Fix role change in authorizer_custom_role filter not synced to approv…

…ed list which caused these users with custom role to alternate between their original role (in the approved list) and their custom role (assigned in the filter) on successive logins
uhm-coe · May 8, 2024 · 8be7cbc · 8be7cbc
1 parent 7f982fe
commit 8be7cbc
Showing 1 changed file with 22 additions and 3 deletions.
diff --git a/src/authorizer/class-authorization.php b/src/authorizer/class-authorization.php
@@ -222,11 +222,30 @@ public function check_user_access( $user, $user_emails, $user_data = array() ) {
 			if ( $is_newly_approved_user || $this->is_email_in_list( $user_email, 'approved' ) ) {
 				$user_info = $is_newly_approved_user ? $approved_user : Helper::get_user_info_from_list( $user_email, $auth_settings_access_users_approved );
 
-				// If this user's role was modified above (in the
-				// authorizer_custom_role filter), use that value instead of
-				// whatever is specified in the approved list.
+				// If this user's role was modified above (in the authorizer_custom_role
+				// filter), use that value instead of whatever is specified in the
+				// approved list. Also update the role in the approved list.
 				if ( $default_role !== $approved_role ) {
 					$user_info['role'] = $approved_role;
+
+					// Find the user in either the single site or multisite approved list
+					// and update their role there also.
+					foreach ( $auth_settings_access_users_approved_single as $index => $auth_settings_access_user_approved_single ) {
+						if ( $user_info['email'] === $auth_settings_access_user_approved_single['email'] ) {
+							$auth_settings_access_users_approved_single[$index]['role'] = $approved_role;
+							update_option( 'auth_settings_access_users_approved', $auth_settings_access_users_approved_single );
+							break;
+						}
+					}
+					if ( is_multisite() ) {
+						foreach ( $auth_settings_access_users_approved_multi as $index => $auth_settings_access_user_approved_multi ) {
+							if ( $user_info['email'] === $auth_settings_access_user_approved_multi['email'] ) {
+								$auth_settings_access_users_approved_multi[$index]['role'] = $approved_role;
+								update_blog_option( get_network()->blog_id, 'auth_multisite_settings_access_users_approved', $auth_settings_access_users_approved_multi );
+								break;
+							}
+						}
+					}
 				}
 
 				// If the approved external user does not have a WordPress account, create it.