1from plain.auth.views import AuthView
 2from plain.http import Response, ResponseForbidden, ResponseRedirect
 3from plain.sessions.views import SessionView
 4
 5from .constants import IMPERSONATE_SESSION_KEY
 6from .permissions import can_be_impersonator
 7from .requests import get_request_impersonator
 8
 9
10class ImpersonateStartView(AuthView):
11    def get(self) -> Response:
12        # We *could* already be impersonating, so need to consider that
13        impersonator = get_request_impersonator(self.request) or self.user
14        if impersonator and can_be_impersonator(impersonator):
15            self.session[IMPERSONATE_SESSION_KEY] = self.url_kwargs["id"]
16            return ResponseRedirect(self.request.query_params.get("next", "/"))
17
18        return ResponseForbidden()
19
20
21class ImpersonateStopView(SessionView):
22    def get(self) -> Response:
23        self.session.pop(IMPERSONATE_SESSION_KEY)
24        return ResponseRedirect(self.request.query_params.get("next", "/"))