flagrow/impersonate 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

flagrow/impersonate

Composer 安装命令:

composer require flagrow/impersonate

包简介

Login as other users of your forum

README 文档

README

MIT license Latest Stable Version Total Downloads OpenCollective

This extension adds a "Log in as user" button on user profiles for administrators and others who are granted the permission — and a way back: while impersonating, a notice is shown with a Return to {username} button that switches you back to your own account.

Features

  • Impersonate users from their user profile (moderation controls) or from the admin panel's user list.
  • Return to your own account without logging out: a persistent notice (and an entry in the user menu) offers "Return to {username}" for the whole impersonation session. If you logged in with "remember me", that is restored when you return.
  • Require a reason (optional setting): impersonation can require a reason, which is recorded in the audit log (flarum/audit) and/or as moderator notes on both accounts (fof/moderator-notes), whichever is enabled.
  • Audit logging: with flarum/audit enabled, both starting and ending an impersonation are written to the audit log.
  • No activity traces: browsing as an impersonated user does not update their "last seen" time and never shows them as online. Their own devices are unaffected.

Installation

Install manually:

composer require fof/impersonate:"*"

Updating

composer update fof/impersonate
php flarum migrate
php flarum cache:clear

Configuration

You can configure which groups can impersonate users by going to Permissions > Login as other users. Use with caution, as anybody with that permission can easily access the private data of every user on the forum.

The require a reason setting appears once flarum/audit or fof/moderator-notes is enabled, since one of them is needed to record it.

Security model

  • Non-admins cannot impersonate an admin account, and nobody can impersonate themselves.
  • Permissions are checked against your real current identity: an impersonated session never inherits the impersonator's ability to impersonate.
  • Returning is bound to the session and to the exact account that was impersonated. It stops working when you log out, when the session expires (one hour of inactivity), or after logging into a different account — from then on, only credentials get you back in.
  • The impersonated session never carries a "remember me" cookie, so an idle browser cannot silently re-elevate itself.

For developers

Two events are dispatched, which other extensions can listen to:

  • FoF\Impersonate\Events\Impersonated — when impersonation starts ($actor, $user, $switchReason).
  • FoF\Impersonate\Events\ImpersonationEnded — when the impersonator returns ($user, $originalUser).

Links

统计信息

  • 总下载量: 6.41k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 9
  • 点击次数: 7
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 9
  • Watchers: 2
  • Forks: 2
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2018-03-07

承接程序开发

PHP开发

VUE

Vue开发

前端开发

小程序开发

公众号开发

系统定制

数据库设计

云部署

网站建设

安全加固