From 19b8b02c27e084e5f4799a8e0935b8960624630a Mon Sep 17 00:00:00 2001
From: Clement <clementberti@yahoo.fr>
Date: Tue, 28 Feb 2017 15:39:22 +1100
Subject: [PATCH 1/2] [MNOE-360] - Add an impersonation flag

---
 .../assets/javascripts/mno_enterprise/config.js.coffee.erb    | 1 +
 api/app/controllers/mno_enterprise/impersonate_controller.rb  | 2 +-
 .../mnoe-users-local-list/mnoe-users-local-list.coffee        | 3 ++-
 .../mnoe-users-local-list/mnoe-users-local-list.html          | 4 ++--
 frontend-admin/src/app/views/user/user.controller.coffee      | 4 +++-
 frontend-admin/src/app/views/user/user.html                   | 2 +-
 6 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/api/app/assets/javascripts/mno_enterprise/config.js.coffee.erb b/api/app/assets/javascripts/mno_enterprise/config.js.coffee.erb
index 047e44a93..cfbec0d6f 100644
--- a/api/app/assets/javascripts/mno_enterprise/config.js.coffee.erb
+++ b/api/app/assets/javascripts/mno_enterprise/config.js.coffee.erb
@@ -13,6 +13,7 @@ angular.module('mnoEnterprise.configuration', [])
   .constant('DEVELOPER_SECTION_CONFIG', <%= Hash(Settings.developer).to_json %>)
   .constant('REVIEWS_CONFIG', <%= Hash(Settings.reviews).to_json %>)
   .constant('MARKETPLACE_CONFIG', <%= Hash(Settings.marketplace).to_json %>)
+  .constant('ADMIN_PANEL_CONFIG', <%= Hash(Settings.admin_panel).to_json %>)
   .constant('GOOGLE_TAG_CONTAINER_ID', <%= MnoEnterprise.google_tag_container.to_json %>)
   .constant('INTERCOM_ID', <%= MnoEnterprise.intercom_app_id.to_json %>)
   .constant('APP_NAME', <%= MnoEnterprise.app_name.to_json %>)
diff --git a/api/app/controllers/mno_enterprise/impersonate_controller.rb b/api/app/controllers/mno_enterprise/impersonate_controller.rb
index f1be2caa1..a3787e7c7 100644
--- a/api/app/controllers/mno_enterprise/impersonate_controller.rb
+++ b/api/app/controllers/mno_enterprise/impersonate_controller.rb
@@ -10,7 +10,7 @@ class ImpersonateController < ApplicationController
     def create
       session[:impersonator_redirect_path] = params[:redirect_path].presence
       @user = MnoEnterprise::User.find(params[:user_id])
-      if @user.present?
+      if @user.present? && (!Settings.admin_panel || !Settings.admin_panel.impersonation.disabled)
         impersonate(@user)
       else
         flash[:notice] = "User doesn't exist"
diff --git a/frontend-admin/src/app/components/mnoe-users-local-list/mnoe-users-local-list.coffee b/frontend-admin/src/app/components/mnoe-users-local-list/mnoe-users-local-list.coffee
index 6ab41a028..3d3f7f05c 100644
--- a/frontend-admin/src/app/components/mnoe-users-local-list/mnoe-users-local-list.coffee
+++ b/frontend-admin/src/app/components/mnoe-users-local-list/mnoe-users-local-list.coffee
@@ -1,7 +1,7 @@
 #
 # Mnoe Users List
 #
-@App.directive('mnoeUsersLocalList', ($window, $filter, $log, toastr, MnoeUsers, MnoErrorsHandler) ->
+@App.directive('mnoeUsersLocalList', ($window, $filter, $log, toastr, MnoeUsers, MnoErrorsHandler, ADMIN_PANEL_CONFIG) ->
   restrict: 'E'
   scope: {
     list: '='
@@ -15,6 +15,7 @@
       displayList: []
       widgetTitle: 'Loading users...'
       search: ''
+    scope.disable_impersonation = ADMIN_PANEL_CONFIG.impersonation.disabled if ADMIN_PANEL_CONFIG.impersonation
 
