It doesn't seem possible to masquerade as blocked/inactive users, it says that you're logged in as x , but you're actually logged out.
I think it's necessary to be able login as blocked users because the alternative is to unblock the user manually and then block it again after afterwards which is not a good idea in terms of security
Also for at lease a proper message show be displayed notifying the admin that he can't masquerade because the user is blocked. at first i though that i encountered a bug, it is confusing

CommentFileSizeAuthor
#11 masquerade-active-users-2201055-11.patch993 bytesizmeez
#7 masquerade-active-users-2201055-7.patch862 bytesRickJ
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

andypost’s picture

andypost
he/him
Primary language Russian
CreditAttribution: andypost commented
Category: Feature request » Task
Priority: Normal » Major

the module uses standard login/logout as core provides, so "blocked" means blocked.
It make sense just add filtering for autocomplete to search withing active users only!

sinasalek’s picture

sinasalek CreditAttribution: sinasalek commented

Well i think the main purpose of this module is to help administrators, you have few users for testing but may not want anyone to be able to login using them or there are blocked users on a live site which you need to loggin as them but you don't want to let them login while you're doing your administrative tasks.
Also limiting the autocomplete is not enough since there is another link on user profile pages

andypost’s picture

andypost
he/him
Primary language Russian
CreditAttribution: andypost commented

Sure, I mean to add status=1 but care about uid0

deekayen’s picture

deekayen CreditAttribution: deekayen commented

I vote to won't fix this.

andypost’s picture

andypost
he/him
Primary language Russian
CreditAttribution: andypost commented
Title: Can not masqurate as inactive / blocked users » Do not show inactive / blocked users in autocomplete and block

@deekayen with this title it makes sense, it is really annoying to see inactive users in autocomplete

deekayen’s picture

deekayen CreditAttribution: deekayen commented

With andypost's clarification, I reverse my opinion.

RickJ’s picture

RickJ CreditAttribution: RickJ commented
Status: Active » Needs review
FileSize
masquerade-active-users-2201055-7.patch862 bytes

I've just started using this module in D7 - very useful, but I also ran into this issue.

It's very easy to fix, just change the SQL query to include only active users. Here's a patch.

RickJ’s picture

RickJ CreditAttribution: RickJ commented
Assigned: Unassigned » RickJ
izmeez’s picture

izmeez CreditAttribution: izmeez commented

The patch in #7 looks good. I'll have to do some tests with it.

izmeez’s picture

izmeez CreditAttribution: izmeez commented
Related issues: +#3010095: Masquerade 7.x-1.0 stable release plan

Attached is a re-roll of patch in #7 against the latest 7.x-1.x-dev.
It needs review and may be suitable to add to #3010095: Masquerade 7.x-1.0 stable release plan

izmeez’s picture

izmeez CreditAttribution: izmeez commented
FileSize
masquerade-active-users-2201055-11.patch993 bytes

Sorry, here's the patch file.

Status: Needs review » Needs work

The last submitted patch, 11: masquerade-active-users-2201055-11.patch, failed testing. View results

izmeez’s picture

izmeez CreditAttribution: izmeez commented

I am wondering if the patch failed to apply with tests while it applies locally with make file including several other patches after applying patch in #1926074: Remove {masquerade} table and rely on session flag only.