The code implements an after_login logic hook that invalidates the login for any standard user without at least a Role. The sample code purposely does not apply to Administrators as Roles do not apply to them in any case. The code below works on the current version 7.7.2.0.
<?php | |
// Enrico Simonetti | |
// enricosimonetti.com | |
// custom/logichooks/modules/Users/afterLoginUsers.php | |
class afterLoginUsers | |
{ | |
public function callAfterLogin($bean, $event, $args) | |
{ | |
// check if there are roles for this user | |
$bean->load_relationship('aclroles'); | |
$roles = $bean->aclroles->getBeans(); | |
if(!empty($roles)) { | |
$roles_output = array(); | |
foreach($roles as $role_id => $role_obj) { | |
$roles_output[$role_id] = $role_obj->name; | |
} | |
$GLOBALS['log']->debug('User with user_name: '.$bean->user_name.' and id: '.$bean->id.' logged in successfully and is part of the following roles: "'.implode($roles_output, '", "').'"'); | |
} | |
// force logout if no roles are related to the user for security purposes and if not an admin | |
if(!$bean->isAdmin() && empty($roles)) { | |
$GLOBALS['log']->security('User with user_name: '.$bean->user_name.' and id: '.$bean->id.' logged in without a valid Role provisioned. Forcing logout.'); | |
$this->forceLogout(); | |
} | |
} | |
protected function forceLogout() | |
{ | |
// start - from logout.php | |
foreach($_SESSION as $key => $val) { | |
$_SESSION[$key] = ''; | |
} | |
if(isset($_COOKIE[session_name()])) { | |
setcookie(session_name(), '', time()-42000, '/'); | |
} | |
SugarApplication::endSession(); | |
LogicHook::initialize(); | |
$GLOBALS['logic_hook']->call_custom_logic('Users', 'after_logout'); | |
//$authController = AuthenticationController::getInstance(); | |
//$authController->authController->logout(); | |
// end - from logout.php | |
} | |
} |
<?php | |
// Enrico Simonetti | |
// enricosimonetti.com | |
// custom/Extension/modules/Users/Ext/LogicHooks/install.afterLogin.php | |
$hook_array['after_login'][] = array( | |
1, | |
'after_login check for Roles', | |
'custom/logichooks/modules/Users/afterLoginUsers.php', | |
'afterLoginUsers', | |
'callAfterLogin' | |
); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment