Allow non-super users to impersonate select users.

This commit is contained in:
flash 2023-07-28 21:20:19 +00:00
parent 3dd854e383
commit 35598a01a8
5 changed files with 47 additions and 14 deletions
public

View file

@ -112,19 +112,33 @@ if($authToken->isValid()) {
if($sessionInfo->shouldBumpExpires())
$authToken->applyCookie($sessionInfo->getExpiresTime());
// only allow impersonation when super user
if($authToken->hasImpersonatedUserId() && $userInfo->isSuper()) {
$userInfoReal = $userInfo;
if($authToken->hasImpersonatedUserId()) {
$allowToImpersonate = $userInfo->isSuper();
$impersonatedUserId = $authToken->getImpersonatedUserId();
try {
$userInfo = User::byId($authToken->getImpersonatedUserId());
} catch(RuntimeException $ex) {
$userInfo = $userInfoReal;
if(!$allowToImpersonate) {
$allowImpersonateUsers = $cfg->getArray(sprintf('impersonate.allow.u%s', $userInfo->getId()));
$allowToImpersonate = in_array((string)$impersonatedUserId, $allowImpersonateUsers, true);
}
$removeImpersonationData = !$allowToImpersonate;
if($allowToImpersonate) {
$userInfoReal = $userInfo;
try {
$userInfo = User::byId($impersonatedUserId);
} catch(RuntimeException $ex) {
$userInfo = $userInfoReal;
$removeImpersonationData = true;
}
$userInfo->setCurrent();
}
if($removeImpersonationData) {
$authToken->removeImpersonatedUserId();
$authToken->applyCookie();
}
$userInfo->setCurrent();
}
}
}