I added the permission "Masquerade as politician" for the users of role "content manager". But users of role "content manager" do not see the masquerade link for politicians - although they have the permission.
The problem appears to be this part in masquerade_masquerade_access():
// Permissions may be granted on a per-role basis.
$target_account_roles = $target_account->getRoles();
foreach ($target_account_roles as $role_id) {
if (!$user->hasPermission("masquerade as $role_id")) {
return NULL;
}
}
The first role the code receives here is "authenticated". As the user should only be allowed to masquerade as role B user this part will return NULL immediately even when the user has the permission to access all other roles.
I understand that the user should only be allowed to masquerade when he has masquerade permissions for all roles the target user has. But now we can add permission for individual roles - but the masqerading user can only masquerade when he has the permission to masquerade as authenticated user - which is the same as the permission "masquerade as any user".
Needs review
2.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Just made a patch file from the PR to use it via the composer
Since this seems to be getting old, here is a quick fix - ignore the locked roles (anon, authenticated) during the check.