     # Display all the users
     setAllUsersList = () ->
diff --git a/frontend-admin/src/app/components/mnoe-users-local-list/mnoe-users-local-list.html b/frontend-admin/src/app/components/mnoe-users-local-list/mnoe-users-local-list.html
index f979f97ff..7c64787e3 100644
--- a/frontend-admin/src/app/components/mnoe-users-local-list/mnoe-users-local-list.html
+++ b/frontend-admin/src/app/components/mnoe-users-local-list/mnoe-users-local-list.html
@@ -10,7 +10,7 @@
           <th>Username</th>
           <th style="width: 100px;">Creation</th>
           <th style="width: 140px;">Status</th>
-          <th style="width: 100px;"></th>
+          <th style="width: 100px;" ng-if="!disable_impersonation"></th>
         </tr>
       </thead>
       <tbody>
@@ -34,7 +34,7 @@
             </button>
             <span ng-show="user.status === 'active'">Active</span>
           </td>
-          <td><a href="" ng-click="impersonateUser(user)">Log In as...</a></td>
+          <td ng-if="!disable_impersonation"><a href="" ng-click="impersonateUser(user)">Log In as...</a></td>
         </tr>
       </tbody>
     </table>
diff --git a/frontend-admin/src/app/views/user/user.controller.coffee b/frontend-admin/src/app/views/user/user.controller.coffee
index f334b069b..17f0c60a8 100644
--- a/frontend-admin/src/app/views/user/user.controller.coffee
+++ b/frontend-admin/src/app/views/user/user.controller.coffee
@@ -1,7 +1,9 @@
-@App.controller 'UserController', ($stateParams, $window, MnoeUsers) ->
+@App.controller 'UserController', ($stateParams, $window, MnoeUsers, ADMIN_PANEL_CONFIG) ->
   'ngInject'
   vm = this
 
+  vm.disable_impersonation = ADMIN_PANEL_CONFIG.impersonation.disabled if ADMIN_PANEL_CONFIG.impersonation
+
   # Get the user
   MnoeUsers.get($stateParams.userId).then(
     (response) ->
diff --git a/frontend-admin/src/app/views/user/user.html b/frontend-admin/src/app/views/user/user.html
index c7a825e08..91c511790 100644
--- a/frontend-admin/src/app/views/user/user.html
+++ b/frontend-admin/src/app/views/user/user.html
@@ -45,7 +45,7 @@ <h3 ng-show="!user.name && !user.surname" class="panel-title">{{::vm.user.email}
       </div>
     </div>
     <div class="bs-row">
-      <div class="col-sm-4 col-sm-offset-4">
+      <div class="col-sm-4 col-sm-offset-4" ng-if="!vm.disable_impersonation">
         <button class="btn btn-primary center-block"
           ng-click="vm.impersonateUser()">Log In as User</button>
       </div>

From 2e2de1a6bf02589b111f26d035c55026b89d3533 Mon Sep 17 00:00:00 2001
From: Clement <clementberti@yahoo.fr>
Date: Thu, 2 Mar 2017 13:37:00 +1100
Subject: [PATCH 2/2] [MNOE-360] - Code review

---
 .../mno_enterprise/impersonate_controller.rb  |  2 +-
 api/config/routes.rb                          | 10 +++---
 .../impersonate_controller_routing_spec.rb    | 34 ++++++++++++++++---
 .../install/templates/config/settings.yml     |  6 +++-
 .../mnoe-users-local-list.coffee              |  2 +-
 .../mnoe-users-local-list.html                |  4 +--
 .../src/app/views/user/user.controller.coffee |  2 +-
 frontend-admin/src/app/views/user/user.html   |  2 +-
 8 files changed, 46 insertions(+), 16 deletions(-)

diff --git a/api/app/controllers/mno_enterprise/impersonate_controller.rb b/api/app/controllers/mno_enterprise/impersonate_controller.rb
index a3787e7c7..f1be2caa1 100644
--- a/api/app/controllers/mno_enterprise/impersonate_controller.rb
+++ b/api/app/controllers/mno_enterprise/impersonate_controller.rb
@@ -10,7 +10,7 @@ class ImpersonateController < ApplicationController
     def create
       session[:impersonator_redirect_path] = params[:redirect_path].presence
       @user = MnoEnterprise::User.find(params[:user_id])
-      if @user.present? && (!Settings.admin_panel || !Settings.admin_panel.impersonation.disabled)
+      if @user.present?
         impersonate(@user)
       else
         flash[:notice] = "User doesn't exist"
diff --git a/api/config/routes.rb b/api/config/routes.rb
index 1fc42c80a..5bbb7da29 100644
--- a/api/config/routes.rb
+++ b/api/config/routes.rb
@@ -26,10 +26,10 @@
     end
   end
 
-
-  get "/impersonate/user/:user_id", to: "impersonate#create", as: :impersonate_user
-  get "/impersonate/revert", to: "impersonate#destroy", as: :revert_impersonate_user
-
+  unless Settings.try(:admin_panel).try(:impersonation).try(:disabled)
+    get "/impersonate/user/:user_id", to: "impersonate#create", as: :impersonate_user
+    get "/impersonate/revert", to: "impersonate#destroy", as: :revert_impersonate_user
+  end
 
   #============================================================
   # Devise/User Configuration
@@ -95,7 +95,7 @@
         member do
           %i(app_reviews app_feedbacks app_comments app_questions app_answers).each do |name|
             resources name, except: [:new, :edit], param: :review_id
-          end  
+          end
         end
       end
       resource :current_user, only: [:show, :update] do
diff --git a/api/spec/routing/mno_enterprise/impersonate_controller_routing_spec.rb b/api/spec/routing/mno_enterprise/impersonate_controller_routing_spec.rb
index 68f255789..5b2db17aa 100644
--- a/api/spec/routing/mno_enterprise/impersonate_controller_routing_spec.rb
+++ b/api/spec/routing/mno_enterprise/impersonate_controller_routing_spec.rb
@@ -4,12 +4,38 @@ module MnoEnterprise
   RSpec.describe ImpersonateController, type: :routing do
     routes { MnoEnterprise::Engine.routes }
 
-    it "routes to #create" do
-      expect(get("/impersonate/user/1")).to route_to("mno_enterprise/impersonate#create", user_id: '1')
+    context "Impersonation is enabled" do
+      before(:all) do
+        Settings.merge!(admin_panel: {impersonation: {disabled: false}})
+        Rails.application.reload_routes!
+      end
+
+      it "routes to #create" do
+        expect(get("/impersonate/user/1")).to route_to("mno_enterprise/impersonate#create", user_id: '1')
+      end
+
+      it "routes to #destroy" do
+        expect(get("/impersonate/revert")).to route_to("mno_enterprise/impersonate#destroy")
+      end
     end
 
-    it "routes to #destroy" do
-      expect(get("/impersonate/revert")).to route_to("mno_enterprise/impersonate#destroy")
+    context "Impersonation is disabled" do
+      before(:all) do
+        Settings.merge!(admin_panel: {impersonation: {disabled: true}})
+        Rails.application.reload_routes!
+      end
+
+      it 'loads regular routes' do
+        expect(get('/ping')).to route_to('mno_enterprise/status#ping')
+      end
+
+      it "does not route to #create" do
+        expect(get("/impersonate/user/1")).not_to be_routable
+      end
+
+      it "does not route to #destroy" do
+        expect(get("/impersonate/revert")).not_to be_routable
+      end
     end
   end
 end
diff --git a/core/lib/generators/mno_enterprise/install/templates/config/settings.yml b/core/lib/generators/mno_enterprise/install/templates/config/settings.yml
index 9503ba874..c835a0890 100644
--- a/core/lib/generators/mno_enterprise/install/templates/config/settings.yml
+++ b/core/lib/generators/mno_enterprise/install/templates/config/settings.yml
@@ -24,7 +24,11 @@ developer:
 # Enable Reviews in the marketplace
 reviews:
   enabled: false
-
+# Enable comparison of apps
 marketplace:
   comparison:
     enabled: false
+# Disable Impersonation
+admin_panel:
+  impersonation:
+    disabled: false
diff --git a/frontend-admin/src/app/components/mnoe-users-local-list/mnoe-users-local-list.coffee b/frontend-admin/src/app/components/mnoe-users-local-list/mnoe-users-local-list.coffee
index 3d3f7f05c..d30dbea61 100644
--- a/frontend-admin/src/app/components/mnoe-users-local-list/mnoe-users-local-list.coffee
+++ b/frontend-admin/src/app/components/mnoe-users-local-list/mnoe-users-local-list.coffee
@@ -15,7 +15,7 @@
       displayList: []
       widgetTitle: 'Loading users...'
       search: ''
-    scope.disable_impersonation = ADMIN_PANEL_CONFIG.impersonation.disabled if ADMIN_PANEL_CONFIG.impersonation
+    scope.impersonation_enabled = if ADMIN_PANEL_CONFIG.impersonation then not ADMIN_PANEL_CONFIG.impersonation.disabled else true
 
