Allowing all users to impersonate any user in liferay

Question

I have a requirement where I have to allow all of my regular users to impersonate a user of their choice.

I haven't been able to make this work. This is what I've done so far:

1. Added the following properties to portal-ext.properties:

   portal.jaas.enable=false
   portal.impersonation.enable=true
   

2. Created a role for the purposes of impersonation

3. Defined permissions for this new role: Portal > Users and organizations > View & Impersonate
4. Assigned this role to a non-administrator user (user A)

I don't need my users to see the list of users they can impersonate, I just want liferay to impersonate a user if ?doAsUserId=x is present in the url (which does work if you are an administrator).

When I try to impersonate user B using user A, nothing happens. I get this error in the tomcat log:

1ERROR [http-bio-8180-exec-85][PortalImpl:5990] User 80413 does not have the permission to impersonate 25105

(User 80413 is my User A, the one attempting to impersonate user B [25105])

Am I missing something else?

Answer 1

There is a condition in Lifeary, which checks the permission on the list of organizations for the impersonation. So, the user who is impersoneting the other user, must have a permission for "impersonation" in all the organisation of which, these users are part of.

if (doAsUser.isDefaultUser() ||
        UserPermissionUtil.contains(
            permissionChecker, doAsUserId, organizationIds,
            ActionKeys.IMPERSONATE)) {

        request.setAttribute(WebKeys.USER_ID, new Long(doAsUserId));

        return doAsUserId;
    }

So, those 2 users must be part of same organization and must be having impersonation permission for that organization.