diff --git a/README.txt b/README.txt index 200b129..194dc59 100644 --- a/README.txt +++ b/README.txt @@ -6,28 +6,11 @@ switch back to the previous account. == Installation and Configuration == -To install the Masquerade module, extract the module to your modules folder, -such as sites/all/modules. After enabling the module, it can be configured -under Administer > Configuration > People > Masquerade. To enable users to -masquerade, assign the appropriate "masquerade module" permissions to the roles -available on your site. For example: +* To install the Masquerade module, follow the usual steps: + http://drupal.org/documentation/install/modules-themes/modules-8 - * To allow members of the 'customer support' role to masquerade as any - non-admin user, add the 'masquerade as user' permission to the role. In the - Masquerade configuration, set 'administrator' as an administrator role - to prevent customer support users from masquerading as those users. +* Grant the "Masquerade as another user" permission to the desired roles. - * To allow members of the 'tech support' role to masquerade as 'administrator', add the 'masquerade as admin' permission to the role. Then, - in the Masquerade configuration, set 'administrator' as an - administrator role. - -== Quick Switch Menu == - -By default, when a user is selected for the 'Menu Quick Switch user', the Masquerade module adds two menu items to the 'Navigation' menu: - - * Masquerade as 'the user selected': When clicked, the user can quick switch to the user selected. - - * Switch back: This menu item appears while masquerading so that you can switch back to your original user. == Help and Support == diff --git a/masquerade.info b/masquerade.info index b403416..1779e6e 100644 --- a/masquerade.info +++ b/masquerade.info @@ -1,4 +1,5 @@ name = Masquerade description = Allows privileged users to masquerade as another user. core = 8.x -configure = admin/config/people/masquerade +package = Development +tags[] = admin diff --git a/masquerade.install b/masquerade.install index ca0592a..d062da1 100644 --- a/masquerade.install +++ b/masquerade.install @@ -9,8 +9,7 @@ * Implements hook_schema(). */ function masquerade_schema() { - return array( - 'masquerade' => array( + $schema['masquerade'] = array( 'description' => 'Each masquerading user has their session recorded into the masquerade table. Each record represents a masquerading user.', 'fields' => array( 'sid' => array( @@ -36,28 +35,8 @@ function masquerade_schema() { 'sid' => array('sid', 'uid_from'), 'sid_2' => array('sid', 'uid_as'), ), - ), - 'masquerade_users' => array( - 'description' => 'Per-user permission table granting permissions to switch as a specific user.', - 'fields' => array( - 'uid_from' => array( - 'description' => 'The {users}.uid that can masquerade as {masquerade_users}.uid_to.', - 'type' => 'int', - 'not null' => TRUE, - 'default' => 0, - 'disp-width' => 10, - ), - 'uid_to' => array( - 'description' => 'The {users}.uid that {masquerade_users}.uid_from can masquerade as.', - 'type' => 'int', - 'not null' => TRUE, - 'default' => 0, - 'disp-width' => 10, - ), - ), - 'primary key' => array('uid_from', 'uid_to'), - ), ); + return $schema; } /** @@ -66,19 +45,3 @@ function masquerade_schema() { function masquerade_install() { module_set_weight('masquerade', -10); } - -/** - * Implements hook_uninstall(). - */ -function masquerade_uninstall() { - variable_del('masquerade_test_user'); - variable_del('masquerade_admin_roles'); - variable_del('masquerade_quick_switches'); -} - -/** - * Implements hook_update_last_removed(). - */ -function masquerade_update_last_removed() { - return 7001; -} diff --git a/masquerade.module b/masquerade.module index eb3bcb6..09f3011 100644 --- a/masquerade.module +++ b/masquerade.module @@ -15,10 +15,8 @@ use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; function masquerade_help($path, $arg) { switch ($path) { case 'admin/help#masquerade': + // @todo FIXME. return t('

The masquerade module adds a link on a user\'s profile page that allows permitted users to masquerade as that user. Upon masquerading, a link to "switch back" to the original user will appear in the menu. While masquerading, the option to masquerade as another user will not appear. All masquerading transactions are logged, and $user->masquerading will be set; this could be displayed via theme.

In the masquerade settings a list of roles are presented; any checked role is considered an "administrator" and requires the second level "masquerade as admin" permission to masquerade as. User #1 is automatically considered an administrator, regardless of roles.

