Login as

d83b3ee9 · Richard Mansfield · adf9b66b · d83b3ee9 · d83b3ee9 · d83b3ee9
Commit d83b3ee9 authored Dec 14, 2007 by Richard Mansfield
--- a/htdocs/admin/users/changeuser.php
+++ b/htdocs/admin/users/changeuser.php
+<?php
+/**
+ * This program is part of Mahara
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
+ *
+ * @package    mahara
+ * @subpackage admin
+ * @author     Richard Mansfield <richard.mansfield@catalyst.net.nz>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL
+ * @copyright  (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
+ *
+ */
+
+define('INTERNAL', 1);
+require(dirname(dirname(dirname(__FILE__))) . '/init.php');
+
+global $USER;
+
+if (param_integer('restore', 0)) {
+    $id = $USER->restore_identity();
+    redirect(get_config('wwwroot') . 'admin/users/edit.php?id=' . $id);
+}
+
+$id = param_integer('id');
+$USER->change_identity_to($id);  // Permissions checking is done in here
+redirect(get_config('wwwroot'));
+
+?>
--- a/htdocs/admin/users/edit.php
+++ b/htdocs/admin/users/edit.php
@@ -367,6 +367,13 @@ if ($suspended) {
 $smarty->assign('suspendform', $suspendform);
 $smarty->assign('siteform', $siteform);
 $smarty->assign('institutionform', $institutionform);
+
+if ($id != $USER->get('id') && is_null($USER->get('parentuser'))) {
+    $loginas = get_string('loginasuser', 'admin', $user->username);
+} else {
+    $loginas = null;
+}
+$smarty->assign('loginas', $loginas);
 $smarty->display('admin/users/edit.tpl');

 ?>
--- a/htdocs/auth/user.php
+++ b/htdocs/auth/user.php
@@ -84,6 +84,7 @@ class User {
            'institutions'     => array(),
            'theme'            => null,
            'admininstitutions' => array(),
+            'parentuser'       => null,
            'sesskey'          => ''
        );
        $this->attributes = array();
@@ -572,5 +573,46 @@ class LiveUser extends User {
        $this->SESSION->set("user/$key", $value);
        return $this;
    }
+
+    protected function reloadLiveUser($id) {
+        $this->commit();
+        $this->find_by_id($id);
+        $this->activityprefs = load_activity_preferences($id);
+        $this->accountprefs = load_account_preferences($id);
+    }
+
+    public function change_identity_to($userid) {
+        $user = new User;
+        $user->find_by_id($userid);
+        if (!$this->is_admin_for_user($user)) {
+            throw new AccessDeniedException(get_string('loginasdenied', 'admin'));
+        }
+        $olduser = $this->get('parentuser');
+        if (!is_null($olduser)) {
+            throw new UserException(get_string('loginastwice', 'admin'));
+        }
+
+        $olduser = new StdClass;
+        $olduser->id = $this->get('id');
+        $olduser->name = $this->firstname . ' ' . $this->lastname;
+
+        $this->reloadLiveUser($userid);
+
+        $this->set('parentuser', $olduser);
+    }
+
+    public function restore_identity() {
+        $id = $this->get('id');
+        $olduser = $this->get('parentuser');
+        if (empty($olduser) || empty($olduser->id)) {
+            throw new UserException(get_string('loginasrestorenodata', 'admin'));
+        }
+
+        $this->reloadLiveUser($olduser->id);
+        $this->set('parentuser', null);
+
+        return $id;
+    }
+
 }
 ?>
--- a/htdocs/lang/en.utf8/admin.php
+++ b/htdocs/lang/en.utf8/admin.php
@@ -264,6 +264,14 @@ $string['suspendedby'] = 'This user has been suspended by %s';
 $string['filequota'] = 'File quota (MB)';
 $string['confirmremoveuserfrominstitution'] = 'Are you sure you want to remove the user from this institution?';

+// Login as
+$string['loginasuser'] = 'Login as %s';
+$string['becomeadminagain'] = 'Become %s again';
+// Login-as exceptions
+$string['loginasdenied'] = 'Attempt to login as another user without permission';
+$string['loginastwice'] = 'Attempt to login as another user when already logged in as another user';
+$string['loginasrestorenodata'] = 'No user data to restore';
+
 // Institutions
 $string['admininstitutions'] = 'Admininster Institutions';
 $string['adminauthorities'] = 'Admininster Authorities';

--- a/htdocs/lib/web.php
+++ b/htdocs/lib/web.php
@@ -1733,6 +1733,12 @@ function get_loggedin_string() {
            '<span id="headerunreadmessages">' . get_string($key) . '</span></a>)';
    }

+    $saveduser = $USER->get('parentuser');
+    if (!empty($saveduser) && $saveduser->name) {
+        $str .= ' (<a href="' . get_config('wwwroot') . 'admin/users/changeuser.php?restore=1">'
+            . get_string('becomeadminagain', 'admin', $saveduser->name) . '</a>)';
+    }
+
    return $str;
 }


--- a/htdocs/theme/default/templates/admin/users/edit.tpl
+++ b/htdocs/theme/default/templates/admin/users/edit.tpl
@@ -3,6 +3,9 @@
 {include file="columnfullstart.tpl"}
 <div id="edituser">
    <h2><a href="{$WWWROOT}user/view.php?id={$user->id}">{$user->firstname} {$user->lastname} ({$user->username})</a></h2>
+    {if !empty($loginas)}
+      <div><a href="{$WWWROOT}admin/users/changeuser.php?id={$user->id}">{$loginas}</a></div>
+    {/if}
    {if !$suspended}
      <h3>{str tag="suspenduser" section="admin"}</h3>
    {else}