Allow impersonating regular users + big refactoring of impersonations#3226
Allow impersonating regular users + big refactoring of impersonations#3226
Conversation
eaf94c1 to
91726ec
Compare
mrcasals
left a comment
There was a problem hiding this comment.
Wow, nice refactor! Looks good to me!
|
Proposals specs are failing, I guess it's a flaky spec that fails randomly, I've rescheduled the job https://circleci.com/gh/decidim/decidim/84563 |
e2c7bb1 to
2352cef
Compare
|
@deivid-rodriguez I assume this isn't WIP anymore? |
|
It's a very big branch so I wanted to do a final self-review pass today, that's why I didn't switch the label yesterday. But it's pretty much ready! |
|
If you want it to land it now, I can also do a followup PR later if I find anything. |
|
Sorry, wrong button 😳 |
|
So I did a quick pass and I have a couple of doubts:
Other than these two nits (which might be ok, but I prefer to call for opinions), this looks good to me! |
|
My own answers to my questions are that the first concern shouldn't be a problem but regarding the second concern I would remove the extra dummy handler I added to not complicate the dummy app any more. |
Prefer fully qualified constants to `require_dependency`.
The functionality is separate from the impersonations stuff, and that controller is already complicated enough. By splitting it, we can also choose a more adequate name for the resource.
I forgot to add this when I worked on it at the very beginning of this branch.
Let it receive and arbitrary scope and not limit it to organization users.
Not sure about the specs for this, but I'll stay on the safe side.
For example the default action on the dummy component is called "Foo" so capybara actions are likely to conflict if we use that name.
6cf2883 to
c414e29
Compare
|
@deivid-rodriguez it took me some time but I understood your doubts haha. As you said, I believe the first one shouldn't be a problem (famous last words) and I would, as you suggest, remove one of the two authorization handlers from the generated app. Thanks for your work! |
xD Indeed. Turns out removing the extra authorization broke the tests. That was unintented, fixing now. |
This reverts commit fb327d6. I don't think we need this in the default application. Specs were actually relying on the existance of the global extra authorization handler, so they needed a bit of tweaking.
c414e29 to
2f60233
Compare
| Decidim::ImpersonationLog.create!( | ||
| admin: form.current_user, | ||
| user: user, | ||
| reason: form.reason, |
There was a problem hiding this comment.
When impersonating an existing user I think we should send an email to them to let them when and why an admin has impersonated them. Otherwise without an audit no one would know about it.
There was a problem hiding this comment.
It would be great to also notify the user when the impersonation has finished.
There was a problem hiding this comment.
Uff, that seems reasonable but this is a new spec for me and I have no more availability to work on this... 😞
There was a problem hiding this comment.
Note though that the idea of impersonations (at least as I see them), is that the impersonated user is present during the impersonation. I mean, that's why we ask for authorization every time, right?
There was a problem hiding this comment.
We can do it in another PR @deivid-rodriguez, don't worry.
And yes, the user should be present during the impersonation, but and admin could know (or make a note) the user's data and impersonate them later.
There was a problem hiding this comment.
We can do it in another PR @deivid-rodriguez, don't worry.
Thanks, and sorry for overlooking that!
And yes, the user should be present during the impersonation, but and admin could know (or make a note) the user's data and impersonate them later.
Ok, just wanted to make sure we're on the same page! 👍
|
Merging! |
🎩 What? Why?
This is a big branch with a lot of commits, sorry about that, but I've been doing very granular refactoring of the whole feature to make sure I don't break anything and that means a lot of tiny atomic commits. Let me know if I should break it up to make reviewing easier.
It's built on top of #3225 for convenience, but I can also detach it.
The feature
The refactoring
This PR also adds a lot of refactorings of this part of the code, that I found it was hard to work with and now it's easier. This is a summary of the improvements:
The impersonation form is now "single step". Before there used to be an initial step to choose an authorization handler in case there were more than one. Now it's all managed together in a single form (if there's more than one authorization handler available, a select box is used which renders the correct form when the handler is changed). I find this is simpler in terms of usability and codewise too.
We no longer extend rectify forms in a weird ways like this one.
We no longer mutate rectify forms after they are created like here. This is something we hardly ever do and it means an eventual migration to a rectify alternative that depends on
dry-structanddry-typesinstead ofvirtus(which is discontinued) will be easier, sincedry-struct's are read-only.We no longer call commands from within commands like here. This strikes to me as a bit weird and something we hardly ever do, and it's not necessary after the refactorings.
The whole feature is DRY'ed up. Before all forms/controllers/commands were quasi-duplicated and they contained mostly the same code but different edge cases. Now the whole thing is unified, and the edge cases are easier to understand in my opinion.
📌 Related Issues
None.
📋 Subtasks
CHANGELOGentry📷 Screenshots (optional)