Const// Add a method to implement server side security :
import { Impersonate } from "meteor/suprakit:ui";
Meteor.users.methods.impersonate = new ValidatedMethod({
name: "Meteor.users.methods.impersonate",
// No restriction here because any user should be abble to leave impersonation mode
validate: new SimpleSchema({
toUser: { type: String, regEx: SimpleSchema.RegEx.Id },
fromUser: { type: String, regEx: SimpleSchema.RegEx.Id, optional: true },
token: { type: String, optional: true },
}).validator(),
run({ toUser, fromUser, token }) {
// check security first
if (isAdmin(this.userId)) {
// le super admin peut impersonnate
} else if (typeof token !== "undefined" && isAdmin(toUser)) {
// on peut sortir d'impersonnation si token et que toUser est superadmin
// le token sera vérifié dans un second temps par le package
} else {
throw new Meteor.Error("403", "Unauthorized access");
}
// then proceed
let result = Impersonate.set({
userId: this.userId,
toUser: toUser,
fromUser: fromUser,
token: token,
});
this.setUserId(result.toUser);
return result;
},
});
// Start impersonation client side :
import { Impersonate } from "meteor/suprakit:ui";
Impersonate.do(userId);
// End impersonation :
import { Impersonate } from "meteor/suprakit:ui";
Impersonate.undo();
Impersonation object for Meteor taken from https://github.com/gwendall/meteor-impersonate