From 8282c92419dbef1d4c21d85ce363db26616ca0df Mon Sep 17 00:00:00 2001
From: jjimenez <info@jjimenez.eu>
Date: Mon, 9 Feb 2026 12:19:13 +0100
Subject: [PATCH] arreglado el problema http. el superadmin no puede ser
 impersonate

---
 .../erp/users/ImpersonationController.java       | 16 ++++++++--------
 .../imprimelibros/erp/users/UserController.java  |  2 +-
 src/main/resources/application.properties        |  2 +-
 src/main/resources/i18n/users_es.properties      |  2 +-
 4 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/main/java/com/imprimelibros/erp/users/ImpersonationController.java b/src/main/java/com/imprimelibros/erp/users/ImpersonationController.java
index 64edc62..15af7ab 100644
--- a/src/main/java/com/imprimelibros/erp/users/ImpersonationController.java
+++ b/src/main/java/com/imprimelibros/erp/users/ImpersonationController.java
@@ -11,6 +11,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -37,28 +38,28 @@ public class ImpersonationController {
 
     @PostMapping("/impersonate")
     @PreAuthorize("hasRole('ADMIN') or hasRole('SUPERADMIN')")
-    public String impersonate(
+    public ResponseEntity<Void> impersonate(
             @RequestParam("username") String username,
             Authentication authentication,
             HttpServletRequest request) {
 
         if (authentication == null) {
-            return "redirect:/login";
+            return ResponseEntity.status(401).build();
         }
 
         if (hasRole(authentication, PREVIOUS_ADMIN_ROLE)) {
-            return "redirect:/";
+            return ResponseEntity.status(409).build();
         }
 
         String normalized = sanitizer.plain(username);
         if (normalized == null || normalized.isBlank()) {
-            return "redirect:/users";
+            return ResponseEntity.badRequest().build();
         }
         normalized = normalized.trim().toLowerCase();
 
         if (authentication.getName() != null
                 && authentication.getName().equalsIgnoreCase(normalized)) {
-            return "redirect:/users";
+            return ResponseEntity.status(409).build();
         }
 
         UserDetails target;
@@ -68,10 +69,9 @@ public class ImpersonationController {
             throw new AccessDeniedException("No autorizado");
         }
 
-        boolean currentIsSuperAdmin = hasRole(authentication, "ROLE_SUPERADMIN");
         boolean targetIsSuperAdmin = target.getAuthorities().stream()
                 .anyMatch(a -> "ROLE_SUPERADMIN".equals(a.getAuthority()));
-        if (targetIsSuperAdmin && !currentIsSuperAdmin) {
+        if (targetIsSuperAdmin) {
             throw new AccessDeniedException("No autorizado");
         }
 
@@ -88,7 +88,7 @@ public class ImpersonationController {
         newAuth.setDetails(authentication.getDetails());
 
         SecurityContextHolder.getContext().setAuthentication(newAuth);
-        return "redirect:/";
+        return ResponseEntity.noContent().build();
     }
 
     @PostMapping("/impersonate/exit")
diff --git a/src/main/java/com/imprimelibros/erp/users/UserController.java b/src/main/java/com/imprimelibros/erp/users/UserController.java
index 8bb7993..663e423 100644
--- a/src/main/java/com/imprimelibros/erp/users/UserController.java
+++ b/src/main/java/com/imprimelibros/erp/users/UserController.java
@@ -151,7 +151,7 @@ public class UserController {
                             .append(user.getId())
                             .append("\" class=\"link-success btn-edit-user fs-15\"><i class=\"ri-edit-2-line\"></i></a>");
 
-                    if (!isSelf && (isSuperAdmin || !targetIsSuperAdmin)) {
+                    if (!isSelf && !targetIsSuperAdmin) {
                         actions.append("<a href=\"javascript:void(0);\" data-username=\"")
                                 .append(user.getUserName())
                                 .append("\" class=\"link-info btn-impersonate-user fs-15\"><i class=\"ri-user-shared-line\"></i></a>");
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index b04c337..f6c8336 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,7 +1,7 @@
 spring.application.name=erp
 # Active profile
 #spring.profiles.active=local
-spring.profiles.active=local
+spring.profiles.active=dev
 #spring.profiles.active=test
 #spring.profiles.active=prod
 
diff --git a/src/main/resources/i18n/users_es.properties b/src/main/resources/i18n/users_es.properties
index fcd1b40..6eea991 100644
--- a/src/main/resources/i18n/users_es.properties
+++ b/src/main/resources/i18n/users_es.properties
@@ -61,7 +61,7 @@ usuarios.delete.text=¿Está seguro de que desea eliminar al usuario?<br>Esta ac
 usuarios.delete.ok.title=Usuario eliminado
 usuarios.delete.ok.text=El usuario ha sido eliminado con éxito.
 usuarios.impersonate.title=Entrar como usuario
-usuarios.impersonate.text=Vas a iniciar sesión como <b>{0}</b>. Podrás volver a tu usuario desde el menÃº.
+usuarios.impersonate.text=Vas a iniciar sesión como <b>{0}</b>. Podrás volver a tu usuario desde el menú.
 usuarios.impersonate.button=Entrar
 usuarios.profile.title=Editar perfil
 usuarios.profile.success=Perfil actualizado correctamente.
