Changeset 41225 for trunk/src/wp-admin/network/site-users.php

Timestamp:

08/03/2017 09:40:02 PM (8 years ago)

Author:

flixos90

Message:

Multisite: Introduce a can_add_user_to_blog filter to prevent adding a user to a site.

Under certain circumstances, it can be necessary that a user should not be added to a site, beyond the restrictions that WordPress core applies. With the new can_add_user_to_blog filter, plugin developers can run custom checks and return an error in case of a failure, that will prevent the user from being added.

The user-facing parts and the REST API route that interact with add_user_to_blog() have been adjusted accordingly to provide appropriate error feedback when a user could not be added to a site. Furthermore, two existing error feedback messages in the site admin's "New User" screen have been adjusted to properly show inside an error notice instead of a success notice.

Props jmdodd.
Fixes #41101.

File:

• trunk/src/wp-admin/network/site-users.php (modified) (3 diffs)

trunk/src/wp-admin/network/site-users.php

@@ -67 +67 @@
                     $update = 'err_new_dup';
                 } else {
-                    add_user_to_blog( $id, $user_id, $_POST['new_role'] );
-                    $update = 'newuser';
-                    /**
-                      * Fires after a user has been created via the network site-users.php page.
-                      *
-                      * @since 4.4.0
-                      *
-                      * @param int $user_id ID of the newly created user.
-                      */
-                    do_action( 'network_site_users_created_user', $user_id );
+                    $result = add_user_to_blog( $id, $user_id, $_POST['new_role'] );
+
+                    if ( is_wp_error( $result ) ) {
+                        $update = 'err_add_fail';
+                    } else {
+                        $update = 'newuser';
+                        /**
+                          * Fires after a user has been created via the network site-users.php page.
+                          *
+                          * @since 4.4.0
+                          *
+                          * @param int $user_id ID of the newly created user.
+                          */
+                        do_action( 'network_site_users_created_user', $user_id );
+                    }
                 }
             }
@@ -88 +93 @@
                 $user = get_user_by( 'login', $newuser );
                 if ( $user && $user->exists() ) {
-                    if ( ! is_user_member_of_blog( $user->ID, $id ) )
-                        add_user_to_blog( $id, $user->ID, $_POST['new_role'] );
-                    else
+                    if ( ! is_user_member_of_blog( $user->ID, $id ) ) {
+                        $result = add_user_to_blog( $id, $user->ID, $_POST['new_role'] );
+
+                        if ( is_wp_error( $result ) ) {
+                            $update = 'err_add_fail';
+                        }
+                    } else {
                         $update = 'err_add_member';
+                    }
                 } else {
                     $update = 'err_add_notfound';
@@ -224 +234 @@
         echo '<div id="message" class="error notice is-dismissible"><p>' . __( 'User is already a member of this site.' ) . '</p></div>';
         break;
+    case 'err_add_fail':
+        echo '<div id="message" class="error notice is-dismissible"><p>' . __( 'User could not be added to this site.' ) . '</p></div>';
+        break;
     case 'err_add_notfound':
         echo '<div id="message" class="error notice is-dismissible"><p>' . __( 'Enter the username of an existing user.' ) . '</p></div>';