Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
For some reason when I chose a user of the Masquerade block I am unable to switch back to the original user.. being Admin.
I have tried all users, and double checked permissions etc but I can not seem to get this to work
Am I doing something blatantly wrong with the set up?
Thanks
Comment | File | Size | Author |
---|---|---|---|
#52 | 695952-masquerade-menu-d6.patch | 1.43 KB | andypost |
#23 | 695952_modules_enabled.txt | 15.36 KB | deviantintegral |
#22 | Installed Drupal components (Available updates).pdf | 160.41 KB | roball |
#17 | 695952-masquerade_17.patch | 1.3 KB | deviantintegral |
#8 | 695952-masquerade-d6.patch | 2.3 KB | andypost |
Comments
Comment #1
krausr CreditAttribution: krausr commentedI had the same experience as you describe above when I first started using this great module.
Give permissions to admin only. Make sure that in your Blocks configuration you have checked all roles that you will want to masquarade as.
From my experience, this block does not show for users with other roles because they do not have permissions to the module.
Comment #2
deviantintegral CreditAttribution: deviantintegral commentedIf you are masquerading as any user, the Masquerade block should always show so you can switch back. If it's not, please post any steps to reproduce it so we can track it down.
Are you still unable to see the block in the latest release?
Comment #3
jpl-2 CreditAttribution: jpl-2 commentedI have the same problem, after masquerading, the "Switch back" link in the menu is displayed without the security token (e.g. masquerade/unswitch). Therefore, it denies access.
Comment #4
jpl-2 CreditAttribution: jpl-2 commentedIt happens because at the time function masquerade_menu_link_alter is invoked, there is no masquerade/unswitch link in the menu, so it is not altered. However, after the unswitch link appears (after masquerading), the masquerade_menu_link_alter is not called again.
Comment #5
andypostConfirm that "Switch back" from menu does not work (also after reinstall module)
EDIT related issue #144538: User logout is vulnerable to CSRF
Comment #6
deviantintegral CreditAttribution: deviantintegral commentedI would rebuild the menu system just in case there is something else going on.
On a fresh install of Masquerade without any other contributed modules, the menu link has the query string added. So I wonder if some other module is altering the menu item or page callback?
http://api.drupal.org/api/function/hook_translated_menu_link_alter/6 is supposed to be called before the item is rendered, so I'm not sure how the token would be missed.
Comment #7
roball CreditAttribution: roball commentedAfter updating the Masquerade Module from 6.x-1.3 to 6.x-1.4 I can no longer switch back - the response is Access denied.
Comment #8
andypostPatch fixes the issue, also fix for notice when user created.
Using hook_menu_alter is preferred because called only once but previous approach is a great performance loss!!!
Comment #9
roball CreditAttribution: roball commentedComment #10
deviantintegral CreditAttribution: deviantintegral commentedI've committed just the notice and indentation changes over at #710952: Undefined index: masquerade_users when registering.
The patch from #8 doesn't change anything for me... but I still can't replicate the issue. We need to isolate what's happening to be sure we have a proper fix.
Comment #11
andypost@deviantintegral Suppose it depends on some contrib modules installed because I cant replicate the issue on clean install but get on some sites.
Also as I pointed hook_menu_alter() called ONCE but hook_menu_link_alter() called for every menu link
Comment #12
andypostModule's reinstall helps, on one of sites I've seen that 'masquerade/unswitch' still exists in 'menu_links' table so seems like some DB dependent bug.
This but hit me with mysql 5.0.77 and php 5.2.13 (d6.17)
Comment #13
jpl-2 CreditAttribution: jpl-2 commentedI confirm that the issue only manifests itself in presence of a row in the menu_links table with link_path='masquarade/unswitch' and options='a:0:{}'. This row is apparently created by a previous (6.x-1.3) version and is not replaced when the cache is flushed. A workaround is to delete it directly, thus making room for the new row with options='a:1:{s:5:"alter";b:1;}'. This deletion is what the database upgrade script between 6.x-1.3 and 6.x-1.4 should have done.
Comment #14
haikubear CreditAttribution: haikubear commentedI had the same issue after upgrading from 6.x-1.3 to 6.x-1.4. The patch in #8 did not help.
However, the following sql calls, based on #13 above, worked:
Comment #15
roball CreditAttribution: roball commentedNothing helped for me so far. I have uninstalled the module, cleanly re-installed it, flushed all caches, rebuilt permissions, reset the "Switch back" menu item in the navigation menu to its defaults... - Still Access denied every time clicking the "/masquerade/unswitch" link.
Comment #16
ball.in.th CreditAttribution: ball.in.th commentedsubscribing. after upgrading to 6.x-1.4, once masquerade as another user, the masquerade block no longer shows up, so i am unable to switch back.
