Add new ACL access logic hooks

`before_acl_check` override and extend acl access checks `before_acl_query` override and extend acl access query where conditions
salesagility · Dec 15, 2022 · 6f297c7 · 6f297c7
1 parent cbf8b3f
commit 6f297c7
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 6 deletions.
diff --git a/data/SugarBean.php b/data/SugarBean.php
@@ -3147,10 +3147,10 @@ protected function handle_request_relate($new_rel_id, $new_rel_link)
      * function NAME(&$bean, $event, $arguments)
      *        $bean - $this bean passed in by reference.
      *        $event - The string for the current event (i.e. before_save)
-     *        $arguments - An array of arguments that are specific to the event.
+     *        $arguments - An object or array of arguments that are specific to the event.
      *
      * @param string $event
-     * @param array $arguments
+     * @param object|array $arguments
      */
     public function call_custom_logic($event, $arguments = null)
     {
@@ -3583,7 +3583,14 @@ public function buildAccessWhere($view, $user = null)
         }
         /* END - SECURITY GROUPS */
 
-        return implode(' AND ', $conditions);
+        $args = new stdClass();
+        $args->view = $view;
+        $args->user = $user;
+        $args->conditions = $conditions;
+
+        $this->call_custom_logic('before_acl_query', $args);
+
+        return implode(' AND ', $args->conditions);
     }
 
     /**
@@ -6136,7 +6143,28 @@ public function ACLAccess($view, $is_owner = 'not_set', $in_group = 'not_set')
             require_once("modules/SecurityGroups/SecurityGroup.php");
             $in_group = SecurityGroup::groupHasAccess($this->module_dir, $this->id, $view);
         }
-        return ACLController::checkAccess($this->module_dir, $view, $is_owner, $this->acltype, $in_group);
+
+        $args = new stdClass();
+        $args->view = $view;
+        $args->is_owner = $is_owner;
+        $args->in_group = $in_group;
+        $args->access = true;
+        $args->override_acl_check = false;
+
+        $this->call_custom_logic('before_acl_check', $args);
+
+        if ($args->override_acl_check) {
+            return $args->access;
+        }
+
+        return $args->access
+            && ACLController::checkAccess(
+                $this->module_dir, 
+                $args->view, 
+                $args->is_owner, 
+                $this->acltype, 
+                $args->in_group
+            );
     }
 
     /**

diff --git a/include/utils/LogicHook.php b/include/utils/LogicHook.php
@@ -179,7 +179,7 @@ public function getHooks($module_dir, $refresh = false)
      *
      * @param string $module_dir
      * @param string $event
-     * @param array $arguments
+     * @param object|array $arguments
      * @param SugarBean $bean
      */
     public function call_custom_logic($module_dir, $event, $arguments = null)
@@ -209,7 +209,7 @@ public function call_custom_logic($module_dir, $event, $arguments = null)
      *
      * @param array $hook_array
      * @param string $event
-     * @param array $arguments
+     * @param object|array $arguments
      * @param SugarBean $bean
      */
     public function process_hooks($hook_array, $event, $arguments)