Make WordPress Core


Ignore:
Timestamp:
08/03/2017 09:40:02 PM (4 years ago)
Author:
flixos90
Message:

Multisite: Introduce a can_add_user_to_blog filter to prevent adding a user to a site.

Under certain circumstances, it can be necessary that a user should not be added to a site, beyond the restrictions that WordPress core applies. With the new can_add_user_to_blog filter, plugin developers can run custom checks and return an error in case of a failure, that will prevent the user from being added.

The user-facing parts and the REST API route that interact with add_user_to_blog() have been adjusted accordingly to provide appropriate error feedback when a user could not be added to a site. Furthermore, two existing error feedback messages in the site admin's "New User" screen have been adjusted to properly show inside an error notice instead of a success notice.

Props jmdodd.
Fixes #41101.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/ms-functions.php

    r41200 r41225  
    6060    } else {
    6161        //TODO Review this call to add_user_to_blog too - to get here the user must have a role on this blog?
    62         add_user_to_blog( $first_blog->userblog_id, $user_id, 'subscriber' );
    63         update_user_meta( $user_id, 'primary_blog', $first_blog->userblog_id );
    64         $primary = $first_blog;
     62        $result = add_user_to_blog( $first_blog->userblog_id, $user_id, 'subscriber' );
     63
     64        if ( ! is_wp_error( $result ) ) {
     65            update_user_meta( $user_id, 'primary_blog', $first_blog->userblog_id );
     66            $primary = $first_blog;
     67        }
    6568    }
    6669
     
    159162        restore_current_blog();
    160163        return new WP_Error( 'user_does_not_exist', __( 'The requested user does not exist.' ) );
     164    }
     165
     166    /**
     167     * Filters whether a user should be added to a site.
     168     *
     169     * @since 4.9.0
     170     *
     171     * @param bool|WP_Error $retval  True if the user should be added to the site, false
     172     *                               or error object otherwise.
     173     * @param int           $user_id User ID.
     174     * @param string        $role    User role.
     175     * @param int           $blog_id Site ID.
     176     */
     177    $can_add_user = apply_filters( 'can_add_user_to_blog', true, $user_id, $role, $blog_id );
     178
     179    if ( true !== $can_add_user ) {
     180        restore_current_blog();
     181
     182        if ( is_wp_error( $can_add_user ) ) {
     183            return $can_add_user;
     184        }
     185
     186        return new WP_Error( 'user_cannot_be_added', __( 'User cannot be added to this site.' ) );
    161187    }
    162188
     
    20822108        $blog_id = get_current_blog_id();
    20832109        $result = add_user_to_blog( $blog_id, $details[ 'user_id' ], $details[ 'role' ] );
    2084         /**
    2085          * Fires immediately after an existing user is added to a site.
    2086          *
    2087          * @since MU (3.0.0)
    2088          *
    2089          * @param int   $user_id User ID.
    2090          * @param mixed $result  True on success or a WP_Error object if the user doesn't exist.
    2091          */
    2092         do_action( 'added_existing_user', $details['user_id'], $result );
     2110
     2111        if ( ! is_wp_error( $result ) ) {
     2112            /**
     2113             * Fires immediately after an existing user is added to a site.
     2114             *
     2115             * @since MU (3.0.0)
     2116             *
     2117             * @param int   $user_id User ID.
     2118             * @param mixed $result  True on success or a WP_Error object if the user doesn't exist.
     2119             */
     2120            do_action( 'added_existing_user', $details['user_id'], $result );
     2121        }
     2122
    20932123        return $result;
    20942124    }
     
    21122142        $blog_id = $meta[ 'add_to_blog' ];
    21132143        $role = $meta[ 'new_role' ];
    2114         remove_user_from_blog($user_id, get_network()->site_id); // remove user from main blog.
    2115         add_user_to_blog( $blog_id, $user_id, $role );
    2116         update_user_meta( $user_id, 'primary_blog', $blog_id );
     2144        remove_user_from_blog( $user_id, get_network()->site_id ); // remove user from main blog.
     2145
     2146        $result = add_user_to_blog( $blog_id, $user_id, $role );
     2147
     2148        if ( ! is_wp_error( $result ) ) {
     2149            update_user_meta( $user_id, 'primary_blog', $blog_id );
     2150        }
    21172151    }
    21182152}
Note: See TracChangeset for help on using the changeset viewer.