How to identify if a user is being impersonated in Symfony2?

impersonate user meaning
symfony user provider
symfony check user
symfony manually authenticate user
symfony impersonate
symfony 4 users
symfony refresh user
symfony user entity

In an application built with Symfony2 we want superadmins to be able to impersonate other users. This is easily done by giving the superadmin user the ROLE_ALLOWED_TO_SWITCH role. The switching is implemented with a call to "somewhere?_switch_user=" as suggesed in the reference documentation.

The problem however, is to detect in a template if the current user is actually impersonated so as to print a link to "somewhere?_switch_user=_exit" on the page, thus enabling the impersonating user to return to her real user.


I haven't been using Symfony2 for a while so I'm not sure, but when you switch to another user you gain all roles assigned to that user and one extra role: ROLE_PREVIOUS_ADMIN. So I guess all you need to do is to use voter to check whether such a role is assigned to the current user using voter.

// Twig

{% if is_granted('ROLE_PREVIOUS_ADMIN') %}
    <a href="...?_switch_user=_exit">EXIT</a>
{% endif %}

// PHP

<?php if ($view['security']->isGranted('ROLE_PREVIOUS_ADMIN')): ?>
    <a href="...?_switch_user=_exit">EXIT</a>
<?php endif ?>

symfony, In an application built with Symfony2 we want superadmins to be able to impersonate other users. This is easily done by giving the superadmin user the  How to Impersonate a User¶. Sometimes, it's useful to be able to switch from one user to another without having to log out and log in again (for instance when you are debugging something a user sees that you can't reproduce).


An example of how to get more details about the impersonator:

use Symfony\Component\Security\Core\Role\SwitchUserRole;


$sec = $this->get('security.context');

if($sec->isGranted('ROLE_PREVIOUS_ADMIN')) {
  foreach($sec->getToken()->getRoles() as $role) {
    if ($role instanceof SwitchUserRole) {
      $admin_user = $role->getSource()->getUser();
    }
  }
}

You then have admin_user as the original user object. Remember to use the SwitchUserRole.

How to Impersonate a User (Symfony Docs), How to Impersonate a User: Sometimes, it's useful to be able to switch from one user to When a user is being impersonated, Symfony grants them a special role called First, configure switch_user to check for some new, custom attribute. 22 How to identify if a user is being impersonated in Symfony2? Jun 16 '11. 15 Symfony2: How to find the users that have permissions for a certain domain object?


An example of how to display impersonator in twig:

{% if is_granted('ROLE_PREVIOUS_ADMIN') %}
  {% for role in app.security.token.roles %}
    {% if role.role == 'ROLE_PREVIOUS_ADMIN' %}
      {{ role.source.user.username }}
    {% endif %}
  {% endfor %}
{% endif %}

Impersonation (switch_user) > Symfony Security: Beautiful , Symfony Security: Beautiful Authentication, Powerful Authorization URL and add ?_switch_user= and the email address of a user that you want to impersonate. If you changed this to id , we would need to use the id with switch user. Anyways, to exit and return to your normal identity, find a phone booth, close the door,  2 How to identify if a user is being impersonated in Symfony2? Mar 28 '13. 2 How can I make a custom field type in symfony2? Aug 15 '12. View all questions and


If you need to test role from the previous admin user :

Working on Symfony 3.4

{% if is_granted('ROLE_PREVIOUS_ADMIN') %}
    {% for role in app.token.roles %}
        {% if role.role == 'ROLE_PREVIOUS_ADMIN' %}
            {% for role_from_previous in role.source.roles if role_from_previous.role == "ROLE_DELETE" %}
                {{ role.source.user.username }} has "ROLE_DELETE"
            {% endfor %}
        {% endif %}
    {% endfor %}
{% endif %}

Impersonating a Different User, What's cool about being able to Impersonate a User in Symfony is that you won't Posted: Nov 11, 2015 18 How to identify if a user is being impersonated in Symfony2? Feb 1 '12. 16 How does apache PHP memory usage really work? [closed] Jul 13 '12.


Stateless User Impersonation, Learn how to impersonate users as an Admin of a JSON API. being able to switch from your logged in Admin credentials to 'trick' Symfony into thinking you are a different user is very useful, particularly as you do not need to know the user's Well, these videos are all about impersonating users when using stateless  Security User Providers¶. User providers are PHP classes related to Symfony Security that have two jobs: Reload the User from the Session At the beginning of each request (unless your firewall is stateless), Symfony loads the User object from the session.


Impersonating a User in Symfony2 · GitHub, <p class="pull-right">Logged in as <span>{{ app.security.token.username }}</​span></p>. {% if users is defined %}. <ul class="nav secondary-nav">. The [impersonationUserName] is the impersonation user Retain uses to access Exchange mailboxes. To check the impersonation account, run this command in Exchange Management Shell: Get-ManagementRoleAssignment -RoleAssignee "[ impersonationUserName] " -Role ApplicationImpersonation -RoleAssigneeType user


User switch with custom restrictions in Symfony, The Symfony security component supports this functionality, but only based event is being dispatched at the end of each method containing the user If a user is impersonating, check if we want to switch back, in that case. About FOSUserBundle User Manager¶ In order to be storage agnostic, all operations on the user instances are handled by a user manager implementing FOS\UserBundle\Model\UserManagerInterface. Using it ensures that your code will continue to work if you change the storage.