定制 verseles/possession 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

verseles/possession

Composer 安装命令:

composer require verseles/possession

包简介

Laravel user impersonation package with Sanctum compatibility

README 文档

README

Latest Version

A simple user impersonation package for Laravel with Sanctum compatibility.

Features

  • Secure user impersonation system
  • Global possess() and unpossess() methods
  • Comprehensive exception handling
  • Session-based impersonation
  • Sanctum compatibility
  • Simple administration controls
  • Visual impersonation indicator
  • Easy to integrate

It wasn't tested with all Laravel versions, only with Laravel 11 and 12.

Installation

  1. Install via Composer:
composer require verseles/possession
  1. Publish the configuration file (optional):
php artisan vendor:publish --tag=possession-config
  1. Add the trait to your User model:
use Verseles\Possession\Traits\ImpersonatesUsers;

class User extends Authenticatable
{
    use ImpersonatesUsers;
    
    // Add your possession logic
    public function canPossess()
    {
        return $this->is_admin; // Your admin check logic
    }
    
    public function canBePossessed()
    {
        return !$this->is_admin; // Example restriction
    }
}

Usage

Global Methods

Use the facade for direct impersonation control:

use Verseles\Possession\Facades\Possession;

// Possess a user (accepts ID, email, or User model instance)
try {
    Possession::possess($targetUser);
} catch (\Verseles\Possession\Exceptions\ImpersonationException $e) {
    // Handle exception
    return redirect()->back()->withErrors(['impersonation' => $e->getMessage()]);
}

// Stop possessing
try {
    Possession::unpossess();
} catch (\Verseles\Possession\Exceptions\ImpersonationException $e) {
    // Handle exception
    return redirect()->back()->withErrors(['impersonation' => $e->getMessage()]);
}

Web Routes Example

// routes/web.php
use Verseles\Possession\Facades\Possession;

Route::middleware(['web', 'auth:'.config('possession.admin_guard')])->group(function () {
    Route::post('/possession/impersonate/{user}', function ($user) {
        try {
            Possession::possess($user);
            return redirect()->route('dashboard');
        } catch (\Verseles\Possession\Exceptions\ImpersonationException $e) {
            return back()->withErrors(['impersonation' => $e->getMessage()]);
        }
    });
    
    Route::post('/possession/leave', function () {
        try {
            Possession::unpossess();
            return redirect()->route('admin.dashboard');
        } catch (\Verseles\Possession\Exceptions\ImpersonationException $e) {
            return back()->withErrors(['impersonation' => $e->getMessage()]);
        }
    });
});

Blade Templates

Start Impersonation:

@if(auth()->check() && auth()->user()->canImpersonate())
<form action="{{ route('possession.impersonate', $user->id) }}" method="POST">
    @csrf
    <button type="submit">Impersonate User</button>
</form>
@endif

Stop Impersonation:

@include('possession::impersonating')

Error Handling

The package throws specific exceptions you can catch:

use Verseles\Possession\Exceptions\ImpersonationException;

try {
    Possession::possess($user);
} catch (ImpersonationException $e) {
    // Handle specific error types:
    if ($e->getCode() === 403) {
        // Authorization error
    }
    
    // General error handling
    return back()->withErrors(['impersonation' => $e->getMessage()]);
}

Available exceptions:

  • UnauthorizedPossessException
  • UnauthorizedUnpossessException
  • TargetCannotBePossessedException
  • SelfPossessionException
  • NoImpersonationActiveException
  • AlreadyImpersonatingException
  • AdminNotFoundException — original admin not found during unpossess (e.g., deleted)

Configuration

Edit config/possession.php after publishing:

return [
    'user_model' => App\Models\User::class,
    'admin_guard' => 'web',
    'session_keys' => [
        'original_user' => 'possession.original_user_id',
    ],
];

Security Considerations

  • Always protect impersonation routes with middleware
  • Use separate guards for admin and regular users
  • Regularly review your canPossess() and canBePossessed() logic
  • Never expose impersonation controls to non-administrative users

License

The MIT License (MIT)

verseles/possession 适用场景与选型建议

verseles/possession 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.15k 次下载、GitHub Stars 达 4, 最近一次更新时间为 2025 年 02 月 07 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 verseles/possession 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 verseles/possession 我们能提供哪些服务?
定制开发 / 二次开发

基于 verseles/possession 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 1.15k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 4
  • 点击次数: 27
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 4
  • Watchers: 1
  • Forks: 1
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2025-02-07