Admins can sign in as any user
Admin can impersonate any normal user
This adds two routes:
post "/impersonate", UserImpersonationController, :create
delete "/impersonate", UserImpersonationController, :delete
Clicking the "Impersonate" button will perform a POST request to the above route, including the user_id of the user to be impersonated. We store the
current_admin_idin the session, and sign in the admin as that user.
Once the admin has finished, the sign out button will be replaced with an "Exit impersonation" button.
This button will hit the
:deleteaction route, which looks for
current_admin_idin the session and uses it to sign in to the admin user again.
You can toggle impersonation on/off easily in