Laravel login as another user

Question

I am currently developing a laravel app where there are 3 user_roles

1. Superadmin
2. Admin
3. Normal

So each role can acc

Answer 1

Reading the comments I think you want to do the following:

• Editing anothers profile (or anything else)
• your rights have to be higher than the ones of the other account
• everything should be logged by the user that changed the entries, not by the owner

The following solutions are build in ones, maybe there are some packages for laravel to solve this kind of problem.

Auth::loginById($otherUserId) could be one solution:

• you have to check if the user is allowed to log in in this profile
• you have to remember your own user id (in a session) to add it for the log
• you can access only the pages the user can see (not the admin pages)

Another approach would be to use Policies

e.g. you are user 1 and want to edit the profile of user 3. in the update function user/3/profile. You call a policy function where you check if your user_role_id is smaller than the other ones. Then the record will be saved and the logger will log it away with your user id.

Both ways have pros and cons. Login with the id will give you exact the view of the other user. But you have to modify your logger (instead of Auth::id() use something with a session). Then you can implement a little button with (jump back to own profile) to login back in your own account. Using polices will be easier for the logger, but at every part you have to implement the check with the policy.

Not knowing the size and complexity of your project I would suggest the first solution. I implemented it by myself in one project but without the logger function.

Answer 2

You can use the following methods to log in any user

$userId = 1;
Auth::loginUsingId($userId, true);

or

$user = User::find(1);;
Auth::login($user);

If you have set up roles in your user model you could use something like

    //check if the current user is superadmin
    $userRoles = Auth::user()->getRoleNames()->toArray();
        if (in_array('superadmin', $userRoles)) {
             //login the user
             Auth::login($user);          
        }

Answer 3

First you need add 2 columns to user table: type(integer 1=admin, 2=some other) and active (boolean 1 to true and 0 false)

php artisan make:migration add_cols_to_users_table --table=users

    public function up()
{
    Schema::table('users', function (Blueprint $table) {
        $table->integer('type')->default(0);
        $table->boolean('active')->default(0);
    });
}

public function down()
{
    Schema::table('users', function ($table) {
        $table->dropColumn(['type', 'active']);
    });
}
}

link on some page

 <a href="{{ url('impersonate') }}/{{ $user->id }}" class="btn btn-success">Enter as {{$user->name}}</a>

someUserController.php:

use Illuminate\Support\Facades\Auth;

class someUserController extends Controller
{
public function __construct()
{
    $this->middleware('auth');
    $id = Auth::id();
    $user = User::find($id);

    //echo '<pre>ID:'.$id.' - '.print_r($user,1); die();

    if($user->type !== 1)  //1 for type admin
    {
        echo ' error not admin (nice try!).';
        die();
    }
}

public function impersonate($id)
{       
    Auth::logout(); // for end current session
    Auth::loginUsingId($id);

    return redirect()->to('get-dashboard');
}

}

routes.php | web.php

Route::get('/impersonate/{id}', 'someUserController@impersonate');

Route::get('get-dashboard', function () {

    $id = \Illuminate\Support\Facades\Auth::id();
    $user = \App\User::find($id);

    //echo '<pre>'.print_r($user,1); die();

    if(!$user->active) return redirect('404-page');


    switch($user->type)
    {
        case 1: return redirect('x-url-dashboard-1'); break;
        case 2: return redirect('x-url-dashboard-2'); break;
        case 3: return redirect('x-url-dashboard-3'); break;
    }


});