--- masquerade.module.orig 2010-04-17 09:07:29.000000000 -0400 +++ masquerade.module 2010-04-17 09:23:59.000000000 -0400 @@ -67,7 +67,7 @@ function masquerade_menu() { $items['masquerade/switch/' . $default_test_user->uid] = array( 'title' => 'Masquerade as @testuser', 'title arguments' => array('@testuser' => $default_test_user->name), - 'page callback' => 'masquerade_switch_user', + 'page callback' => 'masquerade_switch_user_page', 'page arguments' => array(2), 'access callback' => 'masquerade_access', 'access arguments' => array('switch'), @@ -77,7 +77,7 @@ function masquerade_menu() { $items['masquerade/switch/%'] = array( 'title' => 'Masquerading', - 'page callback' => 'masquerade_switch_user', + 'page callback' => 'masquerade_switch_user_page', 'page arguments' => array(2), 'access callback' => 'masquerade_access', 'access arguments' => array('switch', 2), @@ -85,7 +85,7 @@ function masquerade_menu() { ); $items['masquerade/unswitch'] = array( 'title' => 'Switch back', - 'page callback' => 'masquerade_switch_back', + 'page callback' => 'masquerade_switch_back_page', 'access callback' => 'masquerade_access', 'access arguments' => array('unswitch'), 'type' => MENU_NORMAL_ITEM, @@ -150,6 +150,9 @@ function masquerade_access($type, $uid = case 'switch': global $user; if ($uid) { + if (!is_numeric($uid)) { + return FALSE; + } $account = user_load(array('uid' => $uid)); $switch_to_account = db_result(db_query("SELECT TRUE FROM {masquerade_users} WHERE uid_from = %d AND uid_to = %d", $user->uid, $account->uid)); } @@ -497,6 +500,7 @@ function masquerade_block_1_submit($form unset($form); $masq_user = user_load(array('name' => $form_state['values']['masquerade_user_field'])); masquerade_switch_user($masq_user->uid); + drupal_goto(referer_uri()); } /** @@ -571,18 +575,26 @@ function masquerade_autocomplete_user($s } /** - * Page callback that allows a user with the right permissions to become + * Page callback to switch users. + */ +function masquerade_switch_user_page($uid) { + masquerade_switch_user($uid); + drupal_goto(refer_uri()); +} + +/** + * Function that allows a user with the right permissions to become * the selected user. + * + * @param $uid + * The user ID to switch to. + * + * @return + * TRUE if the user was sucessfully switched, or FALSE if there was an error. */ function masquerade_switch_user($uid) { global $user; - if (!is_numeric($uid)) { - drupal_set_message(t('A user id was not correctly passed to the switching function.')); - watchdog('masquerade', 'The user id provided to switch users was not numeric.', NULL, WATCHDOG_ERROR); - return drupal_goto(referer_uri()); - } - $new_user = user_load(array('uid' => $uid)); $roles = array_keys(array_filter(variable_get('masquerade_admin_roles', array()))); @@ -592,16 +604,18 @@ function masquerade_switch_user($uid) { // check to see if we need admin permission if (!user_access($perm) && !$_SESSION['masquerading'] && !db_result(db_query("SELECT TRUE FROM {masquerade_users} WHERE uid_from = %d AND uid_to = %d", $user->uid, $new_user->uid))) { - return drupal_access_denied(); + watchdog('masquerade', 'This user requires administrative permissions to switch to the user %user.', array('%user' => $new_user->name), WATCHDOG_ERROR); + return FALSE; } if ($user->uid == $uid || isset($user->masquerading)) { - return drupal_access_denied(); + watchdog('masquerade', 'This user is all ready %user.', array('%user' => $new_user->name), WATCHDOG_ERROR); + return FALSE; } if (variable_get('site_offline', 0) && !user_access('administer site configuration', $new_user)) { drupal_set_message(t('This user is not allowed to access the site while the site is in off-line mode. Please set the site status to "online" to switch to this user.', array('@site-maintenance' => url('admin/settings/site-maintenance'))), 'error'); - return drupal_access_denied(); + return FALSE; } db_query("INSERT INTO {masquerade} (uid_from, uid_as, sid) VALUES (%d, %d, '%s')", @@ -612,13 +626,22 @@ function masquerade_switch_user($uid) { drupal_set_message(t('You are now masquerading as %masq_as.', array('%masq_as' => $new_user->name ? $new_user->name : variable_get('anonymous', 'Anonymous')))); $user->masquerading = $new_user->uid; $user = $new_user; - drupal_goto(referer_uri()); + return TRUE; } /** * Page callback that allows a user who is currently masquerading to become * a new user. */ +function masquerade_switch_back_page() { + masquerade_switch_back(); + drupal_set_message(t('You are no longer masquerading as %masq_as and are now logged in as %user.', array('%user' => $user->name, '%masq_as' => $oldname))); + drupal_goto(referer_uri()); +} + +/** + * Function for a masquerading user to switch back to the previous user. + */ function masquerade_switch_back() { // switch user global $user; @@ -629,6 +652,5 @@ function masquerade_switch_back() { $oldname = ($user->uid == 0 ? variable_get('anonymous', 'Anonymous') : $user->name); $user = user_load(array('uid' => $uid)); watchdog('masquerade', 'User %user no longer masquerading as %masq_as.', array('%user' => $user->name, '%masq_as' => $oldname), WATCHDOG_INFO); - drupal_set_message(t('You are no longer masquerading as %masq_as and are now logged in as %user.', array('%user' => $user->name, '%masq_as' => $oldname))); - drupal_goto(referer_uri()); } +