Allow non-super users to impersonate select users.
This commit is contained in:
parent
3dd854e383
commit
35598a01a8
5 changed files with 47 additions and 14 deletions
public
|
@ -112,19 +112,33 @@ if($authToken->isValid()) {
|
|||
if($sessionInfo->shouldBumpExpires())
|
||||
$authToken->applyCookie($sessionInfo->getExpiresTime());
|
||||
|
||||
// only allow impersonation when super user
|
||||
if($authToken->hasImpersonatedUserId() && $userInfo->isSuper()) {
|
||||
$userInfoReal = $userInfo;
|
||||
if($authToken->hasImpersonatedUserId()) {
|
||||
$allowToImpersonate = $userInfo->isSuper();
|
||||
$impersonatedUserId = $authToken->getImpersonatedUserId();
|
||||
|
||||
try {
|
||||
$userInfo = User::byId($authToken->getImpersonatedUserId());
|
||||
} catch(RuntimeException $ex) {
|
||||
$userInfo = $userInfoReal;
|
||||
if(!$allowToImpersonate) {
|
||||
$allowImpersonateUsers = $cfg->getArray(sprintf('impersonate.allow.u%s', $userInfo->getId()));
|
||||
$allowToImpersonate = in_array((string)$impersonatedUserId, $allowImpersonateUsers, true);
|
||||
}
|
||||
|
||||
$removeImpersonationData = !$allowToImpersonate;
|
||||
if($allowToImpersonate) {
|
||||
$userInfoReal = $userInfo;
|
||||
|
||||
try {
|
||||
$userInfo = User::byId($impersonatedUserId);
|
||||
} catch(RuntimeException $ex) {
|
||||
$userInfo = $userInfoReal;
|
||||
$removeImpersonationData = true;
|
||||
}
|
||||
|
||||
$userInfo->setCurrent();
|
||||
}
|
||||
|
||||
if($removeImpersonationData) {
|
||||
$authToken->removeImpersonatedUserId();
|
||||
$authToken->applyCookie();
|
||||
}
|
||||
|
||||
$userInfo->setCurrent();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue