feature(impersonate as user): Admin can impersonate as others users

2026-01-27 18:54:08 +05:30 · 2026-01-27 18:54:08 +05:30 · a4f644ad20
commit a4f644ad20
parent 690a50408d
2 changed files with 38 additions and 0 deletions
--- a/app/Http/Controllers/Auth/ImpersonatedUserController.php
+++ b/app/Http/Controllers/Auth/ImpersonatedUserController.php
@ -0,0 +1,30 @@
+<?php
+
+namespace App\Http\Controllers\Auth;
+
+use App\Http\Controllers\Controller;
+use App\Models\User;
+use Auth;
+
+class ImpersonatedUserController extends Controller
+{
+    public function store(User $user)
+    {
+        Session()->put('impersonate', Auth::id());
+
+        Auth::login($user);
+
+        return to_route('explore');
+    }
+
+    public function destroy()
+    {
+        $adminId = Session()->get('impersonate');
+
+        Auth::loginUsingId($adminId);
+
+        Session()->forget('impersonate');
+
+        return to_route('admin.dashboard');
+    }
+}
--- a/routes/web/auth.php
+++ b/routes/web/auth.php
@ -1,7 +1,10 @@
 <?php

+use App\Enums\UserTypes;
 use App\Http\Controllers\Auth\AuthenticatedUserController;
+use App\Http\Controllers\Auth\ImpersonatedUserController;
 use App\Http\Controllers\Auth\RegisteredUserController;
+use App\Http\Middleware\HasRole;

 Route::middleware('guest')->group(function () {
    Route::resource('/login', AuthenticatedUserController::class)
@ -13,3 +16,8 @@
 Route::delete('/logout', [AuthenticatedUserController::class, 'destroy'])
    ->middleware('auth')
    ->name('logout');
+
+Route::middleware([HasRole::class.':'.UserTypes::Admin->value, 'auth'])->group(function () {
+    Route::get('/impersonate/{user}', [ImpersonatedUserController::class, 'store'])->name('impersonate');
+    Route::delete('/impersonate', [ImpersonatedUserController::class, 'destroy'])->name('impersonate.destroy');
+});