Description
_Some_ users are unable to impersonate a pending user despite having the necessary permissions. A user with accessCp, editUsers, and impersonateUsers is able to impersonate an active user but not a pending user. Craft::$app->users->canImpersonate() does return true for the imposter.
I have reproduced this on two projects, one of which is a clean installation.
Steps to reproduce
- Create an imposter user with the permissions above.
- _Note: I also tried applying all permissions in the user permissions section. This produces the same result._
- Create a user which is pending.
- Try impersonating the user created in step two, through the users CP area, while logged in as the user in step one.
- You are then redirected to the login page as a guest.
Additional info
- Craft version: 3.6.1 and 3.5.17.1
- PHP version: 7.4
ccchapman
All 9 comments
@ccchapman I think this is expected behaviour personally, a pending user ( as long as they're pending ) can't access the CP. But on the other hand maybe the canImpersonate() should indeed return false when a user is pending.
michtio
on 1 Feb 2021
@michtio - It is confusing because an admin can impersonate a pending user and it is unclear to me why the same wouldn't work with a non-admin with the permissions described. If a non-admin user cannot impersonate a pending user, then you would expect to either receive an error or not see the impersonate link in the first place.
ccchapman
on 1 Feb 2021
This is in fact a bug, and only affects the new “Copy impersonation URL” action. If you click “Login as [user]” instead, in will work as expected.
Just fixed for the next release!
brandonkelly
on 3 Feb 2021
@brandonkelly - This issue was using the "login as" button and not the copy impersonation URL feature. Sorry for not specifying. Let me know if you cannot reproduce it under that situation.
ccchapman
on 3 Feb 2021
@ccchapman I wasn’t able to reproduce using the “Login as [user]” option. Do you have any plugins or modules that could be interfering?
brandonkelly
on 3 Feb 2021
@brandonkelly - No plugins or modules. I have just reproduced on a clean installation of craftcms/craft. I made a screencast which may be more helpful to see exactly what steps I am taking.
ccchapman
on 3 Feb 2021
I’m able to reproduce when logged in as that second user account. Will look into it and fix.
brandonkelly
on 3 Feb 2021
Finally got around to this, and have fixed it for the next release.
brandonkelly
on 1 Mar 2021
Craft 3.6.8 is out now with the fix.
brandonkelly
on 3 Mar 2021
Related issues
Mosnar
·
3Comments
lukebailey
·
3Comments
angrybrad
·
3Comments
rynpsc
·
3Comments
bitboxfw
·
3Comments