def process_request(self, request):
result = None
if not request.user.is_authenticated():
return result
current_username = request.user.get_username()
is_key_exist = SU_KEY in request.session and request.session[SU_KEY]
original_username = is_key_exist or current_username
new_username = request.GET.get('su')
need_su = new_username and new_username != current_username
can_su = request.user.is_superuser or settings.DEBUG or original_username == new_username
if need_su and can_su:
logger.info(
'Authorize %s "%s" as "%s"',
'superuser' if request.user.is_superuser else 'user',
original_username,
new_username,
)
UserModel = get_user_model()
try:
user = GET_USER_FUNC(new_username)
# Remove su_key from user session
if SU_KEY in request.session:
logger.debug('Delete original "%s"', original_username)
del request.session[SU_KEY]
UserModel.backend = SU_BACKEND
logout(request)
login(request, user)
# Set session key for new user
if new_username != original_username:
logger.debug('Set user "%s" as original', current_username)
request.session[SU_KEY] = original_username
except UserModel.DoesNotExist:
logger.warning('No such user in system "%s"', new_username)
url = get_clean_url(request, remove_keys=[SU_KEY])
result = HttpResponseRedirect(url)
return result
def process_view(self, request, view_func, view_args, view_kwargs):
need_check = not (request.is_ajax() or request.path in IGNORE_LIST)
if need_check and SU_KEY in request.session:
url = get_clean_url(request, replace={
SU_KEY: request.session.get(SU_KEY)
})
msg = _('You work under someone else\'s account. Be extremely careful!')
full_msg = mark_safe(u'{message} <a href="{url}">{title}</a>'.format(
message=msg,
url=url,
title=_('Return to your account')
))
replaced, storage = False, messages.get_messages(request)
for msg_obj in storage._loaded_messages:
if msg_obj.message.startswith(msg):
msg_obj.message = full_msg
replaced = True
if not replaced:
messages.add_message(request, messages.WARNING, full_msg)
return None
