From a1e6849a71a81e54e5c1c00a8acf1bd8e502d763 Mon Sep 17 00:00:00 2001
From: Luke Towers <luke@luketowers.ca>
Date: Thu, 9 May 2019 10:36:46 -0600
Subject: [PATCH] Implemented easy impersonation of backend users controlled by
 the backend.impersonate_users permission

---
 modules/backend/ServiceProvider.php            |  4 ++++
 modules/backend/controllers/Auth.php           |  7 ++++++-
 modules/backend/controllers/Users.php          | 18 ++++++++++++++++++
 .../controllers/users/_btn_impersonate.htm     | 14 ++++++++++++++
 modules/backend/lang/en/lang.php               |  6 ++++++
 modules/backend/layouts/_mainmenu.htm          |  6 +++++-
 modules/backend/models/user/fields.yaml        |  6 +++++-
 modules/system/lang/en/lang.php                |  1 +
 8 files changed, 59 insertions(+), 3 deletions(-)
 create mode 100644 modules/backend/controllers/users/_btn_impersonate.htm

diff --git a/modules/backend/ServiceProvider.php b/modules/backend/ServiceProvider.php
index 0cda55807..859c61ba7 100644
--- a/modules/backend/ServiceProvider.php
+++ b/modules/backend/ServiceProvider.php
@@ -146,6 +146,10 @@ class ServiceProvider extends ModuleServiceProvider
                     'label' => 'system::lang.permissions.manage_other_administrators',
                     'tab'   => 'system::lang.permissions.name'
                 ],
+                'backend.impersonate_users' => [
+                    'label' => 'system::lang.permissions.impersonate_users',
+                    'tab'   => 'system::lang.permissions.name',
+                ],
                 'backend.manage_preferences' => [
                     'label' => 'system::lang.permissions.manage_preferences',
                     'tab'   => 'system::lang.permissions.name'
diff --git a/modules/backend/controllers/Auth.php b/modules/backend/controllers/Auth.php
index 66511721f..42f80bcf7 100644
--- a/modules/backend/controllers/Auth.php
+++ b/modules/backend/controllers/Auth.php
@@ -120,7 +120,12 @@ class Auth extends Controller
      */
     public function signout()
     {
-        BackendAuth::logout();
+        if (BackendAuth::isImpersonator()) {
+            BackendAuth::stopImpersonate();
+        } else {
+            BackendAuth::logout();
+        }
+
         return Backend::redirect('backend');
     }
 
diff --git a/modules/backend/controllers/Users.php b/modules/backend/controllers/Users.php
index ab5b7d8fa..c464b039b 100644
--- a/modules/backend/controllers/Users.php
+++ b/modules/backend/controllers/Users.php
@@ -130,6 +130,24 @@ class Users extends Controller
         return Redirect::refresh();
     }
 
+    /**
+     * Impersonate this user
+     */
+    public function update_onImpersonateUser($recordId)
+    {
+        if (!$this->user->hasAccess('backend.impersonate_users')) {
+            return Response::make(Lang::get('backend::lang.page.access_denied.label'), 403);
+        }
+
+        $model = $this->formFindModelObject($recordId);
+
+        BackendAuth::impersonate($model);
+
+        Flash::success(Lang::get('backend::lang.account.impersonate_success'));
+
+        return Backend::redirect('backend/users/myaccount');
+    }
+
     /**
      * My Settings controller
      */
diff --git a/modules/backend/controllers/users/_btn_impersonate.htm b/modules/backend/controllers/users/_btn_impersonate.htm
new file mode 100644
index 000000000..823af534f
--- /dev/null
+++ b/modules/backend/controllers/users/_btn_impersonate.htm
@@ -0,0 +1,14 @@
+<?php if ($this->user->hasAccess('backend.impersonate_users')): ?>
+    <div class="loading-indicator-container">
+        <button
+            type="button"
+            data-request="onImpersonateUser"
+            data-load-indicator="<?= e(trans('backend::lang.account.impersonate_working')) ?>"
+            data-request-confirm="<?= e(trans('backend::lang.account.impersonate_confirm')) ?>"
+            class="btn btn-danger oc-icon-user-secret"
+            style="width: 100%; text-align: center"
+        >
+            <?= e(trans('backend::lang.account.impersonate')) ?>
+        </button>
+    </div>
+<?php endif ?>
\ No newline at end of file
diff --git a/modules/backend/lang/en/lang.php b/modules/backend/lang/en/lang.php
index 440dd6960..f0795a2b1 100644
--- a/modules/backend/lang/en/lang.php
+++ b/modules/backend/lang/en/lang.php
@@ -45,6 +45,12 @@ return [
         'not_found' => "AJAX handler ':name' was not found."
     ],
     'account' => [
+        'impersonate' => 'Impersonate user',
+        'impersonate_confirm' => 'Are you sure you want to impersonate this user? You can revert to your original state by logging out.',
+        'impersonate_success' => 'You are now impersonating this user',
+        'impersonate_working' => 'Impersonating...',
+        'impersonating' => 'Impersonating :full_name',
+        'stop_impersonating' => 'Stop impersonating',
         'signed_in_as' => 'Signed in as :full_name',
         'sign_out' => 'Sign out',
         'login' => 'Login',
diff --git a/modules/backend/layouts/_mainmenu.htm b/modules/backend/layouts/_mainmenu.htm
index 303b116cd..7dc4c0279 100644
--- a/modules/backend/layouts/_mainmenu.htm
+++ b/modules/backend/layouts/_mainmenu.htm
@@ -76,7 +76,11 @@
 
                         <li>
                             <a href="<?= Backend::url('backend/auth/signout') ?>">
-                                <?= e(trans('backend::lang.account.sign_out')) ?>
+                                <?php if (\BackendAuth::isImpersonator()) : ?>
+                                    <?= e(trans('backend::lang.account.stop_impersonating')) ?>
+                                <?php else: ?>
+                                    <?= e(trans('backend::lang.account.sign_out')) ?>
+                                <?php endif; ?>
                             </a>
                         </li>
                     </ul>
diff --git a/modules/backend/models/user/fields.yaml b/modules/backend/models/user/fields.yaml
index e7353f364..0a99685b8 100644
--- a/modules/backend/models/user/fields.yaml
+++ b/modules/backend/models/user/fields.yaml
@@ -16,7 +16,7 @@ tabs:
         backend::lang.user.account: icon-user
         backend::lang.user.groups: icon-users
         backend::lang.user.permissions: icon-key
-        
+
     fields:
         login:
             span: left
@@ -66,6 +66,10 @@ tabs:
 
 secondaryTabs:
     fields:
+        btn_impersonate:
+            label: ''
+            context: [update]
+            type: partial
         avatar:
             label: backend::lang.user.avatar
             type: fileupload
diff --git a/modules/system/lang/en/lang.php b/modules/system/lang/en/lang.php
index 5890babd7..558a572b7 100644
--- a/modules/system/lang/en/lang.php
+++ b/modules/system/lang/en/lang.php
@@ -429,6 +429,7 @@ return [
         'manage_mail_templates' => 'Manage mail templates',
         'manage_mail_settings' => 'Manage mail settings',
         'manage_other_administrators' => 'Manage other administrators',
+        'impersonate_users' => 'Impersonate users',
         'manage_preferences' => 'Manage backend preferences',
         'manage_editor' => 'Manage code editor preferences',
         'view_the_dashboard' => 'View the dashboard',