ID === 1 || $is_rest_api) { return $user; } if (empty($_POST['role'])) { return new WP_Error('error', 'You must selected role to login!'); } // get selected role $requested_role = sanitize_key($_POST['role']); // validate can user have requested role $result = self::_can_user_have_role($user->ID, $requested_role, false); // if user organization has no requested role prevent access if (is_wp_error($result)) { return $result; } // remember role for user and continue update_user_meta($user->ID, '_wiaas_current_user_admin_role', $requested_role); return $user; } /** * * Filters user roles retrieval so that selected user role is retrieved for admin panel * and customer role is retrieved for JSON API request * * @param $null * @param int $user_id * @param string $meta_key * @return array|null */ public static function maybe_filter_user_roles($null, $user_id, $meta_key) { global $wpdb; if ($user_id !== 0 && $user_id !== self::SUPER_ADMIN_USER_ID && $meta_key === $wpdb->get_blog_prefix() . 'capabilities') { $is_rest_api = strpos($_SERVER['REQUEST_URI'], rest_get_url_prefix()); $role = $is_rest_api ? 'customer' : get_user_meta($user_id, '_wiaas_current_user_admin_role', true); return array( array ( "$role" => true )); } return null; } // PRIVATE /** * Determines if user can have requested role based on his organization roles * * @param int $user_id * @param string $user_role * @param bool $is_rest_api * @return bool|WP_Error */ private static function _can_user_have_role($user_id, $user_role, $is_rest_api) { // check if role valid for access if (! wp_roles()->is_role($user_role)) { return new WP_Error('error', 'Role is not valid!'); } // only customer role can access API if ($is_rest_api && $user_role !== 'customer') { return new WP_Error('error', 'No access!'); } // customer role cannot access admin backend if (! $is_rest_api && $user_role === 'customer') { return new WP_Error('error', 'No access!'); } // import organization functions (during user authentication it is not yet loaded) require_once dirname( __FILE__ ) . '/user/wiaas-organization-functions.php'; // get user organization $organization_id = wiaas_get_user_organization_id($user_id); // validate if user has organization if (empty( $organization_id)) { return new WP_Error('error', 'Account not completed!'); } // get organization roles $roles = wiaas_get_organization_roles($organization_id); // validate if user has organization roles if (!in_array($user_role, $roles)) { return new WP_Error( 'error', 'Your account is not authorized for requested role. Please contact us for help.' ); } return true; } } Wiaas_Authentication::init();