public IActionResult ImpersonatePost(AdminImpersonateUserViewModel viewModel)
{
viewModel.ParseAndValidateParameters(Request, m => m.EmailAddress);
if (viewModel.HasAnyErrors())
{
return(View("ImpersonateUser", viewModel));
}
// find the latest active user by email
User impersonatedUser = userRepository.FindByEmail(viewModel.EmailAddress, UserStatuses.Active);
if (impersonatedUser == null)
{
viewModel.AddErrorFor(m => m.EmailAddress, "This user does not exist");
return(View("ImpersonateUser"));
}
if (impersonatedUser.IsAdministrator())
{
viewModel.AddErrorFor(m => m.EmailAddress, "Impersonating other administrators is not permitted");
return(View("ImpersonateUser"));
}
User currentUser = ControllerHelper.GetGpgUserFromAspNetUser(User, dataRepository);
LoginHelper.LoginWithImpersonation(
HttpContext,
impersonatedUser.UserId,
LoginRoles.GpgEmployer,
currentUser.UserId);
return(RedirectToAction("ManageOrganisationsGet", "ManageOrganisations"));
}
public IActionResult Impersonate(string emailAddress)
{
var viewModel = new AdminImpersonateUserViewModel {
EmailAddress = emailAddress
};
return(View("ImpersonateUser", viewModel));
}
