π₯Impersonation
Admins can sign in as any user
In version 1.6 (pull request) we added the ability for admins to impersonate normal users.
This adds two routes:
Clicking the "Impersonate" button will perform a POST request to the above route, including the user_id of the user to be impersonated. We store the current_admin_id
in the session, and sign in the admin as that user.
Once the admin has finished, the sign out button will be replaced with an "Exit impersonation" button.
This button will hit the :delete
action route, which looks for current_admin_id
in the session and uses it to sign in to the admin user again.
Turn off impersonation
You can toggle impersonation on/off easily in config.exs
: