As an admin, there are times you want to see exactly what another user sees. Meet Pretender.
- Easily to switch between users
- Minimal code changes
- Plays nicely with auditing tools
💥 Rock on
Pretender is flexible and lightweight - less than 60 lines of code :-)
Works with any authentication system - Devise, Authlogic, and Sorcery to name a few.
🍊 Battle-tested at Instacart
Add this line to your application’s Gemfile:
gem 'pretender'
And add this to your ApplicationController
:
class ApplicationController < ActionController::Base
impersonates :user
end
Sign in as another user with:
impersonate_user(user)
The current_user
method now returns the impersonated user.
You can access the true user with:
true_user
And stop impersonating with:
stop_impersonating_user
Create a controller
class UsersController < ApplicationController
before_filter :require_admin!
def index
@users = User.order(:id)
end
def impersonate
user = User.find(params[:id])
impersonate_user(user)
redirect_to root_path
end
def stop_impersonating
stop_impersonating_user
redirect_to root_path
end
end
Add routes
resources :users, only: [:index] do
post :impersonate, on: :member
post :stop_impersonating, on: :collection
end
Create an index view
<ul>
<% @users.each do |user| %>
<li>Sign in as <%= link_to user.name, impersonate_user_path(user), method: :post %></li>
<% end %>
</ul>
And show when someone is signed in as another user in your application layout
<% if current_user != true_user %>
You (<%= true_user.name %>) are signed in as <%= current_user.name %>
<%= link_to "Back to admin", stop_impersonating_users_path, method: :post %>
<% end %>
If you keep audit logs with a library like Audited, make sure it uses the true user.
Audited.current_user_method = :true_user
Pretender is super flexible. You can change the names of methods and even impersonate multiple roles at the same time. Here’s the default configuration.
impersonates :user,
method: :current_user,
with: -> (id) { User.find_by(id: id) }
Mold it to fit your application.
impersonates :account,
method: :authenticated_account,
with: -> (id) { EnterpriseAccount.find_by(id: id) }
This creates three methods:
true_account
impersonate_account
stop_impersonating_account
Everyone is encouraged to help improve this project. Here are a few ways you can help:
- Report bugs
- Fix bugs and submit pull requests
- Write, clarify, or fix documentation
- Suggest or add new features