Admins can sign in as any user
In version 1.6 (pull request) we added the ability for admins to impersonate normal users.
Admin can impersonate any normal user
This adds two routes:
post "/impersonate", UserImpersonationController, :create
delete "/impersonate", UserImpersonationController, :delete
Clicking the "Impersonate" button will perform a POST request to the above route, including the user_id of the user to be impersonated. We store the current_admin_id in the session, and sign in the admin as that user.
Once the admin has finished, the sign out button will be replaced with an "Exit impersonation" button.
This button will hit the :delete action route, which looks for current_admin_id in the session and uses it to sign in to the admin user again.

Turn off impersonation

You can toggle impersonation on/off easily in config.exs:
config :petal_pro,
impersonation_enabled?: false