Fix and improves the 'become user' feature.

You can now select an account type among all available types and see the
site with the permissions of this type. Leaving a SUID session go back to
the page where the SUID session has been started.

Note: The site seen by someone with this account type might be a bit
different since some parameters are independent from the type (like the
fact your account is attached to a profile).

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>

diff --git a/classes/direnum.php b/classes/direnum.php
index 0c22dc6..f083af9 100644 (file)
--- a/classes/direnum.php
+++ b/classes/direnum.php
@@ -56,6 +56,8 @@ class DirEnum
 
     const MEDALS         = 'medals';
 
+    const ACCOUNTTYPES   = 'accounttypes';
+
     static private $enumerations = array();
 
     static private function init($type)
@@ -686,5 +688,18 @@ class DE_Medals extends DirEnumeration
 }
 // }}}
 
+/** ACCOUNTS
+ */
+// {{{ class DE_AccountTypes
+class DE_AccountTypes extends DirEnumeration
+{
+    public $capabilities = 0x005; // self::HAS_OPTIONS | self::SAVE_IN_SESSION;
+
+    protected $from     = 'account_types';
+    protected $valfield = 'perms';
+    protected $idfield  = 'type';
+}
+// }}}
+
 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
 ?>

diff --git a/classes/user.php b/classes/user.php
index 60919a3..4d4a28a 100644 (file)
--- a/classes/user.php
+++ b/classes/user.php
@@ -244,6 +244,12 @@ class User extends PlUser
         $this->perm_flags = self::makePerms($this->perms, $this->is_admin);
     }
 
+    public function setPerms($perms)
+    {
+        $this->perms = $perms;
+        $this->perm_flags = null;
+    }
+
     // We do not want to store the password in the object.
     // So, fetch it 'on demand'
     public function password()

diff --git a/classes/xorgpage.php b/classes/xorgpage.php
index 14bc3ff..3c5cc1c 100644 (file)
--- a/classes/xorgpage.php
+++ b/classes/xorgpage.php
@@ -34,6 +34,17 @@ class XorgPage extends PlPage
         $this->addJsLink('wiki.js');
         $this->addJsLink('xorg.js');
         $this->setTitle('le site des élèves et anciens élèves de l\'École polytechnique');
+        if (S::user()->checkPerms('admin')) {
+            $types = array(S::user()->type);
+            $perms = DirEnum::getOptions(DirEnum::ACCOUNTTYPES);
+            ksort($perms);
+            foreach ($perms as $type => $perm) {
+                if (!empty($perm) && $type != $types[0]) {
+                    $types[] = $type;
+                }
+            }
+            $this->assign('account_types_list', $types);
+        }
     }
 
     public function run()

diff --git a/modules/admin.php b/modules/admin.php
index 5c3a1ac..6d6660b 100644 (file)
--- a/modules/admin.php
+++ b/modules/admin.php
@@ -59,15 +59,28 @@ class AdminModule extends PLModule
         exit;
     }
 
-    function handler_get_rights(&$page, $level)
+    function handler_get_rights(&$page)
     {
         if (S::suid()) {
             $page->kill('Déjà en SUID');
         }
-        $user =& S::user();
-        Platal::session()->startSUID($user, $level);
-
-        pl_redirect('/');
+        S::assert_xsrf_token();
+        $level = Post::s('account_type');
+        if ($level != 'admin') {
+            $user = User::getSilentWithUID(S::user()->id());
+            $user->is_admin = false;
+            $types = DirEnum::getOptions(DirEnum::ACCOUNTTYPES);
+            if (!empty($types[$level])) {
+                $user->setPerms($types[$level]);
+            }
+            S::set('suid_startpage', $_SERVER['HTTP_REFERER']);
+            Platal::session()->startSUID($user);
+        }
+        if (!empty($_SERVER['HTTP_REFERER'])) {
+            http_redirect($_SERVER['HTTP_REFERER']);
+        } else {
+            pl_redirect('/');
+        }
     }
 
     function handler_default(&$page)

diff --git a/modules/platal.php b/modules/platal.php
index aacc560..7c3093b 100644 (file)
--- a/modules/platal.php
+++ b/modules/platal.php
@@ -422,9 +422,15 @@ Adresse de secours : " . Post::v('email') : ""));
     function handler_exit(&$page, $level = null)
     {
         if (S::suid()) {
-            S::logger()->log('suid_stop', S::user()->login() . " by " . S::suid('hruid'));
+            $old = S::user()->login();
+            S::logger()->log('suid_stop', $old . " by " . S::suid('hruid'));
             Platal::session()->stopSUID();
-            pl_redirect('admin/user/' . S::user()->login());
+            $target = S::s('suid_startpage');
+            S::kill('suid_startpage');
+            if (!empty($target)) {
+                http_redirect($target);
+            }
+            pl_redirect('admin/user/' . $old);
         }
 
         if ($level == 'forget' || $level == 'forgetall') {

diff --git a/templates/skin/common.menu.tpl b/templates/skin/common.menu.tpl
index 361bd17..575fe0a 100644 (file)
--- a/templates/skin/common.menu.tpl
+++ b/templates/skin/common.menu.tpl
@@ -97,9 +97,19 @@
 <div class="menu_item"><a href="marketing">Marketing</a></div>
 <div class="menu_item"><a href="admin/">Administration</a></div>
 <div class="menu_item"><a href="purge_cache?token={xsrf_token}">Clear cache</a></div>
-<div class="menu_item"><a href="get_rights/user">Devenir utilisateur</a></div>
 <div class="menu_item"><a href="http://trackers.polytechnique.org">Trackers</a></div>
 <div class="menu_item"><a href="http://support.polytechnique.org">Support</a></div>
+<form method="post" action="get_rights">
+  {xsrf_token_field}
+  <div>
+    <select name="account_type" onChange="this.form.submit()" style="margin: 0; padding: 0">
+      <option value="admin">Administrateur</option>
+      {foreach from=$account_types_list item=type}
+      <option value="{$type}">{$type}</option>
+      {/foreach}
+    </select>
+  </div>
+</form>
 
 <table class="bicol" style="font-weight:normal;text-align:center; border-left:0px; border-right:0px; margin-top:0.5em; width:100%; margin-left: 0; font-size: smaller;">
   <tr><th>Validations</th></tr>