feat: add user impersonation service

2025-11-17 10:44:19 -08:00
parent f60c986e07
commit a7029b5f57
21 changed files with 1343 additions and 6 deletions
--- a/app/Http/Controllers/ImpersonationController.php
+++ b/app/Http/Controllers/ImpersonationController.php
@@ -0,0 +1,115 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers;
+
+use App\Models\User;
+use App\Services\ImpersonationService;
+use Filament\Notifications\Notification;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+
+final class ImpersonationController extends Controller
+{
+    public function __construct(
+        private readonly ImpersonationService $impersonationService
+    ) {}
+
+    /**
+     * Start impersonating a user.
+     */
+    public function start(Request $request, User $user)
+    {
+        $admin = Auth::user();
+
+        if (! $admin || ! $admin->isSuperAdmin()) {
+            Notification::make()
+                ->title('Access Denied')
+                ->body('Only SuperAdmin users can impersonate other users.')
+                ->danger()
+                ->send();
+
+            return redirect()->back();
+        }
+
+        if (! $this->impersonationService->startImpersonation($admin, $user, $request)) {
+            Notification::make()
+                ->title('Impersonation Failed')
+                ->body('Unable to start impersonation. Please check permissions and try again.')
+                ->danger()
+                ->send();
+
+            return redirect()->back();
+        }
+
+        Notification::make()
+            ->title('Impersonation Started')
+            ->body("You are now logged in as {$user->name}.")
+            ->success()
+            ->send();
+
+        // Redirect to user dashboard (assuming you have a dashboard route)
+        return redirect()->route('dashboard');
+    }
+
+    /**
+     * Stop impersonating the current user.
+     */
+    public function stop(Request $request)
+    {
+        if (! $this->impersonationService->isImpersonating()) {
+            return redirect()->to(\Filament\Pages\Dashboard::getUrl());
+        }
+
+        $impersonator = $this->impersonationService->getCurrentImpersonator();
+
+        if (! $this->impersonationService->stopImpersonation($request)) {
+            Notification::make()
+                ->title('Failed to Stop Impersonation')
+                ->body('Unable to stop impersonation session.')
+                ->danger()
+                ->send();
+
+            return redirect()->back();
+        }
+
+        Notification::make()
+            ->title('Impersonation Ended')
+            ->body('You have been returned to your admin account.')
+            ->success()
+            ->send();
+
+        return redirect()->to(\Filament\Pages\Dashboard::getUrl());
+    }
+
+    /**
+     * Show impersonation status (AJAX endpoint).
+     */
+    public function status(Request $request)
+    {
+        if (! $this->impersonationService->isImpersonating()) {
+            return response()->json([
+                'is_impersonating' => false,
+            ]);
+        }
+
+        $impersonator = $this->impersonationService->getCurrentImpersonator();
+        $target = Auth::user();
+        $remainingMinutes = $this->impersonationService->getRemainingMinutes();
+
+        return response()->json([
+            'is_impersonating' => true,
+            'impersonator' => [
+                'name' => $impersonator?->name,
+                'email' => $impersonator?->email,
+            ],
+            'target' => [
+                'name' => $target?->name,
+                'email' => $target?->email,
+            ],
+            'remaining_minutes' => $remainingMinutes,
+            'expires_soon' => $remainingMinutes <= 5,
+        ]);
+    }
+}
--- a/app/Http/Middleware/ImpersonationMiddleware.php
+++ b/app/Http/Middleware/ImpersonationMiddleware.php
@@ -0,0 +1,52 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Middleware;
+
+use App\Services\ImpersonationService;
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Symfony\Component\HttpFoundation\Response;
+
+final class ImpersonationMiddleware
+{
+    public function __construct(
+        private readonly ImpersonationService $impersonationService
+    ) {}
+
+    public function handle(Request $request, Closure $next): Response
+    {
+        // Check if impersonation has expired
+        if ($this->impersonationService->isImpersonating() &&
+            $this->impersonationService->isImpersonationExpired()) {
+
+            $this->impersonationService->stopImpersonation($request);
+
+            // Redirect to admin dashboard with expired message
+            return redirect()->to(\Filament\Pages\Dashboard::getUrl())->with('impersonation_expired', 'Your impersonation session has expired.');
+        }
+
+        // Share impersonation data with all views
+        if ($this->impersonationService->isImpersonating()) {
+            $impersonator = $this->impersonationService->getCurrentImpersonator();
+            $remainingMinutes = $this->impersonationService->getRemainingMinutes();
+            $startTime = $this->impersonationService->getImpersonationStartTime();
+
+            view()->share('isImpersonating', true);
+            view()->share('impersonator', $impersonator);
+            view()->share('impersonationTarget', Auth::user());
+            view()->share('impersonationRemainingMinutes', $remainingMinutes);
+            view()->share('impersonationStartTime', $startTime);
+        } else {
+            view()->share('isImpersonating', false);
+            view()->share('impersonator', null);
+            view()->share('impersonationTarget', null);
+            view()->share('impersonationRemainingMinutes', 0);
+            view()->share('impersonationStartTime', null);
+        }
+
+        return $next($request);
+    }
+}