Added global notice to backend when the user is being impersonated

modules/backend/assets/css/winter.css

@@ -586,6 +586,9 @@ body {font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sa
 .control-tabs.primary-tabs.tabs-no-inset >ul.nav-tabs,
 .control-tabs.primary-tabs.tabs-no-inset >div >ul.nav-tabs,
 .control-tabs.primary-tabs.tabs-no-inset >div >div >ul.nav-tabs {margin-left:0;margin-right:0}
+.global-notice{position:sticky;top:0;display:flex;align-items:center;flex-wrap:wrap;gap:0.5em;justify-content:space-between;z-index:10500;background:#ab2a1c;color:#FFF;padding:0.5em 0.75em}
+.global-notice .notice-icon{font-size:1.5em;vertical-align:bottom;display:inline-block;margin-right:.25em}
+.global-notice .notice-text{display:inline-block;vertical-align:middle}
 .layout {display:table;table-layout:fixed;height:100%;width:100%}
 .layout >.layout-row {display:table-row;vertical-align:top;height:100%}
 .layout >.layout-row >.layout-cell {display:table-cell;vertical-align:top;height:100%}

modules/backend/lang/en/lang.php

@@ -47,7 +47,7 @@ return [
         'impersonate_confirm' => 'Are you sure you want to impersonate this user? You can revert to your original state by logging out.',
         'impersonate_success' => 'You are now impersonating this user',
         'impersonate_working' => 'Impersonating...',
-        'impersonating' => 'Impersonating :full_name',
+        'impersonating' => 'You are temporarily logged in as :impersonatee. Logs are still able to identify you as :impersonator',
         'stop_impersonating' => 'Stop impersonating',
         'unsuspend' => 'Unsuspend',
         'unsuspend_confirm' => 'Are you sure you want to unsuspend this user?',

modules/backend/layouts/default.htm

@@ -6,6 +6,23 @@
     </head>
     <body class="<?= $this->bodyClass ?>">
         <div id="layout-canvas">
+            <?php if (\BackendAuth::isImpersonator()) : ?>
+                <div class="global-notice">
+                    <div class="notice-content">
+                        <span class="notice-text">
+                            <span class="notice-icon wn-icon icon-exclamation-triangle"></span>
+                            <?= e(trans('backend::lang.account.impersonating', [
+                                'impersonator' => \BackendAuth::getImpersonator()->email,
+                                'impersonatee' => \BackendAuth::getUser()->email,
+                            ])); ?>
+                        </span>
+                    </div>
+                    <a href="<?= Backend::url('backend/auth/signout') ?>" class="notice-action btn btn-secondary">
+                        <?= e(trans('backend::lang.account.stop_impersonating')) ?>
+                    </a>
+                </div>
+            <?php endif; ?>
+
             <div class="layout">
 
                 <!-- Main Menu -->

modules/backend/models/User.php

@@ -227,13 +227,16 @@ class User extends UserBase
             $permissions = parent::getMergedPermissions();
 
             // If the user is being impersonated filter out any permissions the impersonator doesn't have access to already
-            if (BackendAuth::isImpersonator() && $impersonator = BackendAuth::getImpersonator() && $impersonator !== $this) {
-                foreach ($permissions as $i => $permission) {
-                    if (!$impersonator->hasAccess($permission)) {
-                        unset($permissions[$i]);
+            if (BackendAuth::isImpersonator()) {
+                $impersonator = BackendAuth::getImpersonator();
+                if ($impersonator && $impersonator !== $this) {
+                    foreach ($permissions as $i => $permission) {
+                        if (!$impersonator->hasAccess($permission)) {
+                            unset($permissions[$i]);
+                        }
                     }
+                    $this->mergedPermissions = $permissions;
                 }
-                $this->mergedPermissions = $permissions;
             }
         }