Impersonation (#1325)

* Initial impersonation

* Impersonation audit

* Keep super admin separate

* Remove vscode settings

* Comment cleanup

* Comment out impersonation fixtures for now

* Remove unused controlelr

* Add impersonation testing (#1326)

* Add impersonation testing

* Remove unused method

* Update schema.rb

* Update brakeman

---------

Co-authored-by: Zach Gollwitzer <zach@maybe.co>

db/migrate/20241009214601_add_super_admin_to_users.rb

@@ -0,0 +1,23 @@
+class AddSuperAdminToUsers < ActiveRecord::Migration[7.2]
+  def change
+    reversible do |dir|
+      dir.up do
+        change_column :users, :role, :string, default: 'member'
+
+        execute <<-SQL
+          DROP TYPE user_role;
+        SQL
+      end
+
+      dir.down do
+        execute <<-SQL
+          CREATE TYPE user_role AS ENUM ('admin', 'member');
+        SQL
+
+        change_column_default :users, :role, nil
+        change_column :users, :role, :user_role, using: 'role::user_role'
+        change_column_default :users, :role, 'member'
+      end
+    end
+  end
+end

db/migrate/20241017162347_create_impersonation_sessions.rb

@@ -0,0 +1,12 @@
+class CreateImpersonationSessions < ActiveRecord::Migration[7.2]
+  def change
+    create_table :impersonation_sessions, id: :uuid do |t|
+      t.references :impersonator, null: false, foreign_key: { to_table: :users }, type: :uuid
+      t.references :impersonated, null: false, foreign_key: { to_table: :users }, type: :uuid
+      t.string :status, null: false, default: 'pending'
+      t.timestamps
+    end
+
+    add_reference :sessions, :active_impersonator_session, type: :uuid, foreign_key: { to_table: :impersonation_sessions }
+  end
+end

db/migrate/20241017162536_create_impersonation_session_logs.rb

@@ -0,0 +1,14 @@
+class CreateImpersonationSessionLogs < ActiveRecord::Migration[7.2]
+  def change
+    create_table :impersonation_session_logs, id: :uuid do |t|
+      t.references :impersonation_session, type: :uuid, foreign_key: true, null: false
+      t.string :controller
+      t.string :action
+      t.text :path
+      t.string :method
+      t.string :ip_address
+      t.text :user_agent
+      t.timestamps
+    end
+  end
+end

db/schema.rb

@@ -19,7 +19,7 @@ ActiveRecord::Schema[7.2].define(version: 2024_10_17_204250) do
   # Note that some types may not work with other database engines. Be careful if changing database.
   create_enum "account_status", ["ok", "syncing", "error"]
   create_enum "import_status", ["pending", "importing", "complete", "failed"]
-  create_enum "user_role", ["admin", "member"]
+  create_enum "user_role", ["admin", "member", "super_admin"]
 
   create_table "account_balances", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
     t.uuid "account_id", null: false
@@ -493,6 +493,8 @@ ActiveRecord::Schema[7.2].define(version: 2024_10_17_204250) do
     t.string "ip_address"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.uuid "active_impersonator_session_id"
+    t.index ["active_impersonator_session_id"], name: "index_sessions_on_active_impersonator_session_id"
     t.index ["user_id"], name: "index_sessions_on_user_id"
   end
 
@@ -535,7 +537,6 @@ ActiveRecord::Schema[7.2].define(version: 2024_10_17_204250) do
     t.string "last_alerted_upgrade_commit_sha"
     t.enum "role", default: "member", null: false, enum_type: "user_role"
     t.boolean "active", default: true, null: false
-    t.boolean "super_admin", default: false
     t.index ["email"], name: "index_users_on_email", unique: true
     t.index ["family_id"], name: "index_users_on_family_id"
   end
@@ -573,6 +574,7 @@ ActiveRecord::Schema[7.2].define(version: 2024_10_17_204250) do
   add_foreign_key "imports", "families"
   add_foreign_key "institutions", "families"
   add_foreign_key "merchants", "families"
+  add_foreign_key "sessions", "impersonation_sessions", column: "active_impersonator_session_id"
   add_foreign_key "sessions", "users"
   add_foreign_key "taggings", "tags"
   add_foreign_key "tags", "families"