Login as a different user quickly

Related tags

Miscellaneous php laravel laravel-package impersonate sudo-su
Overview

Demo

Tests Version Downloads License

Lara Personate

Is a user impersonate for the Laravel framework. This package makes it easier for users who have access rights such as super admin to take over other user accounts.

Installation

To install the package, simply follow the steps below.

Install the package using Composer:

$ composer require octopyid/laravel-impersonate:^2

$ artisan vendor:publish --provider="Octopy\LaraPersonate\ImpersonateServiceProvider"

Sometimes some users experience the problem of layout after upgrading the package, this can be solved by deleting the public/vendor/octopyid/impersonate folder then republish the assets.

Add the trait Octopy\LaraPersonate\Models\Impersonate to your User model.



namespace App\Models;

use Octopy\LaraPersonate\Models\Impersonate;
use Illuminate\Foundation\Auth\User as Authenticatable;

/**
 * Class User
 * @package App\Models
 */
class User extends Authenticatable
{
    use Impersonate;
}

Usage

By default, the user can impersonate and who is can be impersonated, but this causes security issues.

Defining Authorization

To limit the users who can impersonate. Add canImpersonate() to the User model.

/**
* @return bool
*/
public function canImpersonate() : bool
{
    // example usage with laratrust package
    return $this->hasRole('super-admin');
}

To limit which users can be impersonated by other users, for example super admin permissions cannot be impersonated by others, add canBeImpersonated() to the User model.

/**
* @return bool
*/
public function canBeImpersonated() : bool
{
    // example usage with laratrust package
    return $this->hasRole([
        'merchant', 'other-role' 
    ]);
}

Disclaimer

This package can pose a serious security issue if used incorrectly, as anybody will be able to take control of any user's account.

By using this package, you agree that Octopy ID and the contributors of this package cannot be held responsible for any damages caused by using this package.

Security

If you discover any security related issues, please email [email protected] or [email protected] instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.

Comments
  • Control who can impersonate and who can be impersonated

    Control who can impersonate and who can be impersonated

    Thanks for providing the package. It's really easy to install. Can you add some access control, so that only admin can impersonate other users? Sort of like what another package supports: https://github.com/404labfr/laravel-impersonate#defining-impersonation-authorization

    enhancement 
    opened by wh5a 3
  • Auth::user() not showing changed user

    Auth::user() not showing changed user

    • Impersonate Version: 2.0.9
    • Laravel Version: 8.80.0
    • PHP Version: 8.1
    • Database Driver & Version: mysql

    Description:

    The interface shows the user list and I can change user so that it shows that I am impersonating another person BUT...

    <?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\Models\User;
use Illuminate\Support\Facades\Auth;

class CustomReport extends Controller
{
    /**
     * Handle the incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function __invoke(Request $request)
    {
        $user = User::find(Auth::id())->first();
    }
}

    $user doesn't change.

    I wonder if I am going the wrong way about getting the current user?

    Help appreciated, thanks.

    PS. this package looks great, thank you, hope I can use it in practise.

    opened by sidewaysglance 2
  • LogicError on binary file download

    LogicError on binary file download

    It seems the middleware should ignore binary files. I'm new to PHP and Laravel, so I simply hacked a try-catch in the modify function and it works for now.

    The exception is:

    LogicException The content cannot be set on a BinaryFileResponse instance.

    bug 
    opened by wh5a 2
  • [Feature] Search User by relation

    [Feature] Search User by relation

    Discussed in https://github.com/OctopyID/LaraPersonate/discussions/9

    Originally posted by e12max March 23, 2022 Hi! What do you think about to adding the ability to search for Users not only by self fields, but also relation fields? For example: in ImpersonateController.php in function list change this lines:

    foreach (config('impersonate.field.search_keys', []) as $field) {
    $query->orWhere($field, 'LIKE', '%' . $request->get('search') . '%');
}

    on this:

    foreach (config('impersonate.field.search_keys', []) as $field) {
    if (count($relation = explode('.', $field)) > 1) {
        $query->orWhereRelation($relation[0], $relation[1], 'LIKE', '%' . $request->get('search') . '%');
    } else {
        $query->orWhere($field, 'LIKE', '%' . $request->get('search') . '%');
    }
}

    And in config file search_keys can looks like

    'search_keys' => [
    'name', 
    'email',
    'relation.field_name',
],

    Or something like that) Thank you!

