Alright, folks, let’s have a little chat about an absolutely nifty tool for all you developers out there who are diving into the realm of user roles and logins. Imagine you’re an admin or dev, and you need to peek into a user’s account without logging out and back in a hundred times. Sounds like a hassle, right? Well, say hello to your new best friend: the devise_masquerade gem! This gem will become your go-to for logging in as another user while staying cozy in your current session. Let’s roll through the steps to get this beauty integrated into your Ruby on Rails application.
First thing’s first. We gotta install this gem. Open up your Gemfile and drop this line in there:
gem 'devise_masquerade'
Save it, and then head over to your terminal and type:
bundle install
And boom! The gem is in the house.
Next up, we need to tweak your user model to make the gem work its magic. Pop open your user model file, usually lounging at app/models/user.rb, and add :masqueradable to the usual suspects list:
class User < ApplicationRecord
devise :invitable, :confirmable, :database_authenticatable, :registerable, :masqueradable
end
Alright, that was easy-peasy. Now, let’s get your controllers ready. Head over to your app/controllers/application_controller.rb file. You’ll sprinkle a bit of masquerade magic here by adding this before action:
class ApplicationController < ActionController::Base
before_action :masquerade_user!
private
def masquerade_user!
if session[:masquerade_user_id]
sign_in(:user, User.find(session[:masquerade_user_id]), bypass: true)
session[:original_user_id] = current_user.id
session[:original_user_class] = current_user.class.name
end
end
def back_masquerade_path(user)
if user_masquerade?
session[:original_user_id]
end
end
def user_masquerade?
session[:original_user_id].present?
end
def back_masquerade
if user_masquerade?
original_user = User.find(session[:original_user_id])
sign_in(:user, original_user, bypass: true)
session[:masquerade_user_id] = nil
session[:original_user_id] = nil
session[:original_user_class] = nil
end
end
end
Sweet, your controllers are looking good. Now, let’s add some links to your views to activate the “Login As” magic. In your admin views, add something like this:
<% if policy(@user).masquerade? %>
<%= link_to "Login as", masquerade_path(@user) %>
<% end %>
These links will hook up to the masquerade URLs neatly.
To keep things secure, you gotta ensure only the right folks can play around with this. Create a custom masquerades controller, like so:
class Admin::MasqueradesController < Devise::MasqueradesController
protected
def masquerade_authorize!
authorize!(:masquerade, User)
end
end
This little piece makes sure that only users with the right permissions can ride the masquerade train.
You’re almost there! To let users know they are currently masquerading, add a nifty alert in your views like this:
<% if user_masquerade? %>
<div class="alert alert-warning text-center" style="margin-bottom: 0px">
You're logged in as <%= current_user.name %>.
<%= link_to "Back to original user", back_masquerade_path(current_user) do %>
Logout <%= fa_icon "times" %>
<% end %>
</div>
<% end %>
This heads-up will keep things clear for your masquerading users.
Now, some heads-up about potential hiccups:
When you’re on development mode, caching issues might rear their ugly head. You may see errors like “You are already signed in.” Don’t panic. Enable caching by running:
rails dev:cache
This might save you tons of headaches.
And if you’re working with different subdomains, managing sessions and cookies becomes super crucial. Make sure your session store is set to share sessions across subdomains:
Rails.application.config.session_store :cookie_store, key: '_your_app_session', domain: :all
This ensures everything runs smoothly across subdomains.
So, there you have it. The devise_masquerade gem can truly make your life easier by allowing seamless switching between user roles without the constant log in-and-out shuffle. Follow these steps, and you’ll have it integrated into your Ruby on Rails application in no time.
Happy coding!
