From fcfb10ef8735dbc7e3183f3aa1efc39a145d300b Mon Sep 17 00:00:00 2001 From: sun Date: Sun, 24 Feb 2013 19:00:32 +0100 Subject: [PATCH] - #1836516 by sun: Changed /masquerade/switch/% into /user/%user/masquerade. --- lib/Drupal/masquerade/Tests/MasqueradeTest.php | 14 ++- masquerade.module | 143 +++++++++++++------------ 2 files changed, 81 insertions(+), 76 deletions(-) diff --git a/lib/Drupal/masquerade/Tests/MasqueradeTest.php b/lib/Drupal/masquerade/Tests/MasqueradeTest.php index 88f19fe..d1bdd1e 100644 --- a/lib/Drupal/masquerade/Tests/MasqueradeTest.php +++ b/lib/Drupal/masquerade/Tests/MasqueradeTest.php @@ -36,11 +36,9 @@ class MasqueradeTest extends WebTestBase { $this->drupalLogin($this->admin_user); // Verify that a token is required. - $this->drupalGet('masquerade/switch/'); - $this->assertResponse(404); - $this->drupalGet('masquerade/switch/0'); + $this->drupalGet('user/0/masquerade'); $this->assertResponse(403); - $this->drupalGet('masquerade/switch/' . $this->web_user->uid); + $this->drupalGet('user/' . $this->web_user->uid . '/masquerade'); $this->assertResponse(403); // Verify that the admin user is able to masquerade. @@ -51,9 +49,9 @@ class MasqueradeTest extends WebTestBase { $this->assertResponse(403); // Verify that the web user cannot masquerade. - $this->drupalGet('masquerade/switch/' . $this->admin_user->uid, array( + $this->drupalGet('user/' . $this->admin_user->uid . '/masquerade', array( 'query' => array( - 'token' => $this->drupalGetToken('masquerade/switch/' . $this->admin_user->uid), + 'token' => $this->drupalGetToken('user/' . $this->admin_user->uid . '/masquerade'), ), )); $this->assertResponse(403); @@ -69,9 +67,9 @@ class MasqueradeTest extends WebTestBase { * The user account to masquerade as. */ protected function masqueradeAs(User $account) { - $this->drupalGet('masquerade/switch/' . $account->uid, array( + $this->drupalGet('user/' . $account->uid . '/masquerade', array( 'query' => array( - 'token' => $this->drupalGetToken('masquerade/switch/' . $account->uid), + 'token' => $this->drupalGetToken('user/' . $account->uid . '/masquerade'), ), )); $this->assertResponse(200); diff --git a/masquerade.module b/masquerade.module index bf72a02..60bd9e7 100644 --- a/masquerade.module +++ b/masquerade.module @@ -5,6 +5,7 @@ * Allows privileged users to masquerade as another user. */ +use Drupal\user\Plugin\Core\Entity\User; use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; @@ -74,12 +75,14 @@ function masquerade_cron() { * Implements hook_menu(). */ function masquerade_menu() { - $items['masquerade/switch/%'] = array( - 'title' => 'Masquerading', + $items['user/%user/masquerade'] = array( + 'title' => 'Masquerade', 'page callback' => 'masquerade_switch_user_page', - 'page arguments' => array(2), - 'access callback' => 'masquerade_menu_access', - 'access arguments' => array('switch', 2), + 'page arguments' => array(1), + 'access callback' => 'masquerade_user_access', + 'access arguments' => array(1), + 'type' => MENU_LOCAL_TASK, + 'context' => MENU_CONTEXT_INLINE, // Invoke masquerade_translated_menu_link_alter() to append token. 'options' => array('alter' => TRUE), ); @@ -108,14 +111,22 @@ function masquerade_menu() { } /** + * Menu router access callback for Masquerade tab. + */ +function masquerade_user_access(User $target_account) { + global $user; + return !isset($_SESSION['masquerading']) && $user->uid != $target_account->id() && user_access('masquerade'); +} + +/** * Implements hook_translated_menu_link_alter(). * * Dynamically add the CSRF protection token to the Masquerade menu items. */ function masquerade_translated_menu_link_alter(&$item, $map) { if (isset($item['page_callback'])) { - if ($item['page_callback'] == 'masquerade_switch_user_page' && isset($map[2])) { - $item['localized_options']['query']['token'] = drupal_get_token('masquerade/switch/' . $map[2]); + if ($item['page_callback'] == 