WordPress.org

Make WordPress Core


Ignore:
Timestamp:
08/03/2017 09:40:02 PM (4 years ago)
Author:
flixos90
Message:

Multisite: Introduce a can_add_user_to_blog filter to prevent adding a user to a site.

Under certain circumstances, it can be necessary that a user should not be added to a site, beyond the restrictions that WordPress core applies. With the new can_add_user_to_blog filter, plugin developers can run custom checks and return an error in case of a failure, that will prevent the user from being added.

The user-facing parts and the REST API route that interact with add_user_to_blog() have been adjusted accordingly to provide appropriate error feedback when a user could not be added to a site. Furthermore, two existing error feedback messages in the site admin's "New User" screen have been adjusted to properly show inside an error notice instead of a success notice.

Props jmdodd.
Fixes #41101.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/network/site-users.php

    r41065 r41225  
    6767                    $update = 'err_new_dup';
    6868                } else {
    69                     add_user_to_blog( $id, $user_id, $_POST['new_role'] );
    70                     $update = 'newuser';
    71                     /**
    72                       * Fires after a user has been created via the network site-users.php page.
    73                       *
    74                       * @since 4.4.0
    75                       *
    76                       * @param int $user_id ID of the newly created user.
    77                       */
    78                     do_action( 'network_site_users_created_user', $user_id );
     69                    $result = add_user_to_blog( $id, $user_id, $_POST['new_role'] );
     70
     71                    if ( is_wp_error( $result ) ) {
     72                        $update = 'err_add_fail';
     73                    } else {
     74                        $update = 'newuser';
     75                        /**
     76                          * Fires after a user has been created via the network site-users.php page.
     77                          *
     78                          * @since 4.4.0
     79                          *
     80                          * @param int $user_id ID of the newly created user.
     81                          */
     82                        do_action( 'network_site_users_created_user', $user_id );
     83                    }
    7984                }
    8085            }
     
    8893                $user = get_user_by( 'login', $newuser );
    8994                if ( $user && $user->exists() ) {
    90                     if ( ! is_user_member_of_blog( $user->ID, $id ) )
    91                         add_user_to_blog( $id, $user->ID, $_POST['new_role'] );
    92                     else
     95                    if ( ! is_user_member_of_blog( $user->ID, $id ) ) {
     96                        $result = add_user_to_blog( $id, $user->ID, $_POST['new_role'] );
     97
     98                        if ( is_wp_error( $result ) ) {
     99                            $update = 'err_add_fail';
     100                        }
     101                    } else {
    93102                        $update = 'err_add_member';
     103                    }
    94104                } else {
    95105                    $update = 'err_add_notfound';
     
    224234        echo '<div id="message" class="error notice is-dismissible"><p>' . __( 'User is already a member of this site.' ) . '</p></div>';
    225235        break;
     236    case 'err_add_fail':
     237        echo '<div id="message" class="error notice is-dismissible"><p>' . __( 'User could not be added to this site.' ) . '</p></div>';
     238        break;
    226239    case 'err_add_notfound':
    227240        echo '<div id="message" class="error notice is-dismissible"><p>' . __( 'Enter the username of an existing user.' ) . '</p></div>';
Note: See TracChangeset for help on using the changeset viewer.