Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ImpersonateUser fix #10

Merged
merged 1 commit into from
May 24, 2017
Merged

ImpersonateUser fix #10

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion views/admin/index.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@
}
},
'switch' => function ($url, $model) {
if($model->id != Yii::$app->user->id && Yii::$app->getModule('user')->enableImpersonateUser) {
if($model->isAdmin && $model->id != Yii::$app->user->id && Yii::$app->getModule('user')->enableImpersonateUser) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello, why actually adding this $model->isAdmin check here?
Usually $model will be the user cycled in the grid row: so $model->isAdmin will be true only for admin users.
Result: the button will not be displayed if the gridrow contains a normal user (read: the button "impersonate" will not be shown).

Copy link
Author

@bscheshirwork bscheshirwork Jan 31, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@d4rkstar

Result: the button will not be displayed if the gridrow contains a normal user (read: the button "impersonate" will not be shown).

this is correct behavior. Impersonate available only on "admin". See origin thread discussion

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I insist: "The impersonate should be available to admin with access to all other users."

So: $model will be the user cycled in the grid row: so $model->isAdmin will be true only for admin users.

This will break the behavior you said.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i.e.

$model->isAdmin

should be replace to

\Yii::$app->user->identity->isAdmin

?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

isAdmin
after
dektrium@b7180b2

Copy link
Author

@bscheshirwork bscheshirwork Jan 31, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

before this commit $someuser->isAdmin has used wrong behavior (correct for this case)

Thanks.

Copy link
Author

@bscheshirwork bscheshirwork Jan 31, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So... but in this fork I can see old code

yii2-user/models/User.php

Line 125 in 4805971

\Yii::$app->user->can($this->module->adminPermission) : false) 

                \Yii::$app->user->can($this->module->adminPermission) : false)

instead of

                \Yii::$app->authManager->checkAccess($this->id, $this->module->adminPermission) : false)

@d4rkstar you sure use this fork?

return Html::a('<span class="glyphicon glyphicon-user"></span>', ['/user/admin/switch', 'id' => $model->id], [
'title' => Yii::t('user', 'Become this user'),
'data-confirm' => Yii::t('user', 'Are you sure you want to switch to this user for the rest of this Session?'),
Expand Down