Impersonation

Using impersonation, a user or user group can see the website through another user's or user group's eyes and act on their behalf in terms of permissions on content, the product catalog, and products.

The impersonation functionality is already built into the templates of Rapido, so what you need to do is:

  • Set up a repository
  • Define which users can impersonate whom
  • Create an impersonation page
Figure 1.1 Impersonation example

This guide is based on an empty Rapido solution (no content and no products).

If a user has other users available to impersonate, we call these available users Secondary users. To make impersonation work, you must create an index and a query to render all available secondary users.

Open the Settings area and right-click the Repositories node to create a new repository (Figure 2.1). Call it Secondary users.

Figure 2.1 Create a new repository

In the repository view (Figure 2.2), click add index in the ribbon bar and call it Users.

Figure 2.2 Add a new index

Add an instance called Users with the LuceneIndexProvider provider and then, add a build (Figure 2.3) and select the Dynamicweb.Security.UserManagement.Indexing.UserIndexBuilder.

Figure 2.3 Add an instance and a UserIndexBuilder build

Save the index (1) and then click the yellow build button to build your Users index (2).

Figure 3.1 Build your index

Now, click Add field and select the Schema extender field type and the UserIndexSchemaExtender type. Click OK.

Then, add another field and (Figure 3.2):

  • Select the Summary field field type
  • Write SearchField as the name and system name
  • Set the field to be Stored, Indexed, and Analyzed
  • Under Sources, add 7 fields with:
    • User e-mail
    • User name
    • Name
    • Company
    • First Name
    • Last Name
    • Customer number

Save and close the index.

Figure 3.2 Add a schema extender field and a SearchField field

Back at the repository view, click Add Query (Figure 3.3) and call it Users and select the Users index as the Data Source.

Figure 3.3 Add a query

Add a parameter with the name q and the type System.String. This parameter will be used in the search field.

Under Expressions, click Add group and create three expressions with the:

  • SearchField field, the Contains operator, and click the pencil icon to select the Parameter > q
  • Active field, the Equal operator, and the True value
  • CanBeImpersonatedBy field, the MatchAny operator, and click the pencil icon to select the Macro > UserID

Lastly, click Add sorting and select the User name field and make it Ascending.

Your query should now look like Figure 4.1. Save and close the query.

Figure 4.1 Set your query up like this

First, you must go through your users that should be able to impersonate. For each user, click Impersonation in the ribbon bar (Figure 5.1) and select:

  • Which users this user can impersonate - "I can impersonate"
  • Which users can impersonate this user - "Can impersonate me"

When you allow user 1 to impersonate user 2, user 1 will automatically show up in user 2's "Can impersonate me" list.

Figure 5.1 Setup impersonation on the individual users

Then, go to Settings > Repositories > Secondary users. Enter the User index and build the index (Figure 5.2).

Figure 5.2 Build your users index again

Now, even though the users have the ability to impersonate users, they can't activate it in frontend, which is the goal. So, you must create a page which the users can access upon login where they can choose a user (group) to impersonate.

Create a page called Impersonation and make it Hide in menu. Then, create a paragraph and attach the Query Publisher app to it (Figure 6.1).

Figure 6.1 Create a page and paragraph with the Query Publisher attached

In the app settings (Figure 6.2) under Queries, select the Users.query. Under Template, select the QueryPublisher/SecondaryUsers.cshtml template.

Figure 6.2 Select the Users query and the SecondaryUsers template

Lastly, save and close the paragraph. In the page view, open the Properties and go to the Options tab. Click Navigation (Figure 6.3) and write Impersonation as the Navigation tag.

Figure 6.3 Configure the navigation tag for the Impersonation page

Users are able to retrieve a list of the orders they have placed for others, through impersonation. A collected list of all previous orders, from users that have been impersonated will be present, along with a reorder link.

Figure 7.1 My customers' orders

To set this up, create a new page under Customer Center > My Account and name it "My customers orders''.  

Figure 7.2 Creating the page

After creating the page, create a paragraph and attach the Customer Center app to it. The configuration should be present after selecting the app (Figure 7.3). 

Figure 7.3 Customer center app settings

In the app configuration, scroll down to the orders section and choose ''Own orders and orders made by users that current user can impersonate'' from the retrieve list based on options (Figure 8.1). 

Figure 8.1 Orders settings

After this, the last step is making sure you have the correct template settings. Select the same templates as in Figure 8.2.

Figure 8.2 Template selection