Make WordPress Core


Ignore:
Timestamp:
08/03/2017 09:40:02 PM (4 years ago)
Author:
flixos90
Message:

Multisite: Introduce a can_add_user_to_blog filter to prevent adding a user to a site.

Under certain circumstances, it can be necessary that a user should not be added to a site, beyond the restrictions that WordPress core applies. With the new can_add_user_to_blog filter, plugin developers can run custom checks and return an error in case of a failure, that will prevent the user from being added.

The user-facing parts and the REST API route that interact with add_user_to_blog() have been adjusted accordingly to provide appropriate error feedback when a user could not be added to a site. Furthermore, two existing error feedback messages in the site admin's "New User" screen have been adjusted to properly show inside an error notice instead of a success notice.

Props jmdodd.
Fixes #41101.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/rest-api/rest-users-controller.php

    r41011 r41225  
    10191019
    10201020        $this->assertFalse( $user_is_member );
     1021    }
     1022
     1023    /**
     1024     * @ticket 41101
     1025     * @group ms-required
     1026     */
     1027    public function test_create_new_network_user_with_add_user_to_blog_failure() {
     1028        $this->allow_user_to_manage_multisite();
     1029
     1030        $params = array(
     1031            'username' => 'testuser123',
     1032            'password' => 'testpassword',
     1033            'email'    => 'test@example.com',
     1034            'name'     => 'Test User 123',
     1035            'roles'    => array( 'editor' ),
     1036        );
     1037
     1038        add_filter( 'can_add_user_to_blog', '__return_false' );
     1039
     1040        $request = new WP_REST_Request( 'POST', '/wp/v2/users' );
     1041        $request->add_header( 'content-type', 'application/x-www-form-urlencoded' );
     1042        $request->set_body_params( $params );
     1043        $response = $this->server->dispatch( $request );
     1044        $this->assertErrorResponse( 'user_cannot_be_added', $response );
    10211045    }
    10221046
Note: See TracChangeset for help on using the changeset viewer.