Let us invite you to an exciting masquerade! Its mission is to check what each user can see or do on your website. Drupal has an awesomely flexible system of user roles and permissions, as well as opportunities for fine-grained user access. These are the keystones of Drupal security, smooth user experiences, and cool features. You can make the most out of them, and then test the result for different users with the help of the Masquerade module. Interested? Let the masquerade begin!
How the Masquerade module works
The essence of Drupal Masquerade
To check new features or settings related to user access or permissions, site builders and administrators usually create test user accounts.
Without the Masquerade module, they have to log in and out of these test accounts, which is not always convenient. The Masquerade module lets them switch accounts with no login procedures and surf the site as a particular user. They can easily try on the “mask” of any user and then take it off by clicking “Unmasquerade.”
Who can masquerade as who: user permissions
Usually, it’s only the administrator that’s allowed to do the masquerading. However, permissions to use masquerade can be fine-tuned in People — Roles — Permissions.
As you see, there is no option to masquerade as anonymous user, since it is considered a little buggy.
How to masquerade as a user
The module works a little differently in Drupal 6, 7, and 8. In today’s example, we will look at Drupal 8.
So, with the Masquerade module installed and enabled, the “Masquerade as” option will become available next to each user in the dropdown list of “operations.” We can also see it on each user’s page.
In addition, there is a handy form for quick user switching that can be placed anywhere on the website, like any other block. In Structure — Block layout, we click on the site’s region where we want to see it, click “Place block”, find “Masquerade — Forms” on the list, click “Place block” again, and finally save the blocks.
It is very handy to have the “Masquerade as” form in the left sidebar. The “Unmasquerade” link is at the top of the page.
An example of Masquerade module’s use
It’s now time to invite a couple of our masquerade participants! Our authenticated users will be Colombina and Arlecchino.
In our example, authenticated users can post their content, and each user should have a “My masquerade photos” page where only they see the photos they authored.
For this experiment, let’s make sure that at least some pieces of content for this content type are authored by Colombina and Arlecchino. We can change this in the “Authored by” option of each piece of content.
Let’s now create a simple views with all photos. It now shows all of them yet with no filtering according to user.
To achieve this, we will go to views advanced settings. There, let’s add a relationship to author, as well as create a contextual filter that only displays the content if its author matches the current user ID. And the Masquerade module will then help us check if each user really sees their own photos only.
So our roleplay begins — we are going to the “Masquerade as” form in the left sidebar and masquerading as Colombina. That’s right, we can only see her content. Awesome!
Since only the administrator can use masquerade and we are now “Colombina,” the “Masquerade as” form disappeared from the sidebar.
Let’s click “Unmasquerade” at the top of the page to return to admin’s account, and then masquerade as Arlecchino. We only see Arlecchino’s content. Wonderful!
We should never forget to unmasquerade back. The masquerade has been successful and it is now over.
That’s been a brief overview of what the Masquerade module can do for testing purposes. Drupal hides many more secrets, and its possibilities are unlimited.
Contact our team if you want to create amazing access-based features for your users, set up an order to all roles and permissions, get help with testing, and so much more!