Add View As (impersonation) feature for Admin users
Allow Admin users to temporarily view the app as another user to verify permissions and team scoping without switching accounts. Backend: - Migration: add impersonate_user_id column to sessions table - requireAuth(): when impersonation is active, override req.user with target user's identity; store real admin identity in req.realUser - POST /api/auth/impersonate: start impersonation (Admin only, cannot impersonate self or other Admins) - POST /api/auth/stop-impersonate: end impersonation, revert to real user - GET /api/auth/me: returns impersonating flag and realUser when active - Audit logging on impersonate start/stop Frontend: - AuthContext: add impersonating, realUser state; startImpersonation() and stopImpersonation() helpers - ImpersonationBanner: fixed amber banner showing target user identity with Exit button - UserManagement: Eye icon button on each non-Admin user row to start View As (visible only to Admin, hidden for self and other Admins) - App.js: mount ImpersonationBanner at top of authenticated view
This commit is contained in:
Jordan Ramos
@@ -33,6 +33,7 @@ const POSTGRES_MIGRATIONS = [
|
||||
'add_ivanti_findings_ipv6_columns.js',
|
||||
'add_user_ivanti_identity.js',
|
||||
'add_atlas_known_column.js',
|
||||
'add_session_impersonation.js',
|
||||
];
|
||||
|
||||
async function runAll() {
|
||||
|
||||
Reference in New Issue
Block a user