Velmi hrubá implementace převtělování

mo/web/main.py

@@ -2,9 +2,11 @@ import datetime
 
 from flask import render_template, request, g, redirect, url_for, session
 from flask_wtf import FlaskForm
+import werkzeug.exceptions
 import wtforms
 import wtforms.validators as validators
 from sqlalchemy.orm import joinedload
+from typing import Optional
 
 import mo.util
 import mo.db as db
@@ -21,6 +23,15 @@ class LoginForm(FlaskForm):
     reset = wtforms.SubmitField('Obnovit heslo')
 
 
+def after_login(user: db.User, url: Optional[str] = None):
+    if not url:
+        if user.is_admin or user.is_org:
+            url = url_for('org_index')
+        else:
+            url = url_for('index')
+        return redirect(url)
+
+
 @app.route('/auth/login', methods=('GET', 'POST'))
 def login():
     form = LoginForm()
@@ -57,13 +68,7 @@ def login():
         mo.users.login(user)
         db.get_session().commit()
         session['uid'] = user.user_id
-        url = form.next.data
-        if not url:
-            if user.is_admin or user.is_org:
-                url = url_for('org_index')
-            else:
-                url = url_for('index')
-        return redirect(url)
+        return after_login(user, form.next.data)
 
     return render_template('login.html', form=form, error=error)
 
@@ -75,6 +80,20 @@ def logout():
     return redirect(url_for('index'))
 
 
+@app.route('/auth/incarnate/<int:id>')
+def incarnate(id):
+    if not g.user.is_admin:
+        raise werkzeug.exceptions.Forbidden()
+
+    new_user = db.get_session().query(db.User).get(id)
+    if not new_user:
+        raise werkzeug.exceptions.NotFound()
+
+    app.logger.info('Login: Uživatel #%s se převtělil na #%s', g.user.user_id, new_user.user_id)
+    session['uid'] = new_user.user_id
+    return after_login(new_user)
+
+
 @app.route('/user/settings')
 def user_settings():
     sess = db.get_session()