FoF Impersonate, login as other users

jordanjay29

0E800 to be fair, anyone with access to the database has this kind of ability already.

Legoman99573

jordanjay29 I guess they are trying to make it so you dont use their password. I wouldnt use it personally as i dont want to scare users and would violate my privacy policy anyways.

Felli

0E800 I could also see some benefits to using this, like if a user is having some kind of error when using their account that no one else gets and you want to check things out to see what's going on (With permission from the said user of course!). ? So on this note, I applaud @clarkwinkelmann on the creation of this extension. ?

clarkwinkelmann

Felli who's that you're applauding ? ?

I made this extension primarily for development/debugging purpose on my local install, and I know it can be great to troubleshoot user accounts without asking for their password (of course it's nicer to ask the user first anyway).

If you think (or are required by law) to add this to your privacy policy, by all means add it. By default only administrators have access to the feature so you should expect they already have access to all of the data.

I don't think additional warnings or notifications make sense. If an admin wants to sneak into a user's account there are already multiple ways of doing so without the user noticing. This one is just quicker and easier to use.

Felli

clarkwinkelmann For some weird reason when replying the mentioning bugged out when typing out the username... Either way, I fixed it with the right username! ?

Ralkage

And then I realized that this didn't take 8,000 lines to code ? kudos @clarkwinkelmann and Flagrow!

Love this extension, it is definitely useful for debugging purposes as I hate having to log back into my Administrator account when testing my working extension functionalty and permissions.

This is very inspiring as I am trying to make more time during my week for development just because Flagrow will release the most popular extensions before ReFlar has any new extensions this year if at all (I'm a one man dedicated group nowadays and lack dedicated developer-human resources).

Ralkage

Felli that seems to happen even on individual installations as well. I think I'll investigate this bug while I continue to use this extension for good ~~evil~~ ?

0E800

@clarkwinkelmann

Would it be possible to modify code to set up a Guest/Public account and allow users that don't want to register to be able to impersonate or login as the Guest/Public account?

Instead of having Login as user in the Controls, have a hard coded login assigned to an account created with limited access/privs. To give first time visitors and potential members the ability to view the forum as a Guest without needing to register.

Something like:

clarkwinkelmann

0E800 technically yes.

But I don't understand the intent. There is already the notion of a guest account on Flarum (whenever you browse it logged out). You can give multiple permissions to that user in the settings ?

Of course feel free to reuse the code from this extension to build your own ?

Magnetic_dud

Hi, when I enable this extension in the last version of flarum (beta8) I get this error:

'Flarum\Core\Access\AbstractPolicy' not found in /****/vendor/flagrow/impersonate/src/Access/UserPolicy.php on line 8" while reading response header from upstream

Victor12

Magnetic_dud I think it's because the latest Impersonate version is not compatible with Beta 8, yet.

clarkwinkelmann

Magnetic_dud yes. dev-master is ready for beta 8 and @luceos released a beta of this extension for beta 8 prior to beta 8 release, but we still need to tag an actual release for beta 8 😉

We'll take care of that soon.

There's a way you can install the beta version in the meantime through Composer but I don't know the command by heart.

Magnetic_dud

Victor12 ah it was marked compatible with beta 8 on bazaar - maybe it's just a mistake

jordanjay29

Victor12 it's latest release tagged does have Beta 8 compatibility. We'll have to wait for @clarkwinkelmann to offer some insight.

jordanjay29

clarkwinkelmann composer require "vendor/packagename:0.0.0"

Ralkage

@luceos or clarkwinkelmann can one of you push a beta 8 compat release? Dev-master works flawlessly on my end without any issues and I use this religiously when testing permission based features for extensions and such 🤗

I just don't like having to clone dev-master locally just to use this amazing extension, ya feel me? 😛 ❤️

lisk

Very cool extensions, hope there are no vulnerabilities

luceos

0.2.0-beta.1 should work, but I'll just make that a 0.2