Comment #17
deviantintegral CreditAttribution: deviantintegral commentedI think what's described in #16 is a different issue.
I just tested a clean install upgrading 6.x-1.3 to 6.x-1.4, and it worked fine. So it's definitely related to some other module.
Next thought; is some other module changing the alter flag, or the page callback? That might be why the patch addresses the issue, as it's only checking the menu path.
I've attached an updated patch against DRUPAL-6--1.
Comment #18
Philo72 CreditAttribution: Philo72 commentedI tried this 6.x-1.x-dev dated 27-6-2010 version of the dev and i get the following when masquerading.
You are now masquerading as Paige Petersen.
1
(thats all that is on the page) there is a token now in the address bar)
masquerade/switch/29430?token=835bcf3cd4498e1365527af3ffb219cb
However i don't get the switch back menu item until i refresh the page. After refreshing i get Access denied page.
Then if i click on the switch back menu item i get the following in the address bar
masquerade/unswitch
no token on the end (not sure if this is required)
I also get a blank page but it has however switched back as i can then refresh the page and access the admin menu.
Don't know how helpful i will be.
I do have the Login Destination module turned on and "Return user to where he/she came from. (Preserve destination)" enabled.
Comment #19
afreeman CreditAttribution: afreeman commentedI haven't been able to duplicate any of the bugs mentioned. I've tried a clean drupal install with 6.x-1.4 and I've tried upgrading from 6.x-1.3 to 6.x-1.4 with no problems.
Comment #20
joeebel CreditAttribution: joeebel commentedSame problem, Switchback shows in menu but delivers Access Denied when clicked. I reverted to 1.3 and all is OK again.
Subscribing...
Comment #21
deviantintegral CreditAttribution: deviantintegral commentedTo be able to get this fixed, we need:
If you're affected by this issue, please help tackle one of the above items.
Comment #22
roball CreditAttribution: roball commentedAttached is the screenshot of the "Available updates" screen of a site having this problem - thus showing all Drupal components. Hope it helps.
Comment #23
deviantintegral CreditAttribution: deviantintegral commentedThanks for the screenshot. I think I've enabled everything as per your site, however that page doesn't show every single enabled module as it hides submodules within packages. I've enabled all of the modules in the attached text, and can still unswitch from a user. So either it's a module not enabled, or it's a configuration setting within one of the modules.
Comment #24
andypostSeems like "Switch back" item broken if menu was saved from admin/menu so menu rebuild does not work for this items
Comment #25
deviantintegral CreditAttribution: deviantintegral commentedI tried moving the "Switch back" item to be under "My account", and renamed it to "Unswitch". That would mark it as customized in the menu system, but the token was still added properly even after clearing the menu cache.
Can you trigger it with a specific configuration of the menu?
Comment #26
Philo72 CreditAttribution: Philo72 commentedI tried 6.x-1.4. I cleared the cache and I get the correct page after masquerading and unswitch menu. However unswitch still brings up access denied page.
I tried running the sql commands in #14 and no change to unswitch menu (still access denied).
I tried patch in #17 and no change to unswitch menu (still access Denied)
on all attempts i had to log out and log back in as admin user.
Still working on disabling modules.
Comment #27
deviantintegral CreditAttribution: deviantintegral commentedComment #28
wilho CreditAttribution: wilho commentedI had similar issues when i upgraded this module from 1.3 to 1.4. I could not get the nav menu link to 'switch' or 'switch back' and when 'switching' via the block link i would get 'access denied' when trying to switch back.
However, i have it all working properly, after resetting to defaults on the Masquerade admin page and resetting the (2) navigation menu items.
It is what worked for me.
Comment #29
Philo72 CreditAttribution: Philo72 commentedTried the same and this did not work for me. However doing this and then going to performance and clearing cached data worked it now switches back.
Thanks for the info.
Phil
Comment #30
Philo72 CreditAttribution: Philo72 commentedOk Tried it again on backup of site.
installed 1.4
reset masquerade administrator item to defaults
reset switch back navigation menu item to defaults
cleared cache
all works fine
Comment #31
Jay Adan CreditAttribution: Jay Adan commentedClearing cache worked for me as well.
Comment #32
joeebel CreditAttribution: joeebel commentedI'm good, too. Cleared cache and reinstalled. All is well.
Comment #33
MrGeek CreditAttribution: MrGeek commentedSubscribing
Comment #34
chianti CreditAttribution: chianti commentedI've got this issue too.
The 'switch back' link in the admin menu doesn't work.
The 'switch' link in the masquerade block does.
Whilst it's handy having an extra link in the menu, I'm going to disable it.
Cheers.
Comment #35
tchurch CreditAttribution: tchurch commentedsubscribing.
