From 48e6203869a17d5ca9168e3a952e58ce7b3e2aef Mon Sep 17 00:00:00 2001
From: Benjamin DALSASS <benjamin.dalsass@combodo.com>
Date: Wed, 13 May 2026 10:58:59 +0200
Subject: [PATCH] =?UTF-8?q?N=C2=B09044=20-=20Application=20token=20and=20I?=
 =?UTF-8?q?mpersonate=20(Log=20in=20as=20this=20user)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 core/userrights.class.inc.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/core/userrights.class.inc.php b/core/userrights.class.inc.php
index cc980e039d..ff88fbf638 100644
--- a/core/userrights.class.inc.php
+++ b/core/userrights.class.inc.php
@@ -658,6 +658,16 @@ abstract class User extends cmdbAbstractObject
 		}
 		return false;
 	}
+
+	/**
+	 * Allow a user to be impersonated by another one (generally an administrator) in order to troubleshoot rights issues.
+	 *
+	 * @return bool
+	 */
+	public function CanBeImpersonated(): bool
+	{
+		return true;
+	}
 }
 
 /**
@@ -1063,6 +1073,9 @@ class UserRights
 		$oUser = self::FindUser($sLogin);
 		if ($oUser) {
 			$bRet = true;
+			if (!$oUser->CanBeImpersonated()) {
+				throw new Exception($oUser->GetName().' cannot be impersonated');
+			}
 			if (is_null(self::$m_oRealUser)) {
 				// First impersonation
 				self::$m_oRealUser = self::$m_oUser;