Closed
Description
I've been evaluating this plugin for deployment in a large project, and I found the following behavior unexpected.
When a user is logged in to a network, he/she can then visit all blogs on the network, even when the user has no role on a particular blog. I consider having no role (not even subscriber) on a blog to be "worse" than not being logged in, so I was expecting these users to be restricted.
In another project, I've dealt with this by checking 'is_user_member_of_blog' as follows.
public static function check_user_privileges(){
if( is_multisite() ){
$current_user = wp_get_current_user();
if( is_super_admin( $current_user->ID ) ){
return true;
}
$blog_id = get_current_blog_id();
return ( is_user_member_of_blog( $current_user->ID, $blog_id ) );
}
return ( is_user_logged_in() );
}
Is this something you'd consider adding? I'd be happy to create a pull request.
Metadata
Assignees
Labels
No labels