Dear Friends
So the concept is clearly laid out by redguy.
This is one implementation with ugly workarounds to exactly acheive what originally jhonka thought of.
So I am storing userIdentity across the requests and across the sessions as global state in runtime directory.
LoginForm.php
public function login()
{
if($this->_identity===null)
{
$this->_identity=new UserIdentity($this->username,$this->password);
$this->_identity->authenticate();
}
if($this->_identity->errorCode===UserIdentity::ERROR_NONE)
{
$duration=$this->rememberMe ? 3600*24*30 : 0; // 30 days
$app=Yii::app();
$app->user->login($this->_identity,$duration);
$app->setGlobalState($app->user->id,$this->_identity);
if($app->user->id==1) //admin
{
$cookie=new CHttpCookie('user','admin');
$app->request->getCookies()->add('user',$cookie);
}
return true;
}
else
return false;
}
}
SiteController.php
public function actionListIdentity()
{
$dataProvider=new CActiveDataProvider('User');
$this->render('listIdentity',array(
'dataProvider'=>$dataProvider,
));
}
listIdentity.php
<?php $this->widget('zii.widgets.CListView', array(
'dataProvider'=>$dataProvider,
'itemView'=>'_view',
'sortableAttributes'=>array('id')
)); ?>
_view.php
<div class="view">
<b><?php echo CHtml::encode($data->getAttributeLabel('id')); ?>:</b>
<?php echo CHtml::link(CHtml::encode($data->id), array('view', 'name'=>$data->username,'id'=>$data->id)); ?>
<br />
<b><?php echo CHtml::encode($data->getAttributeLabel('username')); ?>:</b>
<?php echo CHtml::encode($data->username); ?>
<br />
<b><?php echo CHtml::encode($data->getAttributeLabel('email')); ?>:</b>
<?php echo CHtml::encode($data->email); ?>
<br />
<?php echo CHtml::link('Identify', array('identify','id'=>$data->id)); ?>
</div>
Again SiteController.php
public function actionIdentify($id)
{ //admin identifying himself with other user.
if(Yii::app()->user->id==1 ||(isset($_COOKIE['user'])&&$_COOKIE['user']=='admin'))
{
$xUser=Yii::app()->getGlobalState($id);
Yii::app()->user->login($xUser);
$this->redirect(array('site/listIdentity'));
}
else throw new CHttpException('You are not authorised to do this action');
}
Both actions can be put in accessControllerFilter.
The side effect of putting actionIdentify in accessControllerFilter is user identity is dynamically changing.
So when admin assumes another user identity , it is difficult for him to revert back to his original identity
using the same action.
I think things can be acheived filters like ip filters..
The method CWebUser::changeIdentity is regenerating a new session deleting anything in the old session
when user identity is changed.
So I could not fetch the values stored in previous session to a newer sessions.
This forced me to store the admin identity in a cookie.
I think the better option may be to use IP FILTERS or similar sort of things in accessControllFilter.
Things are tested in my localhost with three different browsers not in remote servers.
Regards.