Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
The code implements an after_login logic hook that invalidates the login for any standard user without at least a Role. The sample code purposely does not apply to Administrators as Roles do not apply to them in any case. The code below works on the current version 7.7.2.0.
<?php
// Enrico Simonetti
// enricosimonetti.com
// custom/logichooks/modules/Users/afterLoginUsers.php
class afterLoginUsers
{
public function callAfterLogin($bean, $event, $args)
{
// check if there are roles for this user
$bean->load_relationship('aclroles');
$roles = $bean->aclroles->getBeans();
if(!empty($roles)) {
$roles_output = array();
foreach($roles as $role_id => $role_obj) {
$roles_output[$role_id] = $role_obj->name;
}
$GLOBALS['log']->debug('User with user_name: '.$bean->user_name.' and id: '.$bean->id.' logged in successfully and is part of the following roles: "'.implode($roles_output, '", "').'"');
}
// force logout if no roles are related to the user for security purposes and if not an admin
if(!$bean->isAdmin() && empty($roles)) {
$GLOBALS['log']->security('User with user_name: '.$bean->user_name.' and id: '.$bean->id.' logged in without a valid Role provisioned. Forcing logout.');
$this->forceLogout();
}
}
protected function forceLogout()
{
// start - from logout.php
foreach($_SESSION as $key => $val) {
$_SESSION[$key] = '';
}
if(isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
SugarApplication::endSession();
LogicHook::initialize();
$GLOBALS['logic_hook']->call_custom_logic('Users', 'after_logout');
//$authController = AuthenticationController::getInstance();
//$authController->authController->logout();
// end - from logout.php
}
}
<?php
// Enrico Simonetti
// enricosimonetti.com
// custom/Extension/modules/Users/Ext/LogicHooks/install.afterLogin.php
$hook_array['after_login'][] = array(
1,
'after_login check for Roles',
'custom/logichooks/modules/Users/afterLoginUsers.php',
'afterLoginUsers',
'callAfterLogin'
);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment