User Switching

FAQ

Does this plugin work with PHP 8?

Yes, it’s actively tested and working up to PHP 8.1.

「スイッチオフ」とはどういう意味ですか。

スイッチオフすると、現在のアカウントからログアウトしますが、ユーザー ID を認証 cookie に保存するので、手動でログインし直さなくてもログイン状態に戻れます。ユーザーを切り替えずに元のユーザーに戻るような動作です。

スイッチオフリンクは、WordPress ツールバーのプロフィールメニューにあります。スイッチオフすると、ログイン画面とサイトのフッターにスイッチバックリンクが表示されます。

このプラグインは WordPress マルチサイトでも動作しますか。

はい。ネットワーク管理者のユーザー画面でユーザーを切り替えることもできます。

Does this plugin work with WooCommerce?

Yes, and you’ll also be able to switch users from various WooCommerce administration screens.

BuddyPress と一緒に使えますか ?

はい。メンバープロフィール画面やメンバーリスト画面でユーザーを切り替えることもできます。

bbPress と一緒に使えますか ?

はい。メンバープロフィール画面でユーザーを切り替えることもできます。

2段階認証プラグインを使用しているサイトでも動作しますか?

はい、ほとんど動作します。

わかっている例外の一つは Duo Security です。このプラグインを使っている場合は、User Switching for Duo Security アドオンをインストールする必要があります。このアドオンは、ユーザー切り替えの際に2段階認証プロンプトが表示されるのを抑止します。

アカウントを切り替えるのに必要な権限は何ですか?

ユーザーアカウントを切り替えるには、edit_users 権限が必要です。デフォルトでは、この権限があるのは管理者だけです。マルチサイトを有効化したサイトでは、特権管理者だけがこの権限を持ちます。

Can the ability to switch accounts be granted to other users or roles?

Yes. The switch_users meta capability can be explicitly granted to a user or a role to allow them to switch users regardless of whether or not they have the edit_users capability. For practical purposes, the user or role will also need the list_users capability so they can access the Users menu in the WordPress admin area.

add_filter( 'user_has_cap', function( $allcaps, $caps, $args, $user ) {
    if ( 'switch_to_user' === $args[0] ) {
        if ( my_condition( $user ) ) {
            $allcaps['switch_users'] = true;
        }
    }
    return $allcaps;
}, 9, 4 );

Note that this needs to happen before User Switching’s own capability filtering, hence the priority of 9.

Can the ability to switch accounts be denied from users?

Yes. User capabilities in WordPress can be set to false to deny them from a user. Denying the switch_users capability prevents the user from switching users, even if they have the edit_users capability.

add_filter( 'user_has_cap', function( $allcaps, $caps, $args, $user ) {
    if ( 'switch_to_user' === $args[0] ) {
        if ( my_condition( $user ) ) {
            $allcaps['switch_users'] = false;
        }
    }
    return $allcaps;
}, 9, 4 );

Note that this needs to happen before User Switching’s own capability filtering, hence the priority of 9.

Can I add a custom “Switch To” link to my own plugin or theme?

Yes. Use the user_switching::maybe_switch_url() method for this. It takes care of authentication and returns a nonce-protected URL for the current user to switch into the provided user account.

if ( method_exists( 'user_switching', 'maybe_switch_url' ) ) {
    $url = user_switching::maybe_switch_url( $target_user );
    if ( $url ) {
        printf(
            '<a href="%1$s">Switch to %2$s</a>',
            esc_url( $url ),
            esc_html( $target_user->display_name )
        );
    }
}

This link also works for switching back to the original user, but if you want an explicit link for this you can use the following code:

if ( method_exists( 'user_switching', 'get_old_user' ) ) {
    $old_user = user_switching::get_old_user();
    if ( $old_user ) {
        printf(
            '<a href="%1$s">Switch back to %2$s</a>',
            esc_url( user_switching::switch_back_url( $old_user ) ),
            esc_html( $old_user->display_name )
        );
    }
}

Can I determine whether the current user switched into their account?

