mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 01:25:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added button to user admin to impersonate a certain user

Browse source
This commit is contained in:
Jan Böhmer 2023-07-08 22:43:41 +02:00
parent d20153c569
commit cc1595e048
6 changed files with 145 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

72
assets/controllers/elements/link_confirm_controller.js Normal file
View file

@ -0,0 +1,72 @@
/*
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*
* Copyright (C) 2019 - 2022 Jan Böhmer (https://github.com/jbtronics)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
import {Controller} from "@hotwired/stimulus";
import * as bootbox from "bootbox";
import "../../css/components/bootbox_extensions.css";
export default class extends Controller
{
static values = {
message: String,
title: String
}
connect()
{
this._confirmed = false;
this.element.addEventListener('click', this._onClick.bind(this));
}
_onClick(event)
{
//If a user has not already confirmed the deletion, just let turbo do its work
if (this._confirmed) {
this._confirmed = false;
return;
}
event.preventDefault();
event.stopPropagation();
const that = this;
bootbox.confirm({
title: this.titleValue,
message: this.messageValue,
callback: (result) => {
if (result) {
//Set a flag to prevent the dialog from popping up again and allowing turbo to submit the form
that._confirmed = true;
//Click the link
that.element.click();
} else {
that._confirmed = false;
}
}
});
}
}

5
src/EventSubscriber/UserSystem/PasswordChangeNeededSubscriber.php
View file

@ -78,6 +78,11 @@ final class PasswordChangeNeededSubscriber implements EventSubscriberInterface
return; return;
} }
//If the user is impersonated, we don't need to redirect him
if ($this->security->isGranted('IS_IMPERSONATOR')) {
return;
}
//Abort if we dont need to redirect the user. //Abort if we dont need to redirect the user.
if (!$user->isNeedPwChange() && !static::TFARedirectNeeded($user)) { if (!$user->isNeedPwChange() && !static::TFARedirectNeeded($user)) {
return; return;

16
src/Twig/UserExtension.php
View file

@ -47,7 +47,9 @@ use App\Entity\LogSystem\AbstractLogEntry;
use App\Repository\LogEntryRepository; use App\Repository\LogEntryRepository;
use Doctrine\ORM\EntityManagerInterface; use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bundle\SecurityBundle\Security; use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken; use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Twig\Extension\AbstractExtension; use Twig\Extension\AbstractExtension;
use Twig\TwigFilter; use Twig\TwigFilter;
use Twig\TwigFunction; use Twig\TwigFunction;
@ -59,7 +61,9 @@ final class UserExtension extends AbstractExtension
{ {
private readonly LogEntryRepository $repo; private readonly LogEntryRepository $repo;
public function __construct(EntityManagerInterface $em, private readonly Security $security) public function __construct(EntityManagerInterface $em,
private readonly Security $security,
private readonly UrlGeneratorInterface $urlGenerator)
{ {
$this->repo = $em->getRepository(AbstractLogEntry::class); $this->repo = $em->getRepository(AbstractLogEntry::class);
} }
@ -80,6 +84,7 @@ final class UserExtension extends AbstractExtension
new TwigFunction('creating_user', fn(AbstractDBElement $element): ?User => $this->repo->getCreatingUser($element)), new TwigFunction('creating_user', fn(AbstractDBElement $element): ?User => $this->repo->getCreatingUser($element)),
new TwigFunction('impersonator_user', $this->getImpersonatorUser(...)), new TwigFunction('impersonator_user', $this->getImpersonatorUser(...)),
new TwigFunction('impersonation_active', $this->isImpersonationActive(...)), new TwigFunction('impersonation_active', $this->isImpersonationActive(...)),
new TwigFunction('impersonation_path', $this->getImpersonationPath(...)),
]; ];
} }
@ -103,6 +108,15 @@ final class UserExtension extends AbstractExtension
return $this->security->isGranted('IS_IMPERSONATOR'); return $this->security->isGranted('IS_IMPERSONATOR');
} }
public function getImpersonationPath(User $user, string $route_name = 'homepage'): string
{
if (! $this->security->isGranted('CAN_SWITCH_USER', $user)) {
throw new AccessDeniedException('You are not allowed to impersonate this user!');
}
return $this->urlGenerator->generate($route_name, ['_switch_user' => $user->getUsername()]);
}
/** /**
* This function/filter generates a path. * This function/filter generates a path.
*/ */

