Chapters
-
Course Code
Subscribe to download the code!Compatible PHP versions: >=5.3.3
Subscribe to download the code!Compatible PHP versions: >=5.3.3
-
This Video
Subscribe to download the video!
Subscribe to download the video!
-
Course Script
Subscribe to download the script!
Subscribe to download the script!
Switching Users / Impersonation
Scroll down to the script below, click on any sentence (including terminal blocks) to jump to that spot in the video!
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
Switching Users / Impersonation¶
What’s that ROLE_ALLOWED_TO_SWITCH all about in security.yml. Symfony gives you the ability to actually change the user you’re logged in as. Ever have a client complaint you couldn’t replicate? Well now you can login as them without knowing their password. Now that is a Jedi mindtrick.
To activate this feature, add the switch_user key to your firewall:
# app/config/security.yml
security:
# ...
firewalls:
secured_area:
# ...
switch_user: ~
To use it, just add a ?_switch_user= query parameter to any page with the username you want to change to:
When we try it initially, we get the access denied screen. Our user needs ROLE_ALLOWED_TO_SWITCH to be able to do this. Add it to the ROLE_ADMIN hierarchy to get it:
# app/config/security.yml
security:
# ...
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_EVENT_CREATE, ROLE_ALLOWED_TO_SWITCH]
# ...
When we refresh, you’ll see that the our username in the web debug toolbar has changed to darth. So cool! To switch back, use the _exit key:
http://events.local/app_dev.php/new?_switch_user=_exit
4 Comments
Victor
SFCASTS
Chaibi Alaa
6 years ago
Hey Chaibi,
Nope, you will have the same roles which the user has (the user which you impersonate), i.e. it's the same if you log in with credentials of other user, but... you know, you don't actually his credentials :) . So if the user doesn't have ROLE_ADMIN, you don't have it too after impersonation.
Cheers!
Chaibi Alaa
Victor
6 years ago
Thank you, do you know any solution to make users have such ability? Exactly like facebook one View profile as. In the case of this tuto does _exit closes the impersonated user and gets back to the needed user or does it simply gets completely logged out ?
Victor
SFCASTS
Chaibi Alaa
6 years ago
What ability do you mean exactly, could you clarify a bit? Facebook doesn't impersonate you like an other user - it just shows you how other user see your page. Do you need exactly this ability as Facebook does?
When you go to the "?_switch_user=_exit" - system will switch you to the original ( i.e. your user) account, so it won't log out you completely.
"Houston: no signs of life"
Start the conversation!
What PHP libraries does this tutorial use?
// composer.json
{
"require": {
"php": ">=5.3.3",
"symfony/symfony": "~2.4", // v2.4.2
"doctrine/orm": "~2.2,>=2.2.3", // v2.4.2
"doctrine/doctrine-bundle": "~1.2", // v1.2.0
"twig/extensions": "~1.0", // v1.0.1
"symfony/assetic-bundle": "~2.3", // v2.3.0
"symfony/swiftmailer-bundle": "~2.3", // v2.3.5
"symfony/monolog-bundle": "~2.4", // v2.5.0
"sensio/distribution-bundle": "~2.3", // v2.3.4
"sensio/framework-extra-bundle": "~3.0", // v3.0.0
"sensio/generator-bundle": "~2.3", // v2.3.4
"incenteev/composer-parameter-handler": "~2.0", // v2.1.0
"doctrine/doctrine-fixtures-bundle": "~2.2.0", // v2.2.0
"ircmaxell/password-compat": "~1.0.3", // 1.0.3
"phpunit/phpunit": "~4.1" // 4.1.0
}
}
Hi, thank you for the tuto. Just one question, are we kept logged as admin when we apply this ? Thanks