From a4f644ad201b9b6da85e7157b0e0805c783d32f0 Mon Sep 17 00:00:00 2001
From: kusowl <kushal.saha@outlook.com>
Date: Tue, 27 Jan 2026 18:54:08 +0530
Subject: [PATCH] feature(impersonate as user): Admin can impersonate as others
 users

---
 .../Auth/ImpersonatedUserController.php       | 30 +++++++++++++++++++
 routes/web/auth.php                           |  8 +++++
 2 files changed, 38 insertions(+)
 create mode 100644 app/Http/Controllers/Auth/ImpersonatedUserController.php

diff --git a/app/Http/Controllers/Auth/ImpersonatedUserController.php b/app/Http/Controllers/Auth/ImpersonatedUserController.php
new file mode 100644
index 0000000..aa20423
--- /dev/null
+++ b/app/Http/Controllers/Auth/ImpersonatedUserController.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Http\Controllers\Auth;
+
+use App\Http\Controllers\Controller;
+use App\Models\User;
+use Auth;
+
+class ImpersonatedUserController extends Controller
+{
+    public function store(User $user)
+    {
+        Session()->put('impersonate', Auth::id());
+
+        Auth::login($user);
+
+        return to_route('explore');
+    }
+
+    public function destroy()
+    {
+        $adminId = Session()->get('impersonate');
+
+        Auth::loginUsingId($adminId);
+
+        Session()->forget('impersonate');
+
+        return to_route('admin.dashboard');
+    }
+}
diff --git a/routes/web/auth.php b/routes/web/auth.php
index 143fd08..6e4fc26 100644
--- a/routes/web/auth.php
+++ b/routes/web/auth.php
@@ -1,7 +1,10 @@
 <?php
 
+use App\Enums\UserTypes;
 use App\Http\Controllers\Auth\AuthenticatedUserController;
+use App\Http\Controllers\Auth\ImpersonatedUserController;
 use App\Http\Controllers\Auth\RegisteredUserController;
+use App\Http\Middleware\HasRole;
 
 Route::middleware('guest')->group(function () {
     Route::resource('/login', AuthenticatedUserController::class)
@@ -13,3 +16,8 @@
 Route::delete('/logout', [AuthenticatedUserController::class, 'destroy'])
     ->middleware('auth')
     ->name('logout');
+
+Route::middleware([HasRole::class.':'.UserTypes::Admin->value, 'auth'])->group(function () {
+    Route::get('/impersonate/{user}', [ImpersonatedUserController::class, 'store'])->name('impersonate');
+    Route::delete('/impersonate', [ImpersonatedUserController::class, 'destroy'])->name('impersonate.destroy');
+});