Allow impersonating when already impersonated

[claudiodekker]

This PR hopes to solve a situation where you can't re-impersonate when already impersonated. The problem I'm trying to solve here has to do with the following situation:

1. You impersonate as an user, do a support-like thing or whatever, and afterwards forget to reverse-impersonate
2. You impersonate another user, get a 403 (because you can't impersonate twice)
3. You click back
4. You click reverse impersonate / leave impersonation or whatever.
5. You re-impersonate the user again by re-clicking the impersonate link (step 2)

Please note I didn't test this, but it seems rather straight-forward to me.

Thanks!

[jose123v]

It's a shame it doesn't have any reviews.

[drbyte]

I'm not convinced this is the best way to solve this "problem".

What I've done for this is simply to block the Impersonate option in the UI if the user is already impersonating. Granted, in most of my apps it's only Admins who can impersonate others, so most of the time they'll never be impersonating someone who would even see a button to impersonate yet another user.

Another thing I did in one app was apply a header bg color change when impersonating, so that it's always obvious that you're already in impersonation mode (the users of that app were often accidentally editing things wrongly while in impersonation, and they were satisfied that this header bg color/overlay was enough of a clue to be cautious.)

Anyway, checking "can impersonate", "can be impersonated" and "already impersonating" for UI components will often be enough for this, and can be done in existing apps right away without package changes.