Changeset 41225 for trunk/src/wp-includes/ms-functions.php

Timestamp:

08/03/2017 09:40:02 PM (8 years ago)

Author:

flixos90

Message:

Multisite: Introduce a can_add_user_to_blog filter to prevent adding a user to a site.

Under certain circumstances, it can be necessary that a user should not be added to a site, beyond the restrictions that WordPress core applies. With the new can_add_user_to_blog filter, plugin developers can run custom checks and return an error in case of a failure, that will prevent the user from being added.

The user-facing parts and the REST API route that interact with add_user_to_blog() have been adjusted accordingly to provide appropriate error feedback when a user could not be added to a site. Furthermore, two existing error feedback messages in the site admin's "New User" screen have been adjusted to properly show inside an error notice instead of a success notice.

Props jmdodd.
Fixes #41101.

File:

• trunk/src/wp-includes/ms-functions.php (modified) (4 diffs)

trunk/src/wp-includes/ms-functions.php

@@ -60 +60 @@
     } else {
         //TODO Review this call to add_user_to_blog too - to get here the user must have a role on this blog?
-        add_user_to_blog( $first_blog->userblog_id, $user_id, 'subscriber' );
-        update_user_meta( $user_id, 'primary_blog', $first_blog->userblog_id );
-        $primary = $first_blog;
+        $result = add_user_to_blog( $first_blog->userblog_id, $user_id, 'subscriber' );
+
+        if ( ! is_wp_error( $result ) ) {
+            update_user_meta( $user_id, 'primary_blog', $first_blog->userblog_id );
+            $primary = $first_blog;
+        }
     }
 
@@ -159 +162 @@
         restore_current_blog();
         return new WP_Error( 'user_does_not_exist', __( 'The requested user does not exist.' ) );
+    }
+
+    /**
+     * Filters whether a user should be added to a site.
+     *
+     * @since 4.9.0
+     *
+     * @param bool|WP_Error $retval  True if the user should be added to the site, false
+     *                               or error object otherwise.
+     * @param int           $user_id User ID.
+     * @param string        $role    User role.
+     * @param int           $blog_id Site ID.
+     */
+    $can_add_user = apply_filters( 'can_add_user_to_blog', true, $user_id, $role, $blog_id );
+
+    if ( true !== $can_add_user ) {
+        restore_current_blog();
+
+        if ( is_wp_error( $can_add_user ) ) {
+            return $can_add_user;
+        }
+
+        return new WP_Error( 'user_cannot_be_added', __( 'User cannot be added to this site.' ) );
     }
 
@@ -2082 +2108 @@
         $blog_id = get_current_blog_id();
         $result = add_user_to_blog( $blog_id, $details[ 'user_id' ], $details[ 'role' ] );
-        /**
-         * Fires immediately after an existing user is added to a site.
-         *
-         * @since MU (3.0.0)
-         *
-         * @param int   $user_id User ID.
-         * @param mixed $result  True on success or a WP_Error object if the user doesn't exist.
-         */
-        do_action( 'added_existing_user', $details['user_id'], $result );
+
+        if ( ! is_wp_error( $result ) ) {
+            /**
+             * Fires immediately after an existing user is added to a site.
+             *
+             * @since MU (3.0.0)
+             *
+             * @param int   $user_id User ID.
+             * @param mixed $result  True on success or a WP_Error object if the user doesn't exist.
+             */
+            do_action( 'added_existing_user', $details['user_id'], $result );
+        }
+
         return $result;
     }
@@ -2112 +2142 @@
         $blog_id = $meta[ 'add_to_blog' ];
         $role = $meta[ 'new_role' ];
-        remove_user_from_blog($user_id, get_network()->site_id); // remove user from main blog.
-        add_user_to_blog( $blog_id, $user_id, $role );
-        update_user_meta( $user_id, 'primary_blog', $blog_id );
+        remove_user_from_blog( $user_id, get_network()->site_id ); // remove user from main blog.
+
+        $result = add_user_to_blog( $blog_id, $user_id, $role );
+
+        if ( ! is_wp_error( $result ) ) {
+            update_user_meta( $user_id, 'primary_blog', $blog_id );
+        }
     }
 }