Coverage for /Users/davegaeddert/Developer/dropseed/plain/plain-staff/plain/staff/impersonate/middleware.py: 48%
23 statements
« prev ^ index » next coverage.py v7.6.9, created at 2024-12-23 11:16 -0600
« prev ^ index » next coverage.py v7.6.9, created at 2024-12-23 11:16 -0600
1from plain.auth import get_user_model
2from plain.http import ResponseForbidden
4from .permissions import can_be_impersonator, can_impersonate_user
5from .views import IMPERSONATE_KEY
8def get_user_by_pk(pk):
9 UserModel = get_user_model()
11 try:
12 return UserModel.objects.get(pk=pk)
13 except UserModel.DoesNotExist:
14 return None
17class ImpersonateMiddleware:
18 def __init__(self, get_response):
19 self.get_response = get_response
21 def __call__(self, request):
22 if (
23 IMPERSONATE_KEY in request.session
24 and request.user
25 and can_be_impersonator(request.user)
26 ):
27 user_to_impersonate = get_user_by_pk(request.session[IMPERSONATE_KEY])
28 if user_to_impersonate:
29 if not can_impersonate_user(request.user, user_to_impersonate):
30 # Can't impersonate this user, remove it and show an error
31 del request.session[IMPERSONATE_KEY]
32 return ResponseForbidden()
34 # Finally, change the request user and keep a reference to the original
35 request.impersonator = request.user
36 request.user = user_to_impersonate
38 return self.get_response(request)