From 46b52938670749a0c4ffa4b60e85e888f79e44b9 Mon Sep 17 00:00:00 2001
From: Romain Quetiez <romain.quetiez@combodo.com>
Date: Tue, 18 Jul 2017 09:36:25 +0000
Subject: [PATCH] N.542, N.912 Finalized the API UserRights::Impersonate. This
 is an enabler for several enhancements.

SVN:trunk[4837]
---
 application/loginwebpage.class.inc.php |  2 +-
 core/userrights.class.inc.php          | 64 +++++++++++++++++++++-----
 2 files changed, 54 insertions(+), 12 deletions(-)

diff --git a/application/loginwebpage.class.inc.php b/application/loginwebpage.class.inc.php
index 96d6c8daa..bb056d423 100644
--- a/application/loginwebpage.class.inc.php
+++ b/application/loginwebpage.class.inc.php
@@ -431,7 +431,7 @@ EOF
 		unset($_SESSION['auth_user']);
 		unset($_SESSION['login_mode']);
 		unset($_SESSION['archive_mode']);
-		unset($_SESSION['archive_allowed']);
+		unset($_SESSION['impersonate_user']);
 		UserRights::_ResetSessionCache();
 		// If it's desired to kill the session, also delete the session cookie.
 		// Note: This will destroy the session, and not just the session data!
diff --git a/core/userrights.class.inc.php b/core/userrights.class.inc.php
index 4bfea75a8..acfda6efb 100644
--- a/core/userrights.class.inc.php
+++ b/core/userrights.class.inc.php
@@ -583,6 +583,13 @@ class UserRights
 			return false;
 		}
 		self::$m_oUser = $oUser;
+
+		if (isset($_SESSION['impersonate_user']))
+		{
+			self::$m_oRealUser = self::$m_oUser;
+			self::$m_oUser = self::FindUser($_SESSION['impersonate_user']);
+		}
+
 		Dict::SetUserLanguage(self::GetUserLanguage());
 		return true;
 	}
@@ -702,24 +709,50 @@ class UserRights
 		}
 	}
 
-	public static function Impersonate($sName, $sPassword)
+	/**
+	 * @param string $sName Login identifier of the user to impersonate
+	 * @return bool True if an impersonation occurred
+	 */
+	public static function Impersonate($sName)
 	{
 		if (!self::CheckLogin()) return false;
 
+		$bRet = false;
 		$oUser = self::FindUser($sName);
-		if (is_null($oUser))
+		if ($oUser)
 		{
-			return false;
-		}
-		if (!$oUser->CheckCredentials($sPassword))
-		{
-			return false;
+			$bRet = true;
+			if (is_null(self::$m_oRealUser))
+			{
+				// First impersonation
+				self::$m_oRealUser = self::$m_oUser;
+			}
+			if (self::$m_oRealUser && (self::$m_oRealUser->GetKey() == $oUser->GetKey()))
+			{
+				// Equivalent to "Deimpersonate"
+				self::Deimpersonate();
+			}
+			else
+			{
+				// Do impersonate!
+				self::$m_oUser = $oUser;
+				Dict::SetUserLanguage(self::GetUserLanguage());
+				$_SESSION['impersonate_user'] = $sName;
+				self::_ResetSessionCache();
+			}
 		}
+		return $bRet;
+	}
 
-		self::$m_oRealUser = self::$m_oUser;
-		self::$m_oUser = $oUser;
-		Dict::SetUserLanguage(self::GetUserLanguage());
-		return true;
+	public static function Deimpersonate()
+	{
+		if (!is_null(self::$m_oRealUser))
+		{
+			self::$m_oUser = self::$m_oRealUser;
+			Dict::SetUserLanguage(self::GetUserLanguage());
+			unset($_SESSION['impersonate_user']);
+			self::_ResetSessionCache();
+		}
 	}
 
 	public static function GetUser()
@@ -851,6 +884,11 @@ class UserRights
 		return self::$m_oRealUser->Get('login');
 	}
 
+	public static function GetRealUserObject()
+	{
+		return self::$m_oRealUser;
+	}
+
 	public static function GetRealUserId()
 	{
 		if (is_null(self::$m_oRealUser))
@@ -1193,6 +1231,10 @@ class UserRights
 		{
 			unset($_SESSION['profile_list']);
 		}
+		if (isset($_SESSION['archive_allowed']))
+		{
+			unset($_SESSION['archive_allowed']);
+		}
 	}
 }