'); - - case 'admin/settings/masquerade': - return t('Only the users with masquerade as admin permission, will be able to masquerade as the users who belong to the roles selected below. User #1 is automatically considered an administrator, regardless of roles.'); } } @@ -27,17 +25,9 @@ function masquerade_help($path, $arg) { */ function masquerade_permission() { return array( - 'masquerade as user' => array( - 'title' => t('Masquerade as user'), - 'description' => t('Masquerade as another user.'), - ), - 'masquerade as admin' => array( - 'title' => t('Masquerade as admin'), - 'description' => t('Masquerade as the site admin (UID 1).'), - ), - 'administer masquerade' => array( - 'title' => t('Administer Masquerade'), - 'description' => t('Perform administration tasks and configure the Masquerade module.'), + 'masquerade' => array( + 'title' => t('Masquerade as another user'), + 'restrict access' => TRUE, ), ); } @@ -48,22 +38,19 @@ function masquerade_permission() { function masquerade_init() { global $user; + if (isset($_SESSION['masquerading'])) { + return; + } // Try to load masqing uid from masquerade table. $uid = db_query("SELECT uid_from FROM {masquerade} WHERE sid = :sid AND uid_as = :uid_as", array( ':sid' => session_id(), ':uid_as' => $user->uid, ))->fetchField(); - - // We are using identical operator (===) instead of equal (==) because if - // $uid === 0 we want to store the session variable. If there's no record in - // masquerade table we clear the session variable. - if ($uid === FALSE) { - if (isset($_SESSION)) { - unset($_SESSION['masquerading']); - } + if ($uid) { + $_SESSION['masquerading'] = $uid; } else { - $_SESSION['masquerading'] = $uid; + unset($_SESSION['masquerading']); } } @@ -87,18 +74,6 @@ function masquerade_cron() { * Implements hook_menu(). */ function masquerade_menu() { - $default_test_user = _masquerade_user_load(variable_get('masquerade_test_user', '')); - if ($default_test_user && ($default_test_user->uid || $default_test_user->name == variable_get('anonymous', t('Anonymous')))) { - $items['masquerade/switch/' . $default_test_user->uid] = array( - 'title' => 'Masquerade as @testuser', - 'title arguments' => array('@testuser' => $default_test_user->name), - 'page callback' => 'masquerade_switch_user_page', - 'page arguments' => array(2), - 'access callback' => 'masquerade_menu_access', - 'access arguments' => array('switch'), - ); - } - $items['masquerade/switch/%'] = array( 'title' => 'Masquerading', 'page callback' => 'masquerade_switch_user_page', @@ -113,35 +88,11 @@ function masquerade_menu() { 'access arguments' => array('unswitch'), ); $items['masquerade/autocomplete'] = array( - 'title' => '', 'page callback' => 'masquerade_autocomplete', 'access callback' => 'masquerade_menu_access', 'access arguments' => array('autocomplete'), 'type' => MENU_CALLBACK, ); - $items['masquerade/autocomplete-users'] = array( - 'title' => '', - 'page callback' => 'masquerade_autocomplete_multiple', - 'access callback' => 'masquerade_menu_access', - 'access arguments' => array('autocomplete'), - 'type' => MENU_CALLBACK, - ); - $items['masquerade/autocomplete-user'] = array( - 'title' => 'Masquerade autocomplete', - 'page callback' => 'masquerade_autocomplete_multiple', - 'page arguments' => array(2, FALSE), - 'access arguments' => array('access user profiles'), - 'type' => MENU_CALLBACK, - ); - $items['admin/config/people/masquerade'] = array( - 'title' => 'Masquerade', - 'description' => 'Masquerade module allows administrators to masquerade as other users.', - 'page callback' => 'drupal_get_form', - 'page arguments' => array('masquerade_admin_settings'), - 'access callback' => 'user_access', - 'access arguments' => array('administer masquerade'), - ); - return $items; } @@ -155,10 +106,6 @@ function masquerade_menu() { * the links get passed through masquerade_translated_menu_link_alter. */ function masquerade_menu_alter(&$items) { - $default_test_user = _masquerade_user_load(variable_get('masquerade_test_user', '')); - if (isset($default_test_user->uid)) { - $items['masquerade/switch/' . $default_test_user->uid]['options']['alter'] = TRUE; - } $items['masquerade/switch/%']['options']['alter'] = TRUE; $items['masquerade/unswitch']['options']['alter'] = TRUE; } @@ -185,7 +132,7 @@ function masquerade_translated_menu_link_alter(&$item, $map) { function masquerade_user_operations() { return array( 'masquerade' => array( - 'label' => t('Masquerade as user'), + 'label' => t('Masquerade'), 'callback' => 'masquerade_user_operations_masquerade', ), ); @@ -209,7 +156,6 @@ function masquerade_user_operations_masquerade(array $accounts) { * * @param object $uid * An optional parameter indicating a specific uid to switch to. - * Otherwise, return if the user can switch to any user account. * * @return * TRUE, if the user can perform the requested action, FALSE otherwise. @@ -220,133 +166,11 @@ function masquerade_menu_access($type, $uid = NULL) { return isset($_SESSION['masquerading']) || arg(2) == 'menu-customize' || arg(2) == 'menu'; case 'autocomplete': - return isset($_SESSION['masquerading']) || (user_access('masquerade as user') || user_access('masquerade as admin')); - - case 'user': - global $user; - return db_query("SELECT 1 FROM {masquerade_users} WHERE uid_from = :uid_from", array(':uid_from' => $user->uid))->fetchField(); + return isset($_SESSION['masquerading']) || user_access('masquerade'); case 'switch': - $switch_to_account = FALSE; - global $user; - if ($uid) { - if (!is_numeric($uid)) { - return FALSE; - } - if ($account = user_load($uid)) { - $switch_to_account = db_query("SELECT 1 FROM {masquerade_users} WHERE uid_from = :uid_from AND uid_to = :uid_to", array( - ':uid_from' => $user->uid, - ':uid_to' => $account->uid - ))->fetchField(); - } - } - return !isset($_SESSION['masquerading']) && (user_access('masquerade as user') || user_access('masquerade as admin') || $switch_to_account); - } -} - -/** - * Admin settings form. - */ -function masquerade_admin_settings() { - // create a list of roles; all selected roles are considered administrative. - $roles = user_roles(); - $form['masquerade_admin_roles'] = array( - '#type' => 