MarkUs Blog

MarkUs Developers Blog About Their Project

Proposed implementation of Role Switching Feature

with one comment

DESCRIPTION

The role switching feature will give administrators the ability to assume roles of students or graders and view their profiles exactly as it will be seen by these users.

-Administrators will have the privilege of editing and modifying student and grader profiles.

-Administrators cannot assume the role of different admin users

-Administrators will have to type their password to be authenticated before they can switch either from their role to one with “lesser privileges” (student, grader) or from a role with “lesser privileges” back to their original role. This is to ensure security.

-The actions that administrators carried out on assuming other roles should be logged

IMPLEMENTATION

With help from Severin’s previous post on role switching implementation, here my proposed solution

Main terms are real_user and effective_user. real_user stands for the original administrator who is assuming the role of some other user. effective_user represents the user that the administrator is currently logged in as (this field could either represent the admin, grader or student).

Implementation Ideas And Code:

1    Add fields “real_user” and “effective_user” to the user model. Both fields are nil by default.

Code: To be added

2    Modify the “current_user” method (lib/session_handler.rb) so that it returns the id of field of “effective_user” if it is not nil.

Code: To be added

3    Modify the logout/currently logged in user area so that it shows the “real_user” as logged in user and the “effective_user” as the assumed user including a link (call it “exit role”, for example) which allows admins to become their “real_user” again. Current logout link stays as is.

Code: To be added

4    Add views (possibly modal dialogs) and according controllers for role assumption and password prompts prior leaving the “real_user” role and right before getting back to it.

Code: To be added

5    Modify the logout controller to erase “real_user” and “effective_user” should they be set.

Code: To be added

Written by Tobi

March 3rd, 2011 at 2:49 pm

Posted in Documents

One Response to 'Proposed implementation of Role Switching Feature'

Subscribe to comments with RSS or TrackBack to 'Proposed implementation of Role Switching Feature'.

  1. Nice work.

    Just in case you haven’t already thought of this, I’d like to make sure that the students and TAs don’t see any of the interface that you implement for this.

    Karen

    3 Mar 11 at 3:23 pm

Leave a Reply