wso2 · mpmadhavig · Apr 1, 2025 · Apr 1, 2025 · Apr 1, 2025 · Apr 1, 2025
diff --git a/apps/console/src/public/resources/iframe.html b/apps/console/src/public/resources/iframe.html
@@ -0,0 +1,46 @@
+<!--
+~    Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com). All Rights Reserved.
+~
+~    This software is the property of WSO2 LLC. and its suppliers, if any.
+~    Dissemination of any information or reproduction of any material contained
+~    herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
+~    You may not alter or remove any copyright or other notice from copies of this content."
+-->
+
+<!DOCTYPE html>
+<html lang="en">
+    <head>
+        <meta charset="UTF-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <title>Impersonate Iframe</title>
+    </head>
+    <body onload="authenticate()">
+        <script>
+            var hash = window.location.hash;
+            const params = new URLSearchParams(window.location.search);
+            const userId = params.get("userId");
+            const code_challenge = params.get("codeChallenge");
+            const client_id = "Pfao0gjJ07be0gf29PzEcLFKmUIa";
+            const authorization_endpoint = sessionStorage.getItem("authorization_endpoint");
+
+            function authenticate() {
+
+                const requestUrl = authorization_endpoint
+                    + "?client_id=" + client_id +
+                    "&redirect_uri=" + window.location.origin + window.location.pathname +
+                    "&state=sample_state&scope=internal_user_impersonate&response_type=id_token%20subject_token" +
+                    "&requested_subject=" + userId +
+                    "&nonce=2131236&code_challenge=" + code_challenge + "&code_challenge_method=S256";
+
+                if (hash === null || hash === "") {
+                    window.location.href = requestUrl;
+                } else {
+                    if (sessionStorage.getItem("impersonation_artifacts") === null) {
+                        sessionStorage.setItem("impersonation_artifacts", hash);
+                    }
+                    window.parent.postMessage("impersonation-authorize-request-complete", "*");
+                }
+            }
+        </script>
+    </body>
+</html>
diff --git a/features/admin.roles.v2/components/edit-role/edit-role-basic.tsx b/features/admin.roles.v2/components/edit-role/edit-role-basic.tsx
@@ -238,6 +238,7 @@ export const BasicRoleDetails: FunctionComponent<BasicRoleProps> = (props: Basic
                                 t("roles:edit.basics.dangerZone.subheader",
                                     { type: "role" })
                             }
+                            isButtonDisabled={ isSubmitting || role?.displayName === "impersonate-myaccount" }
                             onActionClick={ () => onRoleDeleteClicked() }
                             data-componentid={ `${ componentid }-role-danger-zone` }
                         />

diff --git a/features/admin.roles.v2/components/edit-role/edit-role.tsx b/features/admin.roles.v2/components/edit-role/edit-role.tsx
@@ -20,7 +20,7 @@
 import { AppState } from "@wso2is/admin.core.v1/store";
 import { UserManagementConstants } from "@wso2is/admin.users.v1/constants";
 import { RoleConstants } from "@wso2is/core/constants";
 import { hasRequiredScopes, isFeatureEnabled } from "@wso2is/core/helpers";
 import {
    FeatureAccessConfigInterface,
    RolePropertyInterface,
@@ -127,7 +127,8 @@
                 render: () => (
                     <ResourceTab.Pane controlledSegmentation attached={ false }>
                         <BasicRoleDetails
-                            isReadOnly={ isAdminRole || isEveryoneRole || isReadOnly || isSharedRole }
+                            isReadOnly={ isAdminRole || isEveryoneRole || isReadOnly || isSharedRole
+                                || roleObject?.displayName == "impersonate-myaccount" }
                             role={ roleObject }
                             onRoleUpdate={ onRoleUpdate }
                             tabIndex={ 0 }
@@ -140,7 +141,8 @@
                 render: () => (
                     <ResourceTab.Pane controlledSegmentation attached={ false }>
                         <UpdatedRolePermissionDetails
-                            isReadOnly={ isAdminRole || isReadOnly || isSharedRole }
+                            isReadOnly={ isAdminRole || isReadOnly || isSharedRole
+                                || roleObject?.displayName == "impersonate-myaccount" }
                             role={ roleObject }
                             onRoleUpdate={ onRoleUpdate }
                             tabIndex={ 1 }

diff --git a/features/admin.roles.v2/components/role-list.tsx b/features/admin.roles.v2/components/role-list.tsx
@@ -17,13 +17,13 @@
 */

 import { Show } from "@wso2is/access-control";
 import { FeatureConfigInterface } from "@wso2is/admin.core.v1/models/config";
 import { getEmptyPlaceholderIllustrations } from "@wso2is/admin.core.v1/configs/ui";
 import { AppConstants } from "@wso2is/admin.core.v1/constants/app-constants";
 import { history } from "@wso2is/admin.core.v1/helpers/history";
 import { AppState } from "@wso2is/admin.core.v1/store/index";
 import { RoleConstants as CommonRoleConstants } from "@wso2is/core/constants";
 import { hasRequiredScopes, isFeatureEnabled } from "@wso2is/core/helpers";
 import {
    FeatureAccessConfigInterface,
    IdentifiableComponentInterface,
@@ -318,7 +318,8 @@
                         RoleConstants.FEATURE_DICTIONARY.get("ROLE_DELETE"))
                     || !hasRequiredScopes(userRolesFeatureConfig,
                         userRolesFeatureConfig?.scopes?.delete, allowedScopes)
-                    || isSharedRole;
+                    || isSharedRole
+                    || role?.displayName === "impersonate-myaccount";
                 },
                 icon: (): SemanticICONS => "trash alternate",
                 onClick: (e: SyntheticEvent, role: RolesInterface): void => {