# Impersonation

In version 1.6 ([pull request](https://github.com/petalframework/petal_pro/pull/152)) we added the ability for admins to impersonate normal users.

<figure><img src="https://2840674242-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fed261rdCDqjx94uBkD23%2Fuploads%2FQA8SuY4MwiSSrEeS9nKE%2FXnapper-2023-05-29-10.17.30.jpg?alt=media&#x26;token=a35f829b-2678-412f-87a5-c184c1e83aa7" alt=""><figcaption><p>Admin can impersonate any normal user</p></figcaption></figure>

This adds two routes:

```elixir
post "/impersonate", UserImpersonationController, :create
delete "/impersonate", UserImpersonationController, :delete
```

Clicking the "Impersonate" button will perform a POST request to the above route, including the user\_id of the user to be impersonated. We store the `current_admin_id` in the session, and sign in the admin as that user.

Once the admin has finished, the sign out button will be replaced with an "Exit impersonation" button.

<figure><img src="https://2840674242-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fed261rdCDqjx94uBkD23%2Fuploads%2FG4A1aY5V3hdQeF3g6i7L%2FXnapper-2023-05-29-10.22.45.jpg?alt=media&#x26;token=a9f4d3de-ac2c-451e-abe2-e5739d9e976c" alt=""><figcaption></figcaption></figure>

This button will hit the `:delete` action route, which looks for `current_admin_id` in the session and uses it to sign in to the admin user again.

#### Turn off impersonation

You can toggle impersonation on/off easily in `config.exs`:

```elixir
config :petal_pro,
  impersonation_enabled?: false
```