this is also a capability in a nextcloud app so an admin can more easily replicate a users bug report and see for themselves what’s going wrong. that said i struggle to see how you could implement that in such a way as to avoid abuse, but isn’t that true of any admin powers? this isn’t encrypted cloud storage, it’s a public forum. i’d imagine the process is at the very least heavily logged so other admins and maybe even federates to other instance admins or even mods too so impersonation actions are clearly visible as such. but i don’t know enough about code to read thru and see if it does in either app.
Why the fuck can pyfed instance admins impersonate others?
https://codeberg.org/rimu/pyfedi/src/commit/5780de95a86ed87b7f88c8570cfd9bb68786f053/app/admin/routes.py#L2227
Was this written by Spez?
If they have DB access they already can.
But this makes it as easy as surfing to a url
Not without a lot of manual work or noticeably resetting a user’s password. Distributing these tools as a feature is asking for abuse.
this is also a capability in a nextcloud app so an admin can more easily replicate a users bug report and see for themselves what’s going wrong. that said i struggle to see how you could implement that in such a way as to avoid abuse, but isn’t that true of any admin powers? this isn’t encrypted cloud storage, it’s a public forum. i’d imagine the process is at the very least heavily logged so other admins and maybe even federates to other instance admins or even mods too so impersonation actions are clearly visible as such. but i don’t know enough about code to read thru and see if it does in either app.