'checkboxes', - '#title' => t('Roles that are considered "administrators" for masquerading'), - '#options' => $roles, - '#default_value' => variable_get('masquerade_admin_roles', array()), - ); - - $test_name = _masquerade_user_load(variable_get('masquerade_test_user', '')); - - $form['masquerade_test_user'] = array( - '#type' => 'textfield', - '#title' => t('Menu Quick Switch user'), - '#autocomplete_path' => 'masquerade/autocomplete', - '#default_value' => isset($test_name->name) ? check_plain($test_name->name) : '', - '#description' => t('Enter the username of an account you wish to switch easily between via a menu item.'), - '#maxlength' => NULL, - ); - - $quick_switch = user_load_multiple(variable_get('masquerade_quick_switches', array())); - $quick_switch_users = array(); - foreach ($quick_switch as $uid => $account) { - if ($uid == 0) { - $account->name = variable_get('anonymous', t('Anonymous')); - } - $quick_switch_users[] = $account->name; - } - $form['masquerade_quick_switches'] = array( - '#type' => 'textfield', - '#title' => t('Masquerade Block Quick Switch users'), - '#autocomplete_path' => 'masquerade/autocomplete-users', - '#default_value' => drupal_implode_tags($quick_switch_users), - '#description' => t('Enter the usernames, separated by commas, of accounts to show as quick switch links in the Masquerade block.'), - '#maxlength' => NULL, - ); - - $form = system_settings_form($form); - $form['#validate'][] = 'masquerade_admin_settings_validate'; - $form['#submit'][] = 'masquerade_admin_settings_submit'; - - return $form; -} - -function masquerade_admin_settings_validate($form, &$form_state) { - if (!empty($form_state['values']['masquerade_test_user'])) { - $test_user = _masquerade_user_load($form_state['values']['masquerade_test_user']); - if (!$test_user) { - form_set_error('masquerade_test_user', t('%user does not exist. Please enter a valid username.', array('%user' => $form_state['values']['masquerade_test_user']))); - } - } - // Needs to rebuild menu in masquerade_admin_settings_submit(). - $form_state['masquerade_rebuild_menu'] = (variable_get('masquerade_test_user', '') != $form_state['values']['masquerade_test_user']); - - // A comma-separated list of users. - $masquerade_switches = drupal_explode_tags($form_state['values']['masquerade_quick_switches']); - // Change user names to user ID's for system_settings_form_submit() to save. - $masquerade_uids = array(); - foreach ($masquerade_switches as $switch_user) { - $test_user = _masquerade_user_load($switch_user); - if (!$test_user) { - form_set_error('masquerade_quick_switches', t('%user does not exist. Please enter a valid username.', array('%user' => $switch_user))); - } - else { - $masquerade_uids[] = $test_user->uid; - } - } - $form_state['values']['masquerade_quick_switches'] = $masquerade_uids; -} - -function masquerade_admin_settings_submit($form, &$form_state) { - // Rebuild the menu system so the menu "Quick Switch" user is updated. - if ($form_state['masquerade_rebuild_menu']) { - menu_rebuild(); - } -} - -/** - * Wrapper around user_load() to allow the loading of anonymous users. - * - * @param $username - * The username of the user you wish to load (i.e. $user->name). To load the - * anonymous user, pass the value of the 'anonymous' variable. - * - * @return - * A fully-loaded $user object upon successful user load or FALSE if user - * cannot be loaded. - */ -function _masquerade_user_load($username) { - $account = FALSE; - if (!empty($username)) { - $anon = variable_get('anonymous', t('Anonymous')); - $account = user_load_by_name(($username == $anon ? '' : $username)); - if (isset($account->uid) && empty($account->uid)) { - // Anonymous user should have a name. - $account->name = $anon; - } + return !isset($_SESSION['masquerading']) && user_access('masquerade'); } - return $account; } /** @@ -355,8 +179,6 @@ function _masquerade_user_load($username) { function masquerade_user_logout($account) { if (!empty($account->masquerading)) { global $user; - // @todo No such cache item/prefix exists, neither in D8 nor D7. - //cache_clear_all($user->uid, 'cache_menu', TRUE); $real_user = user_load($user->masquerading); watchdog('masquerade', "User %user no longer masquerading as %masq_as.", array('%user' => $real_user->name, '%masq_as' => $user->name), WATCHDOG_INFO); @@ -371,15 +193,9 @@ function masquerade_user_logout($account) { * Implements hook_user_view(). */ function masquerade_user_view($account, $view_mode, $langcode) { - // check if user qualifies as admin - $roles = array_keys(array_filter(variable_get('masquerade_admin_roles', array()))); - $perm = $account->uid == 1 || array_intersect(array_keys((array)$account->roles), $roles) ? - 'masquerade as admin' : - 'masquerade as user'; - global $user; - if (user_access($perm) && empty($account->masquerading) && $user->uid != $account->uid) { + if (user_access('masquerade') && empty($account->masquerading) && $user->uid != $account->uid) { $account->content['masquerade'] = array( '#markup' => l(t('Masquerade as !user', array('!user' => $account->name)), 'masquerade/switch/' . $account->uid, @@ -394,119 +210,6 @@ function masquerade_user_view($account, $view_mode, $langcode) { } /** - * Implements hook_form_FORM_ID_alter(). - */ -function masquerade_form_user_profile_form_alter(&$form, &$form_state, $form_id) { - $form['masquerade'] = array( - '#type' => 'fieldset', - '#title' => t('Masquerade settings'), - '#access' => user_access('administer masquerade'), - ); - $edit_user = $form_state['controller']->getEntity($form_state); - $uids = db_query("SELECT uid_to FROM {masquerade_users} WHERE uid_from = :uid_from", array(':uid_from' => $edit_user->uid)) - ->fetchCol(); - $users = user_load_multiple($uids); - $masquerade_users = array(); - foreach ($users as $uid => $account) { - if ($uid == 0) { - $masquerade_users[] = variable_get('anonymous', t('Anonymous')); - } - else { - $masquerade_users[] = $account->name; - } - } - $form['masquerade']['masquerade_users'] = array( - '#type' => 'textfield', - '#title' => t('Enter the users this user is able to masquerade as'), - '#description' => t('Enter a comma separated list of user names that this user can masquerade as.'), - '#autocomplete_path' => 'masquerade/autocomplete-user', - '#default_value' => drupal_implode_tags($masquerade_users), - '#maxlength' => NULL, - ); - $form['#validate'][] = 'masquerade_user_validate'; - $form['#submit'][] = 'masquerade_user_submit'; -} - -/** - * Validates user account form. - */ -function masquerade_user_validate(&$form, $form_state) { - if (isset($form_state['values']['masquerade_users'])) { - $users = drupal_explode_tags($form_state['values']['masquerade_users']); - foreach ($users as $username) { - if (!