Opened 4 weeks ago
Last modified 4 weeks ago
#65096 new enhancement
Add `is_user_member_of_blog` filter
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | 7.1 | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | Role/Capability | Keywords: | has-patch has-unit-tests commit |
| Focuses: | multisite | Cc: |
Description
WordPress uses is_user_member_of_blog() in the rest api controllers to prevent the user endpoints running for non-members of the site.
For WordPress.org this caused an issue as 'no' users are members of the site on which we wanted users to be able to use the rest-api endpoints for various account purposes.
This was resolved through faking the metadata such that it always returned truthful, without granting additional capabilities: https://github.com/WordPress/wporg-two-factor/pull/348#issuecomment-4206959949
I've run into another use-case for it, where I want to dynamically grant a user access to a site, but I don't want to give the user a role directly. Causing me to use the same metadata filter approach.
A filter on is_user_member_of_blog would make this a lot simpler.
Change History (2)
This ticket was mentioned in PR #11597 on WordPress/wordpress-develop by @dd32.
4 weeks ago
#1
- Keywords has-patch has-unit-tests added
## Summary
is_user_member_of_blogfilter so plugins can dynamically grant or revoke a user's membership of a blog without having to spoof{$prefix}capabilitiesuser meta (as WordPress.org currently does for its REST API user endpoints).@sinceis7.1.0, matchingsrc/wp-includes/version.phpontrunk.## Test plan
phpunit --group ms-required tests/phpunit/tests/user/multisite.php— includes two new cases: one that forces the return value totruefor a non-member and asserts the filter's arguments, and one that asserts the filter is *not* called for the short-circuited paths.---
_Disclosure: this PR (code, tests, and description) was generated by Claude Code on behalf of @dd32, who reviewed it before submission._