37
templates/admin/base_admin.html.twig
View file

@ -77,21 +77,22 @@
{{ form_start(form) }} {{ form_start(form) }}
{% block nav_pills_container %}
<ul class="nav nav-pills mb-2"> <ul class="nav nav-pills mb-2">
<li class="nav-item">
<a data-bs-toggle="tab" class="nav-link link-anchor active" href="#common">{% trans %}admin.common{% endtrans %}</a>
</li>
{% block additional_pills %}{% endblock %}
<li class="nav-item">
<a data-bs-toggle="tab" class="nav-link link-anchor" href="#attachments">{% trans %}admin.attachments{% endtrans %}</a>
</li>
{% if entity.parameters is defined %}
<li class="nav-item"> <li class="nav-item">
<a data-bs-toggle="tab" class="nav-link link-anchor" href="#parameters">{% trans %}admin.parameters{% endtrans %}</a> <a data-bs-toggle="tab" class="nav-link link-anchor active" href="#common">{% trans %}admin.common{% endtrans %}</a>
</li> </li>
{% endif %} {% block additional_pills %}{% endblock %}
</ul> <li class="nav-item">
<a data-bs-toggle="tab" class="nav-link link-anchor" href="#attachments">{% trans %}admin.attachments{% endtrans %}</a>
</li>
{% if entity.parameters is defined %}
<li class="nav-item">
<a data-bs-toggle="tab" class="nav-link link-anchor" href="#parameters">{% trans %}admin.parameters{% endtrans %}</a>
</li>
{% endif %}
</ul>
{% endblock %}
<!-- Tab panes --> <!-- Tab panes -->
<div class="tab-content"> <div class="tab-content">
@ -183,12 +184,12 @@
</fieldset> </fieldset>
</div> </div>
<div id="mass_creation" class="tab-pane fade"> <div id="mass_creation" class="tab-pane fade">
<div class="row"> <div class="row">
<p class="text-muted offset-sm-3 col-sm-9">{% trans %}mass_creation.help{% endtrans %}</p> <p class="text-muted offset-sm-3 col-sm-9">{% trans %}mass_creation.help{% endtrans %}</p>
</div>
{{ form(mass_creation_form) }}
</div> </div>
{{ form(mass_creation_form) }}
</div>
{% endif %} {% endif %}

20
templates/admin/user_admin.html.twig
View file

@ -16,6 +16,20 @@
<li class="nav-item"><a data-bs-toggle="tab" class="nav-link link-anchor" href="#permissions">{% trans %}user.edit.permissions{% endtrans %}</a></li> <li class="nav-item"><a data-bs-toggle="tab" class="nav-link link-anchor" href="#permissions">{% trans %}user.edit.permissions{% endtrans %}</a></li>
{% endblock %} {% endblock %}
{% block nav_pills_container %}
<div class="d-flex justify-content-between">
{{ parent() }}
<div>
{% if entity.id is not null and is_granted('CAN_SWITCH_USER', entity) %}
<a href="{{ impersonation_path(entity) }}" data-turbo="false" class="btn btn-outline-warning"
{{ stimulus_controller('elements/link_confirm', {title: 'user.impersonate.confirm.title'|trans, message: 'user.impersonate.confirm.message'|trans}) }}
>{% trans %}user.impersonate.btn{% endtrans %}</a>
{% endif %}
</div>
</div>
{% endblock %}
{% block additional_controls %} {% block additional_controls %}
{{ form_row(form.group) }} {{ form_row(form.group) }}
{{ form_row(form.first_name) }} {{ form_row(form.first_name) }}
@ -24,12 +38,6 @@
{{ form_row(form.showEmailOnProfile) }} {{ form_row(form.showEmailOnProfile) }}
{{ form_row(form.department) }} {{ form_row(form.department) }}
{{ form_row(form.aboutMe) }} {{ form_row(form.aboutMe) }}
<div class="row mb-2">
<a href="#" class="btn btn-link">Impersonate</a>
</div>
{% endblock %} {% endblock %}
{% block additional_panes %} {% block additional_panes %}

20
translations/messages.en.xlf
View file

@ -11409,5 +11409,25 @@ Element 3</target>
<target>Stop impersonation</target> <target>Stop impersonation</target>
</segment> </segment>
</unit> </unit>
<unit id="T3yB7KF" name="user.impersonate.btn">
<segment>
<source>user.impersonate.btn</source>
<target>Impersonate</target>
</segment>
</unit>
<unit id="sFE8diE" name="user.impersonate.confirm.title">
<segment>
<source>user.impersonate.confirm.title</source>
<target>Do you really want to impersonate this user?</target>
</segment>
</unit>
<unit id="MlJJSEo" name="user.impersonate.confirm.message">
<segment>
<source>user.impersonate.confirm.message</source>
<target>This will be logged. You should only do this with a good reason.
Please note, that you can not impersonate a disabled user. If you try you will get an "Access Denied" message.</target>
</segment>
</unit>
</file> </file>
</xliff> </xliff>