switch_user
Inspired from hobo, switch_user provides a convenient way to switch current user without needing to log out and log in manually.
Use Case
switch_user is very useful in such use cases
switch current users in development so that you don't waste your time to logout, login and input email (login) or password any more.
reproduce the user specified error on production. Sometimes the error is only raised for specified user, which is difficult to reproduce for developers, switch_user can help you reproduce it by login as that user.
Example
Visit here: http://switch-user-example.herokuapp.com/admin, switch the current user in the select box.
And source code here: https://github.com/flyerhzm/switch_user_example
Install
Add in Gemfile.
gem "switch_user"
If you get the following error: undefined method `before_action' for SwitchUserController:Class, you are probably using an older version of Rails (<4). You can use this gem: https://github.com/pschambacher/rails3-before_action
Usage
Add following code into your layout page.
erb
<%= switch_user_select %>
or haml
= switch_user_select
If you want to add a class or styles
<%= switch_user_select class: 'special-select', styles: 'width: 220px' %>
= switch_user_select class: 'special-select', styles: 'width: 220px'
If there are too many users (on production), the switch_user_select is not a good choice, you should call the switch user request by yourself.
<%= link_to user.login, "/switch_user?scope_identifier=user_#{user.id}" %>
<%= link_to admin.login, "/switch_user?scope_identifier=admin_#{admin.id}" %>
= link_to user.login, "/switch_user?scope_identifier=user_#{user.id}"
= link_to admin.login, "/switch_user?scope_identifier=admin_#{admin.id}"
If you have a wildcard route in your project, add a route before the wildcard route.
# config/routes.rb
get 'switch_user', to: 'switch_user#set_current_user'
get 'switch_user/remember_user', to: 'switch_user#remember_user'
# wildcard route that will get
get ':id' => 'pages#show'
Configuration
By default, you can switch between Guest and all users in users table, you don't need to do anything. The following is some of the more commonly used configuration options.
SwitchUser.setup do |config|
# provider may be :devise, :authlogic, :clearance, :restful_authentication, :sorcery, or {name: :devise, store_sign_in: true}
config.provider = :devise
# available_users is a hash,
# key is the model name of user (:user, :admin, or any name you use),
# value is a block that return the users that can be switched.
config.available_users = { user: -> { User.all } } # use User.scoped instead for rails 3.2
# available_users_identifiers is a hash,
# keys in this hash should match a key in the available_users hash
# value is the name of the identifying column to find by,
# defaults to id
# this hash is to allow you to specify a different column to
# expose for instance a username on a User model instead of id
config.available_users_identifiers = { user: :id }
# available_users_names is a hash,
# keys in this hash should match a key in the available_users hash
# value is the column name which will be displayed in select box
config.available_users_names = { user: :email }
# controller_guard is a block,
# if it returns true, the request will continue,
# else the request will be refused and returns "Permission Denied"
# if you switch from "admin" to user, the current_user param is "admin"
config.controller_guard = ->(current_user, request) { Rails.env.development? }
# view_guard is a block,
# if it returns true, the switch user select box will be shown,
# else the select box will not be shown
# if you switch from admin to "user", the current_user param is "user"
config.view_guard = ->(current_user, request) { Rails.env.development? }
# redirect_path is a block, it returns which page will be redirected
# after switching a user.
config.redirect_path = ->(request, params) { '/' }
end
If you need to override the default configuration, run rails g switch_user:install
and a copy of the configuration file will be copied to config/initializers/switch_user.rb
in your project.
If you want to switch both available users and available admins
config.available_users = { :user => -> { User.available }, :admin => -> { Admin.available } }
If you want to use name column as the user identifier
config.available_users_identifiers => { user: :name }
If you want to display the login field in switch user select box
config.available_users_names = { user: :login }
If you only allow switching from admin to user in production environment
config.controller_guard = ->(current_user, request) { Rails.env.production? && current_user.admin? }
If you only want to display switch user select box for admins in production environment
config.view_guard = ->(current_user, request) { Rails.env.production? && current_user && current_user.admin? }
If you want to redirect user to "/dashboard" page
config.redirect_path = ->(request, params) { "/dashboard" }
If you want to hide a 'Guest' item in the helper dropdown list
config.helper_with_guest = false
Switch Back
Sometimes you'll want to be able to switch to an unprivileged user and then back again. This can be especially useful in production when trying to reproduce a problem a user is having. The problem is that once you switch to that unprivileged user, you don't have a way to safely switch_back without knowing who the original user was. That's what this feature is for.
You will need to make the following modifications to your configuration:
config.switch_back = true
config.controller_guard = ->(current_user, request, original_user) { current_user && current_user.admin? || original_user && original_user.super_admin? }
# Do something similar for the view_guard as well.
This example would allow an admin user to user switch_user, but would only let you switch back to another user if the original user was a super admin.
Using SwitchUser with RSpec and Capybara
Add the following code to spec/support/switch_user.rb or spec/spec_helper.rb:
require 'switch_user/rspec'
You can now write your specs like so :
feature "Your feature", type: :feature do
background do
@user = User.make(email: '[email protected]', password: 'password')
end
scenario "Your scenario" do
switch_user @user
# or
# switch_user :user, @user.id
visit '/'
end
end
How it works
Click the checkbox next to switch_user_select menu to remember that user for this session. Once this has been checked, that user is passed in as the 3rd option to the view and controller guards. This allows you to check against current_user as well as that original_user to see if the switch_user action should be allowed.
Warning
This feature should be used with extreme caution because of the security implications. This is especially true in a production environment.
Contributing
Run tests
bundle exec rspec spec
Credit
Copyright © 2010 - 2017 Richard Huang ([email protected]), released under the MIT license