matt
/
auditionadmin
1
0
Fork 0
Code Issues 16 Pull Requests Packages Projects Releases Wiki Activity

Add ability to impersonate users

This commit is contained in:
Matt Young 2025-11-01 11:58:33 -05:00
parent b6206976a1
commit ea98177770
7 changed files with 121 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/Enums/UserFlags.php
View File

@ -6,4 +6,5 @@ enum UserFlags: string
{
case HEAD_DIRECTOR = 'head_director';
case MONITOR = 'monitor';
case CAN_IMPERSONATE = 'can_impersonate';
}

78
app/Http/Controllers/Admin/ImpersonationController.php Normal file
View File

@ -0,0 +1,78 @@
<?php
namespace App\Http\Controllers\Admin;
use App\Http\Controllers\Controller;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use function auditionLog;
class ImpersonationController extends Controller
{
public function start(Request $request)
{
$user = User::findOrFail($request->user_id);
$admin = $request->user();
if (! $admin->can('impersonate', $user)) {
abort(403);
}
// Prevent impersonating yourself or impersonating if already impersonating
if ($admin->id === $user->id || session()->has('impersonator_id')) {
return back()->with('error', 'Cannot impersonate.');
}
// Save the original admin id and optionally guard
session()->put('impersonator_id', $admin->id);
session()->put('impersonator_started_at', now()->toDateTimeString());
auditionLog('Started impersonating '.$user->full_name().' - '.$user->email, ['users' => [$user->id]]);
// Switch user
Auth::loginUsingId($user->getAuthIdentifier());
// Regenerate session to mitigate fixation
$request->session()->regenerate();
return redirect(route('dashboard'))->with('success', 'Now impersonating '.$user->email);
}
public function stop(Request $request)
{
$impersonatedUser = Auth::user();
$impersonatorId = session('impersonator_id');
if (! $impersonatorId) {
return back()->with('error', 'Not impersonating.');
}
// Restore original admin
$admin = User::find($impersonatorId);
if ($admin) {
Auth::loginUsingId($admin->getAuthIdentifier());
} else {
// If admin was deleted, just log out
Auth::logout();
}
auditionLog('Stopped impersonating '.$impersonatedUser->full_name().' - '.$impersonatedUser->email, ['users' => [$impersonatedUser->id]]);
// Clear impersonation data
session()->forget(['impersonator_id', 'impersonator_started_at']);
// Regenerate session
$request->session()->regenerate();
return redirect(route('dashboard'))->with('success', 'Stopped impersonation.');
}
public function index()
{
$users = User::where('id', '!=', auth()->id())->get();
return view('admin.impersonation.index', compact('users'));
}
}

4
app/Providers/AppServiceProvider.php
View File

@ -38,6 +38,7 @@ use App\Services\EntryService;
use App\Services\ScoreService;
use App\Services\UserService;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\ServiceProvider;
class AppServiceProvider extends ServiceProvider
@ -78,6 +79,9 @@ class AppServiceProvider extends ServiceProvider
Student::observe(StudentObserver::class);
User::observe(UserObserver::class);
Gate::define('impersonate', function ($admin, $target) {
return $admin->hasFlag('can_impersonate') && $admin->id !== $target->id;
});
// Model::preventLazyLoading(! app()->isProduction());
}
}

1
app/Providers/FortifyServiceProvider.php
View File

@ -65,5 +65,6 @@ class FortifyServiceProvider extends ServiceProvider
Fortify::verifyEmailView(function () {
return view('auth.verify-email');
});
}
}

15
resources/views/admin/impersonation/index.blade.php Normal file
View File

@ -0,0 +1,15 @@
<x-layout.app>
<x-slot:page_title>Impersonation</x-slot:page_title>
<x-card.card class="max-w-lg mx-auto">
<x-card.heading>Select User to Impersonate</x-card.heading>
<x-form.form method="POST" action="{{ route('impersonate.start') }}">
<x-form.select name="user_id">
<x-slot:label>User to impersonate</x-slot:label>
@foreach ($users as $user)
<option value="{{ $user->id }}">{{ $user->full_name() }}</option>
@endforeach
</x-form.select>
<x-form.footer submit-button-text="Impersonate" />
</x-form.form>
</x-card.card>
</x-layout.app>

8
resources/views/components/layout/app.blade.php
View File

@ -19,6 +19,14 @@
</head>
<body {{ $attributes->merge(['class' => 'h-full']) }}>
<div class="min-h-full">
@if(session()->has('impersonator_id'))
<div class="bg-red-500 text-white ml pl-10 py-2">
Currently impersonating {{ auth()->user()->full_name() }}
<x-form.form method="post" action="{{ route('impersonate.stop') }}">
<button>End Impersonation</button>
</x-form.form>
</div>
@endif
{{-- @if(request()->is('*admin*'))--}}
{{-- <x-layout.navbar.navbar-admin />--}}
{{-- @else--}}

14
routes/admin.php
View File

@ -11,6 +11,7 @@ use App\Http\Controllers\Admin\EntryController;
use App\Http\Controllers\Admin\EventController;
use App\Http\Controllers\Admin\ExportEntriesController;
use App\Http\Controllers\Admin\ExportResultsController;
use App\Http\Controllers\Admin\ImpersonationController;
use App\Http\Controllers\Admin\PrelimDefinitionController;
use App\Http\Controllers\Admin\PrintCards;
use App\Http\Controllers\Admin\PrintRoomAssignmentsController;
@ -230,4 +231,17 @@ Route::middleware(['auth', 'verified', CheckIfAdmin::class])->prefix('admin/')->
Route::patch('/{splitScoreDefinition}', 'update')->name('admin.split_score_definitions.update');
Route::delete('/{splitScoreDefinition}', 'destroy')->name('admin.split_score_definitions.destroy');
});
});
// Impersonation Routes
Route::middleware(['auth', 'verified', CheckIfAdmin::class])->get('su/',
[ImpersonationController::class, 'index'])
->name('impersonate.index');
Route::middleware(['auth', 'verified', CheckIfAdmin::class])->post('su/start',
[ImpersonationController::class, 'start'])
->name('impersonate.start');
Route::post('su/stop', [ImpersonationController::class, 'stop'])
->name('impersonate.stop');