m7moud/pretender

Simple, powerful user impersonation for Rails

Pretender

As an admin, there are times you want to see exactly what another user sees. Meet Pretender.

• Easily to switch between users
• Minimal code changes
• Plays nicely with auditing tools

Rock on 💥

Pretender is flexible and lightweight - less than 40 lines of code :-)

Works with Rails 2.3+ and any authentication system - Devise, Authlogic, and Sorcery to name a few.

Battle-tested at Instacart

Installation

Add this line to your application’s Gemfile:

gem 'pretender'

And add this to your ApplicationController:

class ApplicationController < ActionController::Base
  impersonates :user
end

How It Works

Sign in as another user with:

impersonate_user(user)

The current_user method now returns the impersonated user.

You can access the true user with:

true_user

And stop impersonating with:

stop_impersonating_user

Sample Implementation

class Admin::UsersController < ApplicationController
  before_filter :require_admin!

  def impersonate
    user = User.find(params[:id])
    impersonate_user(user)
    redirect_to root_path
  end

  def stop_impersonating
    stop_impersonating_user
    redirect_to root_path
  end

end

Show when someone is signed in as another user in your application layout.

<% if current_user != true_user %>
  You (<%= true_user.name %>) are signed in as <%= current_user.name %>
  <%= link_to "Back to admin", stop_impersonating_path %>
<% end %>

Audits

If you keep audit logs with a library like Audited, make sure it uses the true user.

Audited.current_user_method = :true_user

Configuration

Pretender is super flexible. You can change the names of methods and even impersonate multiple roles at the same time. Here’s the default configuration.

# app/controllers/application_controller.rb
impersonates :user,
             :method => :current_user,
             :with => proc{|id| User.where(:id => id).first }

Mold it to fit your application.

# app/controllers/application_controller.rb
impersonates :account,
             :method => :authenticated_account,
             :with => proc{|id| EnterpriseAccount.where(:id => id).first }

This creates three methods:

true_account
impersonate_account
stop_impersonating_account

Contributing

Everyone is encouraged to help improve this project. Here are a few ways you can help:

• Report bugs
• Fix bugs and submit pull requests
• Write, clarify, or fix documentation
• Suggest or add new features