I get this error on all my customer sites since upgrading from 1.3 to 1.4
Comment #36
tchurch CreditAttribution: tchurch commentedJust to add to my previous comment, I tested the SQL in #14 and this worked for me after flushing all caches.
Comment #37
roball CreditAttribution: roball commentedTried all possible suggested solutions - none of them worked for me.
Comment #38
deviantintegral CreditAttribution: deviantintegral commentedSounds like a cache issue then; surprises me a bit, as the cache should be cleared when update.php is run. If that's the case, I'm still not sure what the solution is, other then to add a message when upgrading from 1.3 to 1.4 to run update.php again.
Comment #39
tchurch CreditAttribution: tchurch commentedIt was more than cache for me. I had to actually, manually do the DB update mentioned in #14 and then flush the cache.
I did try flushing the cache first but it still didn't work until I did the DB update.
Maybe this wasn't done with the update to 1.4?
Comment #40
MrGeek CreditAttribution: MrGeek commented#14 + cache-flush fixed for me
Comment #41
James Marks CreditAttribution: James Marks commentedSame fix worked for me as well.
James
Comment #42
roball CreditAttribution: roball commentedFinally... got it!
The solution was to only switch back via the (module-provided) "Masquerade" block. Thus, the Role specific visibility settings for this block have to allow showing it to the "authenticated user" so that it appears at all users being switched to (previously, I had only allowed "administrator" which prevented to show the block when being switched to non-admins). Then the "Switch back" link properly appears linking to "/masquerade/unswitch?token=[ID]" in the "Masquerade" block of the user being switched to.
Previously, the "Switch back" link only appeared in the Navigation block, but linking uncorrectly to "/masquerade/unswitch" (without the query string). So the "Switch back" item of the "Navigation" menu must be disabled (it's not possible to remove it)! The module should have removed it entirely when upgrading from 1.3 to 1.4.
In order that the "Masquerade" block does not appear for non-admins when they are logged in regularly, the "masquerade as admin" and "masquerade as user" permissions should only be granted to the "administrator" role.
Comment #43
tchurch CreditAttribution: tchurch commentedI don't understand that.
My 'navigation' link works fine, using the correct string (after the #14 update).
I never give authenticated users access to the block, only admin roles. I use 2 roles; super admin (me) and others (customer).
I have "masquerade as admin" and the customer has "masquerade as user" and it all works without any problems now.
Comment #44
roball CreditAttribution: roball commentedThe "Switch back" link in the "Navigation" block never included the query string on my sites, so it never worked there. But in the "Masquerade" block the link is always correct - so the solution for me was just to always use the link in the Masquerade block and no more let it display in the Navigation block.
Even if you let the Masquerade block display to the authenticated user, it won't display to authenticated users not having a "masquerade as ..." permission.
Comment #45
dafederSame problem, fixed with #14+cache clear.
Comment #46
andypostSuppose we need #17 to be commited, as follow-up proposed alter #14 could be implemented as hook_update_N()
#17 work for long now on a bunch of my sites
Comment #47
spade CreditAttribution: spade commentedsubscribe
Comment #48
spade CreditAttribution: spade commentedThe token was missing. The dev-version fixed it for me. Thanks.
Comment #49
alberto56 CreditAttribution: alberto56 commentedThis is also an issue in D7. See #1005198: No "Switch back" link in D7 version.
Comment #50
andypostFor D7 version follow #1004014: Replace hook_menu_link_alter() with hook_menu_alter()
Comment #51
designerbrent CreditAttribution: designerbrent commentedLike #46, I have been using #17 now it it works fine for me. BTW: I'm using it in the Admin.module sidebar menu.
Comment #52
andypostRe-roll of #17
I see no reason to check for anonymous name
isset($default_test_user->uid)
enough because _masquerade_user_load() and user_load() would return FALSEComment #53
deekayen CreditAttribution: deekayen commentedcommitted to DRUPAL-6--1
Comment #55
jrobison CreditAttribution: jrobison commentedI thought this was still an issue in Drupal 7 until a friend pointed out that I just needed to enable the masquerade block in the footer region. The switch and switch back works great there.
I did however add in this quick fix / hack solution to add a "Masquerade Switch Back" link to the management menu for switching back when masquerading:
Add in a hook_menu call with the following item:
And then add in the page callback as such:
Comment #56
DrCord CreditAttribution: DrCord commented#55 worked perfectly for me on Drupal 7.43, this really should be included directly in the module, pretty much every site I use masquerade on needs this functionality...
Comment #57
neilsky CreditAttribution: neilsky commentedI just had a horrendous few hours with this module. As an Admin, once I'd switched to another account I no longer had admin privileges and couldn't switch back (no switch back option anywhere). After hours of fiddling (including manual SQL work on the database) I've disabled and uninstalled the module.
However, a list of user names remains on the Hello button of the Maintenance menu. How to get rid of that list?