Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
It doesn't seem possible to masquerade as blocked/inactive users, it says that you're logged in as x , but you're actually logged out.
I think it's necessary to be able login as blocked users because the alternative is to unblock the user manually and then block it again after afterwards which is not a good idea in terms of security
Also for at lease a proper message show be displayed notifying the admin that he can't masquerade because the user is blocked. at first i though that i encountered a bug, it is confusing
Comment | File | Size | Author |
---|---|---|---|
#11 | masquerade-active-users-2201055-11.patch | 993 bytes | izmeez |
#7 | masquerade-active-users-2201055-7.patch | 862 bytes | RickJ |
Comments
Comment #1
andypostthe module uses standard login/logout as core provides, so "blocked" means blocked.
It make sense just add filtering for autocomplete to search withing active users only!
Comment #2
sinasalek CreditAttribution: sinasalek commentedWell i think the main purpose of this module is to help administrators, you have few users for testing but may not want anyone to be able to login using them or there are blocked users on a live site which you need to loggin as them but you don't want to let them login while you're doing your administrative tasks.
Also limiting the autocomplete is not enough since there is another link on user profile pages
Comment #3
andypostSure, I mean to add
status=1
but care about uid0Comment #4
deekayen CreditAttribution: deekayen commentedI vote to won't fix this.
Comment #5
andypost@deekayen with this title it makes sense, it is really annoying to see inactive users in autocomplete
Comment #6
deekayen CreditAttribution: deekayen commentedWith andypost's clarification, I reverse my opinion.
Comment #7
RickJ CreditAttribution: RickJ commentedI've just started using this module in D7 - very useful, but I also ran into this issue.
It's very easy to fix, just change the SQL query to include only active users. Here's a patch.
Comment #8
RickJ CreditAttribution: RickJ commentedComment #9
izmeez CreditAttribution: izmeez commentedThe patch in #7 looks good. I'll have to do some tests with it.
Comment #10
izmeez CreditAttribution: izmeez commentedAttached is a re-roll of patch in #7 against the latest 7.x-1.x-dev.
It needs review and may be suitable to add to #3010095: Masquerade 7.x-1.0 stable release plan
Comment #11
izmeez CreditAttribution: izmeez commentedSorry, here's the patch file.
Comment #13
izmeez CreditAttribution: izmeez commentedI am wondering if the patch failed to apply with tests while it applies locally with make file including several other patches after applying patch in #1926074: Remove {masquerade} table and rely on session flag only.