From 61f255264c8fff9cd8811202c80095c79bcd5874 Mon Sep 17 00:00:00 2001
From: Ioannis Igoumenos <ioigoume@gmail.com>
Date: Fri, 5 Apr 2024 17:46:53 +0300
Subject: [PATCH] Fully impersonate a user

---
 Controller/GrouperGroupsController.php | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/Controller/GrouperGroupsController.php b/Controller/GrouperGroupsController.php
index 4a7610b..03d74ed 100644
--- a/Controller/GrouperGroupsController.php
+++ b/Controller/GrouperGroupsController.php
@@ -205,8 +205,8 @@ public function beforeRender() {
                                                      $this->getActAsIdentifier(),
                                                      $cfg)
     );
-//    $this->set('vv_is_template_user', $this->GrouperGroup->isTemplateUser($this->userId ?? '', $cfg) );
-//    $this->set('vv_is_grouper_visible', $this->GrouperGroup->isGrouperVisible($this->userId ?? '', $cfg));
+//    $this->set('vv_is_template_user', $this->GrouperGroup->isTemplateUser($this->getUserId(), $cfg) );
+//    $this->set('vv_is_grouper_visible', $this->GrouperGroup->isGrouperVisible($this->getUserId(), $cfg));
   }
 
   /**
@@ -214,7 +214,9 @@ public function beforeRender() {
    */
   public function getActAsIdentifier(): ?string
   {
-    //If the actor Identifier is not set we will return the current user
+    // XXX We are anot acting as but we are impersonating an other user. As a result
+    //     both the actor and the user need to have the same identifier
+    // If the actor Identifier is not set we will return the current user
     return $this->actAsIdentifier ?? $this->getUserId();
   }
 
@@ -248,9 +250,11 @@ public function findSubscriber(): void
   /**
    * @return null|string
    */
-  public function getUserId(): null|string
+  public function getUserId(): ?string
   {
-    return $this->userId;
+    // XXX We are anot acting as but we are impersonating an other user. As a result
+    //     both the actor and the user need to have the same identifier
+    return $this->actAsIdentifier ?? $this->userId;
   }
 
   /**
@@ -317,7 +321,7 @@ public function groupSubscribers(): void
   public function groupOwnerApi(): void {
     //Set initial setting
     $arguments = [
-      'userId' => $this->userId,
+      'userId' => $this->getUserId(),
       'actorUserId' => $this->getActAsIdentifier(),
       'cfg' => $this->CoGrouperLiteWidget->getConfig()
     ];
@@ -359,7 +363,7 @@ public function groupOwnerApi(): void {
   public function groupMemberApi(): void {
     //Set initial setting
     $arguments = [
-      'userId' => $this->userId,
+      'userId' => $this->getUserId(),
       'actorUserId' => $this->getActAsIdentifier(),
       'cfg' => $this->CoGrouperLiteWidget->getConfig()
     ];
@@ -404,7 +408,7 @@ public function groupMemberApi(): void {
   public function groupOptinApi() {
     //Set initial setting
     $arguments = [
-      'userId' => $this->userId,
+      'userId' => $this->getUserId(),
       'actorUserId' => $this->getActAsIdentifier(),
       'cfg' => $this->CoGrouperLiteWidget->getConfig()
     ];
@@ -582,7 +586,7 @@ public function leaveGroup(): void
     try {
       if(!$this->GrouperGroup->removeGroupMember($this->getActAsIdentifier(),
                                                  $groupName,
-                                                 $this->userId,
+                                                 $this->getUserId(),
                                                  $this->CoGrouperLiteWidget->getConfig())) {
         // The Request returned unsuccessful, but we have not more infomration. In this case we will just return
         // forbidden since we do not actually now what happened