stechstudio / filament-impersonate
A Filament package to impersonate your users.
Installs: 1 629 016
Dependents: 27
Suggesters: 0
Security: 0
Stars: 331
Watchers: 11
Forks: 87
Open Issues: 10
Requires
- filament/filament: ^4.0
- lab404/laravel-impersonate: ^1.7
- dev-master
- 4.0.1
- 4.0
- 4.0-beta1
- 3.16
- 3.15
- 3.14
- 3.13
- 3.12
- 3.11
- 3.10
- 3.9
- 3.8
- 3.7
- 3.6.1
- 3.6
- 3.5
- 3.4
- 3.3
- 3.2
- 3.1
- 3.0
- v2.x-dev
- 2.20
- 2.19
- 2.18
- 2.17
- 2.16
- 2.15
- 2.14
- 2.13
- 2.12
- 2.11
- 2.10
- 2.9
- 2.8
- 2.7
- 2.6
- 2.5.1
- 2.5
- 2.4.2
- 2.4.1
- 2.4
- 2.3.2
- 2.3.1
- 2.3
- 2.2
- 2.1
- 2.0
- 1.0
- dev-revert-22-feature/use-different-guard-and-redirect-to
This package is auto-updated.
Last update: 2025-08-13 20:50:25 UTC
README
This is a plugin for Filament that makes it easy to impersonate your users.
Credit
This package uses https://github.com/404labfr/laravel-impersonate under the hood, and borrows heavily from https://github.com/KABBOUCHI/nova-impersonate.
Installation
You know the drill:
composer require stechstudio/filament-impersonate
Quickstart
1. Add table action
First open the resource where you want the impersonate action to appear. This is generally going to be your UserResource
class.
Go down to the table
method. After defining the table columns, you want to add Impersonate
as a new action for the table via actions
method. Your class should look like this:
namespace App\Filament\Resources; use Filament\Resources\Resource; use STS\FilamentImpersonate\Tables\Actions\Impersonate; class UserResource extends Resource { public static function table(Table $table) { return $table ->columns([ // ... ]) ->actions([ Impersonate::make(), // <--- ]); }
You can also define a guard
and redirectTo
for the action:
Impersonate::make('impersonate') ->guard('another-guard') ->redirectTo(route('some.other.route'));
2. Add the page action
Now open the page where you would want the button to appear, this will commonly be EditUser
;
Go to the getActions
method and add the Impersonate
page action here.
<?php namespace App\Filament\Resources\UserResource\Pages; use App\Filament\Resources\UserResource; use Filament\Resources\Pages\EditRecord; use STS\FilamentImpersonate\Actions\Impersonate; class EditUser extends EditRecord { protected static string $resource = UserResource::class; protected function getActions(): array { return [ Impersonate::make()->record($this->getRecord()) // <-- ]; } }
Note: you must pass the record in as seen in this example!
3. Add the banner to your non-filament blade layout(s)
If your app is entirely contained within Filament, you're already done! The banner gets registered automatically.
However, if you impersonate a user and then visit non-Filament pages or layouts, you'll be stuck. In those cases, you'll need to display a notice in your app whenever you are impersonating another user.
You can do that by adding <x-impersonate::banner/>
to your master layout(s) before the closing </body>
tag.
4. Profit!
That's it. You should now see an action icon next to each user in your Filament UserResource
list:
When you click on the impersonate icon you will be logged in as that user, and redirected to your main app. You will see the impersonation banner at the top of the page, with a button to leave and return to Filament:
Configuration
All configuration can be managed with ENV variables, no need to publish and edit the config directly. Just check out the config file.
Authorization
By default, only Filament admins can impersonate other users. You can control this by adding a canImpersonate
method to your FilamentUser
class:
class User implements FilamentUser { public function canImpersonate() { return true; } }
You can also control which targets can be impersonated. Just add a canBeImpersonated
method to the user class with whatever logic you need:
class User { public function canBeImpersonated() { // Let's prevent impersonating other users at our own company return !Str::endsWith($this->email, '@mycorp.com'); } }
Note
As of 4.0, the plugin detects soft-deleted targets and prevents impersonation. You can set FILAMENT_IMPERSONATE_ALLOW_SOFT_DELETED=true
in your .env to override this behavior.
Customizing the banner
The blade component has a few options you can customize.
Style
The banner is dark by default, you can set this to light, or auto.
<x-impersonate::banner style='light'/>
Display name
The banner will show the name of the impersonated user, assuming there is a name
attribute. You can customize this if needed:
<x-impersonate::banner :display='auth()->user()->email'/>
Potential Issues and Workarounds
403 when a ListUsers widget has InteractsWithPageTable
TL;DR: Add a guard clause like this to your UserPolicy::viewAny()
method:
<?php public function viewAny(User $user): bool { if (app('impersonate')->isImpersonating()) { return true; } // ... Any other checks here }
The core of this problem is that the Livewire components on the page attempt to re-render before the redirect occurs.
Then, even with a ->redirectTo() set, if your policies prevent the impersonated user from accessing the user list that you're impersonating from, Filament attempts to re-render the table widgets, triggering a 403.
There's not much we can do about this, but checking whether the current user is impersonating already will at least avoid the 403.