Hi there,

Is there a way to redirect to a specific page after masquerading?

I am creating a site where the admin user needs to masquerade to access other user's account. I have created an admin section where I've put a list of all the users. In front of each user there is a "log in as this user" button, that redirects to masquerade:

// at the end of a form_submit handler
$form_state['redirect'] = 'masquerade/switch/'.$uid;

The problem is that after going to the masquerade link, it goes back to the admin page, where non-admin users are not authorized to be. So, I get an "access denied".

Is there a way to do something like this:

// at the end of a form_submit handler
$form_state['redirect'] = 'masquerade/switch/'.$uid.'?destination=some-page';

Thanks for a great module, by the way!


deviantintegral’s picture

Version:6.x-1.3» 6.x-1.x-dev
Status:Active» Needs review
new5.55 KB

At the end of masquerade_switch_user(), there is:


I've attached a patch that refactors masqurade_switch_user() and masqurade_switch_back() into page callbacks and API functions. That way, you should be able to call masqurade_switch_user() directly in your form, without having it mess up your #redirect.

Note this is completely untested as I was on the plane when I wrote it :)

deviantintegral’s picture

Category:support» feature
new5.51 KB

Reroll against HEAD.

deviantintegral’s picture

new5.78 KB

Updated patch that properly throws an error if the user doesn't have access to switch to the specified user.

deviantintegral’s picture

And here's a patch against HEAD.

deviantintegral’s picture

Version:6.x-1.x-dev» 7.x-1.x-dev
Status:Needs review» Patch (to be ported)
new5.87 KB

I've committed the attached patch to DRUPAL-6--1.

southweb’s picture

new5.61 KB

Thanks for this. Will have a look. I had the same problem. But I also needed the facility to be able to switch users as an API call ( without FAPI ).

And for this, there may be cases where we don't want any redirect at all.

Also, going to referrer() seems problematic given that you could well be switching back to a page for which the original users doesn't have access to. Or that they have access to it, but are accessing it as the 'wrong' user for the application logic.

My approach was to add the parameter redirect which could be boolean or a path and by default was set to true. In the API scenario you may not want to go anywhere at all after a redirect.

Also, if you do want to redirect, but have not specified the destination, the safest place is the home page;

If you want to specify a redirect, this can be passed as a string (for API users); and finally, the return to the redirect should be the starting point of the original masquerade request - so we store the referrer as $_SESSION['masquerade_redirect'] prior to redirection (see attached).

Anyway, not sure how much help the above is, and I may well be able to achieve all these things with your API patch, so feel free to ignore.

(BTW - this applies Drupal 6 version)

andypost’s picture

@bluffit are you still using your API for switching without formapi? Can ypu post a patch or your code?

southweb’s picture

Hi andypost,

Sorry for the late reply. I am still using the old module (my bad) as the new one would require a major attack.

LEternity’s picture

bluffit, can you make this a patch for the D6 version, so it can be tested?

andypost’s picture

#5 or #6 is a preferable way to implement API switching? Probably this functionality could be used with Rules.

andypost’s picture

When porting we should care about masquerade_user_operations()

obleser’s picture

jenlampton’s picture

I was also looking for this feature (7.x) but managed to accomplish what I needed by using hook_user_login, testing array_key_exists('masquerading', $_SESSION) and calling a drupal_goto.

I'm not sure if we need this feature built directly into Masquerade, but having an API so that other modules could do things while switching users (and switching back) would certainly be helpful.

Edit: Just read the other issue, it looks like that's what the plan is over there. Kudos!

andypost’s picture

For d7 a custom modules could implement hook_drupal_goto_alter()

nevos’s picture

Issue summary:View changes

followup on andypost, I used:

function HOOK_drupal_goto_alter(&$path, &$options, &$http_response_code) {
strstr(request_path(),'masquerade/switch')) {
$path = ''; // go home after masquarading
ndenhild’s picture

Thanks Nevos!