Merge pull request #19 from Ioannis/fully_impersonate_user

Fully impersonate a user
internet2 · Apr 5, 2024 · eaf2117 · eaf2117
2 parents acf611e + 61f2552
commit eaf2117
Showing 1 changed file with 13 additions and 9 deletions.
diff --git a/Controller/GrouperGroupsController.php b/Controller/GrouperGroupsController.php
@@ -205,16 +205,18 @@ public function beforeRender() {
                                                      $this->getActAsIdentifier(),
                                                      $cfg)
     );
-//    $this->set('vv_is_template_user', $this->GrouperGroup->isTemplateUser($this->userId ?? '', $cfg) );
-//    $this->set('vv_is_grouper_visible', $this->GrouperGroup->isGrouperVisible($this->userId ?? '', $cfg));
+//    $this->set('vv_is_template_user', $this->GrouperGroup->isTemplateUser($this->getUserId(), $cfg) );
+//    $this->set('vv_is_grouper_visible', $this->GrouperGroup->isGrouperVisible($this->getUserId(), $cfg));
   }
 
   /**
    * @return null|string
    */
   public function getActAsIdentifier(): ?string
   {
-    //If the actor Identifier is not set we will return the current user
+    // XXX We are anot acting as but we are impersonating an other user. As a result
+    //     both the actor and the user need to have the same identifier
+    // If the actor Identifier is not set we will return the current user
     return $this->actAsIdentifier ?? $this->getUserId();
   }
 
@@ -248,9 +250,11 @@ public function findSubscriber(): void
   /**
    * @return null|string
    */
-  public function getUserId(): null|string
+  public function getUserId(): ?string
   {
-    return $this->userId;
+    // XXX We are anot acting as but we are impersonating an other user. As a result
+    //     both the actor and the user need to have the same identifier
+    return $this->actAsIdentifier ?? $this->userId;
   }
 
   /**
@@ -317,7 +321,7 @@ public function groupSubscribers(): void
   public function groupOwnerApi(): void {
     //Set initial setting
     $arguments = [
-      'userId' => $this->userId,
+      'userId' => $this->getUserId(),
       'actorUserId' => $this->getActAsIdentifier(),
       'cfg' => $this->CoGrouperLiteWidget->getConfig()
     ];
@@ -359,7 +363,7 @@ public function groupOwnerApi(): void {
   public function groupMemberApi(): void {
     //Set initial setting
     $arguments = [
-      'userId' => $this->userId,
+      'userId' => $this->getUserId(),
       'actorUserId' => $this->getActAsIdentifier(),
       'cfg' => $this->CoGrouperLiteWidget->getConfig()
     ];
@@ -404,7 +408,7 @@ public function groupMemberApi(): void {
   public function groupOptinApi() {
     //Set initial setting
     $arguments = [
-      'userId' => $this->userId,
+      'userId' => $this->getUserId(),
       'actorUserId' => $this->getActAsIdentifier(),
       'cfg' => $this->CoGrouperLiteWidget->getConfig()
     ];
@@ -582,7 +586,7 @@ public function leaveGroup(): void
     try {
       if(!$this->GrouperGroup->removeGroupMember($this->getActAsIdentifier(),
                                                  $groupName,
-                                                 $this->userId,
+                                                 $this->getUserId(),
                                                  $this->CoGrouperLiteWidget->getConfig())) {
         // The Request returned unsuccessful, but we have not more infomration. In this case we will just return
         // forbidden since we do not actually now what happened