The code implements an after_login logic hook that invalidates the login for any standard user without at least a Role. The sample code purposely does not apply to Administrators as Roles do not apply to them in any case. The code below works on the current version 7.7.2.0.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Enrico Simonetti | |
| // enricosimonetti.com | |
| // custom/logichooks/modules/Users/afterLoginUsers.php | |
| class afterLoginUsers | |
| { | |
| public function callAfterLogin($bean, $event, $args) | |
| { | |
| // check if there are roles for this user | |
| $bean->load_relationship('aclroles'); | |
| $roles = $bean->aclroles->getBeans(); | |
| if(!empty($roles)) { | |
| $roles_output = array(); | |
| foreach($roles as $role_id => $role_obj) { | |
| $roles_output[$role_id] = $role_obj->name; | |
| } | |
| $GLOBALS['log']->debug('User with user_name: '.$bean->user_name.' and id: '.$bean->id.' logged in successfully and is part of the following roles: "'.implode($roles_output, '", "').'"'); | |
| } | |
| // force logout if no roles are related to the user for security purposes and if not an admin | |
| if(!$bean->isAdmin() && empty($roles)) { | |
| $GLOBALS['log']->security('User with user_name: '.$bean->user_name.' and id: '.$bean->id.' logged in without a valid Role provisioned. Forcing logout.'); | |
| $this->forceLogout(); | |
| } | |
| } | |
| protected function forceLogout() | |
| { | |
| // start - from logout.php | |
| foreach($_SESSION as $key => $val) { | |
| $_SESSION[$key] = ''; | |
| } | |
| if(isset($_COOKIE[session_name()])) { | |
| setcookie(session_name(), '', time()-42000, '/'); | |
| } | |
| SugarApplication::endSession(); | |
| LogicHook::initialize(); | |
| $GLOBALS['logic_hook']->call_custom_logic('Users', 'after_logout'); | |
| //$authController = AuthenticationController::getInstance(); | |
| //$authController->authController->logout(); | |
| // end - from logout.php | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Enrico Simonetti | |
| // enricosimonetti.com | |
| // custom/Extension/modules/Users/Ext/LogicHooks/install.afterLogin.php | |
| $hook_array['after_login'][] = array( | |
| 1, | |
| 'after_login check for Roles', | |
| 'custom/logichooks/modules/Users/afterLoginUsers.php', | |
| 'afterLoginUsers', | |
| 'callAfterLogin' | |
| ); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment