verseles/possession
Composer 安装命令:
composer require verseles/possession
包简介
Laravel user impersonation package with Sanctum compatibility
README 文档
README
A simple user impersonation package for Laravel with Sanctum compatibility.
Features
- Secure user impersonation system
- Global
possess()andunpossess()methods - Comprehensive exception handling
- Session-based impersonation
- Sanctum compatibility
- Simple administration controls
- Visual impersonation indicator
- Easy to integrate
It wasn't tested with all Laravel versions, only with Laravel 11 and 12.
Installation
- Install via Composer:
composer require verseles/possession
- Publish the configuration file (optional):
php artisan vendor:publish --tag=possession-config
- Add the trait to your User model:
use Verseles\Possession\Traits\ImpersonatesUsers; class User extends Authenticatable { use ImpersonatesUsers; // Add your possession logic public function canPossess() { return $this->is_admin; // Your admin check logic } public function canBePossessed() { return !$this->is_admin; // Example restriction } }
Usage
Global Methods
Use the facade for direct impersonation control:
use Verseles\Possession\Facades\Possession; // Possess a user (accepts ID, email, or User model instance) try { Possession::possess($targetUser); } catch (\Verseles\Possession\Exceptions\ImpersonationException $e) { // Handle exception return redirect()->back()->withErrors(['impersonation' => $e->getMessage()]); } // Stop possessing try { Possession::unpossess(); } catch (\Verseles\Possession\Exceptions\ImpersonationException $e) { // Handle exception return redirect()->back()->withErrors(['impersonation' => $e->getMessage()]); }
Web Routes Example
// routes/web.php use Verseles\Possession\Facades\Possession; Route::middleware(['web', 'auth:'.config('possession.admin_guard')])->group(function () { Route::post('/possession/impersonate/{user}', function ($user) { try { Possession::possess($user); return redirect()->route('dashboard'); } catch (\Verseles\Possession\Exceptions\ImpersonationException $e) { return back()->withErrors(['impersonation' => $e->getMessage()]); } }); Route::post('/possession/leave', function () { try { Possession::unpossess(); return redirect()->route('admin.dashboard'); } catch (\Verseles\Possession\Exceptions\ImpersonationException $e) { return back()->withErrors(['impersonation' => $e->getMessage()]); } }); });
Blade Templates
Start Impersonation:
@if(auth()->check() && auth()->user()->canImpersonate()) <form action="{{ route('possession.impersonate', $user->id) }}" method="POST"> @csrf <button type="submit">Impersonate User</button> </form> @endif
Stop Impersonation:
@include('possession::impersonating')
Error Handling
The package throws specific exceptions you can catch:
use Verseles\Possession\Exceptions\ImpersonationException; try { Possession::possess($user); } catch (ImpersonationException $e) { // Handle specific error types: if ($e->getCode() === 403) { // Authorization error } // General error handling return back()->withErrors(['impersonation' => $e->getMessage()]); }
Available exceptions:
UnauthorizedPossessExceptionUnauthorizedUnpossessExceptionTargetCannotBePossessedExceptionSelfPossessionExceptionNoImpersonationActiveExceptionAlreadyImpersonatingExceptionAdminNotFoundException— original admin not found during unpossess (e.g., deleted)
Configuration
Edit config/possession.php after publishing:
return [ 'user_model' => App\Models\User::class, 'admin_guard' => 'web', 'session_keys' => [ 'original_user' => 'possession.original_user_id', ], ];
Security Considerations
- Always protect impersonation routes with middleware
- Use separate guards for admin and regular users
- Regularly review your
canPossess()andcanBePossessed()logic - Never expose impersonation controls to non-administrative users
License
The MIT License (MIT)
verseles/possession 适用场景与选型建议
verseles/possession 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.15k 次下载、GitHub Stars 达 4, 最近一次更新时间为 2025 年 02 月 07 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 verseles/possession 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 verseles/possession 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 1.15k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 4
- 点击次数: 27
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2025-02-07