Bug in impersonation makes any user possible to act even like a Master.

[athulrajdr]

Describe the bug Impersonation feature does not filtering user list (while selecting the user) based on permission level of the user. This make an user possibly act like anyone. That includes admin from another school, teachers, and even the master.

To Reproduce Steps to reproduce the behavior:

1. Login to the system
2. Click on 'impersonate' from menu
3. Select any user
4. See its possible to choose any user available on the system

Expected behavior With the impersonation feature, a user could only be access to the user from the child roles. That is

• A master user can impersonate as all user from all roles (admin, teacher, student, librarian , accountant)

• An admin user can impersonate as all users from the school (teacher, student, accountant, librarian). but not as the master user

Screenshots

• Logined as admin. Selecting impersonate

• On the users list, you can see all the users from the system, Even the master user.

• Choosing the master user is possible here. and now we can manage all schools, add admin to the school etc.

Desktop (please complete the following information):

• OS: [Windows 10]
• Browser [chrome]
• Browser version [Version 81.0.4044.138]

[changeweb]

This feature is for development purpose only. Change your application Environment variable to 'production' from 'local' in .env file.

If you want to use impersonation for production, you can customize it.