Through admin, superusers can now "hijack" users and work as them

Luke Tuite · Luke Tuite · commit f534465631be · 2023-02-20T11:34:01.000-05:00
diff --git a/bil_site/settings.py b/bil_site/settings.py
@@ -85,6 +85,8 @@
     'django_filters',
     'bootstrap4',
     'django_pam',
+    'hijack',
+    'hijack.contrib.admin',
     #'core',
 ]
 
@@ -96,6 +98,7 @@
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'hijack.middleware.HijackUserMiddleware',
 ]
 
 ROOT_URLCONF = 'bil_site.urls'
diff --git a/bil_site/urls.py b/bil_site/urls.py
@@ -25,4 +25,5 @@
     path('admin/', admin.site.urls),
     path('accounts/', include('django.contrib.auth.urls')),
     path('', RedirectView.as_view(url='/ingest/')),
+    path('hijack/', include('hijack.urls')),
 ] + static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)

Original file line number	Diff line number	Diff line change
`@@ -85,6 +85,8 @@`
`85`	`85`	`'django_filters',`
`86`	`86`	`'bootstrap4',`
`87`	`87`	`'django_pam',`
	`88`	`+ 'hijack',`
	`89`	`+ 'hijack.contrib.admin',`
`88`	`90`	`#'core',`
`89`	`91`	`]`
`90`	`92`
`@@ -96,6 +98,7 @@`
`96`	`98`	`'django.contrib.auth.middleware.AuthenticationMiddleware',`
`97`	`99`	`'django.contrib.messages.middleware.MessageMiddleware',`
`98`	`100`	`'django.middleware.clickjacking.XFrameOptionsMiddleware',`
	`101`	`+ 'hijack.middleware.HijackUserMiddleware',`
`99`	`102`	`]`
`100`	`103`
`101`	`104`	`ROOT_URLCONF = 'bil_site.urls'`