0

I have a requirement where I have to allow all of my regular users to impersonate a user of their choice.

I haven't been able to make this work. This is what I've done so far:

  1. Added the following properties to portal-ext.properties:

    portal.jaas.enable=false
portal.impersonation.enable=true

  2. Created a role for the purposes of impersonation

  3. Defined permissions for this new role: Portal > Users and organizations > View & Impersonate
  4. Assigned this role to a non-administrator user (user A)

I don't need my users to see the list of users they can impersonate, I just want liferay to impersonate a user if ?doAsUserId=x is present in the url (which does work if you are an administrator).

When I try to impersonate user B using user A, nothing happens. I get this error in the tomcat log:

1ERROR [http-bio-8180-exec-85][PortalImpl:5990] User 80413 does not have the permission to impersonate 25105

(User 80413 is my User A, the one attempting to impersonate user B [25105])

Am I missing something else?

mduck
  • 197
  • 1
  • 6
  • 23

1 Answers1

1

There is a condition in Lifeary, which checks the permission on the list of organizations for the impersonation. So, the user who is impersoneting the other user, must have a permission for "impersonation" in all the organisation of which, these users are part of.

if (doAsUser.isDefaultUser() ||
        UserPermissionUtil.contains(
            permissionChecker, doAsUserId, organizationIds,
            ActionKeys.IMPERSONATE)) {

        request.setAttribute(WebKeys.USER_ID, new Long(doAsUserId));

        return doAsUserId;
    }

So, those 2 users must be part of same organization and must be having impersonation permission for that organization.

Felix Christy
  • 2,179
  • 1
  • 19
  • 32