_masquerade_user_load($username)) { - form_set_error('masquerade_users', t('%user is not a valid user name.', array('%user' => $username))); - } - } - } -} - -/** - * Submit handler for masquerade users form element. - */ -function masquerade_user_submit(&$form, $form_state) { - global $_masquerade_old_session_id; - $_masquerade_old_session_id = session_id(); -} - -/** - * Implements hook_user_update(). - */ -function masquerade_user_update($account) { - global $_masquerade_old_session_id; - if (isset($account->masquerade_users)) { - $query = db_delete('masquerade_users'); - $query->condition('uid_from', $account->uid); - $query->execute(); - // Save users from settings form. - $users = drupal_explode_tags($account->masquerade_users); - $query = db_insert('masquerade_users')->fields(array('uid_from', 'uid_to')); - foreach ($users as $username) { - if ($to_user = _masquerade_user_load($username)) { - $query->values(array( - 'uid_from' => $account->uid, - 'uid_to' => $to_user->uid, - )); - } - } - $query->execute(); - $account->masquerade_users = NULL; - - // Update user session... - // @TODO check other way of session API. - if (!empty($_masquerade_old_session_id)) { - $query = db_update('masquerade'); - $query->fields(array( - 'sid' => session_id(), - )); - $query->condition('sid', $_masquerade_old_session_id); - $query->execute(); - } - } -} - -/** - * Implements hook_user_delete(). - */ -function masquerade_user_delete($account) { - // Cleanup tables. - $query = db_delete('masquerade_users'); - $conditions = db_or(); - $conditions->condition('uid_from', $account->uid); - $conditions->condition('uid_to', $account->uid); - $query->condition($conditions); - $query->execute(); - // Cleanup variables. - $switches = variable_get('masquerade_quick_switches', array()); - $switches_new = array_diff($switches, array($account->uid)); - if ($switches != $switches_new) { - variable_set('masquerade_quick_switches', $switches_new); - // @TODO Implement block cache cleaning. - menu_rebuild(); - } -} - -/** * Implements hook_block_info(). */ function masquerade_block_info() { @@ -524,7 +227,7 @@ function masquerade_block_view($delta = '') { $block = array(); switch ($delta) { case 'masquerade': - if (isset($_SESSION['masquerading']) || (user_access('masquerade as user') || user_access('masquerade as admin'))) { + if (isset($_SESSION['masquerading']) || user_access('masquerade')) { $block['subject'] = t('Masquerade'); $block['content'] = drupal_get_form('masquerade_block_1'); } @@ -542,36 +245,9 @@ function masquerade_block_1() { $markup_value = ''; if (isset($_SESSION['masquerading'])) { $quick_switch_links[] = l(t('Switch back'), 'masquerade/unswitch', array('query' => array('token' => drupal_get_token('masquerade/unswitch')))); - if ($user->uid > 0) { - $markup_value = t('You are masquerading as %masq_as.', array('@user-url' => url('user/' . $user->uid), '%masq_as' => $user->name)); - } - else { - $markup_value = t('You are masquerading as %anonymous.', array('%anonymous' => variable_get('anonymous', t('Anonymous')))); - } + $markup_value = t('You are masquerading as %masq_as.', array('@user-url' => url('user/' . $user->uid), '%masq_as' => $user->name)); } else { - $quick_switches = variable_get('masquerade_quick_switches', array()); - - // Add in user-specific switches, and prevent duplicates. - $user_switches = db_query("SELECT uid_to FROM {masquerade_users} WHERE uid_from = :uid_from", array(':uid_from' => $user->uid))->fetchCol(); - $masquerade_switches = array_unique(array_merge($quick_switches, $user_switches)); - - foreach ($masquerade_switches as $switch_user) { - if (!isset($_SESSION['user']->uid) || $switch_user != $_SESSION['user']->uid) { - $account = user_load($switch_user); - if (isset($account->uid)) { - $switch_link = 'masquerade/switch/' . $account->uid; - if ($account->uid) { - $quick_switch_links[] = l($account->name, $switch_link, array('query' => array('token' => drupal_get_token($switch_link)))); - } - if ($switch_user == 0) { - $account->name = variable_get('anonymous', t('Anonymous')); - $quick_switch_links[] = l($account->name, $switch_link, array('query' => array('token' => drupal_get_token($switch_link)))); - } - } - } - } - if (masquerade_menu_access('autocomplete')) { $markup_value .= t('Enter the username to masquerade as.'); $form['masquerade_user_field'] = array( @@ -588,10 +264,9 @@ function masquerade_block_1() { '#suffix' => '', ); } - } if ($quick_switch_links) { - $markup_value .= ''; + $markup_value .= theme('item_list', array('items' => $quick_switch_links)); } $form['masquerade_desc'] = array( '#prefix' => '
', @@ -606,20 +281,12 @@ function masquerade_block_1() { */ function masquerade_block_1_validate($form, &$form_state) { global $user; - //unset($form); $name = $form_state['values']['masquerade_user_field']; if (isset($_SESSION['masquerading'])) { form_set_error('masquerade_user_field', t('You are already masquerading. Please switch back to your account to masquerade as another user.', array('@unswitch' => url('masquerade/unswitch', array('query' => array('token' => drupal_get_token('masquerade/unswitch'))))))); } - if ($name != variable_get('anonymous', t('Anonymous')) && module_exists('alt_login')) { - $alt_login = db_query("SELECT u.name FROM {users} u INNER JOIN {alt_login} al ON u.uid = al.uid WHERE al.alt_login = :alt_login", array( - ':alt_login' => $name - ))->fetchObject(); - if ($alt_login->name) { - $name = $alt_login->name; - } - } - $masq_user = _masquerade_user_load($name); + + $masq_user = user_load_by_name($name); if (!$masq_user) { form_set_error('masquerade_user_field', t('User %masq_as does not exist. Please enter a valid username.', array('%masq_as' => $form_state['values']['masquerade_user_field']))); } @@ -630,7 +297,7 @@ function masquerade_block_1_validate($form, &$form_state) { form_set_error('masquerade_user_field', t('It is not possible to masquerade in off-line mode as !user does not have the %config-perm permission. Please set the site status to "online" to masquerade as !user.', array('!user' => theme('username', array('account' => $masq_user)), '%config-perm' => 'use the site in maintenance mode', '@site-maintenance' => url('admin/settings/site-maintenance')))); } else { - $form_state['values']['masquerade_user_field'] = $name; + $form_state['masquerade_target_user'] = $masq_user; } } @@ -638,9 +305,7 @@ function masquerade_block_1_validate($form, &$form_state) { * Masquerade block form submission. */ function masquerade_block_1_submit($form, &$form_state) { - //unset($form); - $masq_user = _masquerade_user_load($form_state['values']['masquerade_user_field']); - if (!masquerade_switch_user($masq_user->uid)) { + if (!masquerade_switch_user($form_state['masquerade_target_user']->uid)) { throw new AccessDeniedHttpException(); } else { @@ -653,73 +318,12 @@ function masquerade_block_1_submit($form, &$form_state) { */ function masquerade_autocomplete($string) { $matches = array(); - // Anonymous user goes first to be visible for user. - $anonymous = variable_get('anonymous', t('Anonymous')); - if (stripos($anonymous, $string) === 0) { - $matches[$anonymous] = $anonymous; - } - // Other suggestions. $result = db_query_range("SELECT name FROM {users} WHERE LOWER(name) LIKE LOWER(:string)", 0, 10, array( ':string' => $string . '%', )); foreach ($result as $user) { $matches[$user->name] = check_plain($user->name); } - if (module_exists('devel')) { - $GLOBALS['devel_shutdown'] = FALSE; - } - return new JsonResponse($matches); -} - -/** - * Returns JS array for Masquerade autocomplete fields. - * - * Supports multiple entries separated by a comma. - * - * @param $string - * The string of autocmplete value submitted by the user. - * @param $add_anonymous - * Flag to include Anonymous user into result. - */ -function masquerade_autocomplete_multiple($string, $add_anonymous = TRUE) { - $matches = array(); - // The user enters a comma-separated list of users. We only autocomplete the last user. - $users_typed = drupal_explode_tags($string); - // Fetch last string. - $last_string = drupal_strtolower(array_pop($users_typed)); - if ($last_string) { - $prefix = count($users_typed) ? implode(', ', $users_typed) . ', ' : ''; - if ($add_anonymous) { - // Anonymous user goes first to be visible for user. - $anonymous = variable_get('anonymous', t('Anonymous')); - if (stripos($anonymous, $last_string) === 0) { - $matches[$prefix . $anonymous] = $anonymous; - } - } - // Other suggestions. - $result = db_query_range("SELECT name FROM {users} WHERE LOWER(name) LIKE :string", 0, 10, array( - ':string' => $last_string . '%', - )); - foreach ($result as $user) { - $matches[$prefix . $user->name] = check_plain($user->name); - } - - // Remove existing tags. - $matches = array_diff($matches, $users_typed); - - // @todo Check compatibility for D7. - if (module_exists('alt_login')) { - $result = db_query_range("SELECT u.alt_login AS alt_login FROM {alt_login} u WHERE LOWER(u.alt_login) LIKE LOWER(:string)", 0, 10, array( - ':string' => $last_string . '%', - )); - foreach ($result as $user) { - $matches[$user->alt_login] = check_plain($user->alt_login); - } - } - } - if (module_exists('devel')) { - $GLOBALS['devel_shutdown'] = FALSE; - } return new JsonResponse($matches); } @@ -747,34 +351,41 @@ function masquerade_switch_user_page($uid) { */ function masquerade_switch_user($uid) { global $user; - if (!is_numeric($uid)) { - drupal_set_message(t('A user id was not correctly passed to the switching function.')); - watchdog('masquerade', 'The user id provided to switch users was not numeric.', NULL, WATCHDOG_ERROR); - return drupal_goto($_SERVER['HTTP_REFERER']); - } - - $new_user = user_load($uid); - $roles = array_keys(array_filter(variable_get('masquerade_admin_roles', array()))); - $perm = $uid == 1 || array_intersect(array_keys($new_user->roles), $roles) ? - 'masquerade as admin' : - 'masquerade as user'; - - // Check to see if we need admin permission. - $results = db_query_range('SELECT 1 FROM {masquerade_users} WHERE uid_from = :uid_from AND uid_to = :uid_to', 0, 1, array( - ':uid_from' => $user->uid, - ':uid_to' => $new_user->uid, - )); - if (!user_access($perm) && !isset($_SESSION['masquerading']) && !$results->fetchField()) { - watchdog('masquerade', 'This user requires administrative permissions to switch to the user %user.', array('%user' => $new_user->name), WATCHDOG_ERROR); + if (isset($_SESSION['masquerading'])) { + drupal_set_message(t('You are masquerading already. Unmasquerade first.')); return FALSE; } + if (!is_numeric($uid) || !($new_user = user_load($uid))) { + drupal_set_message(t('The requested user ID does not exist.')); + watchdog('masquerade', 'Bad target user ID %uid.', array('%uid' => $uid), WATCHDOG_ERROR); + return drupal_goto($_SERVER['HTTP_REFERER']); + } + if ($user->uid == $uid || isset($user->masquerading)) { watchdog('masquerade', 'This user is already %user.', array('%user' => $new_user->name), WATCHDOG_ERROR); return FALSE; } + // Determine access. + $access = NULL; + foreach (module_implements('masquerade_access') as $module) { + $function = $module . '_masquerade_access'; + $result = $function($user, $new_user); + if ($result === FALSE) { + $access = FALSE; + break; + } + elseif ($result === TRUE) { + $access = TRUE; + } + } + // If no module granted access, then access is denied. + if (!isset($access) || !$access) { + return FALSE; + } + if (variable_get('maintenance_mode', 0) && !user_access('access site in maintenance mode', $new_user)) { drupal_set_message(t('It is not possible to masquerade in off-line mode as %user does not have the %config-perm permission. Please set the site status to "online" to masquerade as %user.', array('%user' => $new_user->name, '%config-perm' => 'use the site in maintenance mode', '@site-maintenance' => url('admin/settings/site-maintenance')))); return FALSE; @@ -791,9 +402,8 @@ function masquerade_switch_user($uid) { 'sid' => session_id(), )); $query->execute(); - // switch user - watchdog('masquerade', 'User %user now masquerading as %masq_as.', array('%user' => $user->name, '%masq_as' => $new_user->name ? $new_user->name : variable_get('anonymous', t('Anonymous'))), WATCHDOG_INFO); + watchdog('masquerade', 'User %user now masquerading as %masq_as.', array('%user' => $user->name, '%masq_as' => $new_user->name), WATCHDOG_INFO); drupal_set_message(t('You are now masquerading as !masq_as.', array('!masq_as' => theme('username', array('account' => $new_user))))); $user->masquerading = $new_user->uid; $user = $new_user; @@ -805,6 +415,17 @@ function masquerade_switch_user($uid) { } /** + * Implements hook_masquerade_access(). + */ +function masquerade_masquerade_access($user, $target_user) { + // Only return TRUE, since alternative access implementations could not work + // otherwise. + if (user_access('masquerade')) { + return TRUE; + } +} + +/** * Allows a user who is currently masquerading to become a new user. */ function masquerade_switch_back_page() { @@ -825,10 +446,7 @@ function masquerade_switch_back_page() { * Function for a masquerading user to switch back to the previous user. */ function masquerade_switch_back() { - // switch user global $user; - // @todo No such cache item/prefix exists, neither in D8 nor D7. - //cache_clear_all($user->uid, 'cache_menu', TRUE); $uid = db_query("SELECT m.uid_from FROM {masquerade} m WHERE m.sid = :sid AND m.uid_as = :uid_as ", array( ':sid' => session_id(), ':uid_as' => $user->uid, @@ -838,7 +456,7 @@ function masquerade_switch_back() { ->condition('sid', session_id()) ->execute(); - $oldname = ($user->uid == 0 ? variable_get('anonymous', t('Anonymous')) : $user->name); + $oldname = $user->name; // Call logout hooks when switching from masquerading user. module_invoke_all('user_logout', $user); diff --git a/masquerade_advanced/masquerade_advanced.info b/masquerade_advanced/masquerade_advanced.info new file mode 100644 index 0000000..6d6134a --- /dev/null +++ b/masquerade_advanced/masquerade_advanced.info @@ -0,0 +1,7 @@ +name = Masquerade Advanced +description = Provides per-user masquerade access, blocks, and settings. +core = 8.x +package = Development +configure = admin/config/people/masquerade +tags[] = admin +tags[] = dev diff --git a/masquerade_advanced/masquerade_advanced.install b/masquerade_advanced/masquerade_advanced.install new file mode 100644 index 0000000..3254a3a --- /dev/null +++ b/masquerade_advanced/masquerade_advanced.install @@ -0,0 +1,42 @@ + 'Per-user permission table granting permissions to switch as a specific user.', + 'fields' => array( + 'uid_from' => array( + 'description' => 'The {users}.uid that can masquerade as {masquerade_users}.uid_to.', + 'type' => 'int', + 'not null' => TRUE, + 'default' => 0, + 'disp-width' => 10, + ), + 'uid_to' => array( + 'description' => 'The {users}.uid that {masquerade_users}.uid_from can masquerade as.', + 'type' => 'int', + 'not null' => TRUE, + 'default' => 0, + 'disp-width' => 10, + ), + ), + 'primary key' => array('uid_from', 'uid_to'), + ); + return $schema; +} + +/** + * Implements hook_uninstall(). + */ +function masquerade_advanced_uninstall() { + variable_del('masquerade_test_user'); + variable_del('masquerade_admin_roles'); + variable_del('masquerade_quick_switches'); +} diff --git a/masquerade_advanced/masquerade_advanced.module b/masquerade_advanced/masquerade_advanced.module new file mode 100644 index 0000000..de5fbab --- /dev/null +++ b/masquerade_advanced/masquerade_advanced.module @@ -0,0 +1,431 @@ +masquerade as admin permission, will be able to masquerade as the users who belong to the roles selected below. User #1 is automatically considered an administrator, regardless of roles.'); + } +} + +/** + * Implements hook_permission(). + */ +function masquerade_advanced_permission() { + return array( + 'masquerade as admin' => array( + 'title' => t('Masquerade as the site administrator (user ID 1)'), + 'restrict access' => TRUE, + ), + 'administer masquerade' => array( + 'title' => t('Administer Masquerade'), + 'description' => t('Perform administration tasks and configure the Masquerade module.'), + ), + ); +} + +/** + * Implements hook_menu(). + */ +function masquerade_advanced_menu() { + $default_test_user = _masquerade_user_load(variable_get('masquerade_test_user', '')); + if ($default_test_user && ($default_test_user->uid || $default_test_user->name == variable_get('anonymous', t('Anonymous')))) { + $items['masquerade/switch/' . $default_test_user->uid] = array( + 'title' => 'Masquerade as @testuser', + 'title arguments' => array('@testuser' => $default_test_user->name), + 'page callback' => 'masquerade_switch_user_page', + 'page arguments' => array(2), + 'access callback' => 'masquerade_advanced_menu_access', + 'access arguments' => array('switch'), + ); + } + + $items['masquerade/autocomplete-users'] = array( + 'page callback' => 'masquerade_advanced_autocomplete_multiple', + 'access callback' => 'masquerade_advanced_menu_access', + 'access arguments' => array('autocomplete'), + 'type' => MENU_CALLBACK, + ); + $items['masquerade/autocomplete-user'] = array( + 'page callback' => 'masquerade_advanced_autocomplete_multiple', + 'page arguments' => array(2, FALSE), + 'access arguments' => array('access user profiles'), + 'type' => MENU_CALLBACK, + ); + + $items['admin/config/people/masquerade'] = array( + 'title' => 'Masquerade', + 'description' => 'Masquerade module allows administrators to masquerade as other users.', + 'page callback' => 'drupal_get_form', + 'page arguments' => array('masquerade_advanced_admin_settings'), + 'access arguments' => array('administer masquerade'), + ); + + return $items; +} + +/** + * Implements hook_menu_alter(). + */ +function masquerade_advanced_menu_alter(&$items) { + $default_test_user = _masquerade_user_load(variable_get('masquerade_test_user', '')); + if (isset($default_test_user->uid)) { + $items['masquerade/switch/' . $default_test_user->uid]['options']['alter'] = TRUE; + } +} + +/** + * Determine if the current user has permission to switch users. + * + * @param string $type + * Either 'switch', 'unswitch', 'user', or 'autocomplete'. + * + * @param object $uid + * An optional parameter indicating a specific uid to switch to. + * + * @return + * TRUE, if the user can perform the requested action, FALSE otherwise. + */ +function masquerade_advanced_menu_access($type, $uid = NULL) { + switch ($type) { + case 'user': + global $user; + return db_query("SELECT 1 FROM {masquerade_users} WHERE uid_from = :uid_from", array(':uid_from' => $user->uid))->fetchField(); + + case 'switch': + $switch_to_account = FALSE; + global $user; + if ($uid) { + if (!is_numeric($uid)) { + return FALSE; + } + if ($account = user_load($uid)) { + $switch_to_account = db_query("SELECT 1 FROM {masquerade_users} WHERE uid_from = :uid_from AND uid_to = :uid_to", array( + ':uid_from' => $user->uid, + ':uid_to' => $account->uid + ))->fetchField(); + } + } + return !isset($_SESSION['masquerading']) && (user_access('masquerade') || user_access('masquerade as admin') || $switch_to_account); + } +} + +/** + * Admin settings form. + */ +function masquerade_advanced_admin_settings() { + // create a list of roles; all selected roles are considered administrative. + $roles = user_roles(); + $form['masquerade_admin_roles'] = array( + '#type' => 'checkboxes', + '#title' => t('Roles that are considered "administrators" for masquerading'), + '#options' => $roles, + '#default_value' => variable_get('masquerade_admin_roles', array()), + ); + + $test_name = _masquerade_user_load(variable_get('masquerade_test_user', '')); + + $form['masquerade_test_user'] = array( + '#type' => 'textfield', + '#title' => t('Menu Quick Switch user'), + '#autocomplete_path' => 'masquerade/autocomplete', + '#default_value' => isset($test_name->name) ? check_plain($test_name->name) : '', + '#description' => t('Enter the username of an account you wish to switch easily between via a menu item.'), + '#maxlength' => NULL, + ); + + $quick_switch = user_load_multiple(variable_get('masquerade_quick_switches', array())); + $quick_switch_users = array(); + foreach ($quick_switch as $uid => $account) { + if ($uid == 0) { + $account->name = variable_get('anonymous', t('Anonymous')); + } + $quick_switch_users[] = $account->name; + } + $form['masquerade_quick_switches'] = array( + '#type' => 'textfield', + '#title' => t('Masquerade Block Quick Switch users'), + '#autocomplete_path' => 'masquerade/autocomplete-users', + '#default_value' => drupal_implode_tags($quick_switch_users), + '#description' => t('Enter the usernames, separated by commas, of accounts to show as quick switch links in the Masquerade block.'), + '#maxlength' => NULL, + ); + + $form = system_settings_form($form); + $form['#validate'][] = 'masquerade_admin_settings_validate'; + $form['#submit'][] = 'masquerade_admin_settings_submit'; + + return $form; +} + +function masquerade_advanced_admin_settings_validate($form, &$form_state) { + if (!empty($form_state['values']['masquerade_test_user'])) { + $test_user = _masquerade_user_load($form_state['values']['masquerade_test_user']); + if (!$test_user) { + form_set_error('masquerade_test_user', t('%user does not exist. Please enter a valid username.', array('%user' => $form_state['values']['masquerade_test_user']))); + } + } + // Needs to rebuild menu in masquerade_admin_settings_submit(). + $form_state['masquerade_rebuild_menu'] = (variable_get('masquerade_test_user', '') != $form_state['values']['masquerade_test_user']); + + // A comma-separated list of users. + $masquerade_switches = drupal_explode_tags($form_state['values']['masquerade_quick_switches']); + // Change user names to user ID's for system_settings_form_submit() to save. + $masquerade_uids = array(); + foreach ($masquerade_switches as $switch_user) { + $test_user = _masquerade_user_load($switch_user); + if (!$test_user) { + form_set_error('masquerade_quick_switches', t('%user does not exist. Please enter a valid username.', array('%user' => $switch_user))); + } + else { + $masquerade_uids[] = $test_user->uid; + } + } + $form_state['values']['masquerade_quick_switches'] = $masquerade_uids; +} + +function masquerade_advanced_admin_settings_submit($form, &$form_state) { + // Rebuild the menu system so the menu "Quick Switch" user is updated. + if ($form_state['masquerade_rebuild_menu']) { + menu_rebuild(); + } +} + +/** + * Implements hook_user_view_alter(). + */ +function masquerade_advanced_user_view_alter($account, $view_mode, $langcode) { + if (!isset($account->content['masquerade'])) { + return; + } + // check if user qualifies as admin + $roles = array_keys(array_filter(variable_get('masquerade_admin_roles', array()))); + $perm = $account->uid == 1 || array_intersect(array_keys((array)$account->roles), $roles) ? + 'masquerade as admin' : + 'masquerade'; + + if (!user_access($perm)) { + $account->content['masquerade']['#access'] = FALSE; + } +} + +/** + * Implements hook_form_FORM_ID_alter(). + */ +function masquerade_advanced_form_user_profile_form_alter(&$form, &$form_state, $form_id) { + $form['masquerade'] = array( + '#type' => 'fieldset', + '#title' => t('Masquerade settings'), + '#access' => user_access('administer masquerade'), + ); + $edit_user = $form_state['controller']->getEntity($form_state); + $uids = db_query("SELECT uid_to FROM {masquerade_users} WHERE uid_from = :uid_from", array(':uid_from' => $edit_user->uid)) + ->fetchCol(); + $users = user_load_multiple($uids); + $masquerade_users = array(); + foreach ($users as $uid => $account) { + if ($uid == 0) { + $masquerade_users[] = variable_get('anonymous', t('Anonymous')); + } + else { + $masquerade_users[] = $account->name; + } + } + $form['masquerade']['masquerade_users'] = array( + '#type' => 'textfield', + '#title' => t('Enter the users this user is able to masquerade as'), + '#description' => t('Enter a comma separated list of user names that this user can masquerade as.'), + '#autocomplete_path' => 'masquerade/autocomplete-user', + '#default_value' => drupal_implode_tags($masquerade_users), + '#maxlength' => NULL, + ); + $form['#validate'][] = 'masquerade_advanced_user_profile_form_validate'; + $form['#submit'][] = 'masquerade_advanced_user_profile_form_submit'; +} + +/** + * Validates user account form. + */ +function masquerade_advanced_user_profile_form_validate(&$form, $form_state) { + if (isset($form_state['values']['masquerade_users'])) { + $users = drupal_explode_tags($form_state['values']['masquerade_users']); + foreach ($users as $username) { + if (!_masquerade_user_load($username)) { + form_set_error('masquerade_users', t('%user is not a valid user name.', array('%user' => $username))); + } + } + } +} + +/** + * Submit handler for masquerade users form element. + */ +function masquerade_advanced_user_profile_form_submit(&$form, $form_state) { + global $_masquerade_old_session_id; + $_masquerade_old_session_id = session_id(); +} + +/** + * Implements hook_user_update(). + */ +function masquerade_advanced_user_update($account) { + global $_masquerade_old_session_id; + if (isset($account->masquerade_users)) { + $query = db_delete('masquerade_users'); + $query->condition('uid_from', $account->uid); + $query->execute(); + // Save users from settings form. + $users = drupal_explode_tags($account->masquerade_users); + $query = db_insert('masquerade_users')->fields(array('uid_from', 'uid_to')); + foreach ($users as $username) { + if ($to_user = _masquerade_user_load($username)) { + $query->values(array( + 'uid_from' => $account->uid, + 'uid_to' => $to_user->uid, + )); + } + } + $query->execute(); + $account->masquerade_users = NULL; + + // Update user session... + // @TODO check other way of session API. + if (!empty($_masquerade_old_session_id)) { + $query = db_update('masquerade'); + $query->fields(array( + 'sid' => session_id(), + )); + $query->condition('sid', $_masquerade_old_session_id); + $query->execute(); + } + } +} + +/** + * Implements hook_user_delete(). + */ +function masquerade_advanced_user_delete($account) { + // Cleanup tables. + $query = db_delete('masquerade_users'); + $conditions = db_or(); + $conditions->condition('uid_from', $account->uid); + $conditions->condition('uid_to', $account->uid); + $query->condition($conditions); + $query->execute(); + + // Cleanup variables. + $switches = variable_get('masquerade_quick_switches', array()); + $switches_new = array_diff($switches, array($account->uid)); + if ($switches != $switches_new) { + variable_set('masquerade_quick_switches', $switches_new); + // @TODO Implement block cache cleaning. + menu_rebuild(); + } +} + +/** + * Implements hook_form_FORMID_alter(). + */ +function masquerade_advanced_form_masquerade_block_1_alter(&$form, &$form_state) { + global $user; + + if (isset($_SESSION['masquerading'])) { + return; + } + $quick_switch_links = array(); + $quick_switches = variable_get('masquerade_quick_switches', array()); + + // Add in user-specific switches, and prevent duplicates. + $user_switches = db_query("SELECT uid_to FROM {masquerade_users} WHERE uid_from = :uid_from", array(':uid_from' => $user->uid))->fetchCol(); + $masquerade_switches = array_unique(array_merge($quick_switches, $user_switches)); + + foreach ($masquerade_switches as $switch_user) { + if (!isset($_SESSION['user']->uid) || $switch_user != $_SESSION['user']->uid) { + $account = user_load($switch_user); + if ($account) { + $switch_link = 'masquerade/switch/' . $account->uid; + $quick_switch_links[] = l($account->name, $switch_link, array('query' => array('token' => drupal_get_token($switch_link)))); + } + } + } + $form['masquerade_quick_switches'] = array( + '#theme' => 'item_list', + '#heading' => t('Quick switches'), + '#items' => $quick_switch_links, + ); + return $form; +} + +/** + * Returns JS array for Masquerade autocomplete fields. + * + * Supports multiple entries separated by a comma. + * + * @param $string + * The string of autocmplete value submitted by the user. + */ +function masquerade_advanced_autocomplete_multiple($string) { + $matches = array(); + // The user enters a comma-separated list of users. We only autocomplete the last user. + $users_typed = drupal_explode_tags($string); + // Fetch last string. + $last_string = drupal_strtolower(array_pop($users_typed)); + if ($last_string) { + $prefix = count($users_typed) ? implode(', ', $users_typed) . ', ' : ''; + $result = db_query_range("SELECT name FROM {users} WHERE LOWER(name) LIKE :string", 0, 10, array( + ':string' => $last_string . '%', + )); + foreach ($result as $user) { + $matches[$prefix . $user->name] = check_plain($user->name); + } + + // Remove existing tags. + $matches = array_diff($matches, $users_typed); + } + return new JsonResponse($matches); +} + +/** + * Implements hook_masquerade_access(). + */ +function masquerade_advanced_masquerade_access($user, $target_user) { + // The current user either needs to have the global permission to masquerade + // (as any other user), or the target user must be explicitly allowed for the + // current user. + if (user_access('masquerade')) { + $may_masquerade = TRUE; + } + else { + $may_masquerade = (bool) db_query_range('SELECT 1 FROM {masquerade_users} WHERE uid_from = :uid_from AND uid_to = :uid_to', 0, 1, array( + ':uid_from' => $user->uid, + ':uid_to' => $target_user->uid, + ))->fetchField(); + } + // If neither of both conditions are met, then we do not have anything to say; + // access is neither granted nor denied from our side. + if (!$may_masquerade) { + return; + } + + // Otherwise, ensure that access to administrative target user roles is + // restricted. + $roles = array_keys(array_filter(variable_get('masquerade_admin_roles', array()))); + $has_admin_roles = array_intersect(array_keys($target_user->roles), $roles); + if ($target_user->uid == 1 || $has_admin_roles) { + return user_access('masquerade as admin'); + } + // If the target user is not administrative, then access is just based on + // either the regular user permission or the explicit per-user grant. + return $may_masquerade; +} +