From 5b08f73561b105df6046d4af33dc6a91ce8b52cf Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Thu, 5 Sep 2013 10:27:34 +1000
Subject: [PATCH] give god rights of impersonation to developers, must be
 edited into the production.rb config file

---
 config/environments/production.rb.sample |  5 +++++
 lib/guardian.rb                          | 12 ++++++++++--
 spec/components/guardian_spec.rb         |  3 +++
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/config/environments/production.rb.sample b/config/environments/production.rb.sample
index e4dabbd35..c12b534dd 100644
--- a/config/environments/production.rb.sample
+++ b/config/environments/production.rb.sample
@@ -66,4 +66,9 @@ Discourse::Application.configure do
   # For origin pull cdns all you need to do is register an account and configure
   # config.action_controller.asset_host = "http://YOUR_CDN_HERE"
 
+  # a comma delimited list of emails your devs have
+  # developers have god like rights and may impersonate anyone in the system
+  # normal admins may only impersonate other moderators (not admins)
+  config.developer_emails = []
+
 end
diff --git a/lib/guardian.rb b/lib/guardian.rb
index d5bd9e6a9..9b87b82fb 100644
--- a/lib/guardian.rb
+++ b/lib/guardian.rb
@@ -9,6 +9,7 @@ class Guardian
     def secure_category_ids; []; end
     def topic_create_allowed_category_ids; []; end
     def has_trust_level?(level); false; end
+    def email; nil; end
   end
 
   def initialize(user=nil)
@@ -36,6 +37,13 @@ class Guardian
     @user.staff?
   end
 
+  def is_developer?
+    @user &&
+    is_admin? &&
+    Rails.configuration.respond_to?(:developer_emails) &&
+    Rails.configuration.developer_emails.include?(@user.email)
+  end
+
   # Can the user see the object?
   def can_see?(obj)
     if obj
@@ -89,8 +97,8 @@ class Guardian
     # You must be an admin to impersonate
     is_admin? &&
 
-    # You may not impersonate other admins
-    not(target.admin?)
+    # You may not impersonate other admins unless you are a dev
+    (!target.admin? || is_developer?)
 
     # Additionally, you may not impersonate yourself;
     # but the two tests for different admin statuses
diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb
index a176a0713..ad8d1d0ec 100644
--- a/spec/components/guardian_spec.rb
+++ b/spec/components/guardian_spec.rb
@@ -175,6 +175,9 @@ describe Guardian do
       Guardian.new(admin).can_impersonate?(another_admin).should be_false
       Guardian.new(admin).can_impersonate?(user).should be_true
       Guardian.new(admin).can_impersonate?(moderator).should be_true
+
+      Rails.configuration.stubs(:developer_emails).returns([admin.email])
+      Guardian.new(admin).can_impersonate?(another_admin).should be_true
     end
   end