mmarum-sugarcrm/RestrictedOAuth2MobileApi.php

## RestrictedOAuth2MobileApi.php
<?php
if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');

require_once 'clients/mobile/api/OAuth2MobileApi.php';

/**
 * Example of how to override the core OAuth2MobileApi class in order to alter SugarCRM Mobile authentication behavior
 **/
class RestrictedOAuth2MobileApi extends OAuth2MobileApi {

    /**
     *
     * By overriding the token function, we can show an example of how to restrict user access to Sugar 7 via Mobile clients/devices.
     *
     * @param ServiceBase $api The service api
     * @param array $args The arguments passed in to the function
     * @throws SugarApiExceptionNotAuthorized If user is not allowed or not using a supported mobile client
     * @return array Access token if login successful
     */
    public function token(ServiceBase $api, array $args)
    {
        global $current_user;

        /**
        *   $args['client_info'] contains information about the client being used
        *
        * For example,
        *       ['client_info']['app'] is an array of information about the SugarCRM Mobile app itself (app name, app version, if it's native or not, etc.)
        *       ['client_info']['browser'] is an array of information about the web browser being used (web kit enabled, user agent string, etc.)
        *       ['client_info']['device'] is an array of booleans ('desktop', 'phone', and 'tablet') for the type of device being used
        *
        **/

        // No tablets!  (for some reason.)
        if($args['client_info']['device']['tablet']){
            throw new SugarApiExceptionNotAuthorized();
        }

        // continue to perform login as we normally would, we need to do this in order to collect $current_user id
        $authData = parent::token($api, $args);

        // This is a valid user, but we then need to check if they are on a Restricted role
        $roles = ACLRole::getUserRoleNames($current_user->id);
        // If user is in a Restricted role...
        if (in_array('Restricted', $roles)) {
            //Log user back out to cleanup session
            parent::logout($api, $args);
            //And throw Not Authorized exception.
            throw new SugarApiExceptionNotAuthorized();
        }
        return $authData;
    }


}
	<?php
	if(!defined('sugarEntry') \|\| !sugarEntry) die('Not A Valid Entry Point');

	require_once 'clients/mobile/api/OAuth2MobileApi.php';

	/**
	* Example of how to override the core OAuth2MobileApi class in order to alter SugarCRM Mobile authentication behavior
	**/
	class RestrictedOAuth2MobileApi extends OAuth2MobileApi {

	/**
	*
	* By overriding the token function, we can show an example of how to restrict user access to Sugar 7 via Mobile clients/devices.
	*
	* @param ServiceBase $api The service api
	* @param array $args The arguments passed in to the function
	* @throws SugarApiExceptionNotAuthorized If user is not allowed or not using a supported mobile client
	* @return array Access token if login successful
	*/
	public function token(ServiceBase $api, array $args)
	{
	global $current_user;

	/**
	* $args['client_info'] contains information about the client being used
	*
	* For example,
	* ['client_info']['app'] is an array of information about the SugarCRM Mobile app itself (app name, app version, if it's native or not, etc.)
	* ['client_info']['browser'] is an array of information about the web browser being used (web kit enabled, user agent string, etc.)
	* ['client_info']['device'] is an array of booleans ('desktop', 'phone', and 'tablet') for the type of device being used
	*
	**/

	// No tablets! (for some reason.)
	if($args['client_info']['device']['tablet']){
	throw new SugarApiExceptionNotAuthorized();
	}

	// continue to perform login as we normally would, we need to do this in order to collect $current_user id
	$authData = parent::token($api, $args);

	// This is a valid user, but we then need to check if they are on a Restricted role
	$roles = ACLRole::getUserRoleNames($current_user->id);
	// If user is in a Restricted role...
	if (in_array('Restricted', $roles)) {
	//Log user back out to cleanup session
	parent::logout($api, $args);
	//And throw Not Authorized exception.
	throw new SugarApiExceptionNotAuthorized();
	}
	return $authData;
	}


	}