'masquerade_switch_user_page') { + $item['localized_options']['query']['token'] = drupal_get_token($item['href']); } elseif ($item['page_callback'] == 'masquerade_switch_back_page') { $item['localized_options']['query']['token'] = drupal_get_token('unmasquerade'); @@ -124,46 +135,18 @@ function masquerade_translated_menu_link_alter(&$item, $map) { } /** - * Implements hook_user_operations(). - */ -function masquerade_user_operations() { - return array( - 'masquerade' => array( - 'label' => t('Masquerade'), - 'callback' => 'masquerade_user_operations_masquerade', - ), - ); -} - -/** - * Callback for user operation. - */ -function masquerade_user_operations_masquerade(array $accounts) { - // Only process the first account since switching to multiple makes no sense. - if (($uid = current($accounts)) && masquerade_menu_access('switch', $uid)) { - masquerade_switch_user($uid); - } -} - -/** * Determine if the current user has permission to switch users. * * @param string $type - * Either 'switch', 'unmasquerade', 'user', or 'autocomplete'. - * - * @param object $uid - * An optional parameter indicating a specific uid to switch to. + * Either 'unmasquerade'. * * @return * TRUE, if the user can perform the requested action, FALSE otherwise. */ -function masquerade_menu_access($type, $uid = NULL) { +function masquerade_menu_access($type) { switch ($type) { case 'unmasquerade': return isset($_SESSION['masquerading']); - - case 'switch': - return !isset($_SESSION['masquerading']) && user_access('masquerade'); } } @@ -186,18 +169,23 @@ function masquerade_user_logout($account) { /** * Implements hook_user_view(). */ -function masquerade_user_view($account, $view_mode, $langcode) { +function masquerade_user_view(User $account, $display, $view_mode, $langcode) { global $user; - if (user_access('masquerade') && empty($account->masquerading) && $user->uid != $account->uid) { + if (masquerade_user_access($account)) { + $path = 'user/' . $account->id() . '/masquerade'; $account->content['masquerade'] = array( - '#markup' => l(t('Masquerade as !user', array('!user' => $account->name)), - 'masquerade/switch/' . $account->uid, - array('query' => array( - 'token' => drupal_get_token('masquerade/switch/' . $account->uid)), + '#theme' => 'link', + '#text' => t('Masquerade as %user', array('%user' => $account->label())), + '#path' => $path, + '#options' => array( + 'html' => TRUE, + 'query' => array( + 'token' => drupal_get_token($path), 'destination' => current_path(), - 'attributes' => array('class' => 'masquerade-switch'), - )), + ), + 'attributes' => array('class' => array('masquerade-switch')), + ), '#weight' => 10, ); } @@ -280,9 +268,9 @@ function masquerade_block_form_submit($form, &$form_state) { /** * Page callback to switch users. */ -function masquerade_switch_user_page($uid) { +function masquerade_switch_user_page(User $target_account) { $token = drupal_container()->get('request')->query->get('token'); - if (isset($token) && drupal_valid_token($token, 'masquerade/switch/' . $uid) && masquerade_switch_user($uid)) { + if (isset($token) && drupal_valid_token($token, 'user/' . $target_account->id() . '/masquerade') && masquerade_switch_user($target_account)) { drupal_goto(drupal_container()->get('request')->server->get('HTTP_REFERER')); } else { @@ -291,15 +279,15 @@ function masquerade_switch_user_page($uid) { } /** - * Allows a user with the right permissions to become the selected user. + * Masquerades the current user as a given user. * - * @param $uid - * The user ID to switch to. + * @param \Drupal\user\Plugin\Core\Entity\User $target_account + * The user account object to masquerade as. * - * @return + * @return bool * TRUE if the user was sucessfully switched, or FALSE if there was an error. */ -function masquerade_switch_user($uid) { +function masquerade_switch_user(User $target_account) { global $user; if (isset($_SESSION['masquerading'])) { @@ -307,14 +295,8 @@ function masquerade_switch_user($uid) { return FALSE; } - if (!is_numeric($uid) || !($new_user = user_load($uid))) { - drupal_set_message(t('The requested user ID does not exist.')); - watchdog('masquerade', 'Bad target user ID %uid.', array('%uid' => $uid), WATCHDOG_ERROR); - return drupal_goto(drupal_container()->get('request')->server->get('HTTP_REFERER')); - } - - if ($user->uid == $uid || isset($user->masquerading)) { - watchdog('masquerade', 'This user is already %user.', array('%user' => $new_user->name), WATCHDOG_ERROR); + if ($user->uid == $target_account->uid || isset($user->masquerading)) { + watchdog('masquerade', 'This user is already %user.', array('%user' => $target_account->name), WATCHDOG_ERROR); return FALSE; } @@ -322,7 +304,7 @@ function masquerade_switch_user($uid) { $access = NULL; foreach (module_implements('masquerade_access') as $module) { $function = $module . '_masquerade_access'; - $result = $function($user, $new_user); + $result = $function($user, $target_account); if ($result === FALSE) { $access = FALSE; break; @@ -336,8 +318,12 @@ function masquerade_switch_user($uid) { return FALSE; } - if (variable_get('maintenance_mode', 0) && !user_access('access site in maintenance mode', $new_user)) { - drupal_set_message(t('It is not possible to masquerade in off-line mode as %user does not have the %config-perm permission. Please set the site status to "online" to masquerade as %user.', array('%user' => $new_user->name, '%config-perm' => 'use the site in maintenance mode', '@site-maintenance' => url('admin/settings/site-maintenance')))); + if (variable_get('maintenance_mode', 0) && !user_access('access site in maintenance mode', $target_account)) { + drupal_set_message(t('It is not possible to masquerade in off-line mode as %user does not have the %config-perm permission. Please set the site status to "online" to masquerade as %user.', array( + '%user' => $target_account->name, + '%config-perm' => 'use the site in maintenance mode', + '@site-maintenance' => url('admin/settings/site-maintenance'), + ))); return FALSE; } @@ -348,15 +334,15 @@ function masquerade_switch_user($uid) { $query = db_insert('masquerade'); $query->fields(array( 'uid_from' => $user->uid, - 'uid_as' => $new_user->uid, + 'uid_as' => $target_account->uid, 'sid' => session_id(), )); $query->execute(); - watchdog('masquerade', 'User %user now masquerading as %masq_as.', array('%user' => $user->name, '%masq_as' => $new_user->name), WATCHDOG_INFO); - drupal_set_message(t('You are now masquerading as !masq_as.', array('!masq_as' => theme('username', array('account' => $new_user))))); - $user->masquerading = $new_user->uid; - $user = $new_user; + watchdog('masquerade', 'User %user now masquerading as %masq_as.', array('%user' => $user->name, '%masq_as' => $target_account->name), WATCHDOG_INFO); + drupal_set_message(t('You are now masquerading as !masq_as.', array('!masq_as' => theme('username', array('account' => $target_account))))); + $user->masquerading = $target_account->uid; + $user = $target_account; // Call all login hooks when switching to masquerading user. module_invoke_all('user_login', $user); @@ -423,3 +409,24 @@ function masquerade_switch_back() { watchdog('masquerade', 'User %user no longer masquerading as %masq_as.', array('%user' => $user->name, '%masq_as' => $oldname), WATCHDOG_INFO); } + +/** + * Implements hook_form_FORMID_alter(). + */ +function masquerade_form_user_admin_account_alter(&$form, &$form_state) { + $destination = drupal_get_destination(); + foreach ($form['accounts']['#options'] as $uid => &$row) { + // @todo Core: The already loaded accounts are not provided. + $account = user_load($uid); + if (masquerade_user_access($account)) { + $path = 'user/' . $account->uid . '/masquerade'; + $row['operations']['data']['#links']['masquerade'] = array( + 'title' => t('Masquerade'), + 'href' => $path, + 'query' => array( + 'token' => drupal_get_token($path), + ) + $destination, + ); + } + } +} -- 1.7.11.msysgit.1