser }} + <em><b>({{.AuthUser.Username}} impersonated by {{.AuthUser.ImpersonatingUser}})</b></em> + {{ end }} {{ else }} <a href="/register">register</a> <a href="/login">login</a> + {{ end }} </nav>