arreglado el problema http. el superadmin no puede ser impersonate

src/main/java/com/imprimelibros/erp/users/ImpersonationController.java

@@ -11,6 +11,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -37,28 +38,28 @@ public class ImpersonationController {
 
     @PostMapping("/impersonate")
     @PreAuthorize("hasRole('ADMIN') or hasRole('SUPERADMIN')")
-    public String impersonate(
+    public ResponseEntity<Void> impersonate(
             @RequestParam("username") String username,
             Authentication authentication,
             HttpServletRequest request) {
 
         if (authentication == null) {
-            return "redirect:/login";
+            return ResponseEntity.status(401).build();
         }
 
         if (hasRole(authentication, PREVIOUS_ADMIN_ROLE)) {
-            return "redirect:/";
+            return ResponseEntity.status(409).build();
         }
 
         String normalized = sanitizer.plain(username);
         if (normalized == null || normalized.isBlank()) {
-            return "redirect:/users";
+            return ResponseEntity.badRequest().build();
         }
         normalized = normalized.trim().toLowerCase();
 
         if (authentication.getName() != null
                 && authentication.getName().equalsIgnoreCase(normalized)) {
-            return "redirect:/users";
+            return ResponseEntity.status(409).build();
         }
 
         UserDetails target;
@@ -68,10 +69,9 @@ public class ImpersonationController {
             throw new AccessDeniedException("No autorizado");
         }
 
-        boolean currentIsSuperAdmin = hasRole(authentication, "ROLE_SUPERADMIN");
         boolean targetIsSuperAdmin = target.getAuthorities().stream()
                 .anyMatch(a -> "ROLE_SUPERADMIN".equals(a.getAuthority()));
-        if (targetIsSuperAdmin && !currentIsSuperAdmin) {
+        if (targetIsSuperAdmin) {
             throw new AccessDeniedException("No autorizado");
         }
 
@@ -88,7 +88,7 @@ public class ImpersonationController {
         newAuth.setDetails(authentication.getDetails());
 
         SecurityContextHolder.getContext().setAuthentication(newAuth);
-        return "redirect:/";
+        return ResponseEntity.noContent().build();
     }
 
     @PostMapping("/impersonate/exit")

src/main/java/com/imprimelibros/erp/users/UserController.java

@@ -151,7 +151,7 @@ public class UserController {
                             .append(user.getId())
                             .append("\" class=\"link-success btn-edit-user fs-15\"><i class=\"ri-edit-2-line\"></i></a>");
 
-                    if (!isSelf && (isSuperAdmin || !targetIsSuperAdmin)) {
+                    if (!isSelf && !targetIsSuperAdmin) {
                         actions.append("<a href=\"javascript:void(0);\" data-username=\"")
                                 .append(user.getUserName())
                                 .append("\" class=\"link-info btn-impersonate-user fs-15\"><i class=\"ri-user-shared-line\"></i></a>");

src/main/resources/application.properties

@@ -1,7 +1,7 @@
 spring.application.name=erp
 # Active profile
 #spring.profiles.active=local
-spring.profiles.active=local
+spring.profiles.active=dev
 #spring.profiles.active=test
 #spring.profiles.active=prod
 

src/main/resources/i18n/users_es.properties

@@ -61,7 +61,7 @@ usuarios.delete.text=¿Está seguro de que desea eliminar al usuario?<br>Esta ac
 usuarios.delete.ok.title=Usuario eliminado
 usuarios.delete.ok.text=El usuario ha sido eliminado con éxito.
 usuarios.impersonate.title=Entrar como usuario
-usuarios.impersonate.text=Vas a iniciar sesión como <b>{0}</b>. Podrás volver a tu usuario desde el menú.
+usuarios.impersonate.text=Vas a iniciar sesión como <b>{0}</b>. Podrás volver a tu usuario desde el menú.
 usuarios.impersonate.button=Entrar
 usuarios.profile.title=Editar perfil
 usuarios.profile.success=Perfil actualizado correctamente.