Docker/Maybe
Docker/Maybe
1
0
Fork 0
mirror of https://github.com/maybe-finance/maybe.git synced 2025-08-09 07:25:19 +02:00
Code Issues Releases Activity Actions

Impersonation (#1325)

Browse source 
* Initial impersonation

* Impersonation audit

* Keep super admin separate

* Remove vscode settings

* Comment cleanup

* Comment out impersonation fixtures for now

* Remove unused controlelr

* Add impersonation testing (#1326)

* Add impersonation testing

* Remove unused method

* Update schema.rb

* Update brakeman

---------

Co-authored-by: Zach Gollwitzer <zach@maybe.co>
This commit is contained in:
Josh Pigford 2024-10-18 11:26:58 -05:00 committed by GitHub
parent 4a3685f503
commit c7c281073f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
29 changed files with 477 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

21
app/views/impersonation_sessions/_approval_bar.html.erb Normal file
View file

@ -0,0 +1,21 @@
<% pending_session = Current.true_user.impersonated_support_sessions.pending.first %>
<% in_progress_session = Current.true_user.impersonated_support_sessions.in_progress.first %>
<div class="sticky top-0 left-0 w-full bg-black flex items-center justify-between font-mono">
<div class="flex items-center bg-red-600 px-6 py-4">
<%= lucide_icon "alert-triangle", class: "w-6 h-6 text-white mr-2" %>
<span class="text-white font-semibold uppercase">Access <%= in_progress_session.present? ? "Session" : "Request" %></span>
</div>
<div class="flex items-center space-x-2 px-2 py-2 text-white gap-4">
<% if pending_session.present? %>
<p class="text-xs max-w-3xl text-right">Maybe support staff has requested access to your account (likely to help you with a support request). If you approve the request, all activity they take will be logged for security and audit purposes.</p>
<%= button_to "Approve", approve_impersonation_session_path(pending_session), method: :put, class: "inline-flex items-center px-3 py-1.5 border border-transparent text-sm font-medium rounded-md text-white bg-green-600 hover:bg-green-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-green-500" %>
<%= button_to "Reject", reject_impersonation_session_path(pending_session), method: :put, class: "inline-flex items-center px-3 py-1.5 border border-transparent text-sm font-medium rounded-md text-white bg-red-600 hover:bg-red-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-red-500" %>
<% elsif in_progress_session.present? %>
<p class="text-xs max-w-3xl text-right">Someone from the Maybe Finance team is currently viewing your data. You may end the session at any time.</p>
<%= button_to "End Session", complete_impersonation_session_path(in_progress_session), method: :put, class: "inline-flex items-center px-3 py-1.5 border border-transparent text-sm font-medium rounded-md text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500" %>
<% else %>
<p class="text-xs max-w-3xl text-right text-red-500">Something went wrong. Please contact us.</p>
<% end %>
</div>
</div>