File tree Expand file tree Collapse file tree 1 file changed +13
-2
lines changed
Expand file tree Collapse file tree 1 file changed +13
-2
lines changed Original file line number Diff line number Diff line change @@ -6,7 +6,18 @@ import { getImpersonationId } from "./impersonation.server";
66export async function getUserId ( request : Request ) : Promise < string | undefined > {
77 const impersonatedUserId = await getImpersonationId ( request ) ;
88
9- if ( impersonatedUserId ) return impersonatedUserId ;
9+ if ( impersonatedUserId ) {
10+ // Verify the real user (from the session cookie) is still an admin
11+ const authUser = await authenticator . isAuthenticated ( request ) ;
12+ if ( authUser ?. userId ) {
13+ const realUser = await getUserById ( authUser . userId ) ;
14+ if ( realUser ?. admin ) {
15+ return impersonatedUserId ;
16+ }
17+ }
18+ // Admin revoked or session invalid — fall through to return the real user's ID
19+ return authUser ?. userId ;
20+ }
1021
1122 let authUser = await authenticator . isAuthenticated ( request ) ;
1223 return authUser ?. userId ;
@@ -54,7 +65,7 @@ export async function requireUser(request: Request) {
5465 dashboardPreferences : user . dashboardPreferences ,
5566 confirmedBasicDetails : user . confirmedBasicDetails ,
5667 mfaEnabledAt : user . mfaEnabledAt ,
57- isImpersonating : ! ! impersonationId ,
68+ isImpersonating : ! ! impersonationId && impersonationId === userId ,
5869 } ;
5970 }
6071
You can’t perform that action at this time.
0 commit comments