79 lines
2.4 KiB
PHP
79 lines
2.4 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\Admin;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use App\Models\User;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Auth;
|
|
|
|
use function auditionLog;
|
|
|
|
class ImpersonationController extends Controller
|
|
{
|
|
public function start(Request $request)
|
|
{
|
|
$user = User::findOrFail($request->user_id);
|
|
$admin = $request->user();
|
|
|
|
if (! $admin->can('impersonate', $user)) {
|
|
abort(403);
|
|
}
|
|
|
|
// Prevent impersonating yourself or impersonating if already impersonating
|
|
if ($admin->id === $user->id || session()->has('impersonator_id')) {
|
|
return back()->with('error', 'Cannot impersonate.');
|
|
}
|
|
|
|
// Save the original admin id and optionally guard
|
|
session()->put('impersonator_id', $admin->id);
|
|
session()->put('impersonator_started_at', now()->toDateTimeString());
|
|
|
|
auditionLog('Started impersonating '.$user->full_name().' - '.$user->email, ['users' => [$user->id]]);
|
|
|
|
// Switch user
|
|
Auth::loginUsingId($user->getAuthIdentifier());
|
|
|
|
// Regenerate session to mitigate fixation
|
|
$request->session()->regenerate();
|
|
|
|
return redirect(route('dashboard'))->with('success', 'Now impersonating '.$user->email);
|
|
}
|
|
|
|
public function stop(Request $request)
|
|
{
|
|
$impersonatedUser = Auth::user();
|
|
$impersonatorId = session('impersonator_id');
|
|
if (! $impersonatorId) {
|
|
return back()->with('error', 'Not impersonating.');
|
|
}
|
|
|
|
// Restore original admin
|
|
$admin = User::find($impersonatorId);
|
|
if ($admin) {
|
|
Auth::loginUsingId($admin->getAuthIdentifier());
|
|
} else {
|
|
// If admin was deleted, just log out
|
|
Auth::logout();
|
|
}
|
|
|
|
auditionLog('Stopped impersonating '.$impersonatedUser->full_name().' - '.$impersonatedUser->email, ['users' => [$impersonatedUser->id]]);
|
|
|
|
// Clear impersonation data
|
|
session()->forget(['impersonator_id', 'impersonator_started_at']);
|
|
|
|
// Regenerate session
|
|
$request->session()->regenerate();
|
|
|
|
return redirect(route('dashboard'))->with('success', 'Stopped impersonation.');
|
|
}
|
|
|
|
public function index()
|
|
{
|
|
|
|
$users = User::where('id', '!=', auth()->id())->get();
|
|
|
|
return view('admin.impersonation.index', compact('users'));
|
|
}
|
|
}
|