    P.S. It is convenient to search for Users by roles, because almost all restrictions are associated with them.

    enhancement 
    opened by SupianIDz 1
  • Error Attempted to lazy load [roles] when canBeImpersonated is used

    Error Attempted to lazy load [roles] when canBeImpersonated is used

    • Impersonate Version: 2.0.8
    • Laravel Version: v.8.77.1
    • PHP Version: 8.0.13
    • Database Driver & Version: Mysql, Ver 14.14 Distrib 5.7.34, for Linux (x86_64)
    • Role Manager : spatie/laravel-permission

    Description:

    Attempt to lazy load roles when canBeImpersonated() function is added. image

    Steps To Reproduce:

    1. On AppServiceProvider, add code below on boot function to prevent lazy loading on all models.
    Model::preventLazyLoading(!app()->isProduction());
    1. On model User, add code :
    public function canBeImpersonated(): bool
  {
    return !$this->hasRole([Role::SUPER_ADMIN]);
  }

    Result : image

    bug 
    opened by rahmanramsi 1
Releases(v3.0.0)
Owner
Octopy ID
:)
Octopy ID
GitHub
Basic User login & signup in php with JavaScript form validations

User login & signup in php User login & signup in PHP-MySQL with JavaScript form validations Project Details : Project Name : User Registration & Logi

Swapnil Zambare 2 Sep 30, 2022
YCOM Impersonate. Login as selected YCOM user 🧙‍♂️in frontend.

YCOM Impersonate Login as selected YCOM user in frontend. Features: Backend users with admin rights or YCOM[] rights, can be automatically logged in v

Friends Of REDAXO 17 Sep 12, 2022
Simple library that abstracts different metrics collectors. I find this necessary to have a consistent and simple metrics (functional) API that doesn't cause vendor lock-in.

Metrics Simple library that abstracts different metrics collectors. I find this necessary to have a consistent and simple metrics API that doesn't cau

Benjamin Eberlei 311 Nov 20, 2022
A new plugin like EconomyAPI but with a different mode

A new plugin like EconomyAPI but with a different mode

null 1 Dec 13, 2021
Provides different language SDKs for the Overledger V2 API

overledger-sdks This github repository provides different language SDKs, which can be found in the SDK folder, for the Overledger DLT API Gateway. How

Quant Network 4 Oct 31, 2022
A PocketMine-MP Unregister-Command completely different from the others on Poggit.

This Unregister-Cmd plugin is completely different from the ones you see on Poggit while that much easier and constantly in active development. Featur

Arzxy Modz 1 Sep 12, 2022
The tool converts different error reporting standards for deep compatibility with popular CI systems (TeamCity, IntelliJ IDEA, GitHub Actions, etc).

JBZoo / CI-Report-Converter Why? Installing Using as GitHub Action Example GitHub Action workflow Available Directions Help description in terminal Co

JBZoo Toolbox 17 Jun 16, 2022
Create and update progress bars in different environments

Create and update progress bars in different environments

Laminas Project 8 Jul 28, 2022
Import data from and export data to a range of different file formats and media

Ddeboer Data Import library This library has been renamed to PortPHP and will be deprecated. Please use PortPHP instead. Introduction This PHP library

David de Boer 570 Dec 27, 2022
Helps detect the user's browser and platform at the PHP level via the user agent

cbschuld/browser.php Helps detect the user's browser and platform at the PHP level via the user agent Installation You can add this library as a local

Chris Schuld 574 Dec 16, 2022
Allow any Discord user to sign in to your website and save their discord user information for later use.

Simple Discord SSO ( Single Sign-On ) Requires at least: 5.0 Tested up to: 5.8.3 Stable tag: 1.0.2 Requires PHP: 7.4 License: GPLv2 or later License U

null 2 Oct 7, 2022
run user analytics within your system and track user data inside your database.

WP Local Analytics plugin. run user analytics within your system and track user data inside your database. Installing Go to the plugin page from the W

Gary 5 Dec 21, 2022
WP Local Analytics plugin. - run user analytics within your system and track user data inside your database.

WP Local Analytics plugin. - run user analytics within your system and track user data inside your database.

Gary 5 Dec 21, 2022
⚡️ A WordPress plugin to quickly send a 404 for missing static files

Static 404 A WordPress plugin to quickly send a 404 for missing static files. Quickly output a 404 for static files that aren't found, rather than loa

Brad Parbs 26 Oct 6, 2022
Quickly execute Composer package binaries from anywhere. ⚡️

✨ Help support the maintenance of this package by sponsoring me. cpx Quickly execute Composer package binaries from anywhere. ⚡️ Installation Run the

Ryan Chandler 57 Dec 25, 2022
A small library to help run PHP servers easily and quickly.

PHP Server A small library to help run PHP servers easily and quickly. Installation composer require ahmard/php-server Usage PHP Built-In Server An i

Ahmad Mustapha 9 Dec 31, 2022
An Alfred 4 workflow for quickly opening directories in Visual Studio Code

Alfred Workflow - Open in Visual Studio Code An Alfred 4 workflow opening files or folders with Visual Studio Code. Note: Alfred Powerpack is required

Daan Hage 2 Jun 27, 2022
Magento 2 module to quickly acces products, orders and customer from admin menu

Magento 2 module to quickly access product, order or customer views Introduction The Magento 2 backend can be sluggish. Ever wanted to access a produc

null 1 Dec 3, 2021
Guest to Customer for Magento2 - Quickly and easily convert existing guest checkout customers to registered customers.

Guest to Customer for Magento 2.0 For Magento 2.0.x, 2.1.x, 2.2.x, 2.3.x and 2.4.x In general E-commerce, shoppers do not like to create an account du

MagePal :: Magento Extensions 66 Oct 7, 2022