     # Display all the users
     setAllUsersList = () ->
diff --git a/frontend-admin/src/app/components/mnoe-users-local-list/mnoe-users-local-list.html b/frontend-admin/src/app/components/mnoe-users-local-list/mnoe-users-local-list.html
index 7c64787e3..6c8a7cd94 100644
--- a/frontend-admin/src/app/components/mnoe-users-local-list/mnoe-users-local-list.html
+++ b/frontend-admin/src/app/components/mnoe-users-local-list/mnoe-users-local-list.html
@@ -10,7 +10,7 @@
           <th>Username</th>
           <th style="width: 100px;">Creation</th>
           <th style="width: 140px;">Status</th>
-          <th style="width: 100px;" ng-if="!disable_impersonation"></th>
+          <th style="width: 100px;" ng-if="impersonation_enabled"></th>
         </tr>
       </thead>
       <tbody>
@@ -34,7 +34,7 @@
             </button>
             <span ng-show="user.status === 'active'">Active</span>
           </td>
-          <td ng-if="!disable_impersonation"><a href="" ng-click="impersonateUser(user)">Log In as...</a></td>
+          <td ng-if="impersonation_enabled"><a href="" ng-click="impersonateUser(user)">Log In as...</a></td>
         </tr>
       </tbody>
     </table>
diff --git a/frontend-admin/src/app/views/user/user.controller.coffee b/frontend-admin/src/app/views/user/user.controller.coffee
index 17f0c60a8..cd36e2fa8 100644
--- a/frontend-admin/src/app/views/user/user.controller.coffee
+++ b/frontend-admin/src/app/views/user/user.controller.coffee
@@ -2,7 +2,7 @@
   'ngInject'
   vm = this
 
-  vm.disable_impersonation = ADMIN_PANEL_CONFIG.impersonation.disabled if ADMIN_PANEL_CONFIG.impersonation
+  vm.impersonation_enabled = if ADMIN_PANEL_CONFIG.impersonation then not ADMIN_PANEL_CONFIG.impersonation.disabled else true
 
   # Get the user
   MnoeUsers.get($stateParams.userId).then(
diff --git a/frontend-admin/src/app/views/user/user.html b/frontend-admin/src/app/views/user/user.html
index 91c511790..891fe3c3c 100644
--- a/frontend-admin/src/app/views/user/user.html
+++ b/frontend-admin/src/app/views/user/user.html
@@ -45,7 +45,7 @@ <h3 ng-show="!user.name && !user.surname" class="panel-title">{{::vm.user.email}
       </div>
     </div>
     <div class="bs-row">
-      <div class="col-sm-4 col-sm-offset-4" ng-if="!vm.disable_impersonation">
+      <div class="col-sm-4 col-sm-offset-4" ng-if="vm.impersonation_enabled">
         <button class="btn btn-primary center-block"
           ng-click="vm.impersonateUser()">Log In as User</button>
       </div>