Yes. Use the current_user_switched() function for this.

if ( function_exists( 'current_user_switched' ) ) {
    $switched_user = current_user_switched();
    if ( $switched_user ) {
        // User is logged in and has switched into their account.
        // $switched_user is the WP_User object for their originating user.
    }
}

Does this plugin allow a user to frame another user for an action?

Potentially yes, but User Switching includes some safety protections for this and there are further precautions you can take as a site administrator:

• User Switching stores the ID of the originating user in the new session for the user they switch to. Although this session does not persist by default when they subsequently switch back, there will be a record of this ID if your MySQL server has query logging enabled.
• User Switching stores the login name of the originating user in an authentication cookie (see the Privacy Statement for more information). If your server access logs store cookie data, there will be a record of this login name (along with the IP address) for each access request.
• You can install an audit trail plugin such as Simple History, WP Activity Log, or Stream, all of which have built-in support for User Switching and all of which log an entry when a user switches into another account.
• User Switching triggers an action when a user switches account, switches off, or switches back (see below). You can use these actions to perform additional logging for safety purposes depending on your requirements.

One or more of the above should allow you to correlate an action with the originating user when a user switches account, should you need to.

Bear in mind that even without the User Switching plugin in use, any user who has the ability to edit another user can still frame another user for an action by, for example, changing their password and manually logging into that account. If you are concerned about users abusing others, you should take great care when granting users administrative rights.

マルチサイトを有効にしたサイトで、通常の (特権管理者でない) 管理者はアカウントの切り替えができますか?

いいえ。User Switching for Regular Admins プラグインをインストールすれば可能になります。

Can I switch users directly from the admin toolbar?

Yes, there’s a third party add-on plugin for this: Admin Bar User Switching.

ユーザーがアカウントを切り替えるときに呼び出されるアクションはありますか?

Yes. When a user switches to another account, the switch_to_user hook is called:

/**
 * Fires when a user switches to another user account.
 *
 * @since 0.6.0
 * @since 1.4.0 The `$new_token` and `$old_token` parameters were added.
 *
 * @param int    $user_id     The ID of the user being switched to.
 * @param int    $old_user_id The ID of the user being switched from.
 * @param string $new_token   The token of the session of the user being switched to. Can be an empty string
 *                            or a token for a session that may or may not still be valid.
 * @param string $old_token   The token of the session of the user being switched from.
 */
do_action( 'switch_to_user', $user_id, $old_user_id, $new_token, $old_token );

When a user switches back to their originating account, the switch_back_user hook is called:

/**
 * Fires when a user switches back to their originating account.
 *
 * @since 0.6.0
 * @since 1.4.0 The `$new_token` and `$old_token` parameters were added.
 *
 * @param int       $user_id     The ID of the user being switched back to.
 * @param int|false $old_user_id The ID of the user being switched from, or false if the user is switching back
 *                               after having been switched off.
 * @param string    $new_token   The token of the session of the user being switched to. Can be an empty string
 *                               or a token for a session that may or may not still be valid.
 * @param string    $old_token   The token of the session of the user being switched from.
 */
do_action( 'switch_back_user', $user_id, $old_user_id, $new_token, $old_token );

When a user switches off, the switch_off_user hook is called:

/**
 * Fires when a user switches off.
 *
 * @since 0.6.0
 * @since 1.4.0 The `$old_token` parameter was added.
 *
 * @param int    $old_user_id The ID of the user switching off.
 * @param string $old_token   The token of the session of the user switching off.
 */
do_action( 'switch_off_user', $old_user_id, $old_token );

In addition, User Switching respects the following filters from WordPress core when appropriate:

• login_redirect when switching to another user.
• logout_redirect when switching off.

Do you accept donations?

I am accepting sponsorships via the GitHub Sponsors program and any support you can give will help me maintain this plugin and keep it free for everyone.