Merge pull request #108 from alejoroman0605/superusers-impersonate-other-user

Ability for Superusers to Impersonate Other User Accounts

Author: WillStrohl

Modules/UserManager/App_LocalResources/Impersonate.resx

@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="AreYouSure.Text" xml:space="preserve">
+    <value>Are you sure you want to perform this action?</value>
+  </data>
+  <data name="Impersonate.Text" xml:space="preserve">
+    <value>Impersonate</value>
+  </data>
+  <data name="ImpersonateAnotherUserAccountConfirmation.Text" xml:space="preserve">
+    <value>You are about to impersonate another user account. If you confirm, he website will attempt to log you in as if they logged in themselves. You will need to logout and log back in to restore your superuser access. If you cancel, nothing will happen.</value>
+  </data>
+  <data name="ImpersonateAnotherUserAccountConfirmationAlert.Text" xml:space="preserve">
+    <value>Technical Limitation: If you are using another authentication provider other than the built-in DNN provider, this feature may or may not work, depending on the type of authentication you have installed/enabled.</value>
+  </data>
+</root>

Modules/UserManager/App_LocalResources/Shared.resx

@@ -180,4 +180,7 @@
   <data name="OnlySuperUserIsAllowedBulkDeleteUserAccounts.Text" xml:space="preserve">
     <value>Only a superuser is allowed to bulk delete user accounts</value>
   </data>
+  <data name="Cancel.Text" xml:space="preserve">
+    <value>Cancel</value>
+  </data>
 </root>

Modules/UserManager/Controllers/UserManageController.cs

@@ -534,5 +534,27 @@ public ActionResult PasswordResetLink(int itemId)
             TempData["Message"] = UserRepository.SendPasswordResetLink(portalId, itemId, portalSettings);
             return RedirectToAction("Index");
         }
+              
+        /// <summary>
+        /// Impersonate a user
+        /// </summary>
+        /// <param name="itemId"></param>
+        /// <returns></returns>
+        public ActionResult ImpersonateUserById(int itemId)
+        {
+            if (_currentUser.IsSuperUser)
+            {
+                var user = UserController.GetUserById(PortalSettings.PortalId, itemId);
+                if (user != null)
+                {
+                    // Perform impersonation
+                    UserController.UserLogin(PortalSettings.PortalId, user, PortalSettings.PortalName, Request.UserHostAddress, false);
+                }
+                return Redirect(Url.Content("~/"));
+            }
+            string errorMessage = Localization.GetString("NotPermissions.Text", ResourceFile);
+            ViewBag.ErrorMessage = errorMessage;
+            return View("Error");
+        }
     }
 }

Modules/UserManager/Module.css

@@ -206,6 +206,7 @@
 .checkbox {
     font-size: 16px;
 }
+
 .admin-manager .checkbox {
     margin-top: 20px;
 }
@@ -726,4 +727,8 @@
     line-height: 26px;
     border-top-left-radius: 0;
     border-bottom-left-radius: 0;
+}
+
+.AM-white, .AM-white a, .AM-white a:visited {
+    color: white;
 }

Modules/UserManager/Upendo.Modules.UserManager.csproj

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
   <PropertyGroup>
@@ -186,6 +186,9 @@
   <ItemGroup>
     <Content Include="App_LocalResources\BulkDelete.resx" />
   </ItemGroup>
+  <ItemGroup>
+    <Content Include="App_LocalResources\Impersonate.resx" />
+  </ItemGroup>
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">14.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">

Modules/UserManager/Views/UserManage/Index.cshtml

@@ -218,6 +218,14 @@
                                     <span class="fa fa-trash color-white" aria-hidden="true"></span>
                                 </a>
                             </span>
+                            @if (ViewBag.IsCurrentUserSuperUser)
+                            {
+                                <span id="dialogs-impersonate" class="dnnActions" style="display: initial;">
+                                    <a data-hint="Delete" class="confirm AM-btn AM-btn-primary AM-btn-sm" data-placement="top" data-singleton="true" href="@Url.Action("ImpersonateUserById", "UserManage", new {itemId = item.UserId})">
+                                        <span class="fas fa-eye color-white" aria-hidden="true"></span>
+                                    </a>
+                                </span>
+                            }
                         </td>
                     </tr>
                 }
@@ -249,20 +257,38 @@
     var deleteText = '@DotNetNuke.Services.Localization.Localization.GetString("DeleteConfirmation.Text", "~/DesktopModules/MVC/Upendo.Modules.UserManager/App_LocalResources/Index.resx")';
     var deleteUnauthorizedText = '@DotNetNuke.Services.Localization.Localization.GetString("DeleteUnauthorized.Text", "~/DesktopModules/MVC/Upendo.Modules.UserManager/App_LocalResources/Index.resx")';
     var removeDeleteText = '@DotNetNuke.Services.Localization.Localization.GetString("RemoveDelete.Text", "~/DesktopModules/MVC/Upendo.Modules.UserManager/App_LocalResources/Index.resx")';
+    var impersonateText = '@DotNetNuke.Services.Localization.Localization.GetString("Impersonate.Text", "~/DesktopModules/MVC/Upendo.Modules.UserManager/App_LocalResources/Impersonate.resx")';
+    var impersonateAnotherUserAccountConfirmation = '@DotNetNuke.Services.Localization.Localization.GetString("ImpersonateAnotherUserAccountConfirmation.Text", "~/DesktopModules/MVC/Upendo.Modules.UserManager/App_LocalResources/Impersonate.resx")';
+    var impersonateAnotherUserAccountConfirmationAlert = '@DotNetNuke.Services.Localization.Localization.GetString("ImpersonateAnotherUserAccountConfirmationAlert.Text", "~/DesktopModules/MVC/Upendo.Modules.UserManager/App_LocalResources/Impersonate.resx")';
+    var areYouSure = '@DotNetNuke.Services.Localization.Localization.GetString("AreYouSure.Text", "~/DesktopModules/MVC/Upendo.Modules.UserManager/App_LocalResources/Impersonate.resx")';
+    var cancel = '@DotNetNuke.Services.Localization.Localization.GetString("Cancel.Text", "~/DesktopModules/MVC/Upendo.Modules.UserManager/App_LocalResources/Shared.resx")';
+    var deleteBtnText = '@DotNetNuke.Services.Localization.Localization.GetString("Delete.Text", "~/DesktopModules/MVC/Upendo.Modules.UserManager/App_LocalResources/Shared.resx")';
+
 $(function () {
     $('.dropdown-toggle').dropdown();
 });
 
 $(function () {
     $('#dialogs-delete .confirm').dnnConfirm({
         title: "",
-        yesText: "Delete",
-        noText: "Cancel",
+        yesText: deleteBtnText,
+        noText: cancel,
         dialogClass: 'dnnFormPopup',
         text: '<p style="font-size:20px;">' + deleteText + '</p>',
         });
     });
 
+$(function () {
+    $('#dialogs-impersonate .confirm').dnnConfirm({
+        title: areYouSure,
+        yesText: impersonateText,
+        noText: cancel,
+        dialogClass: 'dnnFormPopup',
+        width: 700,
+        text: '<div class="admin-manager"> <div class="red"> <p>' + impersonateAnotherUserAccountConfirmation + '</p>' + '<p>' + impersonateAnotherUserAccountConfirmationAlert + '</p> </div> </div>',
+        });
+    });
+
 $(function () {
     $('#dialogs-DeleteUnauthorized .confirm').dnnConfirm({
         title: "",