From 590bdec080cdaeb3926f5bfdbd8df5b8f658fec5 Mon Sep 17 00:00:00 2001 From: laryn Date: Fri, 28 Feb 2025 12:42:57 -0600 Subject: [PATCH 1/2] Remove {masquerade} table and rely on session flag only --- masquerade.install | 36 ++------ masquerade.module | 208 +++++++-------------------------------------- 2 files changed, 41 insertions(+), 203 deletions(-) diff --git a/masquerade.install b/masquerade.install index 9deb18d..98cc0c5 100644 --- a/masquerade.install +++ b/masquerade.install @@ -14,33 +14,6 @@ */ function masquerade_schema() { return array( - 'masquerade' => array( - 'description' => 'Each masquerading user has their session recorded into the masquerade table. Each record represents a masquerading user.', - 'fields' => array( - 'sid' => array( - 'description' => 'The current session for this masquerading user corresponding to their {sessions}.sid.', - 'type' => 'varchar', - 'length' => '64', - 'not null' => TRUE, - 'default' => ''), - 'uid_from' => array( - 'description' => 'The {users}.uid corresponding to a session.', - 'type' => 'int', - 'not null' => TRUE, - 'default' => 0, - 'disp-width' => '10'), - 'uid_as' => array( - 'description' => 'The {users}.uid this session is masquerading as.', - 'type' => 'int', - 'not null' => TRUE, - 'default' => 0, - 'disp-width' => '10'), - ), - 'indexes' => array( - 'sid' => array('sid', 'uid_from'), - 'sid_2' => array('sid', 'uid_as'), - ), - ), 'masquerade_users' => array( 'description' => 'Per-user permission table granting permissions to switch as a specific user.', 'fields' => array( @@ -106,6 +79,15 @@ function masquerade_update_1000() { update_variable_del('masquerade_quick_switches'); } +/** + * Delete masquerade table. + */ +function masquerade_update_1001() { + if (db_table_exists('masquerade')) { + db_drop_table('masquerade'); + } +} + /* * @} End of "defgroup updates-7.x-to-1.x" * The next series of updates should start at 2000. diff --git a/masquerade.module b/masquerade.module index 1a277b8..a9605c1 100644 --- a/masquerade.module +++ b/masquerade.module @@ -45,47 +45,6 @@ function masquerade_permission() { ); } -/** - * Implements hook_init(). - */ -function masquerade_init() { - global $user; - - // Try to load masqing uid from masquerade table. - $uid = db_query("SELECT uid_from FROM {masquerade} WHERE sid = :sid AND uid_as = :uid_as", array( - ':sid' => session_id(), - ':uid_as' => $user->uid, - ))->fetchField(); - - // We are using identical operator (===) instead of equal (==) because if - // $uid === 0 we want to store the session variable. If there's no record in - // masquerade table we clear the session variable. - if ($uid === FALSE) { - if (isset($_SESSION)) { - unset($_SESSION['masquerading']); - } - } - else { - $_SESSION['masquerading'] = $uid; - } -} - -/** - * Implements hook_cron(). - * - * Cleanup masquerade records where people didn't use the switch back link - * that would have cleanly removed the user switch record. - */ -function masquerade_cron() { - // see http://backdrop.org/node/268487 before modifying this query - $subquery = db_select('sessions', 's'); - $subquery->addField('s', 'sid'); - - $query = db_delete('masquerade'); - $query->condition('sid', $subquery, 'NOT IN'); - $query->execute(); -} - /** * Implements hook_menu(). */ @@ -94,7 +53,7 @@ function masquerade_menu() { $config = config('masquerade.settings'); $default_test_user = _masquerade_user_load($config->get('test_user')); - if ($default_test_user && ($default_test_user->uid || $default_test_user->name == t(config_get('system.core', 'anonymous')))) { + if ($default_test_user && $default_test_user->uid) { $items['masquerade/switch/' . $default_test_user->uid] = array( 'title' => 'Masquerade as @testuser', 'title arguments' => array('@testuser' => $default_test_user->name), @@ -225,7 +184,6 @@ function masquerade_user_operations_masquerade(array $accounts) { * @return * TRUE, if the user can perform the requested action, FALSE otherwise. */ - function masquerade_menu_access($type, $uid = NULL) { switch ($type) { case 'unswitch': @@ -247,7 +205,7 @@ function masquerade_menu_access($type, $uid = NULL) { if ($account = user_load($uid)) { $switch_to_account = db_query("SELECT 1 FROM {masquerade_users} WHERE uid_from = :uid_from AND uid_to = :uid_to", array( ':uid_from' => $user->uid, - ':uid_to' => $account->uid + ':uid_to' => $account->uid, ))->fetchField(); } } @@ -261,8 +219,8 @@ function masquerade_menu_access($type, $uid = NULL) { */ function masquerade_admin_settings() { $config = config('masquerade.settings'); - // create a list of roles; all selected roles are considered administrative. - $roles = user_roles(); + // Create a list of roles; all selected roles are considered administrative. + $roles = user_roles(TRUE); $form['masquerade_admin_roles'] = array( '#type' => 'checkboxes', '#title' => t('Roles that are considered "administrators" for masquerading'), @@ -286,9 +244,6 @@ function masquerade_admin_settings() { $quick_switch_users = array(); foreach ($quick_switch as $uid => $account) { - if ($uid == 0) { - $account->name = t(config_get('system.core', 'anonymous')); - } $quick_switch_users[] = $account->name; } @@ -303,7 +258,7 @@ function masquerade_admin_settings() { $form['actions']['submit'] = array( '#type' => 'submit', - '#value' => t('Save Configuration') + '#value' => t('Save Configuration'), ); $form['#validate'][] = 'masquerade_admin_settings_validate'; @@ -312,6 +267,9 @@ function masquerade_admin_settings() { return $form; } +/** + * + */ function masquerade_admin_settings_validate($form, &$form_state) { $config = config('masquerade.settings'); if (!empty($form_state['values']['masquerade_test_user'])) { @@ -339,6 +297,9 @@ function masquerade_admin_settings_validate($form, &$form_state) { $form_state['values']['masquerade_quick_switches'] = $masquerade_uids; } +/** + * + */ function masquerade_admin_settings_submit($form, &$form_state) { $config = config('masquerade.settings'); @@ -359,11 +320,10 @@ function masquerade_admin_settings_submit($form, &$form_state) { } /** - * Wrapper around user_load() to allow the loading of anonymous users. + * Wrapper around user_load(). * * @param $username - * The username of the user you wish to load (i.e. $user->name). To load the - * anonymous user, pass the value of the 'anonymous' variable. + * The username of the user you wish to load (i.e. $user->name). * * @return * A fully-loaded $user object upon successful user load or FALSE if user @@ -373,33 +333,11 @@ function _masquerade_user_load($username) { $config = config('masquerade.settings'); $account = FALSE; if (!empty($username)) { - $anon = t(config_get('system.core', 'anonymous')); - $account = user_load_by_name(($username == $anon ? '' : $username)); - if (isset($account->uid) && empty($account->uid)) { - // Anonymous user should have a name. - $account->name = $anon; - } + $account = user_load_by_name($username); } return $account; } -/** - * Implements hook_user_logout(). - */ -function masquerade_user_logout($account) { - if (!empty($account->masquerading)) { - global $user; - cache_clear_all($user->uid, 'cache_menu', TRUE); - $real_user = user_load($user->masquerading); - watchdog('masquerade', "User %user no longer masquerading as %masq_as.", array('%user' => $real_user->name, '%masq_as' => $user->name), WATCHDOG_INFO); - - $query = db_delete('masquerade'); - $query->condition('sid', session_id()); - $query->condition('uid_as', $account->uid); - $query->execute(); - } -} - /** * Implements hook_field_extra_fields(). */ @@ -431,9 +369,7 @@ function masquerade_user_view($account, $view_mode, $langcode) { $config = config('masquerade.settings'); // Check if user qualifies as admin. $roles = !empty($config->get('admin_roles')) ? array_filter($config->get('admin_roles')) : array(); - $perm = $account->uid == 1 || array_intersect((array)$account->roles, $roles) ? - 'masquerade as admin' : - 'masquerade as user'; + $perm = $account->uid == 1 || array_intersect((array) $account->roles, $roles) ? 'masquerade as admin' : 'masquerade as user'; global $user; @@ -474,12 +410,7 @@ function masquerade_form_user_profile_form_alter(&$form, &$form_state, $form_id) $users = user_load_multiple($uids); $masquerade_users = array(); foreach ($users as $uid => $account) { - if ($uid == 0) { - $masquerade_users[] = t(config_get('system.core', 'anonymous')); - } - else { - $masquerade_users[] = $account->name; - } + $masquerade_users[] = $account->name; } $form['masquerade']['masquerade_users'] = array( '#type' => 'textfield', @@ -490,7 +421,6 @@ function masquerade_form_user_profile_form_alter(&$form, &$form_state, $form_id) '#maxlength' => NULL, ); $form['#validate'][] = 'masquerade_user_validate'; - $form['#submit'][] = 'masquerade_user_submit'; } /** @@ -507,21 +437,11 @@ function masquerade_user_validate(&$form, $form_state) { } } -/** - * Submit handler for masquerade users form element. - */ -function masquerade_user_submit(&$form, $form_state) { - global $_masquerade_old_session_id; - $_masquerade_old_session_id = session_id(); -} - /** * Implements hook_user_update(). * */ function masquerade_user_update($account) { - - global $_masquerade_old_session_id; if (isset($account->masquerade_users)) { $query = db_delete('masquerade_users'); $query->condition('uid_from', $account->uid); @@ -539,17 +459,6 @@ function masquerade_user_update($account) { } $query->execute(); $account->masquerade_users = NULL; - - // Update user session... - // @TODO check other way of session API. - if (!empty($_masquerade_old_session_id)) { - $query = db_update('masquerade'); - $query->fields(array( - 'sid' => session_id(), - )); - $query->condition('sid', $_masquerade_old_session_id); - $query->execute(); - } } } @@ -614,12 +523,7 @@ function masquerade_block_1() { $markup_value = ''; if (isset($_SESSION['masquerading'])) { $quick_switch_links[] = l(t('Switch back'), 'masquerade/unswitch', array('query' => array('token' => backdrop_get_token('masquerade/unswitch')))); - if ($user->uid > 0) { - $markup_value = t('You are masquerading as %masq_as.', array('@user-url' => url('user/' . $user->uid), '%masq_as' => $user->name)); - } - else { - $markup_value = t('You are masquerading as %anonymous.', array('%anonymous' => t(config_get('system.core', 'anonymous')))); - } + $markup_value = t('You are masquerading as %masq_as.', array('@user-url' => url('user/' . $user->uid), '%masq_as' => $user->name)); } else { $quick_switches = $config->get('quick_switches'); @@ -634,16 +538,10 @@ function masquerade_block_1() { $account = user_load($switch_user); if (isset($account->uid)) { $switch_link = 'masquerade/switch/' . $account->uid; - $perm = $user->uid == 1 || array_intersect((array) $account->roles, $admin_roles) ? - 'masquerade as admin' : - 'masquerade as user'; + $perm = $user->uid == 1 || array_intersect((array) $account->roles, $admin_roles) ? 'masquerade as admin' : 'masquerade as user'; if ($account->uid && user_access($perm)) { $quick_switch_links[] = l($account->name, $switch_link, array('query' => array('token' => backdrop_get_token($switch_link)))); } - if ($switch_user == 0) { - $account->name = t(config_get('system.core', 'anonymous')); - $quick_switch_links[] = l($account->name, $switch_link, array('query' => array('token' => backdrop_get_token($switch_link)))); - } } } } @@ -683,7 +581,7 @@ function masquerade_block_1() { function masquerade_block_1_validate($form, &$form_state) { $config = config('masquerade.settings'); global $user; - //unset($form); + // unset($form); $name = $form_state['values']['masquerade_user_field']; $allowed = FALSE; $to_uid = db_select('users', 'u') @@ -707,9 +605,9 @@ function masquerade_block_1_validate($form, &$form_state) { form_set_error('masquerade_user_field', t('You are not allowed to masquerade as the selected user.')); } - if ($name != t(config_get('system.core', 'anonymous')) && module_exists('alt_login')) { + if (module_exists('alt_login')) { $alt_login = db_query("SELECT u.name FROM {users} u INNER JOIN {alt_login} al ON u.uid = al.uid WHERE al.alt_login = :alt_login", array( - ':alt_login' => $name + ':alt_login' => $name, ))->fetchObject(); if (isset($alt_login->name)) { $name = $alt_login->name; @@ -734,7 +632,7 @@ function masquerade_block_1_validate($form, &$form_state) { * Masquerade block form submission. */ function masquerade_block_1_submit($form, &$form_state) { - //unset($form); + // unset($form); $masq_user = _masquerade_user_load($form_state['values']['masquerade_user_field']); if (!masquerade_switch_user($masq_user->uid)) { backdrop_access_denied(); @@ -755,20 +653,12 @@ function masquerade_autocomplete($string) { global $user; $matches = array(); - // Anonymous user goes first to be visible for user. - $anonymous = t(config_get('system.core', 'anonymous')); - if (stripos($anonymous, $string) === 0) { - $matches[$anonymous] = $anonymous; - } - // Other suggestions. $result = db_query_range("SELECT uid, name FROM {users} WHERE LOWER(name) LIKE LOWER(:string)", 0, 10, array( ':string' => $string . '%', )); foreach ($result as $switch_user) { $account = user_load($switch_user->uid); - $perm = $user->uid == 1 || array_intersect((array) $account->roles, $admin_roles) ? - 'masquerade as admin' : - 'masquerade as user'; + $perm = $user->uid == 1 || array_intersect((array) $account->roles, $admin_roles) ? 'masquerade as admin' : 'masquerade as user'; if (user_access($perm)) { $matches[$account->name] = check_plain($account->name); } @@ -786,10 +676,8 @@ function masquerade_autocomplete($string) { * * @param $string * The string of autocmplete value submitted by the user. - * @param $add_anonymous - * Flag to include Anonymous user into result. */ -function masquerade_autocomplete_multiple($string, $add_anonymous = TRUE) { +function masquerade_autocomplete_multiple($string) { $config = config('masquerade.settings'); $matches = array(); // The user enters a comma-separated list of users. We only autocomplete the last user. @@ -798,14 +686,6 @@ function masquerade_autocomplete_multiple($string, $add_anonymous = TRUE) { $last_string = backdrop_strtolower(array_pop($users_typed)); if ($last_string) { $prefix = count($users_typed) ? implode(', ', $users_typed) . ', ' : ''; - if ($add_anonymous) { - // Anonymous user goes first to be visible for user. - $anonymous = t(config_get('system.core', 'anonymous')); - if (stripos($anonymous, $last_string) === 0) { - $matches[$prefix . $anonymous] = $anonymous; - } - } - // Other suggestions. $result = db_query_range("SELECT name FROM {users} WHERE LOWER(name) LIKE :string", 0, 10, array( ':string' => $last_string . '%', )); @@ -865,9 +745,7 @@ function masquerade_switch_user($uid) { $new_user = user_load($uid); $roles = array_keys(array_filter($config->get('admin_roles'))); - $perm = $uid == 1 || array_intersect($new_user->roles, $roles) ? - 'masquerade as admin' : - 'masquerade as user'; + $perm = $uid == 1 || array_intersect($new_user->roles, $roles) ? 'masquerade as admin' : 'masquerade as user'; // Check to see if we need admin permission. $results = db_query_range('SELECT 1 FROM {masquerade_users} WHERE uid_from = :uid_from AND uid_to = :uid_to', 0, 1, array( @@ -889,22 +767,10 @@ function masquerade_switch_user($uid) { return FALSE; } - // Call logout hooks when switching from original user. - module_invoke_all('user_logout', $user); backdrop_session_regenerate(); - $query = db_insert('masquerade'); - $query->fields(array( - 'uid_from' => $user->uid, - 'uid_as' => $new_user->uid, - 'sid' => session_id(), - )); - $query->execute(); - // switch user - - watchdog('masquerade', 'User %user now masquerading as %masq_as.', array('%user' => $user->name, '%masq_as' => $new_user->name ? $new_user->name : t(config_get('system.core', 'anonymous'))), WATCHDOG_INFO); backdrop_set_message(t('You are now masquerading as !masq_as.', array('!masq_as' => theme('username', array('account' => $new_user))))); - $user->masquerading = $new_user->uid; + $_SESSION['masquerading'] = $user->uid; $user = $new_user; // Call all login hooks when switching to masquerading user. @@ -935,23 +801,13 @@ function masquerade_switch_back_page() { */ function masquerade_switch_back() { $config = config('masquerade.settings'); - // switch user + // Switch user. global $user; - cache_clear_all($user->uid, 'cache_menu', TRUE); - $uid = db_query("SELECT m.uid_from FROM {masquerade} m WHERE m.sid = :sid AND m.uid_as = :uid_as ", array( - ':sid' => session_id(), - ':uid_as' => $user->uid, - ))->fetchField(); - // erase record - db_delete('masquerade') - ->condition('sid', session_id()) - ->condition('uid_as', $user->uid) - ->execute(); - - $oldname = ($user->uid == 0 ? t(config_get('system.core', 'anonymous')) : $user->name); - - // Call logout hooks when switching from masquerading user. - module_invoke_all('user_logout', $user); + $oldname = $user->name; + + // Clear the session. + $uid = $_SESSION['masquerading']; + unset($_SESSION['masquerading']); backdrop_session_regenerate(); $user = user_load($uid); From 70d3fe9cee847c4fb5305e096032544c59df28d9 Mon Sep 17 00:00:00 2001 From: laryn Date: Fri, 28 Feb 2025 12:54:27 -0600 Subject: [PATCH 2/2] Update README. --- README.md | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 021224b..7618391 100644 --- a/README.md +++ b/README.md @@ -10,21 +10,22 @@ switch back to the previous account. It adds a link on a user\'s profile page that allows permitted users to masquerade as that user. Upon masquerading, a link to "switch back" to the -original user will appear in the menu. While masquerading, the option to -masquerade as another user will not appear. All masquerading transactions -are logged, and `$user->masquerading` will be set; this could be displayed -via theme. +original user will appear in the menu. While masquerading, the option to +masquerade as another user will not appear. All masquerading transactions +are logged, and a session flag `$_SESSION['masquerading']` will be set, +containing the user ID of the original account (the one that is masquerading as +another account). In the masquerade settings a list of roles are presented; any checked role -is considered an "administrator" and requires the second level "masquerade as admin" -permission to masquerade as. User #1 is automatically considered an administrator, -regardless of roles. +is considered an "administrator" and requires the second level "masquerade as +admin" permission to masquerade as. User #1 is automatically considered an +administrator, regardless of roles. Installation ---------------------------- To install the Masquerade module, extract the module to your modules folder. -After enabling the module, it can be configured under +After enabling the module, it can be configured under Configuration > User accounts > Masquerade. To enable users to masquerade, assign the appropriate "masquerade module" permissions to the roles available on your site. For example: @@ -39,7 +40,7 @@ available on your site. For example: in the Masquerade configuration, set 'administrator' as an administrator role. - + Usage / Quick Switch Menu ---------------------------- @@ -47,7 +48,7 @@ By default, when a user is selected for the 'Menu Quick Switch user', the Masque * Masquerade as 'the user selected': When clicked, the user can quick switch to the user selected. * Switch back: This menu item appears while masquerading so that you can switch back to your original user. - + License ----------------------------