Make WordPress Core


Ignore:
Timestamp:
08/03/2017 09:40:02 PM (7 years ago)
Author:
flixos90
Message:

Multisite: Introduce a can_add_user_to_blog filter to prevent adding a user to a site.

Under certain circumstances, it can be necessary that a user should not be added to a site, beyond the restrictions that WordPress core applies. With the new can_add_user_to_blog filter, plugin developers can run custom checks and return an error in case of a failure, that will prevent the user from being added.

The user-facing parts and the REST API route that interact with add_user_to_blog() have been adjusted accordingly to provide appropriate error feedback when a user could not be added to a site. Furthermore, two existing error feedback messages in the site admin's "New User" screen have been adjusted to properly show inside an error notice instead of a success notice.

Props jmdodd.
Fixes #41101.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/user-new.php

    r41122 r41225  
    6868    } else {
    6969        if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) {
    70             add_existing_user_to_blog( array( 'user_id' => $user_id, 'role' => $_REQUEST[ 'role' ] ) );
    71             $redirect = add_query_arg( array( 'update' => 'addnoconfirmation' , 'user_id' => $user_id ), 'user-new.php' );
     70            $result = add_existing_user_to_blog( array( 'user_id' => $user_id, 'role' => $_REQUEST[ 'role' ] ) );
     71
     72            if ( ! is_wp_error( $result ) ) {
     73                $redirect = add_query_arg( array( 'update' => 'addnoconfirmation', 'user_id' => $user_id ), 'user-new.php' );
     74            } else {
     75                $redirect = add_query_arg( array( 'update' => 'could_not_add' ), 'user-new.php' );
     76            }
    7277        } else {
    7378            $newuser_key = substr( md5( $user_id ), 0, 5 );
     
    158163                if ( is_wp_error( $new_user ) ) {
    159164                    $redirect = add_query_arg( array( 'update' => 'addnoconfirmation' ), 'user-new.php' );
     165                } elseif ( ! is_user_member_of_blog( $new_user['user_id'] ) ) {
     166                    $redirect = add_query_arg( array( 'update' => 'created_could_not_add' ), 'user-new.php' );
    160167                } else {
    161168                    $redirect = add_query_arg( array( 'update' => 'addnoconfirmation', 'user_id' => $new_user['user_id'] ), 'user-new.php' );
     
    262269                $messages[] = __('That user is already a member of this site.');
    263270                break;
     271            case "could_not_add":
     272                $add_user_errors = new WP_Error( 'could_not_add', __( 'That user could not be added to this site.' ) );
     273                break;
     274            case "created_could_not_add":
     275                $add_user_errors = new WP_Error( 'created_could_not_add', __( 'User has been created, but could not be added to this site.' ) );
     276                break;
    264277            case "does_not_exist":
    265                 $messages[] = __('The requested user does not exist.');
     278                $add_user_errors = new WP_Error( 'does_not_exist', __( 'The requested user does not exist.' ) );
    266279                break;
    267280            case "enter_email":
    268                 $messages[] = __('Please enter a valid email address.');
     281                $add_user_errors = new WP_Error( 'enter_email', __( 'Please enter a valid email address.' ) );
    269282                break;
    270283        }
Note: See TracChangeset for help on using the changeset viewer.