Skip to content

Use user roles to determine access on multisite? #33

Closed
@roytanck

Description

I've been evaluating this plugin for deployment in a large project, and I found the following behavior unexpected.

When a user is logged in to a network, he/she can then visit all blogs on the network, even when the user has no role on a particular blog. I consider having no role (not even subscriber) on a blog to be "worse" than not being logged in, so I was expecting these users to be restricted.

In another project, I've dealt with this by checking 'is_user_member_of_blog' as follows.

public static function check_user_privileges(){
    if( is_multisite() ){
        $current_user = wp_get_current_user();
        if( is_super_admin( $current_user->ID ) ){
            return true;
        }
        $blog_id = get_current_blog_id();
        return ( is_user_member_of_blog( $current_user->ID, $blog_id ) );
    }
    return ( is_user_logged_in() );
}

Is this something you'd consider adding? I'd be happy to create a pull request.

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions